require('dotenv').config(); // โหลดค่าตัวแปรจากไฟล์ .env
const express = require('express');
const mysql = require('mysql2/promise');
const bcrypt = require('bcryptjs');
const session = require('express-session');
const cookieParser = require('cookie-parser');
const path = require('path');
const app = express();
// Middleware สำหรับ parse cookie และ JSON
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(cookieParser());
// Session configuration
app.use(session({
secret: process.env.DB_SESSION || 'melon',
resave: false,
saveUninitialized: true,
cookie: {
secure: process.env.NODE_ENV === 'production',
httpOnly: true,
maxAge: 1000 * 60 * 60 * 24
}
}));
// Database configuration
const pool = mysql.createPool({
host: process.env.DB_HOST || "10.104.20.74",
port: process.env.DB_PORT || "3306",
user: process.env.DB_USER || "root",
password: process.env.DB_PASSWORD || "TNSypb73606",
database: process.env.DB_NAME || "project",
waitForConnections: true,
connectionLimit: 10,
queueLimit: 0
});
// ทดสอบการเชื่อมต่อกับฐานข้อมูล
pool.getConnection()
.then(connection => {
console.log('✅ Database connected successfully!');
connection.release();
})
.catch(err => {
console.error('❌ Database connection failed:', err);
process.exit(1); // หยุดโปรแกรมหากเชื่อมต่อไม่สำเร็จ
});
// Static file serving
app.use(express.static(path.join(__dirname, 'public')));
// Session และ routes
app.get('/', (req, res) => {
if (req.session.user) {
res.locals.user = req.session.user; // ส่งข้อมูล user จาก session ไปยัง template
res.sendFile(path.join(__dirname, 'public', 'index.html'));
} else {
res.redirect('/login');
}
});
// Routes สำหรับ login และ register
app.get('/login', (req, res) => res.sendFile(path.join(__dirname, 'public', 'login.html')));
app.get('/register', (req, res) => res.sendFile(path.join(__dirname, 'public', 'register.html')));
app.get('/post-product', (req, res) => res.sendFile(path.join(__dirname, 'public', 'post-product.html')));
// Logout route
app.get('/logout', (req, res) => {
req.session.destroy((err) => {
if (err) {
console.error('Logout error:', err);
return res.status(500).send('Logout failed');
}
res.redirect('/login');
});
});
// User Registration
app.post('/register', async (req, res) => {
const { email, password } = req.body;
if (!email || !password) return res.status(400).json({ error: 'All fields are required' });
try {
const [existingUser] = await pool.query('SELECT * FROM users WHERE email = ?', [email]);
if (existingUser.length > 0) return res.status(400).json({ error: 'Email already exists' });
const hashedPassword = await bcrypt.hash(password, 10);
await pool.query('INSERT INTO users (email, password) VALUES (?, ?)', [email, hashedPassword]);
res.redirect('/login');
} catch (error) {
console.error('❌ Registration failed:', error);
res.status(500).json({ error: 'Registration failed' });
}
});
// User Login
app.post('/login', async (req, res) => {
const { email, password } = req.body;
try {
const connection = await pool.getConnection();
const [rows] = await connection.query('SELECT * FROM users WHERE email = ?', [email]);
connection.release();
if (rows.length > 0) {
const match = await bcrypt.compare(password, rows[0].password);
if (match) {
req.session.user = { id: rows[0].user_id, email: rows[0].email };
res.redirect('/');
} else {
res.status(400).send('Invalid password');
}
} else {
res.status(400).send('User not found');
}
} catch (err) {
console.error('Login error:', err);
res.status(500).send('Login failed');
}
});
app.post('/api/products', async (req, res) => {
if (!req.session.user) {
return res.status(401).send('User not logged in');
}
const { product_name, product_price, product_img } = req.body;
const userId = req.session.user.id; // ใช้ข้อมูล user จาก session
if (!product_name || !product_price || !product_img) {
return res.status(400).send('All fields are required');
}
try {
// Insert ข้อมูลสินค้าในฐานข้อมูล
const query = 'INSERT INTO products (product_name, product_price, product_img, user_id) VALUES (?, ?, ?, ?)';
await pool.query(query, [product_name, product_price, product_img, userId]);
res.status(200).send('Product posted successfully');
} catch (error) {
console.error('Error adding product:', error);
res.status(500).send('Error posting product');
}
});
// ตัวอย่างของการดึงข้อมูลสินค้าใน Node.js (Express)
app.get('/api/products', async (req, res) => {
const searchQuery = req.query.search || ''; // รับคำค้นจาก query string
try {
// ดึงข้อมูลสินค้าจากฐานข้อมูล (สามารถเพิ่มการค้นหาจาก searchQuery ได้)
const query = `SELECT product_id, product_name, product_img, product_price FROM products WHERE product_name LIKE ?`;
const [rows] = await pool.query(query, [`%${searchQuery}%`]);
res.json(rows); // ส่งข้อมูลสินค้าเป็น JSON
} catch (error) {
console.error('Error fetching products:', error);
res.status(500).send('Error fetching products');
}
});
app.get('/api/getUser', (req, res) => {
if (!req.session.user) { // ตรวจสอบว่า user ได้ล็อกอินหรือยัง
return res.status(401).send('User not logged in');
}
const user = req.session.user; // สมมติว่าใช้ session ในการจัดการการล็อกอิน
res.json({ email: user.email }); // ส่งกลับอีเมลของผู้ใช้
});
// Fetch products of logged-in user
app.get('/api/user/products', (req, res) => {
if (!req.session.user) {
return res.status(401).send('User not logged in');
}
const userId = req.session.user.id;
pool.query('SELECT * FROM products WHERE user_id = ?', [userId], (err, results) => {
if (err) return res.status(500).send('Error fetching user products');
res.json(results);
});
});
// Fetch all products
app.get('/api/products', (req, res) => {
pool.query('SELECT * FROM products', (err, results) => {
if (err) return res.status(500).send('Error fetching products');
res.json(results);
});
});
// Start server
const port = process.env.PORT || 3000;
app.listen(port, () => {
console.log(`🚀 Server started on port ${port}`);
});