1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
require('dotenv').config();
const express = require('express');
const rateLimit = require('express-rate-limit');
const bodyParser = require('body-parser');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const admin = require('firebase-admin');
const cors = require('cors');
const { body, validationResult } = require('express-validator');
// Initialize Express app
const app = express();
app.use(bodyParser.json());
app.use(cors()); // Enable CORS for all origins
// Firebase Admin SDK setup
const serviceAccount = {
type: process.env.FIREBASE_TYPE,
project_id: process.env.FIREBASE_PROJECT_ID,
private_key_id: process.env.FIREBASE_PRIVATE_KEY_ID,
private_key: process.env.FIREBASE_PRIVATE_KEY.replace(/\\n/g, '\n'),
client_email: process.env.FIREBASE_CLIENT_EMAIL,
client_id: process.env.FIREBASE_CLIENT_ID,
auth_uri: process.env.FIREBASE_AUTH_URI,
token_uri: process.env.FIREBASE_TOKEN_URI,
auth_provider_x509_cert_url: process.env.FIREBASE_AUTH_PROVIDER_X509_CERT_URL,
client_x509_cert_url: process.env.FIREBASE_CLIENT_X509_CERT_URL
};
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
storageBucket: process.env.FIREBASE_BUCKET, // Specify the bucket name here
});
const db = admin.firestore();
const bucket = admin.storage().bucket(); // Access the bucket
// Secret key for JWT
const JWT_SECRET = process.env.JWT_SECRET;
// Rate Limiting middleware
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per windowMs
message: 'Too many requests from this IP, please try again after 15 minutes',
});
// Apply rate limiter to all requests
app.use(limiter);
// Validation and sanitization middleware for registration
const registerValidationRules = () => [
body('username')
.isLength({ min: 3 }).withMessage('Username must be at least 3 characters long')
.trim()
.escape(),
body('password')
.isLength({ min: 6 }).withMessage('Password must be at least 6 characters long')
.trim()
];
// Validation and sanitization middleware for login
const loginValidationRules = () => [
body('username')
.isLength({ min: 3 }).withMessage('Username must be at least 3 characters long')
.trim()
.escape(),
body('password')
.isLength({ min: 6 }).withMessage('Password must be at least 6 characters long')
.trim()
];
// Middleware to check validation results
const validate = (req, res, next) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
next();
};
// Register route with validation and sanitization
app.post('/register', registerValidationRules(), validate, async (req, res, next) => {
const { username, password } = req.body;
try {
const hashedPassword = await bcrypt.hash(password, 10);
await db.collection('users').doc(username).set({
username,
password: hashedPassword
});
res.status(201).send('User registered');
} catch (error) {
next(error); // Pass the error to the error handling middleware
}
});
// Login route with validation and sanitization
app.post('/login', loginValidationRules(), validate, async (req, res, next) => {
const { username, password } = req.body;
try {
const userDoc = await db.collection('users').doc(username).get();
if (!userDoc.exists) {
return res.status(400).json({ error: 'Invalid username or password' });
}
const user = userDoc.data();
const isPasswordValid = await bcrypt.compare(password, user.password);
if (!isPasswordValid) {
return res.status(400).json({ error: 'Invalid username or password' });
}
const token = jwt.sign({ username: user.username }, JWT_SECRET, { expiresIn: '1h' });
res.json({ token });
} catch (error) {
next(error); // Pass the error to the error handling middleware
}
});
// Fetch ads route
app.get('/ads', async (req, res, next) => {
try {
const adsSnapshot = await db.collection('ads').get();
const ads = adsSnapshot.docs.map(doc => ({ id: doc.id, ...doc.data() }));
res.json(ads);
} catch (error) {
next(error); // Pass the error to the error handling middleware
}
});
// Centralized error handling middleware
app.use((err, req, res, next) => {
console.error('Server Error:', err);
res.status(err.status || 500).json({
error: {
message: err.message || 'Internal Server Error',
stack: process.env.NODE_ENV === 'development' ? err.stack : {}
}
});
});
// Start the server
const PORT = process.env.PORT || 5000;
app.listen(PORT, () => {
console.log(`Server running on http://localhost:${PORT}`);
});
|
