added nodemon to automate starting the server.js when i changed some codes

.env

@@ -0,0 +1,6 @@
+JWT_SECRET_KEY=your_secret_key_here
+TOKEN_HEADER_KEY=auth-token
+DB_HOST=localhost
+DB_USER=root
+DB_PASSWORD=12345678
+DB_NAME=popcen

api/routes/popcen.js

@@ -0,0 +1,23 @@
+const express = require("express");
+const router = express.Router();
+const db = require("../../config/db");
+const verifyToken = require("../../middlewares/authMiddleware");
+
+router.get("/", verifyToken, (req, res) => {
+  const caseidPattern = req.query.caseidPattern + "%";
+  const batchno = parseInt(req.query.batchno, 10) || 1;
+  const sql =
+    "SELECT id, uuid, caseid, modified_time FROM popcen WHERE caseid LIKE ? LIMIT ? OFFSET ?";
+  const limit = 1000;
+  const offset = (batchno - 1) * limit;
+
+  db.query(sql, [caseidPattern, limit, offset], (err, results) => {
+    if (err) {
+      console.error(err);
+      return res.status(500).send("Server error");
+    }
+    res.json({ batchno, results });
+  });
+});
+
+module.exports = router;

api/routes/popcenCount.js

@@ -0,0 +1,19 @@
+const express = require("express");
+const router = express.Router();
+const db = require("../../config/db");
+const verifyToken = require("../../middlewares/authMiddleware");
+
+router.get("/", verifyToken, (req, res) => {
+  const caseidPattern = req.query.caseidPattern + "%";
+  const sql = "SELECT COUNT(id) AS count FROM popcen WHERE caseid LIKE ?";
+
+  db.query(sql, [caseidPattern], (err, results) => {
+    if (err) {
+      console.error(err);
+      return res.status(500).send("Server error");
+    }
+    res.json(results[0].count);
+  });
+});
+
+module.exports = router;

api/routes/register.js

@@ -0,0 +1,48 @@
+const express = require("express");
+const router = express.Router();
+const bcrypt = require("bcrypt"); // bcrypt for password hashing
+const db = require("../../config/db");
+
+// User registration endpoint
+router.post("/", async (req, res) => {
+  const { username, password } = req.body;
+
+  if (!username || !password) {
+    return res.status(400).send("Username and password are required");
+  }
+
+  // Check if the username already exists
+  const sqlCheck = "SELECT * FROM tbl_user WHERE username = ?";
+  db.query(sqlCheck, [username], async (err, results) => {
+    if (err) {
+      console.error(err);
+      return res.status(500).send("Server error");
+    }
+
+    if (results.length > 0) {
+      return res.status(400).send("Username already exists");
+    }
+
+    try {
+      // Hash the password using bcrypt
+      const saltRounds = 10;
+      const hashedPassword = await bcrypt.hash(password, saltRounds);
+
+      // Insert the new user into the database with the hashed password
+      const sqlInsert = "INSERT INTO tbl_user (username, password) VALUES (?, ?)";
+      db.query(sqlInsert, [username, hashedPassword], (err, result) => {
+        if (err) {
+          console.error(err);
+          return res.status(500).send("Server error");
+        }
+
+        res.status(201).send("User registered successfully");
+      });
+    } catch (error) {
+      console.error(error);
+      res.status(500).send("Error registering user");
+    }
+  });
+});
+
+module.exports = router;

api/routes/user.js

@@ -0,0 +1,44 @@
+const express = require("express");
+const router = express.Router();
+const jwt = require("jsonwebtoken");
+const bcrypt = require("bcrypt");
+const db = require("../../config/db");
+
+// User login endpoint
+router.post("/login", (req, res) => {
+  const { username, password } = req.body;
+
+  if (!username || !password) {
+    return res.status(400).send("Username and password are required");
+  }
+
+  const sql = "SELECT * FROM tbl_user WHERE username = ?";
+  db.query(sql, [username], async (err, results) => {
+    if (err) {
+      console.error(err);
+      return res.status(500).send("Server error");
+    }
+
+    if (results.length === 0) {
+      return res.status(401).send("Invalid credentials");
+    }
+
+    const user = results[0];
+
+    // Compare provided password with the hashed password in the database
+    const isMatch = await bcrypt.compare(password, user.password);
+    
+    if (isMatch) {
+      let jwtSecretKey = process.env.JWT_SECRET_KEY || "defaultSecretKey";
+      let data = { userId: user.id, username: user.username };
+
+      // Create JWT token
+      const token = jwt.sign(data, jwtSecretKey, { expiresIn: "1d" });
+      return res.json({ token });
+    } else {
+      return res.status(401).send("Invalid credentials");
+    }
+  });
+});
+
+module.exports = router;

app.js

@@ -1,10 +0,0 @@
-const express = require('express')
-
-const app = express();
-
-const productRoutes = require('./api/routes/products')
-
-app.use('/products')
-
-
-module.exports = app;

