Gitlab@Informatics
Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
prjcloud_65160270
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
65160270
prjcloud_65160270
Commits
02318cae
Commit
02318cae
authored
3 months ago
by
65160270
Browse files
Options
Downloads
Patches
Plain Diff
update-server
parent
ce81e13b
Branches
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
server.js
+39
-49
39 additions, 49 deletions
server.js
with
39 additions
and
49 deletions
server.js
+
39
−
49
View file @
02318cae
...
...
@@ -6,14 +6,14 @@ const pool = require("./config/database");
require
(
"
dotenv
"
).
config
();
const
app
=
express
();
const
MySQLStore
=
require
(
'
express-mysql-session
'
)(
session
);
const
sessionStore
=
new
MySQLStore
({
clearExpired
:
true
,
checkExpirationInterval
:
900000
,
// 15 นาที
expiration
:
86400000
// 24 ชั่วโมง
checkExpirationInterval
:
900000
,
expiration
:
86400000
},
pool
);
// Middleware isLoggedIn
const
isLoggedIn
=
(
req
,
res
,
next
)
=>
{
if
(
req
.
session
.
user
)
{
next
();
...
...
@@ -22,39 +22,29 @@ const isLoggedIn = (req, res, next) => {
}
};
// Session Configuration
app
.
use
(
session
({
secret
:
process
.
env
.
SESSION_SECRET
||
"
mysecret
"
,
resave
:
false
,
saveUninitialized
:
false
,
store
:
sessionStore
,
rolling
:
true
,
// ต่ออายุ session ทุก request
cookie
:
{
maxAge
:
24
*
60
*
60
*
1000
,
// 24 hours
secure
:
process
.
env
.
NODE_ENV
===
"
production
"
,
// ใช้ secure ถ้าเป็น production
maxAge
:
24
*
60
*
60
*
1000
,
secure
:
false
,
httpOnly
:
true
,
sameSite
:
"
strict
"
},
}));
// Middleware
app
.
use
(
express
.
static
(
path
.
join
(
__dirname
,
"
public
"
)));
app
.
use
(
express
.
json
());
app
.
use
(
express
.
urlencoded
({
extended
:
true
}));
// Middleware เช็ค Session
app
.
use
((
req
,
res
,
next
)
=>
{
console
.
log
(
"
Session Middleware Checked
"
);
console
.
log
(
"
🔹 Session ID:
"
,
req
.
sessionID
);
console
.
log
(
"
🔹 Session Data:
"
,
req
.
session
);
next
();
});
// View Engine
app
.
set
(
"
view engine
"
,
"
ejs
"
);
app
.
set
(
"
views
"
,
path
.
join
(
__dirname
,
"
views
"
));
// Routes
const
orderRoutes
=
require
(
"
./shop-routes/order
"
);
const
cartRoutes
=
require
(
"
./shop-routes/cart
"
);
const
indexRoutes
=
require
(
"
./shop-routes/index
"
);
...
...
@@ -68,13 +58,14 @@ app.use("/", indexRoutes);
app
.
use
(
"
/cart
"
,
cartRoutes
);
app
.
use
(
"
/order
"
,
orderRoutes
);
// Checkout Route
app
.
get
(
'
/order/checkout
'
,
isLoggedIn
,
(
req
,
res
)
=>
{
console
.
log
(
"
Session:
"
,
req
.
session
);
res
.
render
(
'
checkout
'
,
{
user
:
req
.
session
.
user
});
res
.
render
(
'
checkout
'
);
});
app
.
get
(
'
/register
'
,
(
req
,
res
)
=>
{
res
.
render
(
'
register
'
);
});
// Register Route (POST)
app
.
post
(
"
/register
"
,
async
(
req
,
res
)
=>
{
try
{
const
{
email
,
password
,
name
}
=
req
.
body
;
...
...
@@ -84,6 +75,7 @@ app.post("/register", async (req, res) => {
const
hashedPassword
=
await
bcrypt
.
hash
(
password
,
10
);
const
[
existingUser
]
=
await
pool
.
execute
(
"
SELECT * FROM users WHERE email = ?
"
,
[
email
]);
if
(
existingUser
.
length
>
0
)
{
return
res
.
status
(
400
).
json
({
message
:
"
Email is already registered.
"
});
}
...
...
@@ -91,12 +83,14 @@ app.post("/register", async (req, res) => {
await
pool
.
execute
(
"
INSERT INTO users (email, password, name) VALUES (?, ?, ?)
"
,
[
email
,
hashedPassword
,
name
]);
res
.
status
(
201
).
json
({
success
:
true
,
message
:
"
Registration successful.
