authentication updates

modules/data-service-auth.js

@@ -20,11 +20,16 @@ async function isUserIdExists(userId) {
     return !!result;
 }
 
+async function getUserByEmail(email) {
+    const result = await client.db(dbName).collection(userCollection).findOne({email: email})
+}
+
 async function hashPassword(password){
     return await bcrypt.hash(password, saltRounds)
 }
 
 export {
     createUser,
     isUserIdExists,
+    getUserByEmail,
   };

modules/database.js

@@ -1,3 +1,5 @@
+import express from "express";
+import path from "path";
 import { MongoClient } from "mongodb";
 import dotenv from "dotenv";
 dotenv.config();
@@ -8,6 +10,15 @@ const dbName = "timesheet_app";
 const collectionName = "hoursRecords";
 const userCollection = "users"
 
+const authenticateUser = (req, res, next) => {
+  if(req.session.user) {
+      next()
+  }
+  else {
+      res.status(401).json({message: 'Unauthorized'});
+  }
+}
+
 // Function to connect to the MongoDB server
 async function connectToDatabase() {
   try {
@@ -29,4 +40,6 @@ async function listDatabases(client) {
   });
 }
 
-export { client, dbName, collectionName, userCollection, listDatabases, connectToDatabase };
+
+
+export { client, dbName, collectionName, userCollection, listDatabases, connectToDatabase, authenticateUser };

package.json

@@ -16,6 +16,7 @@
     "date-fns": "^3.3.0",
     "dotenv": "^16.4.1",
     "express": "^4.18.2",
+    "express-session": "^1.18.0",
     "mongodb": "^6.3.0",
     "mongoose": "^8.1.0",
     "react": "^18.2.0",

routes/root.js

@@ -1,13 +1,16 @@
 import express from "express";
 import path from "path";
-import { client } from "../modules/database.js";
+import bcrypt from 'bcrypt'
+import { client, authenticateUser } from "../modules/database.js";
 import { timeIn, timeOut, deleteUserById, addNewUser } from "../modules/data-service.js";
-import { createUser } from "../modules/data-service-auth.js";
+import { createUser, getUserByEmail } from "../modules/data-service-auth.js";
 
 
 const router = express.Router();
 const currentDir = process.cwd();
 
+
+
 // Route to handle creating a new user
 router.post("/create-user", async (req, res) => {
     const newUser = req.body;
@@ -25,6 +28,37 @@ router.post("/create-user", async (req, res) => {
     }
 });
 
+router.post("/login", async (req, res) => {
+    const {email, password} = req.body;
+
+    try {
+        const user = await getUserByEmail(email)
+        console.log(user)
+
+        if(!user) {
+            res.status(401).json({message: 'Invalid email or password'});
+            return;
+        }
+
+        const passwordMatch = await bcrypt.compare(password, user.password);
+
+        if(passwordMatch) {
+            req.session.user = {
+                id: user._id,
+                email: user.email,
+            }
+            res.status(200).json({message: 'Login successful'});
+        }
+        else {
+            res.status(401).json({ message: 'Invalid email or password' });
+        }
+
+    } catch (error) {
+        console.error('Error during login:', error);
+        res.status(500).json({ message: 'Internal Server Error' });
+    }
+})
+
 router.delete("/delete/:userId", async (req, res) => {
     const userId = req.params.userId;
 
@@ -40,16 +74,19 @@ router.delete("/delete/:userId", async (req, res) => {
     }
 });
 
-router.get("/time-in", (req, res) => {
-    res.sendFile(path.resolve(currentDir, 'views', 'time-in.html'));
+router.get('/', (req, res) => {
+    res.sendFile(path.resolve(currentDir, 'views', 'index.html'));
 });
 
-router.get("/time-out", (req, res) => {
-    res.sendFile(path.resolve(currentDir, 'views', 'time-out.html'))
+router.get('/shift-table', authenticateUser, (req, res) => {
+    res.sendFile(path.resolve(currentDir, 'views', 'shiftTable.html'))
 })
 
-router.get('/', (req, res) => {
-    res.sendFile(path.resolve(currentDir, 'views', 'index.html'));
-});
+router.get('/shift-tracker', authenticateUser, (req, res) => {
+    res.sendFile(path.resolve(currentDir, 'views', 'shiftTracker.html'))
+})
 
+router.get('/about-us', (req, res) => {
+    res.sendFile(path.resolve(currentDir, 'views', 'aboutUs.html'))
+})
 export default router;

routes/time-in.js

@@ -1,12 +1,12 @@
 import express from "express";
 import path from "path";
-import { client } from "../models/database.js";
+import { client, authenticateUser } from "../models/database.js";
 import { timeIn } from "../models/data-service.js";
 
 const router = express.Router();
 const currentDir = process.cwd();
 
-router.post("/time-in", async (req, res) => {
+router.post("/time-in", authenticateUser, async (req, res) => {
     const userId = req.body.userId;
 
     try {
@@ -19,7 +19,7 @@ router.post("/time-in", async (req, res) => {
 });
 
 
-router.get("/time-in", (req, res) => {
+router.get("/time-in", authenticateUser, (req, res) => {
     res.sendFile(path.resolve(currentDir, 'views', 'time-in.html'));
 });
 

routes/time-out.js

@@ -6,7 +6,7 @@ import { timeOut } from "../models/data-service.js";
 const router = express.Router();
 const currentDir = process.cwd();
 
-router.post("/time-out", async (req, res) => {
+router.post("/time-out", authenticateUser, async (req, res) => {
     const userId = req.body.userId;
 
     try {
@@ -18,7 +18,7 @@ router.post("/time-out", async (req, res) => {
     }
 });
 
-router.get("/time-out", (req, res) => {
+router.get("/time-out", authenticateUser, (req, res) => {
     res.sendFile(path.resolve(currentDir, 'views', 'time-out.html'))
 })