diff --git a/index.js b/index.js
index 7463685..8660968 100644
--- a/index.js
+++ b/index.js
@@ -1,85 +1,77 @@
-const express = require('express')
-const mysql_handler = require("./mysql_handler")
-const bcrypt = require("bcryptjs")
-const cookieParser = require("cookie-parser")
-const jwt = require("jsonwebtoken")
-const bodyParser = require("body-parser")
-const app = express()
+// Import Packages
+const express = require('express');
+const bcrypt = require("bcryptjs");
+const cookieParser = require("cookie-parser");
+const jwt = require("jsonwebtoken");
+const bodyParser = require("body-parser");
const uuid = require("uuid");
-const port = 3000
-const SECRET_KEY = "KEY"
+// Import Modules
+const mysql_handler = require("./mysql_handler");
-app.set("view engine", "ejs")
+// Global Variables
+const app = express();
+const port = 3000;
+const SECRET_KEY = "KEY";
+
+// Express App Setup
+app.set("view engine", "ejs");
app.use(express.json());
app.use(express.urlencoded({ extended: true}));
app.use(cookieParser());
-app.use(bodyParser.json())
+app.use(bodyParser.json());
app.use(express.static(__dirname + "/static"));
-/*
-const authcookie = req.cookies.authcookie;
-
-if(!authcookie){
- return false;
-}
-
-jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
- if(err){
- return false;
- } else if(data.user){
- return true;
- }
-})
-*/
-
+// Authentication Handlers
+// Check if user is authenticated and redirect to login if not
function authenticatedHandler(req, res, next){
- const authcookie = req.cookies.authcookie;
+ const authcookie = req.cookies.authcookie; // Get authcookie from cookie
- jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
- if(err){
- console.log(err)
- res.redirect("/login")
- } else if(data.user){
- req.user = data.user;
- mysql_handler.con.query(`SELECT * FROM users WHERE id = "${req.user}"`, function(err, result){
+ jwt.verify(authcookie, SECRET_KEY, (err, data) =>{ // Verify authcookie
+ if(err){ // If authcookie is invalid
+ console.log(err);
+ res.redirect("/login");
+ } else if(data.user){ // If authcookie is valid
+ req.user = data.user; // Set user to data.user
+ mysql_handler.con.query(`SELECT * FROM users WHERE id = "${req.user}"`, (err, result) => { // Get user from database
if(err) console.log(err);
- let user = JSON.parse(JSON.stringify(result))[0];
- req.isAdmin = user.isAdmin
- req.username = user.username
- req.firstname = user.firstname
- req.lastname = user.lastname
- next();
+ let user = JSON.parse(JSON.stringify(result))[0]; // Parse user from database
+ // Set user to req.user
+ req.isAdmin = user.isAdmin;
+ req.username = user.username;
+ req.firstname = user.firstname;
+ req.lastname = user.lastname;
+ next(); // Continue to next handler
});
-
-
}
- })
+ });
}
-function notAuthenticatedHandler(req, res, next){
- const authcookie = req.cookies.authcookie;
+// Check if user is not authenticated and redirect to home if so
+function notAuthenticatedHandler(req, res, next){
+ const authcookie = req.cookies.authcookie; // Get authcookie from cookie
- jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
- if(err){
- console.log(err)
- next();
- } else if(data.user){
- res.redirect("/")
-
+ jwt.verify(authcookie, SECRET_KEY, (err, data) =>{ // Verify authcookie
+ if(err){ // If authcookie is invalid
+ console.log(err);
+ next(); // Continue to next handler
+ } else if(data.user){ // If authcookie is valid
+ res.redirect("/");
}
- })
+ });
}
-app.get("/", authenticatedHandler, (req, res) => {
+// Homepage
+app.get("/", authenticatedHandler, (req, res) => {
let dict = {
title: "Hallo",
isAdmin: req.isAdmin
}
res.render('index', dict)
-})
+});
+// Product Page
app.get("/product/:productId", (req, res) => {
let productId = req.params.productId;
console.log(productId);
@@ -94,8 +86,9 @@ app.get("/product/:productId", (req, res) => {
}
