Merge pull request #42 from Capstone-C2SE02-TI/user-settings

login and update db user

Author: KurosakiAki

package-lock.json

@@ -6,7 +6,9 @@
 	"type": "module",
 	"scripts": {
 		"start": "nodemon src/index.js",
-		"update-deps": "npx npm-check-updates -u && npm install"
+		"update-deps": "npx npm-check-updates -u && npm install",
+		"lint": "eslint",
+		"test": "echo \"Error: no test specified\" && exit 1"
 	},
 	"keywords": [
 		"capstone-project",
@@ -16,16 +18,19 @@
 	"license": "MIT",
 	"homepage": "https://github.com/Capstone-C2SE02-TI/backend-node-mongodb#readme",
 	"dependencies": {
+		"and": "^0.0.3",
 		"bcrypt": "^5.1.0",
+		"build": "^0.1.4",
 		"cookie-parser": "^1.4.6",
 		"cors": "^2.8.5",
+		"crypto": "^1.0.1",
 		"dotenv": "^16.0.3",
 		"express": "^4.18.2",
 		"express-validator": "^6.15.0",
 		"google-auth-library": "^8.7.0",
 		"jsonwebtoken": "^9.0.0",
 		"lodash": "^4.17.21",
-		"mongoose": "^7.0.2",
+		"mongoose": "^7.0.3",
 		"mongoose-sequence": "^5.3.1",
 		"morgan": "^1.10.0",
 		"nodemailer": "^6.9.1",

package.json

@@ -1,149 +1,32 @@
 import dotenv from "dotenv";
 dotenv.config();
 
+import { createNewUser } from "../services/crudDatabase/user.js";
 import {
-	createNewUser,
-	checkExistedUsername,
-	checkExistedEmail,
-	getPasswordByUsername,
-	getUserByUsername
-} from "../services/crudDatabase/user.js";
-import {
-	isAuthed,
-	generateAccessToken
-} from "../services/authentication/index.js";
-import { cryptPassword, comparePassword } from "../helpers/index.js";
-import { validateSignUpBody, validateSignInBody } from "../validators/user.js";
+	cryptWalletAddress,
+	decryptWalletAddress,
+	encryptWalletAddress
+} from "../helpers/index.js";
 
 const TI_AUTH_COOKIE = process.env.TI_AUTH_COOKIE;
 
 function AuthController() {
 	this.signup = async (req, res, next) => {
-		const { username, email, phoneNumber, password } = req.body;
-		const { status, error } = await validateSignUpBody(req, res, next);
-
-		if (status === "failed")
-			return res.status(400).json({ message: error, error: error });
-
-		if (await checkExistedUsername(username))
-			return res.status(400).json({
-				message: "username-existed",
-				error: "username-existed"
-			});
-
-		if (await checkExistedEmail(email))
-			return res
-				.status(400)
-				.json({ message: "email-existed", error: "email-existed" });
-
-		cryptPassword(password, async (error, hashPassword) => {
-			const isCreated = await createNewUser({
-				username,
-				email,
-				phoneNumber,
-				hashPassword
-			});
-
-			isCreated
-				? res.status(200).json({
-						message: "successfully",
-						error: null
-				  })
-				: res.status(400).json({
-						message: "failed",
-						error: error
-				  });
-		});
-	};
+		const { walletAddress } = req.body;
 
