I have initialized an array "userTasklist". I have pushed the object in this array in .map function. After .map, I have console this Array but array is blank.
Than I have console the object in .map function and all the value print successfully but in Array there are no value. Don't know why.
exports.allUserList = (req, res) => {
let userID = req.params.userid;
const ghusersQuery = "SELECT user_id, name, employee_code FROM users WHERE under_gh = ?";
conn.query(ghusersQuery, [userID], (err, userdata) => {
if (err) {
res.send({ message: err })
} else {
if (userdata && userdata.length > 0) {
let userTasklist = [];
userdata.map((datauser) => {
var objtask = {};
const userDataQuery = "SELECT * FROM tasklist WHERE user_id = ?";
conn.query(userDataQuery, [datauser.user_id], (errnew, taskdata) => {
if (taskdata && taskdata.length > 0) {
objtask = {
userid: datauser.user_id,
tasklist: taskdata
}
userTasklist.push(objtask);
}
})
})
console.log(userTasklist)
res.send({ message: "user list fetched", userdata: userdata, tasklistdata: userTasklist })
} else {
res.send({ message: "Data not found!" })
}
}
})
}
Simplified solution using mysql21 for handling queries as Promises.
exports.allUserList = async (req, res) => {
const { userid } = req.params
const users = await connection.query('SELECT user_id, name, employee_code FROM users WHERE under_gh = ?', [userid])
if (!users.length)
return res.send({ message: "Data not found!" })
// better fetch all relevant tasks in bulk
const tasks = await connection.query('SELECT * FROM tasklist WHERE user_id IN (?)', [users.map(r => r.user_id)])
res.send({ message: "user list fetched", users, tasks })
}
Related
I am getting the below error:
SyntaxError: await is only valid in async function
Also I got the blank array "console.log(userTasklist)".
const mysql = require('mysql2/promise');
// create the connection to database
const connection = async ()=> {
return await mysql.createConnection({
host: 'localhost',
user: 'root',
password: '',
database: 'whosin'
})
}
exports.allUserList = async (req, res) => {
const db = await connection()
let userID = req.params.userid;
const userdata = await db.query('SELECT name, user_id, employee_code FROM users WHERE under_gh = ?', [userID]);
//console.log(userdata[0])
if (userdata[0] && userdata[0].length > 0) {
let userTasklist = [];
userdata[0].map((datauser) => {
var objtask = {};
const taskdata = await db.query("SELECT DATE_FORMAT(created_date, '%Y-%m-%d') as created_date, created_time, tasklist, user_id, DATE_FORMAT(created_by, '%Y-%m-%d') as date, DATE_FORMAT(created_by, '%H:%i:%s') as time FROM tasklist where user_id = ?", [datauser.user_id]);
if (taskdata[0] && taskdata[0].length > 0) {
objtask = {
userid: datauser.user_id,
tasklist: taskdata[0]
}
console.log(objtask);
userTasklist.push(objtask);
}
})
console.log(userTasklist)
//res.send({ message: "user list fetched", userdata: userdata[0], tasklistdata: userTasklist })
}
}
The scope of the wait for the db.query is within the map function. The map function needs to have the async keyword. However, it still will not work unless you wrap it in a Promise.all. This will make sure all the map iterations are resolved before moving forward in your code.
exports.allUserList = async (req, res) => {
const db = await connection()
let userID = req.params.userid
const userdata = await db.query('SELECT name, user_id, employee_code FROM users WHERE under_gh = ?', [userID])
// console.log(userdata[0])
if (userdata[0] && userdata[0].length > 0) {
let userTasklist = []
await Promise.all(
userdata[0].map(async (datauser) => {
var objtask = {}
const taskdata = await db.query("SELECT DATE_FORMAT(created_date, '%Y-%m-%d') as created_date, created_time, tasklist, user_id, DATE_FORMAT(created_by, '%Y-%m-%d') as date, DATE_FORMAT(created_by, '%H:%i:%s') as time FROM tasklist where user_id = ?", [datauser.user_id])
if (taskdata[0] && taskdata[0].length > 0) {
objtask = {
userid: datauser.user_id,
tasklist: taskdata[0]
}
console.log(objtask)
userTasklist.push(objtask)
}
})
)
console.log(userTasklist)
// res.send({ message: "user list fetched", userdata: userdata[0], tasklistdata: userTasklist })
}
}
You should change userdata[0].map((datauser) => { to userdata[0].map(async (datauser) => {
How to call a function that return the result of MySQL query to send it back in a Express.js result?
I try to export some of my sql query in individual function to clean up and remove duplicate code.
I try with async await function, but it did not work.
How clean this code?
