1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
const express = require('express');
const bodyParser = require('body-parser');
const cors = require('cors');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const app = express();
const PORT = 5000;
const SECRET_KEY = 'your_jwt_secret'; // Replace with your actual secret key
// Middleware
app.use(bodyParser.json());
app.use(cors());
// Dummy user data
const users = [
{
id: 1,
username: 'admin',
password: '$2a$10$0chEQ/BjpmW2W9J1aA/BNOwF0aeFSBg4IAXnPjjLzSnQmXagdIzra', // hashed password for 'password123'
},
];
const authenticateJWT = (req, res, next) => {
const token = req.header('Authorization').split(' ')[1];
if (!token) {
return res.status(403).json({ message: 'Forbidden' });
}
jwt.verify(token, SECRET_KEY, (err, user) => {
if (err) {
return res.status(403).json({ message: 'Forbidden' });
}
req.user = user;
next();
});
};
// Login route
app.post('/login', async (req, res) => {
const { username, password } = req.body;
console.log('Login attempt:', username, password);
const user = users.find((user) => user.username === username);
if (!user) {
console.log('User not found');
return res.status(401).json({ message: 'Invalid credentials' });
}
const isPasswordValid = await bcrypt.compare(password, user.password);
console.log('Password valid:', isPasswordValid);
if (!isPasswordValid) {
console.log('Invalid password');
return res.status(401).json({ message: 'Invalid credentials' });
}
const token = jwt.sign({ id: user.id }, SECRET_KEY, { expiresIn: '1h' });
console.log('Token generated:', token);
res.json({ token });
});
// Protected route example
app.get('/admin', authenticateJWT, (req, res) => {
res.json({ message: 'Welcome to the admin panel' });
});
app.listen(PORT, () => {
console.log(`Server running on http://localhost:${PORT}`);
});
|