-	this.signin = async (req, res, next) => {
-		const { username, password } = req.body;
-		const { status, error } = await validateSignInBody(req, res, next);
-
-		if (status === "failed")
-			return res.status(400).json({
-				message: error,
-				error: error,
-				user: null
-			});
-
-		if (!(await checkExistedUsername(username))) {
-			return res.status(404).json({
-				message: "username-notfound",
-				error: "username-notfound",
-				user: null
-			});
-		} else {
-			const hashPassword = await getPasswordByUsername(username);
-			comparePassword(
-				password,
-				hashPassword,
-				async (error, isPasswordMatch) => {
-					if (isPasswordMatch) {
-						const user = await getUserByUsername(username);
-						const cookie = req.cookies[TI_AUTH_COOKIE];
-
-						if (!cookie) {
-							const accessToken = await generateAccessToken({
-								username
-							});
-
-							res.cookie(TI_AUTH_COOKIE, accessToken, {
-								// Expire in 1 week
-								maxAge: 604800000
-							});
-
-							return res.status(200).json({
-								message: "successfully",
-								error: null,
-								user: {
-									role: "user",
-									username: user.username,
-									userId: user.userId,
-									email: user.email
-								}
-							});
-						} else {
-							if (await isAuthed(req)) {
-								return res.status(200).json({
-									message: "successfully",
-									error: null,
-									user: {
-										role: "user",
-										username: user.username,
-										userId: user.userId,
-										email: user.email
-									}
-								});
-							} else {
-								return res.status(401).json({
-									message: "failed-unauthorized",
-									error: "failed-unauthorized",
-									user: null
-								});
-							}
-						}
-					} else {
-						return res.status(400).json({
-							message: "incorrect-password",
-							error: "incorrect-password",
-							user: null
-						});
-					}
-				}
-			);
-		}
-	};
+		const hashWallet = encryptWalletAddress(walletAddress);
 
-	this.signout = (req, res, next) => {
-		try {
-			req.user = null;
-			req.session = null;
+		const detailCreated = await createNewUser(hashWallet.encryptedData);
 
-			return res.status(200).json({ message: "successfully", error: null });
-		} catch (error) {
-			return res.status(400).json({ message: "failed", error: error });
-		}
+		detailCreated.created
+			? res.status(200).json({
+					message: detailCreated.message,
+					error: null
+			  })
+			: res.status(400).json({
+					message: detailCreated.message,
+					error: detailCreated.error
+			  });
 	};
 }
 

src/controllers/Auth.js

@@ -1,8 +1,5 @@
 import _ from "lodash";
 import {
-	getUserByEmail,
-	updateUserPassword,
-	getPasswordByEmail,
 	followWalletOfShark,
 	unfollowWalletOfShark,
 	getListOfSharkFollowed,
@@ -16,28 +13,25 @@ import {
 } from "../services/crudDatabase/admin.js";
 import {
 	validateUpdateProfileBody,
-	validateChangePasswordBody
 } from "../validators/user.js";
-import { cryptPassword, comparePassword } from "../helpers/index.js";
 
 function UserController() {
 	this.getUserProfile = async (req, res, next) => {
-		let userId = req.query.userId;
+		let walletAddress = req.query.walletAddress;
 
-		if (!userId) userId = null;
+		if (!walletAddress) walletAddress = null;
 		else {
-			const userIdCheck = _.toString(userId);
-			if (_.isNaN(userIdCheck)) userId = undefined;
-			else userId = Number(userIdCheck);
+			const walletAddressCheck = _.toString(walletAddress);
+			if (_.isNaN(walletAddressCheck)) walletAddress = undefined;
 		}
 
-		await getUserProfile(userId)
+		await getUserProfile(walletAddress)
 			.then((data) =>
 				Object.entries(data).length === 0
 					? res.status(400).json({
-							message: "failed-userid-invalid",
-							error: "userid-invalid",
-							data: {}
+							message: "failed-wallet-address-invalid",
+							error: "wallet-address-invalid",
+							data: data
 					  })
 					: res.status(200).json({
 							message: "successfully",
@@ -91,48 +85,8 @@ function UserController() {
 		}
 	};
 