res.render('product', dict)
});
-})
+});
+// Search Page
app.get("/search", (req, res) => {
var products = [
{
@@ -136,18 +129,19 @@ app.get("/search", (req, res) => {
res.render('search', dict)
});
-})
+});
-// Order
+// Order Page
app.get("/order/:productId/:quantity/", authenticatedHandler, (req, res) => {
- let error = ""
- mysql_handler.con.query(`SELECT * FROM products WHERE id=${req.params.productId}`, function(err, result){
+ let error = "";
+ mysql_handler.con.query(`SELECT * FROM products WHERE id=${req.params.productId}`, function(err, result){ // Get product from database
if(err) throw err;
- result = JSON.parse(JSON.stringify(result))[0];
- if(req.params.quantity > result.quantity){
- error = "Nicht genug Produkte vorhanden"
+ result = JSON.parse(JSON.stringify(result))[0]; // Parse result from database
+
+ if(req.params.quantity > result.quantity){ // If quantity is higher than available quantity
+ error = "Nicht genug Produkte vorhanden";
}
let dict = {
@@ -157,18 +151,21 @@ app.get("/order/:productId/:quantity/", authenticatedHandler, (req, res) => {
quantity: req.params.quantity
}
- res.render('order', dict)
+ res.render('order', dict);
});
-})
+});
+// Order Success Page
app.get("/order_success/:trackingnumber", authenticatedHandler, (req, res) => {
let dict = {
title: "Bestellung erfolgreich",
trackingnumber: req.params.trackingnumber
}
- res.render('order_success', dict)
-})
+ res.render('order_success', dict);
+});
+
+// Order POST Request
app.post("/order", authenticatedHandler, (req, res) => {
let productId = req.body.productId;
let quantity = req.body.quantity;
@@ -179,51 +176,56 @@ app.post("/order", authenticatedHandler, (req, res) => {
result = JSON.parse(JSON.stringify(result))[0];
if(quantity > result.quantity){
- res.redirect(`/order/${productId}/${quantity}/`)
+ res.redirect(`/order/${productId}/${quantity}/`);
}else{
- order_trackingnumber = uuid.v4()
- mysql_handler.createOrder(userId, order_trackingnumber, 0, productId, quantity)
+ order_trackingnumber = uuid.v4();
+ mysql_handler.createOrder(userId, order_trackingnumber, 0, productId, quantity) ;
- res.redirect("/order_success/" + order_trackingnumber)
+ res.redirect("/order_success/" + order_trackingnumber);
}
});
-})
+});
// Admin
app.get("/admin/product/delete/:productId", authenticatedHandler, (req, res) => {
if(req.isAdmin){
- productId = req.params.productId
+ productId = req.params.productId;
mysql_handler.con.query(`DELETE FROM products WHERE id=${productId}`, function(err, result){
if(err) console.log(err);
});
}
-})
+});
-// AUTH
+// Authentication
+// Logout
app.get("/logout/", authenticatedHandler, (req, res) => {
- res.clearCookie("authcookie")
- res.redirect("/")
-})
+ res.clearCookie("authcookie"); // Clear cookie
+ res.redirect("/");
+});
+// Register Page
app.get("/register/:error?", notAuthenticatedHandler, (req, res) => {
let dict = {
title: "Register",
error: req.params.error
}
- res.render('register', dict)
-})
+ res.render('register', dict);
+});
+// Login Page
app.get("/login/:error?", notAuthenticatedHandler, (req, res) => {
let dict = {
title: "Login",
error: req.params.error
}
- res.render('login', dict)
-})
+ res.render('login', dict);
+});
+// Register POST Request
app.post("/auth/register", notAuthenticatedHandler,(req, res) =>{
+ // Get data from POST request
let username = req.body.username;
let email = req.body.email;
let password1 = req.body.password1;
@@ -237,51 +239,52 @@ app.post("/auth/register", notAuthenticatedHandler,(req, res) =>{
let cityName = req.body.cityName;
let country = req.body.country;
- error = ""
+ let error = ""; // Error message
- if(password1 != password2){
+ if(password1 != password2){ // If passwords don't match
error += "Passwörter sind unterschiedlich!";
- }else if(password1.length < 8){
- error += "Passwort muss mindestens 8 Zeichen lang sein!"
