essential-node-api/app.js at main · GreenRunchly/essential-node-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// DotEnv Config
require('dotenv').config(); // Load Configuration

// WebServer Library untuk handle incoming client, etc.
const cors = require('cors');
const express = require('express');
const validator = require('express-validator');
const jwt = require('jsonwebtoken');
const app = express();
app.use(cors()); // Menggunakan CORS agar api dapat dipakai oleh siapa saja (tanpa perlu origin server)
app.use(express.json()); // Untuk mengurai JSON
app.use(express.urlencoded({ extended: true })); // Untuk mengurai URL-encoded

// Password Encryption
const bcrypt = require('bcrypt');
const saltRounds = 10; // Number of rounds for salting, similar to cost factor in PHP
async function hashPassword(password) {
    const hashedPassword = await bcrypt.hash(password, saltRounds);
    return hashedPassword;
}
async function verifyPassword(password, hashedPassword) {
    const isMatch = await bcrypt.compare(password, hashedPassword);
    return isMatch;
}

// Validasi input
function validatorResult(req, res, next) {
    const validation = validator.validationResult(req);
    if (!validation.isEmpty()) {
        res.status(200).json({
			code : 'error',
            msg : validation.errors[0].msg
        });
        return true;
    }else{
        return false;
    }
}

// Koneksi mysql
const mysql = require('mysql2');
const pooldb = mysql.createPool({
    host: process.env.DB_HOST,
    user: process.env.DB_USERNAME,
    password: process.env.DB_PASSWORD,
    database: process.env.DB_NAME,
    port: process.env.DB_PORT,
	multipleStatements: true
});

// Middleware Token Auth
const authenticateToken = (req, res, next) => {
    const authHeader = req.headers['authorization'];
    const token = authHeader && authHeader.split(' ')[1];  // Bearer <token>

    if (token == null) return res.sendStatus(401);  // No token present

    jwt.verify(token, 'SECRET_KEY', (err, user) => {
        if (err) return res.sendStatus(403);  // Invalid token

        req.user = user;
        next();
    });
};

// REST API Stateless
app.post('/login', [
    validator.body('username').not().isEmpty().withMessage('Masukan username').trim().escape(),
	validator.body('password').not().isEmpty().withMessage('Masukan password').trim().escape()
], (req, res) => { if ( validatorResult(req, res) ){ return; }

	let {username, password} = req.body;

	let sqlsyn = ` SELECT * FROM user WHERE username=?; `;
	pooldb.query(sqlsyn, [username], async (err, result) => {
		if (err){
			console.log(err);
		} else {
            if (result[0]){
                let userData = result[0];
                hashedPassword = userData.password;

                verifyPassword(password, hashedPassword).then((isMatch) => {
                    if (isMatch) {
                        const token = jwt.sign({ username }, 'SECRET_KEY', { expiresIn: '1h' });
                        res.json({
                            code : "ok",
                            msg : "Berhasil Masuk!",
                            data : {
                                userData,
                                token
                            }
                        });
                    } else {
                        res.json({
                            code : "error",
                            msg : "Password salah!"
                        });
                    }
                });
            }else{
                res.json({
                    code : "error",
                    msg : "User tidak ditemukan"
                });
            }
		}
	});
});

app.get('/check/:username', authenticateToken, (req, res) => { if ( validatorResult(req, res) ){ return; }

	let {username} = req.params;

	let sqlsyn = ` SELECT * FROM user WHERE username=?; `;
	pooldb.query(sqlsyn, [username], async (err, result) => {
		if (err){
			console.log(err);
		} else {
            if (result[0]){
                let userData = result[0];
                res.json({
                    code : "ok",
                    msg : "User ditemukan!",
                    data : {userData}
                });
            }else{
                res.json({
                    code : "error",
                    msg : "User tidak ditemukan!"
                });
            }
		}
	});
});

app.get('/*', (req, res) => {
	res.json({
		code : "error",
		msg : "API Invalid"
	})
});

app.listen(process.env.HTTP_PORT, () => {
  	console.log(`Server dengan port ${process.env.HTTP_PORT} berjalan...`);
});