janis/shop-ejs-expressjs
1
0
Fork 0
mirror of https://github.com/DerTyp7/shop-ejs-expressjs.git synced 2025-10-29 20:42:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

added documentary

Browse Source
This commit is contained in:
j.mei7
2022-03-26 15:52:33 +01:00
parent 1f38925581
commit f674415814
2 changed files with 187 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

223
index.js
View File

@@ -1,76 +1,67 @@
const express = require('express')
const mysql_handler = require("./mysql_handler")
const bcrypt = require("bcryptjs")
const cookieParser = require("cookie-parser")
const jwt = require("jsonwebtoken")
const bodyParser = require("body-parser")
const app = express()
// Import Packages
const express = require('express');
const bcrypt = require("bcryptjs");
const cookieParser = require("cookie-parser");
const jwt = require("jsonwebtoken");
const bodyParser = require("body-parser");
const uuid = require("uuid");
const port = 3000
const SECRET_KEY = "KEY"
// Import Modules
const mysql_handler = require("./mysql_handler");
app.set("view engine", "ejs")
// Global Variables
const app = express();
const port = 3000;
const SECRET_KEY = "KEY";
// Express App Setup
app.set("view engine", "ejs");
app.use(express.json());
app.use(express.urlencoded({ extended: true}));
app.use(cookieParser());
app.use(bodyParser.json())
app.use(bodyParser.json());
app.use(express.static(__dirname + "/static"));
/*
const authcookie = req.cookies.authcookie;
if(!authcookie){
return false;
}
jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
if(err){
return false;
} else if(data.user){
return true;
}
})
*/
// Authentication Handlers
// Check if user is authenticated and redirect to login if not
function authenticatedHandler(req, res, next){
const authcookie = req.cookies.authcookie;
const authcookie = req.cookies.authcookie; // Get authcookie from cookie
jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
if(err){
console.log(err)
res.redirect("/login")
} else if(data.user){
req.user = data.user;
mysql_handler.con.query(`SELECT * FROM users WHERE id = "${req.user}"`, function(err, result){
jwt.verify(authcookie, SECRET_KEY, (err, data) =>{ // Verify authcookie
if(err){ // If authcookie is invalid
console.log(err);
res.redirect("/login");
} else if(data.user){ // If authcookie is valid
req.user = data.user; // Set user to data.user
mysql_handler.con.query(`SELECT * FROM users WHERE id = "${req.user}"`, (err, result) => { // Get user from database
if(err) console.log(err);
let user = JSON.parse(JSON.stringify(result))[0];
req.isAdmin = user.isAdmin
req.username = user.username
req.firstname = user.firstname
req.lastname = user.lastname
next();
let user = JSON.parse(JSON.stringify(result))[0]; // Parse user from database
// Set user to req.user
req.isAdmin = user.isAdmin;
req.username = user.username;
req.firstname = user.firstname;
req.lastname = user.lastname;
next(); // Continue to next handler
});
}
})
});
}
// Check if user is not authenticated and redirect to home if so
function notAuthenticatedHandler(req, res, next){
const authcookie = req.cookies.authcookie;
jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
if(err){
console.log(err)
next();
} else if(data.user){
res.redirect("/")
const authcookie = req.cookies.authcookie; // Get authcookie from cookie
jwt.verify(authcookie, SECRET_KEY, (err, data) =>{ // Verify authcookie
if(err){ // If authcookie is invalid
console.log(err);
next(); // Continue to next handler
} else if(data.user){ // If authcookie is valid
res.redirect("/");
}
})
});
}
// Homepage
app.get("/", authenticatedHandler, (req, res) => {
let dict = {
title: "Hallo",
@@ -78,8 +69,9 @@ app.get("/", authenticatedHandler, (req, res) => {
}
res.render('index', dict)
})
});
// Product Page
app.get("/product/:productId", (req, res) => {
let productId = req.params.productId;
console.log(productId);
@@ -94,8 +86,9 @@ app.get("/product/:productId", (req, res) => {
}
res.render('product', dict)
});
})
});
// Search Page
app.get("/search", (req, res) => {
var products = [
{
@@ -136,18 +129,19 @@ app.get("/search", (req, res) => {
res.render('search', dict)
});
})
});
// Order
// Order Page
app.get("/order/:productId/:quantity/", authenticatedHandler, (req, res) => {
let error = ""
mysql_handler.con.query(`SELECT * FROM products WHERE id=${req.params.productId}`, function(err, result){
let error = "";
mysql_handler.con.query(`SELECT * FROM products WHERE id=${req.params.productId}`, function(err, result){ // Get product from database
if(err) throw err;
result = JSON.parse(JSON.stringify(result))[0];
if(req.params.quantity > result.quantity){