+ }else if(password1.length < 8){ // If password is too short
+ error += "Passwort muss mindestens 8 Zeichen lang sein!";
}
- if(username.length < 3){
+ if(username.length < 3){ // If username is too short
error += "
Der Benutzername muss mindestens 3 Zeichen lang sein!";
- }else if(username.length > 30){
+ }else if(username.length > 30){ // If username is too long
error += "
Der Benutzername darf maximal 30 Zeichen lang sein!";
}
- if(error != ""){
- res.redirect(`/register/${error}`)
+ if(error != ""){ // If there is an error
+ res.redirect(`/register/${error}`); // Redirect to register page with error message
}else{
- bcrypt.genSalt(10, function(err, salt) {
- bcrypt.hash(password1, salt, function(err, hash){
+ bcrypt.genSalt(10, function(err, salt) { // Generate salt
+ bcrypt.hash(password1, salt, function(err, hash){ // Hash password
mysql_handler.createUser(username, email, hash, firstname, lastname, gender, street, housenumber, postcode, cityName, country);
-
- res.redirect(`/login/`)
- })
- })
+ res.redirect(`/login/`);
+ });
+ });
}
-})
+});
+// Login POST Request
app.post("/auth/login", notAuthenticatedHandler, (req, res) =>{
+ // Get data from POST request
let username = req.body.username;
let password = req.body.password;
- error = ""
+ error = "" // Error message
- mysql_handler.con.query(`SELECT * FROM users WHERE username = "${username}"`, function(err, result){
- if(err){
+ mysql_handler.con.query(`SELECT * FROM users WHERE username = "${username}"`, function(err, result){ // Get user from database
+ if(err){ // If there is an error
error = "Login-Daten falsch!"
- }else{
- if(JSON.parse(JSON.stringify(result))[0]){
- user = JSON.parse(JSON.stringify(result))[0]
- dbPassword = user.password;
+ }else{ // If there is no error
+ result = JSON.parse(JSON.stringify(result))[0]; // Parse result from database
+ if(result){ // If there is a user
+ user = result; // Set user
+ dbPassword = user.password; // Get password from database
-
- bcrypt.compare(password, dbPassword, function(err, matched){
+ bcrypt.compare(password, dbPassword, function(err, matched){ // Compare password
if(err) console.log(err);
- if(matched){
- // login
+ if(matched){ // If password matches
+ // Set cookie
const token = jwt.sign({user:user.id}, SECRET_KEY)
res.cookie('authcookie', token, {maxAge: 90000000, httpOnly: true})
res.redirect(`/`)
@@ -289,18 +292,16 @@ app.post("/auth/login", notAuthenticatedHandler, (req, res) =>{
error = "Login-Daten falsch!"
}
})
-
-
}else{
error = "Login-Daten falsch!"
}
}
- if(error != ""){
+ if(error != ""){ // If there is an error
res.redirect(`/login/${error}`)
}
});
})
-app.listen(port, () =>{
+app.listen(port, () =>{ // Start server
console.log("Listining to " + port)
})
\ No newline at end of file
diff --git a/mysql_handler.js b/mysql_handler.js
index c940d8c..1063cd6 100644
--- a/mysql_handler.js
+++ b/mysql_handler.js
@@ -1,5 +1,4 @@
-let mysql = require('mysql')
-let connected = false;
+const mysql = require('mysql')
// TODO check here for errors and do not let the db throw an error in order to give the user feedback
@@ -9,114 +8,107 @@ con.query("SELECT * FROM users", function(err, result){
}
console.log(result);
});
-
*/
-let con = mysql.createConnection({
+
+let con = mysql.createConnection({ // TODO: change to config file
host: "localhost",
user: "onlineshop",
- password: "TestUser321",
+ password: "TestUser321", // TODO: DO NOT STORE PASSWORDS IN THE CODE
database: "onlineshop"
});
-con.connect(function(err){
+con.connect(function(err){ // Connect to the database
if(err) throw err;
console.log("Connected to MySQL!");
- connected = true
- //createUser("dertyp", "address@email.com", "password", "Janis", "Meister", "Herr");
- //createAddress("street", "1", "postcode", "city", "country", 18)
- //createSeller("TEST", "test")
- //createProduct("name", 1.2, "description", 2, 2, 1, 1)
- //createReview("TESt", "Content", 6, 18, 1)
- //createOrder(18, "tasddadse");
- //createOrderProduct(1.5, 5, 1, 1)
})
-function isConnected(){
- if(connected){
- return true;
- }else{
- console.log("not connected to mysql")
+function isConnected(){
+ // Check if database is connected
+ if(con.state === 'disconnected'){
return false;
}
+ return true;
}
-function sendQuery(sql){
- if(isConnected){
- con.query(sql, function(err, result){
- if(err){
- console.log(err);
- return false;
- }
- return result;
- });
- }
-}
-
-// CREATES
-function createOrder(userId, trackingnumber, received, productId, quantity){
- con.query(`INSERT INTO order_status(received, trackingnumber) VALUES (${received}, '${trackingnumber}')`, function(err, result){
+// Create Order database structure
+function createOrder(userId, trackingnumber, received, productId, quantity){ // TODO: add date
+ // create order status
+ con.query(`INSERT INTO order_status(received, trackingnumber) VALUES (${received}, '${trackingnumber}')`, (err, result) => {
if(err) console.log(err);
- con.query(`INSERT INTO orders(userId, order_statusId)
- VALUES ((SELECT id FROM users WHERE id='${userId}'), (SELECT id FROM order_status WHERE trackingnumber='${trackingnumber}'))`, function(err, result){
+ // create order
+ con.query(`INSERT INTO orders(userId, order_statusId) VALUES ((SELECT id FROM users WHERE id='${userId}'),
+ (SELECT id FROM order_status WHERE trackingnumber='${trackingnumber}'))`, function(err, result){
+ // create order_product
con.query(`SELECT orders.id FROM orders LEFT JOIN order_status ON orders.order_statusId=order_status.id WHERE order_status.trackingnumber='${order_trackingnumber}'`, function(err, result){
if(err) console.log(err);
- order = JSON.parse(JSON.stringify(result))[0];
+ order = JSON.parse(JSON.stringify(result))[0]; // parse result to json
+ if(order != undefined){ // if order is not undefined
+ con.query(`SELECT * FROM products WHERE id=${productId}`, (err, result) => { // get product
+ if(err) console.log(err);
- con.query(`SELECT * FROM products WHERE id=${productId}`, (err, result) => {
- if(err) console.log(err);
- product = JSON.parse(JSON.stringify(result))[0];
-
- con.query(`UPDATE products SET quantity=quantity-${quantity} WHERE id=${productId}`, (err, result) => {
- con.query(`INSERT INTO order_products(price, quantity, productId, orderId)
- VALUES ('${product.price}','${quantity}',
- (SELECT id FROM products WHERE id='${product.id}'), (SELECT id FROM orders WHERE id='${order.id}'))`, (err, result) => {
- if(err) console.log(err);
- })
- })
- })
- })
-
- })
-
- })
+ product = JSON.parse(JSON.stringify(result))[0]; // parse result to json
+
+ // update old product quantity
+ con.query(`UPDATE products SET quantity=quantity-${quantity} WHERE id=${productId}`, (err, result) => {
+ // create order_product
+ con.query(`INSERT INTO order_products(price, quantity, productId, orderId)
