feat: login front

SocialGouv · Aug 23, 2024 · 408bf10 · 408bf10
1 parent aa71ad9
commit 408bf10
Show file tree

Hide file tree

Showing 27 changed files with 835 additions and 30 deletions.
diff --git a/api/package.json b/api/package.json
@@ -28,6 +28,7 @@
     "@prisma/client": "5.16.2",
     "@sentry/node": "6.19.6",
     "@sentry/tracing": "6.17.6",
+    "bcrypt": "5.1.1",
     "cors": "2.8.5",
     "cross-env": "7.0.3",
     "data-forge": "1.10.2",
@@ -38,12 +39,14 @@
     "express": "4.18.2",
     "geoip-lite": "1.4.10",
     "helmet": "4.0.0",
+    "jsonwebtoken": "9.0.2",
     "morgan": "1.10.0",
     "node-cron": "3.0.2",
     "node-fetch": "2.6.7",
     "node-pushnotifications": "^3.1.1",
     "prisma": "5.16.2",
-    "uuid": "^10.0.0"
+    "uuid": "^10.0.0",
+    "validator": "13.12.0"
   },
   "devDependencies": {
     "@types/node": "^20.14.10",

diff --git a/api/prisma/migrations/20240821100937_add_email_password_to_user/migration.sql b/api/prisma/migrations/20240821100937_add_email_password_to_user/migration.sql
@@ -0,0 +1,14 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[email]` on the table `User` will be added. If there are existing duplicate values, this will fail.
+  - Added the required column `email` to the `User` table without a default value. This is not possible if the table is not empty.
+  - Added the required column `password` to the `User` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "email" TEXT NOT NULL,
+ADD COLUMN     "password" TEXT NOT NULL;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
diff --git a/api/prisma/schema.prisma b/api/prisma/schema.prisma
@@ -14,6 +14,8 @@ datasource db {
 model User {
   id                       String                 @id @default(uuid())
   matomo_id                String                 @unique
+  email                    String                 @unique
+  password                 String 
   push_notif_token         String                 @default("")
   reminder                 Reminder?
   notifications            Notification[]

diff --git a/api/src/config.js b/api/src/config.js
@@ -25,6 +25,7 @@ const MATOMO_URL = process.env.MATOMO_URL;
 const MATOMO_IDSITE_1 = process.env.MATOMO_IDSITE_1;
 const METABASE_ACCOUNT = process.env.METABASE_ACCOUNT;
 const METABASE_PASSWORD = process.env.METABASE_PASSWORD;
+const JWT_SECRET = process.env.JWT_SECRET;
 
 module.exports = {
   PORT,
@@ -46,4 +47,5 @@ module.exports = {
   MATOMO_IDSITE_1,
   METABASE_ACCOUNT,
   METABASE_PASSWORD,
+  JWT_SECRET,
 };
diff --git a/api/src/controllers/appMilestone.js b/api/src/controllers/appMilestone.js
@@ -17,6 +17,8 @@ router.post(
       create: {
         matomo_id: matomoId,
         created_from: "AppMilestonePost",
+        email: "[email protected]",
+        password: "password12@Abc",
       },
       update: {},
     });
@@ -48,6 +50,8 @@ router.post(
       create: {
         matomo_id: matomoId,
         created_from: "AppMilestoneInit",
+        email: "[email protected]",
+        password: "password12@Abc",
       },
       update: {},
     });

diff --git a/api/src/controllers/articles.js b/api/src/controllers/articles.js
@@ -16,6 +16,8 @@ router.post(
       create: {
         matomo_id: matomoId,
         created_from: "Articles",
+        email: "[email protected]",
+        password: "password12@Abc",
       },
       update: {},
     });

diff --git a/api/src/controllers/badge.js b/api/src/controllers/badge.js
@@ -64,8 +64,11 @@ router.post(
       where: { matomo_id: matomoId },
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
         created_from: "GetBadges",
       },
+
       update: {},
     });
     const share_badges = await prisma.badge.findMany({