error = "Nicht genug Produkte vorhanden"
result = JSON.parse(JSON.stringify(result))[0]; // Parse result from database
if(req.params.quantity > result.quantity){ // If quantity is higher than available quantity
error = "Nicht genug Produkte vorhanden";
}
let dict = {
@@ -157,18 +151,21 @@ app.get("/order/:productId/:quantity/", authenticatedHandler, (req, res) => {
quantity: req.params.quantity
}
res.render('order', dict)
res.render('order', dict);
});
})
});
// Order Success Page
app.get("/order_success/:trackingnumber", authenticatedHandler, (req, res) => {
let dict = {
title: "Bestellung erfolgreich",
trackingnumber: req.params.trackingnumber
}
res.render('order_success', dict)
})
res.render('order_success', dict);
});
// Order POST Request
app.post("/order", authenticatedHandler, (req, res) => {
let productId = req.body.productId;
let quantity = req.body.quantity;
@@ -179,51 +176,56 @@ app.post("/order", authenticatedHandler, (req, res) => {
result = JSON.parse(JSON.stringify(result))[0];
if(quantity > result.quantity){
res.redirect(`/order/${productId}/${quantity}/`)
res.redirect(`/order/${productId}/${quantity}/`);
}else{
order_trackingnumber = uuid.v4()
mysql_handler.createOrder(userId, order_trackingnumber, 0, productId, quantity)
order_trackingnumber = uuid.v4();
mysql_handler.createOrder(userId, order_trackingnumber, 0, productId, quantity) ;
res.redirect("/order_success/" + order_trackingnumber)
res.redirect("/order_success/" + order_trackingnumber);
}
});
})
});
// Admin
app.get("/admin/product/delete/:productId", authenticatedHandler, (req, res) => {
if(req.isAdmin){
productId = req.params.productId
productId = req.params.productId;
mysql_handler.con.query(`DELETE FROM products WHERE id=${productId}`, function(err, result){
if(err) console.log(err);
});
}
})
});
// AUTH
// Authentication
// Logout
app.get("/logout/", authenticatedHandler, (req, res) => {
res.clearCookie("authcookie")
res.redirect("/")
})
res.clearCookie("authcookie"); // Clear cookie
res.redirect("/");
});
// Register Page
app.get("/register/:error?", notAuthenticatedHandler, (req, res) => {
let dict = {
title: "Register",
error: req.params.error
}
res.render('register', dict)
})
res.render('register', dict);
});
// Login Page
app.get("/login/:error?", notAuthenticatedHandler, (req, res) => {
let dict = {
title: "Login",
error: req.params.error
}
res.render('login', dict)
})
res.render('login', dict);
});
// Register POST Request
app.post("/auth/register", notAuthenticatedHandler,(req, res) =>{
// Get data from POST request
let username = req.body.username;
let email = req.body.email;
let password1 = req.body.password1;
@@ -237,51 +239,52 @@ app.post("/auth/register", notAuthenticatedHandler,(req, res) =>{
let cityName = req.body.cityName;
let country = req.body.country;
error = ""
let error = ""; // Error message
if(password1 != password2){
if(password1 != password2){ // If passwords don't match
error += "Passwörter sind unterschiedlich!";
}else if(password1.length < 8){
error += "Passwort muss mindestens 8 Zeichen lang sein!"
}else if(password1.length < 8){ // If password is too short
error += "Passwort muss mindestens 8 Zeichen lang sein!";
}
if(username.length < 3){
if(username.length < 3){ // If username is too short
error += "<br> Der Benutzername muss mindestens 3 Zeichen lang sein!";
}else if(username.length > 30){
}else if(username.length > 30){ // If username is too long
error += "<br> Der Benutzername darf maximal 30 Zeichen lang sein!";
}
if(error != ""){
res.redirect(`/register/${error}`)
if(error != ""){ // If there is an error
res.redirect(`/register/${error}`); // Redirect to register page with error message
}else{
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(password1, salt, function(err, hash){
bcrypt.genSalt(10, function(err, salt) { // Generate salt
bcrypt.hash(password1, salt, function(err, hash){ // Hash password
mysql_handler.createUser(username, email, hash, firstname, lastname, gender, street, housenumber, postcode, cityName, country);
res.redirect(`/login/`)
})
})
res.redirect(`/login/`);
});
});
}
})
});
// Login POST Request
app.post("/auth/login", notAuthenticatedHandler, (req, res) =>{
// Get data from POST request
let username = req.body.username;
let password = req.body.password;
error = ""
error = "" // Error message
mysql_handler.con.query(`SELECT * FROM users WHERE username = "${username}"`, function(err, result){
if(err){
mysql_handler.con.query(`SELECT * FROM users WHERE username = "${username}"`, function(err, result){ // Get user from database
if(err){ // If there is an error
error = "Login-Daten falsch!"