+ VALUES ('${product.price}','${quantity}',
+ (SELECT id FROM products WHERE id='${product.id}'), (SELECT id FROM orders WHERE id='${order.id}'))`, (err, result) => {
+ if(err) console.log(err);
+ });
+ });
+ });
+ }
+ });
+ });
+ });
}
-function createReview(title, content, rating, userID, productId){
- sendQuery(`INSERT INTO reviews(title, content, rating, userID, productId)
+// Create Review
+function createReview(title, content, rating, userID, productId){ // TODO: add date
+ con.query(`INSERT INTO reviews(title, content, rating, userID, productId)
VALUES ('${title}','${content}','${rating}',
- (SELECT id FROM users WHERE id='${userID}'), (SELECT id FROM products WHERE id='${productId}'))`);
-
+ (SELECT id FROM users WHERE id='${userID}'), (SELECT id FROM products WHERE id='${productId}'))`, (err, result) => {
+ if(err) console.log(err);
+ });
}
+// Create Product
function createProduct(name, price, description, quantity, delivery_time, sellerId, categoryId){
- sendQuery(`INSERT INTO products(name, price, description, quantity, delivery_time, sellerId, categoryId)
- VALUES ('${name}',${price},'${description}','${quantity}','${delivery_time}',
- (SELECT id FROM sellers WHERE id='${sellerId}'), (SELECT id FROM categories WHERE id='${categoryId}'))`);
+ con.query(`INSERT INTO products(name, price, description, quantity, delivery_time, sellerId, categoryId)
+ VALUES ('${name}',${price},'${description}','${quantity}','${delivery_time}',
+ (SELECT id FROM sellers WHERE id='${sellerId}'), (SELECT id FROM categories WHERE id='${categoryId}'))`, (err, result) => {
+ if(err) console.log(err);
+ });
}
-function createCategory(name){
- sendQuery(`INSERT INTO categories(name) VALUES ('${name}')`);
-}
-
-function createSeller(name, description){
- sendQuery(`INSERT INTO sellers(name, description) VALUES ('${name}', '${description}')`);
-}
-
-function createUser(username, email, password, firstname, lastname, gender, street, housenumber, postcode, cityName, country){
- con.query(`INSERT INTO users(username, email, password) VALUES ('${username}','${email}','${password}')`, function(err, result){
+// Create User database structure
+function createUser(username, email, password, firstname, lastname, gender, street, housenumber, postcode, cityName, country){ // TODO: Better error handling if something goes wrong in progress
+ // Create User
+ con.query(`INSERT INTO users(username, email, password) VALUES ('${username}','${email}','${password}')`, (err, result) =>{
if(err){
console.log(err);
}else if(result){
- sendQuery(`INSERT INTO userinfos(firstname, lastname, gender, userId) VALUES ('${firstname}','${lastname}','${gender}',
- (SELECT id FROM users WHERE username='${username}' AND email='${email}'))`);
- console.log(`User created: ${username}!`)
-
- sendQuery(`INSERT INTO cities(name, postcode) VALUES ('${cityName}', '${postcode}')`);
-
- sendQuery(`INSERT INTO addresses(street, housenumber, country, userId, cityId) VALUES ('${street}','${housenumber}','${country}',
- (SELECT id FROM users WHERE username='${username}'), (SELECT id FROM cities WHERE name='${cityName}' AND postcode='${postcode}'))`);
+ // Create User Info
+ con.query(`INSERT INTO userinfos(firstname, lastname, gender, userId) VALUES ('${firstname}','${lastname}','${gender}',
+ (SELECT id FROM users WHERE username='${username}' AND email='${email}'))`, (err, result) => {
+ if(err) console.log(err);
+ });
+
+ // Create City
+ con.query(`INSERT INTO cities(name, postcode) VALUES ('${cityName}', '${postcode}')`, (err, result) => {
+ if(err) console.log(err);
+ });
+
+ // Create Address
+ con.query(`INSERT INTO addresses(street, housenumber, country, userId, cityId) VALUES ('${street}','${housenumber}','${country}',
+ (SELECT id FROM users WHERE username='${username}'), (SELECT id FROM cities WHERE name='${cityName}' AND postcode='${postcode}'))`, (err, result) => {
+ if(err) console.log(err);
+ });
+
+ console.log(`User created: ${username}!`);
}
});
}
@@ -124,6 +116,6 @@ function createUser(username, email, password, firstname, lastname, gender, stre
module.exports = {
- sendQuery, createOrder, createReview,
- createProduct, createCategory, createSeller, createUser, con
+ createOrder, createReview, isConnected,
+ createProduct, createUser, con
}