Biblio/server.js

const express = require('express'),
  router = express.Router(),
  app = express(),
  port = process.env.PORT || 3000,
  Book = require('./api/models/bookModel'),
  User = require('./api/models/userModel'),
  baseRouter = require('./api/routes/baseRouter'),
  mongoose = require('mongoose'),
  bodyParser = require('body-parser'),
  bcrypt = require('bcrypt');

mongoose.connect('mongodb://127.0.0.1:27017/ils', {
  useNewUrlParser: true,
  user: "ils_operator",
  pass: process.argv[2],
});


const db = mongoose.connection;
db.on('error', console.error.bind(console, 'MongoDB connection error:'));

app.use(bodyParser.urlencoded({
  extended: true
}));
app.use(bodyParser.json());

// Authentication. Currently uses basic access, which sucks, but it should still be secure.
router.use(function(req, res, next) {
  const header = req.header('Authorization');
  if (header) {
    const token = header.split(" ")[1],
      parts = new Buffer.from(token, 'base64').toString().split(':'),
      username = parts[0],
      password = parts[1];
    User.findOne({
      'username': username
    }).then((user) => {
      if (user) {
        bcrypt.compare(password, user.password).then((success) => {
          if (!success) { // incorrect password
            res.status(403).send("Incorrect password.");
          } else {
            // authenticated
            req.user = user;
            next();
          }
        });
      } else {
        res.status(403).send("User " + username + " not found.");
      }
    });
  } else { // No authentication provided, proceed with no permissions.
    next();
  }
});

router.use('/', baseRouter);
app.use('/', router);

app.listen(port);

console.log('RESTful API server started on: ' + port);
Essential backend functionality, including logins. 2019-08-21 12:52:12 +02:00			`const express = require('express'),`
			`router = express.Router(),`
			`app = express(),`
			`port = process.env.PORT \|\| 3000,`
			`Book = require('./api/models/bookModel'),`
			`User = require('./api/models/userModel'),`
			`baseRouter = require('./api/routes/baseRouter'),`
			`mongoose = require('mongoose'),`
			`bodyParser = require('body-parser'),`
			`bcrypt = require('bcrypt');`

			`mongoose.connect('mongodb://127.0.0.1:27017/ils', {`
			`useNewUrlParser: true,`
			`user: "ils_operator",`
			`pass: process.argv[2],`
			`});`



			`const db = mongoose.connection;`
			`db.on('error', console.error.bind(console, 'MongoDB connection error:'));`

			`app.use(bodyParser.urlencoded({`
			`extended: true`
			`}));`
			`app.use(bodyParser.json());`

			`// Authentication. Currently uses basic access, which sucks, but it should still be secure.`
			`router.use(function(req, res, next) {`
			`const header = req.header('Authorization');`
			`if (header) {`
			`const token = header.split(" ")[1],`
			`parts = new Buffer.from(token, 'base64').toString().split(':'),`
			`username = parts[0],`
			`password = parts[1];`
			`User.findOne({`
			`'username': username`
			`}).then((user) => {`
			`if (user) {`
			`bcrypt.compare(password, user.password).then((success) => {`
			`if (!success) { // incorrect password`
			`res.status(403).send("Incorrect password.");`
			`} else {`
			`// authenticated`
			`req.user = user;`
			`next();`
			`}`
			`});`
			`} else {`
			`res.status(403).send("User " + username + " not found.");`
			`}`
			`});`
			`} else { // No authentication provided, proceed with no permissions.`
			`next();`
			`}`
			`});`

			`router.use('/', baseRouter);`
			`app.use('/', router);`

			`app.listen(port);`

			`console.log('RESTful API server started on: ' + port);`