"
});
}
catch
(
error
)
{
console
.
error
(
"
Registration error:
"
,
error
);
res
.
status
(
500
).
json
({
message
:
"
Registration failed.
"
});
}
});
// Login Route (POST)
app
.
get
(
'
/login
'
,
(
req
,
res
)
=>
{
res
.
render
(
'
login
'
);
});
app
.
post
(
"
/login
"
,
async
(
req
,
res
)
=>
{
try
{
const
{
email
,
password
}
=
req
.
body
;
...
...
@@ -115,64 +109,60 @@ app.post("/login", async (req, res) => {
return
res
.
status
(
400
).
json
({
message
:
"
Invalid email or password.
"
});
}
req
.
session
.
regenerate
((
err
)
=>
{
if
(
err
)
{
console
.
error
(
"
Session regeneration failed:
"
,
err
);
return
res
.
status
(
500
).
json
({
message
:
"
Login failed.
"
});
}
req
.
session
.
user
=
{
id
:
user
.
id
,
email
:
user
.
email
};
res
.
redirect
(
'
/order/checkout
'
);
});
console
.
log
(
"
User logged in:
"
,
req
.
session
);
return
res
.
redirect
(
'
/order/checkout
'
);
}
catch
(
error
)
{
console
.
error
(
"
Login error:
"
,
error
);
res
.
status
(
500
).
json
({
message
:
"
Login failed.
"
});
}
});
// เพิ่มฟังก์ชัน Logout
router
.
get
(
'
/logout
'
,
(
req
,
res
)
=>
{
// Logout Routes
app
.
get
(
"
/logout
"
,
(
req
,
res
)
=>
{
if
(
!
req
.
session
)
{
return
res
.
redirect
(
"
/login
"
);
}
req
.
session
.
destroy
((
err
)
=>
{
if
(
err
)
{
console
.
error
(
"
Logout Error:
"
,
err
);
return
res
.
status
(
500
).
json
({
message
:
"
เกิดข้อผิดพลาดขณะออกจากระบบ
"
});
return
res
.
status
(
500
).
json
({
message
:
"
Logout failed.
"
});
}
res
.
redirect
(
'
/login
'
);
// หรือเปลี่ยนเป็นหน้าหลัก เช่น '/'
res
.
clearCookie
(
'
connect.sid
'
);
console
.
log
(
"
User logged out.
"
);
res
.
redirect
(
"
/login
"
);
});
});
// Logout Route
app
.
post
(
'
/logout
'
,
(
req
,
res
)
=>
{
app
.
post
(
"
/logout
"
,
(
req
,
res
)
=>
{
if
(
!
req
.
session
)
{
return
res
.
status
(
400
).
json
({
message
:
"
No active session.
"
});
}
req
.
session
.
destroy
(
err
=>
{
if
(
err
)
{
return
res
.
status
(
500
).
json
({
message
:
"
Logout failed
"
});
return
res
.
status
(
500
).
json
({
message
:
"
Logout failed
.
"
});
}
res
.
clearCookie
(
'
connect.sid
'
);
console
.
log
(
"
User logged out (POST)
"
);
res
.
status
(
200
).
json
({
message
:
"
Logged out successfully
"
});
});
});
// Search Route (ป้องกัน SQL Injection)
app
.
get
(
"
/search
"
,
async
(
req
,
res
)
=>
{
const
searchQuery
=
req
.
query
.
query
;
try
{
const
sanitizedQuery
=
searchQuery
.
replace
(
/
[
%_
]
/g
,
"
\\
$&
"
);
const
[
results
]
=
await
pool
.
execute
(
"
SELECT * FROM products WHERE name LIKE ? OR description LIKE ?
"
,
[
`%
${
s
anitized
Query
}
%`
,
`%
${
s
anitized
Query
}
%`
]
[
`%
${
s
earch
Query
}
%`
,
`%
${
s
earch
Query
}
%`
]
);
res
.
render
(
"
index
"
,
{
products
:
results
});
}
catch
(
err
)
{
console
.
error
(
err
);
res
.
status
(
500
).
send
(
"
Error retrieving search results
"
);
}
});
// Error handler
app
.
use
((
err
,
req
,
res
,
next
)
=>
{
console
.
error
(
"
Error:
"
,
err
.
stack
);
res
.
status
(
500
).
json
({
message
:
"
Something went wrong.
"
});
});
// Start Server
const
PORT
=
process
.
env
.
PORT
||
3000
;
app
.
listen
(
PORT
,
()
=>
console
.
log
(
`Server running on port
${
PORT
}
`
));
\ No newline at end of file
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment