server/middlewares/verify-token.js

@@ -0,0 +1,31 @@
+const jwt = require('jsonwebtoken')
+
+module.exports = function ( req, res, next ) {
+  let token = req.headers['x-access-token'] || req.headers['authorization']
+  let checkBearer = 'Bearer '
+
+  
+  if (token) {
+    
+    if (token.startsWith(checkBearer)) {
+      token = token.slice(checkBearer.length, token.length)    
+    }
+
+    jwt.verify(token, process.env.SECRET, (err, decoded) => {
+      if (err) {
+        res.json({
+          success: false,
+          message: 'Failed to authenticate'
+        })
+      } else {
+        req.decoded = decoded
+        next()
+      }
+    })
+  } else {
+    res.json({
+      success: false,
+      message: 'No token provided'
+    })
+  }
+}

server/models/user.js

@@ -1,5 +1,6 @@
 const mongoose = require('mongoose')
 const Schema = mongoose.Schema
+const bcrypt = require('bcrypt-nodejs')
 
 const UserSchema = new Schema({
   name: String,
@@ -8,4 +9,33 @@ const UserSchema = new Schema({
   address: { type:Schema.Types.ObjectId, ref: 'Address' }
 })
 
+UserSchema.pre('save', function(next) {
+  let user = this
+  if (this.isModified('password') || this.isNew) {
+    // bcrypt.hash
+    bcrypt.genSalt(10, function(err, salt) {
+      if (err) {
+        return next(err)
+      }
+
+      bcrypt.hash(user.password, salt, null, function (err, hash) {
+        if (err) {
+          return next (err)
+        }
+        
+        user.password = hash
+        next()
+      })
+
+    })
+  } else {
+    return next()
+  }
+})
+
+UserSchema.methods.comparePassword = function (password, next) {
+  let user = this
+  return bcrypt.compareSync(password, user.password)
+}
+
 module.exports = mongoose.model('User', UserSchema)

server/routes/auth.js

@@ -0,0 +1,84 @@
+const router = require('express').Router()
+const User = require('../models/user')
+const virifyToken = require('../middlewares/verify-token')
+
+const jwt = require('jsonwebtoken')
+
+router.post('/auth/signup', async (req, res) => {
+  if (!req.body.email || !req.body.password) {
+    res.json({ success: false, message: 'please enter email or password' })
+  } else {
+    try {
+      let newUser = new User()
+      newUser.name = req.body.name
+      newUser.email = req.body.email
+      newUser.password =  req.body.password
+      await newUser.save()
+
+      let token =  jwt.sign(newUser.toJSON(), process.env.SECRET, {
+        expiresIn: 604800
+      })
+
+      res.json({
+        success: true,
+        token,
+        message: 'Succes created a new User'
+      })
+    } catch (err) {
+      res.status(500).json({
+        success: false,
+        message: err.message
+      })
+    }
+  }
+})
+
+
+router.get('/auth/user', virifyToken, async (req, res) => {
+  try {
+    let foundUser = await User.findOne({ _id: req.decoded._id })
+    if (foundUser) {
+      res.json({
+        success: true,
+        user: foundUser
+      })
+    }
+  } catch (err) {
+    res.status(500).json({
+      success: false,
+      message: err.message
+    })
+  }
+})
+
+router.post('/auth/login', async (req, res) => {
+  try {
+    let foundUser = await User.findOne({ email: req.body.email})
+    if (!foundUser) {
+      res.status(403).json({
+        success: false,
+        message: 'Authentication failed, User not found '
+      })
+    } else {
+      if (foundUser.comparePassword(req.body.password)) {
+        let token = jwt.sign(foundUser.toJSON(), process.env.SECRET, {
+          expiresIn: 604800
+        })
+s
+        res.json({ success: true, token})
+      } else {
+        res.status(403).json({
+          success: false,
+          message: 'Authentication failed, Wrong password'
+        })
+      }
+    }
+  } catch (err) {
+    res.status(500).json({
+      success: false,
+      message: err.message
+    })    
+  }
+})
+
+module.exports = router

server/server.js

@@ -5,8 +5,6 @@ const mongoose = require('mongoose')
 const dotenv = require('dotenv')
 const cors = require('cors')
 
-const User = require('./models/user')
-
 dotenv.config()
 
 const app = express()
@@ -30,10 +28,13 @@ app.use(bodyParser.urlencoded({ extended: false }))
 const productRouters = require('./routes/products')
 const categoryRouters = require('./routes/category')
 const ownerRouters = require('./routes/owner')
+const userRouters = require('./routes/auth')
+
 
 app.use('/api', productRouters)
 app.use('/api', categoryRouters)
 app.use('/api', ownerRouters)
+app.use('/api', userRouters)
 
 app.listen(3000, (err) => {
   if (err) {