}else{
if(JSON.parse(JSON.stringify(result))[0]){
user = JSON.parse(JSON.stringify(result))[0]
dbPassword = user.password;
}else{ // If there is no error
result = JSON.parse(JSON.stringify(result))[0]; // Parse result from database
if(result){ // If there is a user
user = result; // Set user
dbPassword = user.password; // Get password from database
bcrypt.compare(password, dbPassword, function(err, matched){
bcrypt.compare(password, dbPassword, function(err, matched){ // Compare password
if(err) console.log(err);
if(matched){
// login
if(matched){ // If password matches
// Set cookie
const token = jwt.sign({user:user.id}, SECRET_KEY)
res.cookie('authcookie', token, {maxAge: 90000000, httpOnly: true})
res.redirect(`/`)
@@ -289,18 +292,16 @@ app.post("/auth/login", notAuthenticatedHandler, (req, res) =>{
error = "Login-Daten falsch!"
}
})
}else{
error = "Login-Daten falsch!"
}
}
if(error != ""){
if(error != ""){ // If there is an error
res.redirect(`/login/${error}`)
}
});
})
app.listen(port, () =>{
app.listen(port, () =>{ // Start server
console.log("Listining to " + port)
})

146
mysql_handler.js
View File

@@ -1,5 +1,4 @@
let mysql = require('mysql')
let connected = false;
const mysql = require('mysql')
// TODO check here for errors and do not let the db throw an error in order to give the user feedback
@@ -9,114 +8,107 @@ con.query("SELECT * FROM users", function(err, result){
}
console.log(result);
});
*/
let con = mysql.createConnection({
let con = mysql.createConnection({ // TODO: change to config file
host: "localhost",
user: "onlineshop",
password: "TestUser321",
password: "TestUser321", // TODO: DO NOT STORE PASSWORDS IN THE CODE
database: "onlineshop"
});
con.connect(function(err){
con.connect(function(err){ // Connect to the database
if(err) throw err;
console.log("Connected to MySQL!");
connected = true
//createUser("dertyp", "address@email.com", "password", "Janis", "Meister", "Herr");
//createAddress("street", "1", "postcode", "city", "country", 18)
//createSeller("TEST", "test")
//createProduct("name", 1.2, "description", 2, 2, 1, 1)
//createReview("TESt", "Content", 6, 18, 1)
//createOrder(18, "tasddadse");
//createOrderProduct(1.5, 5, 1, 1)
})
function isConnected(){
if(connected){
return true;
}else{
console.log("not connected to mysql")
// Check if database is connected
if(con.state === 'disconnected'){
return false;
}
return true;
}
function sendQuery(sql){
if(isConnected){
con.query(sql, function(err, result){
if(err){
console.log(err);
return false;
}
return result;
});
}
}
// CREATES
function createOrder(userId, trackingnumber, received, productId, quantity){
con.query(`INSERT INTO order_status(received, trackingnumber) VALUES (${received}, '${trackingnumber}')`, function(err, result){
// Create Order database structure
function createOrder(userId, trackingnumber, received, productId, quantity){ // TODO: add date
// create order status
con.query(`INSERT INTO order_status(received, trackingnumber) VALUES (${received}, '${trackingnumber}')`, (err, result) => {
if(err) console.log(err);
con.query(`INSERT INTO orders(userId, order_statusId)
VALUES ((SELECT id FROM users WHERE id='${userId}'), (SELECT id FROM order_status WHERE trackingnumber='${trackingnumber}'))`, function(err, result){
// create order
con.query(`INSERT INTO orders(userId, order_statusId) VALUES ((SELECT id FROM users WHERE id='${userId}'),
(SELECT id FROM order_status WHERE trackingnumber='${trackingnumber}'))`, function(err, result){
// create order_product
con.query(`SELECT orders.id FROM orders LEFT JOIN order_status ON orders.order_statusId=order_status.id WHERE order_status.trackingnumber='${order_trackingnumber}'`, function(err, result){
if(err) console.log(err);
order = JSON.parse(JSON.stringify(result))[0];
order = JSON.parse(JSON.stringify(result))[0]; // parse result to json
if(order != undefined){ // if order is not undefined
con.query(`SELECT * FROM products WHERE id=${productId}`, (err, result) => { // get product
if(err) console.log(err);
con.query(`SELECT * FROM products WHERE id=${productId}`, (err, result) => {
if(err) console.log(err);
product = JSON.parse(JSON.stringify(result))[0];
product = JSON.parse(JSON.stringify(result))[0]; // parse result to json
con.query(`UPDATE products SET quantity=quantity-${quantity} WHERE id=${productId}`, (err, result) => {
con.query(`INSERT INTO order_products(price, quantity, productId, orderId)
VALUES ('${product.price}','${quantity}',