config/db.js

@@ -0,0 +1,21 @@
+const mysql = require("mysql2");
+const dotenv = require("dotenv");
+
+dotenv.config();
+
+const db = mysql.createConnection({
+  host: process.env.DB_HOST,
+  user: process.env.DB_USER,
+  password: process.env.DB_PASSWORD,
+  database: process.env.DB_NAME,
+});
+
+db.connect((err) => {
+  if (err) {
+    console.error("Database connection failed:", err.stack);
+    return;
+  }
+  console.log("Connected to the MySQL database.");
+});
+
+module.exports = db;

middlewares/authMiddleware.js

@@ -0,0 +1,21 @@
+const jwt = require("jsonwebtoken");
+
+const verifyToken = (req, res, next) => {
+  const token = req.header("Authorization");
+
+  if (!token) {
+    return res.status(403).send("A token is required for authentication");
+  }
+
+  try {
+    const jwtSecretKey = process.env.JWT_SECRET_KEY || "default_secret_key";
+    const decoded = jwt.verify(token.replace("Bearer ", ""), jwtSecretKey);
+    req.user = decoded;
+  } catch (err) {
+    return res.status(401).send("Invalid Token");
+  }
+
+  return next();
+};
+
+module.exports = verifyToken;

package.json

@@ -4,14 +4,19 @@
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
-    "start": "node server.js"
+    "start": "nodemon server.js"
   },
   "author": "F04C, Michael, Ronmel",
   "license": "ISC",
   "dependencies": {
+    "bcrypt": "^5.1.1",
+    "bcryptjs": "^2.4.3",
+    "dotenv": "^16.4.5",
     "express": "^4.21.0",
+    "jsonwebtoken": "^9.0.2",
     "mysql": "^2.18.1",
-    "mysql2": "^3.11.3"
+    "mysql2": "^3.11.3",
+    "nodemon": "^3.1.6"
   },
   "keywords": [],
   "description": ""

server.js

@@ -1,59 +1,49 @@
-const express = require('express');
-const mysql = require('mysql2');
+const express = require("express");
+const dotenv = require("dotenv");
+const bodyParser = require("body-parser");
+const jwt = require("jsonwebtoken");
 
+// Initialize app
 const app = express();
 
-const db = mysql.createConnection({
-    host: 'localhost',
-    user: 'root',
-    password: '12345678',
-    database: 'popcen', 
-   
-    authPlugins: {
-        'caching_sha2_password': mysql.authPlugins.caching_sha2_password
-    }
-});
+// Load environment variables from .env file
+dotenv.config();
 
-db.connect((err) => {
-    if (err) {
-        console.error('Database connection failed:', err.stack);
-        return;
-    }
-    console.log('Connected to the MySQL database.');
-});
+// Middleware for parsing JSON
+app.use(bodyParser.json());
 
+// Middleware to check JWT token for protected routes
+const authenticateToken = (req, res, next) => {
+  const token = req.header("Authorization")?.split(" ")[1]; // Get token from header
 
-app.get('/popcen', (req, res) => {
+  if (!token) {
+    return res.status(403).send("A token is required for authentication");
+  }
 
-    const caseidPattern = req.query.caseidPattern + '%';
-    const batchno = parseInt(req.query.batchno, 10) || 1; 
-    const sql = 'SELECT id, uuid, caseid, modified_time FROM popcen WHERE caseid LIKE ? LIMIT ? OFFSET ?';
-    const limit = 1000;
-    const offset = (batchno - 1) * limit;
-    db.query(sql, [caseidPattern, limit, offset], (err, results) => {
-        if (err) {
-            console.error(err);
-            return res.status(500).send('Server error');
-        }
-        res.json(results);
-    });
-});
+  try {
+    const jwtSecretKey = process.env.JWT_SECRET_KEY || "defaultSecretKey";
+    const verified = jwt.verify(token, jwtSecretKey);
+    req.user = verified; // Store user data in req object
+  } catch (err) {
+    return res.status(401).send("Invalid token");
+  }
+  next();
+};
 
+// Import routes
+const popcenRoutes = require("./api/routes/popcen");
+const popcenCountRoutes = require("./api/routes/popcenCount");
+const userRoutes = require("./api/routes/user");
+const registerRoutes = require("./api/routes/register"); // Register route
 
+// Use routes
+app.use("/user", userRoutes);
+app.use("/user/register", registerRoutes);
+app.use("/popcen", authenticateToken, popcenRoutes); // Protect popcen routes with JWT
+app.use("/popcenCount", authenticateToken, popcenCountRoutes); // Protect popcenCount routes
 
-app.get('/popcenCount', (req, res) => {
-    const caseidPattern = req.query.caseidPattern + '%';
-    const sql = 'SELECT COUNT(id) AS count FROM popcen WHERE caseid LIKE ?';
-    db.query(sql, [caseidPattern], (err, results) => {
-        if (err) {
-            console.error(err);
-            return res.status(500).send('Server error');
-        }
-        res.json(results[0].count);
-    });
-});
-
-const PORT = 3000;
+// Start server
+const PORT = process.env.PORT || 3000;
 app.listen(PORT, () => {
-    console.log(`Server is running on port ${PORT}`);
+  console.log(`Server is running on port ${PORT}`);
 });

todo.txt

@@ -0,0 +1,5 @@
+routes for sign up (insert data to db) /signup
+
+routes for login (get creds from db to generate token) /login
+
+routes for authenticated reqs (py app passing token in header) /validateToken