-	this.changePassword = async (req, res, next) => {
-		const { status, error } = await validateChangePasswordBody(req, res, next);
-
-		if (status === "failed")
-			return res.status(400).json({ message: error, error: error });
-		else {
-			const { email, oldPassword, newPassword } = req.body;
-			const user = await getUserByEmail(email);
-
-			if (user) {
-				// Check correct old password
-				const password = await getPasswordByEmail(email);
-				comparePassword(oldPassword, password, (error, isPasswordMatch) => {
-					if (isPasswordMatch) {
-						cryptPassword(newPassword, async (error, hashPassword) =>
-							(await updateUserPassword(user.userId, hashPassword)) === true
-								? res.status(200).json({
-										message: "successfully",
-										error: null
-								  })
-								: res.status(400).json({
-										message: "failed",
-										error: error
-								  })
-						);
-					} else {
-						return res.status(400).json({
-							message: "incorrect-oldpassword",
-							error: "incorrect-oldpassword"
-						});
-					}
-				});
-			} else {
-				return res
-					.status(400)
-					.json({ message: "user-notfound", error: "user-notfound" });
-			}
-		}
-	};
-
 	this.upgradePremiumAccount = async (req, res, next) => {
-		let userId = req.body.userId;
+		let userId = req.body.userId; 
 
 		if (!userId) userId = null;
 		else {

src/controllers/User.js

@@ -1,11 +1,53 @@
 import _ from "lodash";
 import bcrypt from "bcrypt";
+import crypto from "crypto";
+
+const algorithm = "aes-256-cbc";
+
+const key = crypto.randomBytes(32);
+
+const iv = crypto.randomBytes(16);
 
 export const randomConfirmationCode = () => {
 	const code = Math.floor(100000 + Math.random() * 900000);
 	return code.toString();
 };
 
+export const encryptWalletAddress = (walletAddress) => {
+	const cipher = crypto.createCipheriv(algorithm, Buffer.from(key), iv);
+	let encrypted = cipher.update(walletAddress);
+	encrypted = Buffer.concat([encrypted, cipher.final()]);
+	return { iv: iv.toString("hex"), encryptedData: encrypted.toString("hex") };
+};
+
+export const decryptWalletAddress = (encryptedData) => {
+	const ivDecrypt = Buffer.from(iv.toString("hex"), "hex");
+	const encryptedText = Buffer.from(encryptedData, "hex");
+
+	const decipher = crypto.createDecipheriv(algorithm, Buffer.from(key), ivDecrypt);
+
+	let decrypted = decipher.update(encryptedText);
+	decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+	return decrypted;
+};
+
+export const compareWalletAddress = (plainAddress, hashAddress, callback) => {
+	bcrypt.compare(plainAddress, hashAddress, (error, isAddressMatch) => {
+		return error == null ? callback(null, isAddressMatch) : callback(error);
+	});
+};
+
+export const cryptWalletAddress = (password, callback) => {
+	bcrypt.genSalt(10, (error, salt) => {
+		if (error) return callback(error);
+
+		bcrypt.hash(password, salt, (error, hashPassword) => {
+			return callback(error, hashPassword);
+		});
+	});
+};
+
 export const cryptPassword = (password, callback) => {
 	bcrypt.genSalt(10, (error, salt) => {
 		if (error) return callback(error);

src/helpers/index.js

@@ -1,28 +1,18 @@
 import mongoose from "mongoose";
-import Inc from "mongoose-sequence";
-const AutoIncrement = Inc(mongoose);
 
 const UserSchema = new mongoose.Schema(
 	{
 		walletAddress: {
 			type: String,
 			trim: true,
-			default: null
+			required: true,
+			unique: true
 		},
 		fullName: {
 			type: String,
 			trim: true,
 			default: ""
 		},
-		confirmationCode: {
-			type: String,
-			trim: true,
-			default: ""
-		},
-		isCodeConfirmed: {
-			type: Boolean,
-			default: false
-		},
 		avatar: {
 			type: String,
 			trim: true,
@@ -50,7 +40,6 @@ const UserSchema = new mongoose.Schema(
 	{ timestamps: true, versionKey: false }
 );
 
-UserSchema.plugin(AutoIncrement, { inc_field: "userId" });
 
 const UserModel = mongoose.model("User", UserSchema);
 export default UserModel;

src/models/User.js

@@ -3,7 +3,5 @@ const router = express.Router();
 import AuthController from "../controllers/Auth.js";
 
 router.post("/signup", AuthController.signup);
-router.post("/signin", AuthController.signin);
-router.post("/signout", AuthController.signout);
 
 export default router;