diff --git a/api/src/controllers/consommation.js b/api/src/controllers/consommation.js
@@ -37,6 +37,8 @@ router.post(
       where: { matomo_id: matomoId },
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
       },
       update: {},
     });

diff --git a/api/src/controllers/defis.js b/api/src/controllers/defis.js
@@ -23,6 +23,8 @@ router.post(
       where: { matomo_id: matomoId },
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
         created_from: "Defis",
       },
       update: {},

diff --git a/api/src/controllers/drinksContext.js b/api/src/controllers/drinksContext.js
@@ -72,6 +72,8 @@ router.post(
     const user = await prisma.user.upsert({
       where: { matomo_id: matomoId },
       create: {
+        email: "[email protected]",
+        password: "password12@Abc",
         matomo_id: matomoId,
       },
       update: {},

diff --git a/api/src/controllers/event.js b/api/src/controllers/event.js
@@ -36,6 +36,8 @@ router.post(
         where: { matomo_id: matomoId },
         create: {
           matomo_id: matomoId,
+          email: "[email protected]",
+          password: "password12@Abc",
           created_from: "EventUserSurveyStarted",
         },
         update: {},
@@ -71,6 +73,8 @@ router.post(
         where: { matomo_id: matomoId },
         create: {
           matomo_id: matomoId,
+          email: "[email protected]",
+          password: "password12@Abc",
           created_from: "EventUserSurveyFinished",
         },
         update: {},

diff --git a/api/src/controllers/goal.js b/api/src/controllers/goal.js
@@ -21,6 +21,8 @@ router.post(
       where: { matomo_id: matomoId },
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
         created_from: "Goal",
         goal_isSetup: true,
         goal_daysWithGoalNoDrink: daysWithGoalNoDrink,
@@ -111,6 +113,8 @@ router.get(
       where: { matomo_id: matomoId },
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
         created_from: "GetGoal",
       },
       update: {},

diff --git a/api/src/controllers/reminder.js b/api/src/controllers/reminder.js
@@ -98,6 +98,8 @@ router.put(
         push_notif_token: pushNotifToken,
       },
       create: {
+        email: "[email protected]",
+        password: "password12@Abc",
         push_notif_token: pushNotifToken,
         matomo_id: matomoId,
         created_from: "Reminder",

diff --git a/api/src/controllers/test.js b/api/src/controllers/test.js
@@ -63,6 +63,8 @@ router.post(
       let user = await prisma.user.upsert({
         where: { matomo_id: matomoId },
         create: {
+          email: "[email protected]",
+          password: "password12@Abc",
           matomo_id: matomoId,
           created_from: "test",
         },

diff --git a/api/src/controllers/user.js b/api/src/controllers/user.js
@@ -3,6 +3,128 @@ const { catchErrors } = require("../middlewares/errors");
 const router = express.Router();
 const prisma = require("../prisma");
 const geoip = require("geoip-lite");
+const bcrypt = require("bcrypt");
+const validator = require("validator");
+const { isStrongPassword } = require("validator");
+const jwt = require("jsonwebtoken");
+const { JWT_SECRET } = require("../config");
+
+// 1 year
+const JWT_MAX_AGE = "365d";
+
+function validatePassword(password) {
+  return isStrongPassword(password, {
+    minLength: 12,
+    minLowercase: 1,
+    minUppercase: 1,
+    minNumbers: 1,
+    minSymbols: 1,
+  });
+}
+
+router.post(
+  "/signup",
+  catchErrors(async (req, res) => {
+    const { email, password, matomoId } = req.body || {};
+    if (!matomoId) return res.status(400).json({ ok: false, error: "no matomo id" });
+
+    if (!email || !password) {
+      return res.status(400).json({ ok: false, error: "missing email or password" });
+    }
+
+    if (!validator.isEmail(email)) {
+      return res.status(400).json({ ok: false, error: "invalid email" });
+    }
+    if (!validatePassword(password)) {
+      return res.status(400).json({ ok: false, error: "password is not strong enough" });
+    }
+    const user = await prisma.user.findUnique({
+      where: { email },
+    });
+
+    if (user) {
+      return res.status(400).json({ ok: false, error: "email already exists" });
+    }
+
+    const hashedPassword = await bcrypt.hash(password, 10);
+
+    await prisma.user.upsert({
+      where: { matomo_id: matomoId },
+      update: updateObj,
+      create: {
+        email,
+        password: hashedPassword,
+        matomo_id: matomoId,
+        created_from,
+        ...updateObj,
+      },
+    });
+
+    const token = jwt.sign({ email }, JWT_SECRET, {
+      expiresIn: JWT_MAX_AGE,
+    });
+
+    return res.status(200).send({ ok: true, token });
+  })
+);
+
+router.post(
+  "/signin",
+  catchErrors(async (req, res) => {
+    const { email, password, matomoId } = req.body || {};
+    validator.isEmail(email);
+    validator.isStrongPassword(password);
+    console.log("signin", email, password, matomoId);
+    if (!matomoId) return res.status(400).json({ ok: false, error: "no matomo id" });
+
+    if (!email || !password) {
+      return res.status(400).json({ ok: false, error: "missing email or password" });
+    }
+
+    const user = await prisma.user.findUnique({
+      where: { email },
+    });
+
+    if (!user) {
+      return res.status(400).json({ ok: false, error: "wrong email or password" });
+    }
+    console.log("user", user);
+
+    // const match = await bcrypt.compare(password, user.password);
+    const match = password === user.password;
+
+    if (!match) {
+      return res.status(400).json({ ok: false, error: "wrong email or password" });
+    }
+
+    const token = jwt.sign({ email }, JWT_SECRET, {
+      expiresIn: JWT_MAX_AGE,
+    });
+
+    return res.status(200).send({ ok: true, token });
+  })
+);
+
+router.get(
+  "/signin_token",
+  catchErrors(async (req, res) => {
+    const token = req.headers.authorization?.split(" ")[1]; // Bearer token extraction
+    if (!token) {
+      return res.status(401).json({ ok: false, error: "No token provided" });
+    }
+    const decoded = jwt.verify(token, JWT_SECRET);
+
+    const user = await prisma.user.findUnique({
+      where: { email: decoded.email },
+    });
+
+    if (!user) {
+      return res.status(400).json({ ok: false, error: "user not found" });
+    }
+
+    return res.status(200).send({ ok: true, user, token });
+  })
+);
 
 router.put(
   "/",
@@ -30,6 +152,8 @@ router.put(
       update: updateObj,
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
         created_from,
         ...updateObj,
       },

diff --git a/api/src/utils/notifications.js b/api/src/utils/notifications.js
@@ -14,6 +14,8 @@ const updateLastConsoAdded = async (matomoId) => {
       where: { matomo_id: matomoId },
       create: {
         matomo_id: matomoId,
+        email: "[email protected]",
+        password: "password12@Abc",
         lastConsoAdded: dayjs().utc().toDate(),
         created_from: "UpdateLastConso",
       },
@@ -318,7 +320,7 @@ const scheduleDefi1Day1 = async (matomoId) => {
   const type = "DEFI1_DAY1";
   const user = await prisma.user.upsert({
     where: { matomo_id: matomoId },
-    create: { matomo_id: matomoId, created_from: "SheduleDefiDay1" },
+    create: { matomo_id: matomoId, created_from: "SheduleDefiDay1", email: "[email protected]", password: "password12@Abc" },
     update: {},
   });
 
@@ -356,7 +358,7 @@ const scheduleUserSurvey = async (matomoId) => {
   const type = "USER_SURVEY";
   const user = await prisma.user.upsert({
     where: { matomo_id: matomoId },
-    create: { matomo_id: matomoId, created_from: "UserSurvey" },
+    create: { matomo_id: matomoId, created_from: "UserSurvey", email: "[email protected]", password: "password12@Abc" },
     update: {},
   });