angular security course

Author: Your Name

server/login.route.ts

@@ -0,0 +1,74 @@
+
+
+import {Request, Response} from "express";
+import {db} from "./database";
+import * as argon2 from 'argon2';
+import {User} from "../src/app/model/user";
+import {DbUser} from "./db-user";
+import {randomBytes} from "./security.utils";
+import {sessionStore} from "./session-store";
+
+
+
+export function login(req: Request, res: Response) {
+
+    const credentials = req.body;
+
+    const user = db.findUserByEmail(credentials.email);
+
+    if (!user) {
+        res.sendStatus(403);
+    }
+    else {
+        loginAndBuildResponse(credentials, user, res);
+    }
+
+}
+
+async function loginAndBuildResponse(credentials:any, user:DbUser,  res: Response) {
+
+    try {
+
+        const sessionId = await attemptLogin(credentials, user);
+
+        console.log("Login successful");
+
+        res.cookie("SESSIONID", sessionId, {httpOnly:true, secure:true});
+
+        res.status(200).json({id:user.id, email:user.email});
+
+
+    }
+    catch(err) {
+
+        console.log("Login failed!");
+
+        res.sendStatus(403);
+
+    }
+}
+
+
+async function attemptLogin(credentials:any, user:DbUser) {
+
+    const isPasswordValid = await argon2.verify(user.passwordDigest,
+                                                credentials.password);
+
+    if (!isPasswordValid) {
+        throw new Error("Password Invalid");
+    }
+
+    const sessionId = await randomBytes(32).then(bytes => bytes.toString('hex'));
+
+    console.log("sessionId",sessionId );
+
+    sessionStore.createSession(sessionId, user);
+
+    return sessionId;
+}
+
+
+
+
+
+

server/security.utils.ts

@@ -1,6 +1,13 @@
 
+import {User} from "../src/app/model/user";
+import {sessionStore} from "./session-store";
+
+import { Response} from "express";
+
 const util = require('util');
 const crypto = require('crypto');
 
 
 export const randomBytes = util.promisify(crypto.randomBytes);
+
+

server/server.ts

@@ -8,6 +8,7 @@ import {readAllLessons} from "./read-all-lessons.route";
 import {createUser} from "./create-user.route";
 import {getUser} from "./get-user.route";
 import {logout} from "./logout.route";
+import {login} from "./login.route";
 const bodyParser = require('body-parser');
 const cookieParser = require('cookie-parser');
 
@@ -39,6 +40,9 @@ app.route('/api/user')
 app.route('/api/logout')
     .post(logout);
 
+app.route('/api/login')
+    .post(login);
+
 
 if (options.secure) {
 

src/app/login/login.component.ts

@@ -37,11 +37,26 @@ export class LoginComponent implements OnInit {
 
         if (val.email && val.password) {
 
-            //TODO
+            this.authService.login(val.email, val.password)
+                .subscribe(
+                    () => {
+                        console.log("User is logged in");
+                        this.router.navigateByUrl('/');
+                    }
+                );
 
         }
 
 
     }
 
 }
+
+
+
+
+
+
+
+
+

src/app/services/auth.service.ts

@@ -31,7 +31,12 @@ export class AuthService {
         return this.http.post<User>('/api/signup', {email, password})
             .shareReplay()
             .do(user => this.subject.next(user));
+    }
 
+    login(email:string, password:string ) {
+        return this.http.post<User>('/api/login', {email, password})
+            .shareReplay()
+            .do(user => this.subject.next(user));
     }
 
     logout() : Observable<any> {