(SELECT id FROM products WHERE id='${product.id}'), (SELECT id FROM orders WHERE id='${order.id}'))`, (err, result) => {
if(err) console.log(err);
})
})
})
})
})
})
// update old product quantity
con.query(`UPDATE products SET quantity=quantity-${quantity} WHERE id=${productId}`, (err, result) => {
// create order_product
con.query(`INSERT INTO order_products(price, quantity, productId, orderId)
VALUES ('${product.price}','${quantity}',
(SELECT id FROM products WHERE id='${product.id}'), (SELECT id FROM orders WHERE id='${order.id}'))`, (err, result) => {
if(err) console.log(err);
});
});
});
}
});
});
});
}
function createReview(title, content, rating, userID, productId){
sendQuery(`INSERT INTO reviews(title, content, rating, userID, productId)
// Create Review
function createReview(title, content, rating, userID, productId){ // TODO: add date
con.query(`INSERT INTO reviews(title, content, rating, userID, productId)
VALUES ('${title}','${content}','${rating}',
(SELECT id FROM users WHERE id='${userID}'), (SELECT id FROM products WHERE id='${productId}'))`);
(SELECT id FROM users WHERE id='${userID}'), (SELECT id FROM products WHERE id='${productId}'))`, (err, result) => {
if(err) console.log(err);
});
}
// Create Product
function createProduct(name, price, description, quantity, delivery_time, sellerId, categoryId){
sendQuery(`INSERT INTO products(name, price, description, quantity, delivery_time, sellerId, categoryId)
VALUES ('${name}',${price},'${description}','${quantity}','${delivery_time}',
(SELECT id FROM sellers WHERE id='${sellerId}'), (SELECT id FROM categories WHERE id='${categoryId}'))`);
con.query(`INSERT INTO products(name, price, description, quantity, delivery_time, sellerId, categoryId)
VALUES ('${name}',${price},'${description}','${quantity}','${delivery_time}',
(SELECT id FROM sellers WHERE id='${sellerId}'), (SELECT id FROM categories WHERE id='${categoryId}'))`, (err, result) => {
if(err) console.log(err);
});
}
function createCategory(name){
sendQuery(`INSERT INTO categories(name) VALUES ('${name}')`);
}
function createSeller(name, description){
sendQuery(`INSERT INTO sellers(name, description) VALUES ('${name}', '${description}')`);
}
function createUser(username, email, password, firstname, lastname, gender, street, housenumber, postcode, cityName, country){
con.query(`INSERT INTO users(username, email, password) VALUES ('${username}','${email}','${password}')`, function(err, result){
// Create User database structure
function createUser(username, email, password, firstname, lastname, gender, street, housenumber, postcode, cityName, country){ // TODO: Better error handling if something goes wrong in progress
// Create User
con.query(`INSERT INTO users(username, email, password) VALUES ('${username}','${email}','${password}')`, (err, result) =>{
if(err){
console.log(err);
}else if(result){
sendQuery(`INSERT INTO userinfos(firstname, lastname, gender, userId) VALUES ('${firstname}','${lastname}','${gender}',
(SELECT id FROM users WHERE username='${username}' AND email='${email}'))`);
console.log(`User created: ${username}!`)
// Create User Info
con.query(`INSERT INTO userinfos(firstname, lastname, gender, userId) VALUES ('${firstname}','${lastname}','${gender}',
(SELECT id FROM users WHERE username='${username}' AND email='${email}'))`, (err, result) => {
if(err) console.log(err);
});
sendQuery(`INSERT INTO cities(name, postcode) VALUES ('${cityName}', '${postcode}')`);
// Create City
con.query(`INSERT INTO cities(name, postcode) VALUES ('${cityName}', '${postcode}')`, (err, result) => {
if(err) console.log(err);
});
sendQuery(`INSERT INTO addresses(street, housenumber, country, userId, cityId) VALUES ('${street}','${housenumber}','${country}',
(SELECT id FROM users WHERE username='${username}'), (SELECT id FROM cities WHERE name='${cityName}' AND postcode='${postcode}'))`);
// Create Address
con.query(`INSERT INTO addresses(street, housenumber, country, userId, cityId) VALUES ('${street}','${housenumber}','${country}',
(SELECT id FROM users WHERE username='${username}'), (SELECT id FROM cities WHERE name='${cityName}' AND postcode='${postcode}'))`, (err, result) => {
if(err) console.log(err);
});
console.log(`User created: ${username}!`);
}
});
}
@@ -124,6 +116,6 @@ function createUser(username, email, password, firstname, lastname, gender, stre
module.exports = {
sendQuery, createOrder, createReview,
createProduct, createCategory, createSeller, createUser, con
createOrder, createReview, isConnected,
createProduct, createUser, con
}