37 lines
1 KiB
JavaScript
37 lines
1 KiB
JavaScript
const express = require('express');
|
|
const jwt = require('jsonwebtoken');
|
|
const cors = require('cors');
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(cors())
|
|
|
|
const SECRET = "weak-secret";
|
|
|
|
const users = [
|
|
{ id: 1, username: "admin", role: "admin", password: "admin" },
|
|
{ id: 2, username: "user", role: "user", password: "user" }
|
|
];
|
|
|
|
app.post('/login', (req, res) => {
|
|
const { username, password } = req.body;
|
|
const user = users.find(u => u.username === username && u.password === password);
|
|
if (!user) return res.status(401).send("Invalid");
|
|
|
|
const token = jwt.sign({ id: user.id, role: user.role }, SECRET);
|
|
res.json({ token });
|
|
});
|
|
|
|
app.get('/profile', (req, res) => {
|
|
const token = req.headers.authorization?.split(" ")[1];
|
|
const decoded = jwt.decode(token);
|
|
const user = users.find(u => u.id === decoded.id);
|
|
res.json(user);
|
|
});
|
|
|
|
app.get('/users/:id', (req, res) => {
|
|
const user = users.find(u => u.id == req.params.id);
|
|
res.json(user);
|
|
});
|
|
|
|
app.listen(3000, () => console.log("API running on port 3000"));
|