311_wk6_day2_authentication/controllers/auth.js at master · AustinCodingAcademy/311_wk6_day2_authentication · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
1const axios = require('axios')
const mysql = require('mysql')
const bcrypt = require('bcrypt')
const jwt = require('jsonwebtoken')
const pool = require('../sql/connection')
const { handleSQLError } = require('../sql/error')

// for bcrypt
const saltRounds = 10

// const signup = (req, res) => {
//   const { username, password } = req.body
//   let sql = "INSERT INTO usersCredentials (username, password) VALUES (?, ?)"

//   bcrypt.hash(password, saltRounds, function(err, hash) {
//     sql = mysql.format(sql, [ username, hash ])

//     pool.query(sql, (err, result) => {
//       if (err) {
//         if (err.code === 'ER_DUP_ENTRY') return res.status(409).send('Username is taken')
//         return handleSQLError(res, err)
//       }
//       return res.send('Sign-up successful')
//     })
//   })
// }

const login = (req, res) => {
  const { username, password } = req.body

  axios(`https://${process.env.AUTH0_DOMAIN}/oauth/token`, {
    method: 'POST',
    headers: {
      'content-type': 'application/json'
    },
    data: {
      grant_type: 'password',
      username: username,
      password: password,
      audience: process.env.AUTH0_IDENTITY,
      connection: 'Username-Password-Authentication',
      client_id: process.env.AUTH0_CLIENT_ID,
      client_secret: process.env.AUTH0_CLIENT_SECRET
    }
  })
  .then(response => {
    const { access_token } = response.data
    res.json({
      access_token
    })
  })
  .catch(e => {
    res.send(e)
  })

  // let sql = "SELECT * FROM usersCredentials WHERE username = ?"
  // sql = mysql.format(sql, [ username ])

  // pool.query(sql, (err, rows) => {
  //   if (err) return handleSQLError(res, err)
  //   if (!rows.length) return res.status(404).send('No matching users')

  //   const hash = rows[0].password
  //   bcrypt.compare(password, hash)
  //     .then(result => {
  //       if (!result) return res.status(400).send('Invalid password')

  //       const data = { ...rows[0] }
  //       data.password = 'REDACTED'

  //       const token = jwt.sign(data, 'secret')
  //       res.json({
  //         msg: 'Login successful',
  //         token
  //       })
  //     })
  // })
}

module.exports = {
  // signup,
  login
}