This repository has been archived on 2024-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
Biblio/server.js

63 lines
1.7 KiB
JavaScript
Raw Normal View History

const express = require('express'),
router = express.Router(),
app = express(),
port = process.env.PORT || 3000,
Book = require('./api/models/bookModel'),
User = require('./api/models/userModel'),
baseRouter = require('./api/routes/baseRouter'),
mongoose = require('mongoose'),
bodyParser = require('body-parser'),
bcrypt = require('bcrypt');
mongoose.connect('mongodb://127.0.0.1:27017/ils', {
useNewUrlParser: true,
user: "ils_operator",
pass: process.argv[2],
});
const db = mongoose.connection;
db.on('error', console.error.bind(console, 'MongoDB connection error:'));
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(bodyParser.json());
// Authentication. Currently uses basic access, which sucks, but it should still be secure.
router.use(function(req, res, next) {
const header = req.header('Authorization');
if (header) {
const token = header.split(" ")[1],
parts = new Buffer.from(token, 'base64').toString().split(':'),
username = parts[0],
password = parts[1];
User.findOne({
'username': username
}).then((user) => {
if (user) {
bcrypt.compare(password, user.password).then((success) => {
if (!success) { // incorrect password
res.status(403).send("Incorrect password.");
} else {
// authenticated
req.user = user;
next();
}
});
} else {
res.status(403).send("User " + username + " not found.");
}
});
} else { // No authentication provided, proceed with no permissions.
next();
}
});
router.use('/', baseRouter);
app.use('/', router);
app.listen(port);
console.log('RESTful API server started on: ' + port);