diff --git a/index.js b/index.js index 6ab9d73..d075d5e 100644 --- a/index.js +++ b/index.js @@ -7,6 +7,7 @@ const pathFunctions = require('./mainJS/pathFunctions'); const createFormFuctions = require('./mainJS/creatingForms'); const saveForm = require('./mainJS/saveForm'); const downloadPDFisInBulk = require('./mainJS/downloadPDFisInBulk'); +const apiFunctions = require('./mainJS/apiFunctions'); const rateLimiter = require('./mainJS/rateLimiter.js').databaseAccessLimiter; const imageLimiter = require('./mainJS/rateLimiter.js').imageLimiter; @@ -80,6 +81,10 @@ app.post('/formMaker/sendCodeEmail', rateLimiter ,createFormFuctions.sendCodeEma app.post('/formMaker/confirmEmailWithCode', rateLimiter, createFormFuctions.confirmEmailWithCode); app.post('/formMaker/passwordReset', rateLimiter, createFormFuctions.passwordReset); +// api routes +app.post('/api/addUsertoFormMaker', [rateLimiter, apiFunctions.checkAPI_KEY], apiFunctions.addUsertoFormMaker); +app.post('/api/accessUserForms', [rateLimiter, apiFunctions.checkAPI_KEY], apiFunctions.accessUserForms); + // Making the form maker page app.get('/formMaker', createFormFuctions.formMakerLogin); diff --git a/mainJS/apiFunctions.js b/mainJS/apiFunctions.js new file mode 100644 index 0000000..7e0e256 --- /dev/null +++ b/mainJS/apiFunctions.js @@ -0,0 +1,65 @@ +// Description: This file contains all the functions that will be used for api routes +// Api is for people who want to use the form maker to make forms for their own website + +const schemas = require('../schemas/schemas'); + +async function checkAPI_KEY(req, res, next) { + const apiKey = req.body.apiKey; + if (apiKey != process.env.API_KEY) return res.status(403).send('Not authorized'); + next(); +} + +// allows to add an user to the form maker, using what the api user provides as the email and password +async function addUsertoFormMaker(req, res){ + const email = req.body.email; + const password = req.body.password; + + if (email == undefined || password == undefined) return res.status(400).send('Email or password cannot be empty'); + if (email == '' || password == '') return res.status(400).send('Email or password cannot be empty'); + + // check if the email is already in the database + var doesItExist = await schemas.formMakerUsers.findOne({ + 'email': { $eq: email } + }); + + // if it is already in the database, return an error + if (doesItExist != null) return res.status(400).send('Account has already been made'); + + // make a new user + const newUser = new schemas.formMakerUsers({ + email: email, + password: password, + forms: [], + }); + + newUser.save(); + return res.status(200).send('Account made'); +} + +async function accessUserForms(req, res) { + const email = req.body.email; + const password = req.body.password; + + if (email == undefined || password == undefined) return res.status(400).send('Email or password cannot be empty'); + if (email == '' || password == '') return res.status(400).send('Email or password cannot be empty'); + + // check if the email is already in the database + var doesItExist = await schemas.formMakerUsers.findOne({ + 'email': { $eq: email } + }); + + // if it is already in the database, return an error + if (doesItExist == null) return res.status(400).send('Account does not exist'); + + // check if the password is correct + if (doesItExist.password != password) return res.status(400).send('Email or password is incorrect'); + + // return the forms + return res.status(200).send(doesItExist.forms); +} + +module.exports = { + addUsertoFormMaker, + accessUserForms, + checkAPI_KEY +} \ No newline at end of file diff --git a/mainJS/creatingForms.js b/mainJS/creatingForms.js index 2cb76ea..7d3e661 100644 --- a/mainJS/creatingForms.js +++ b/mainJS/creatingForms.js @@ -204,6 +204,7 @@ async function sendCodeEmail(req, res) { var code = crypto.randomBytes(8).toString('hex'); var expireDate = new Date(); expireDate.setHours(expireDate.getHours() + 1); + if (doesItExist == undefined || doesItExist == null) { // make a new user and send the email const newUser = new schemas.formMakerUsers({