Thanks
import { Request, Response } from 'express'
import { mysqlConnection } from '../config/mysql.config'
import { users } from '../models/users.models'
export class AuthController {
constructor() { }
// I want to avoid this embedded callbacks function
public signin(req: Request, res: Response) {
var user: users = req.body
var insUser = [
user.userEmail,
user.userFirstName,
user.userLastName,
user.userEmail,
//hash password
// user.userPassword
]
mysqlConnection.pool.getConnection((err, connection) => {
connection.query('SELECT * FROM tblusers where userEmail = ? OR userUserName = ?', [user.userEmail, user.userUsername], (err, row: users[]) => {
if (err) throw err;
if (row.length) {
return res.status(400).json({ errors: { msg: "user exist already", status: 'signin-error' } })
}
//addUserInDB
connection.query('INSERT INTO tblusers (userUserName, userFirstName, userLastName, userEmail, userPassword) VALUES (? ,?, ?, ?, ?)', insUser, (err, row) => {
if (err) throw err;
//get userFormDB
connection.query('SELECT userId, userUsername, userFirstName, userLastName, userEmail, userPassword, webrName FROM tblusers INNER JOIN tblweblroles ON tblusers.tblWeblroles_webrId = tblweblroles.webrId where userEmail = ?', [user.userEmail], (err, row: users[], fields) => {
if (err) throw err
connection.release();
var firstUser = row[0]
var user = {
userId: firstUser.userId,
userUsername: firstUser.userUsername,
userFirstName: firstUser.userFirstName,
userLastName: firstUser.userLastName,
userEmail: firstUser.userEmail,
userUpdateAt: firstUser.userUpdateAt,
userCreatedAt: firstUser.userCreatedAt,
webrName: firstUser.webrName
}
res.status(200).json(user);
})
})
})
})
}
//test
private getUsers() {
console.log('test')
mysqlConnection.pool.query('SELECT * FROM webapp.tblusers;', (err: any, row: any) => {
if (err) throw err
console.log('row: ' + row)
return row
})
}
public async login(req: Request, res: Response) {
console.log('test1')
try {
var users = await this.getUsers()
console.log('users:' + users)
res.json(users);
} catch (error) {
res.json(error);
}
};
}
export class AuthController {
constructor() {
}
public async login(req: Request, res: Response) {
var users: any = await AuthController.getUsers()
res.json(users)
};
public static getUsers(): Promise<any> {
console.log('test')
return new Promise(resolve => {
mysqlConnection.pool.query('SELECT * FROM webapp.tblusers;', (err: any, row: any) => {
if (err) throw err
resolve(row)
})
});
}
}
I'm having a hard time with integrating bcrypt to try to make my login system safe.
I basically get the username, password the user inputs and try to compare it from the hashed password in my db. here's what I have.
const inputUsername = req.body.inputUsername;
const inputPassword = req.body.inputPassword;
var userLogin = "select * from login where USERNAME = ?"
ibmdb.open(ibmdbconnMaster, function(err, conn) {
if (err) return console.log(err);
conn.query(userLogin, [inputUsername], function(err, rows) {
if (err) {
console.log(err)
}
if (rows.length > 0) {
var pass = ""
for (var i = 0; i < rows.length; i++) {
pass = rows[i]['PASSWORD'];
console.log(pass)
bcrypt.compare(inputPassword, hash, function(err, result) {
if (pass == result) {
console.log("this works")
userAuth = true;
res.redirect('/index')
}
})
}
console.log("does not work")
} else {
userAuth = "false";
res.render('login.ejs')
alert('Incorrect username or password. Please try again')
}
conn.close(function() {
console.log('closed the function /login');
});
})
})
what happens right now is I get the error ReferenceError: hash is not defined
not sure how to fix this. thanks in advance
Where have you defined hash? I don't see it in your code.
Here's an example of auth routes that I've used with bcrypt/node/express:
const Users = require("../users/users-model.js");
router.post("/register", (req, res) => {
// Pull the user's credentials from the body of the request.
const user = req.body;
// Hash the user's password, and set the hashed password as the
// user's password in the request.
const hash = bcrypt.hashSync(user.password, 10);
user.password = hash;
Users.add(user)
.then((newUser) => {
const token = generateToken(newUser);
res
.status(201)
.json({ created_user: newUser, token: token, user_id: newUser.id });
})
.catch((err) => {
res.status(500).json({
message: "There was an error adding a user to the database",
err,
});
});
});
router.post("/login", (req, res) => {
const { username, password } = req.body;
Users.findBy({ username })
.first()
.then((user) => {
if (user && bcrypt.compareSync(password, user.password)) {
const token = generateToken(user);
res
.status(200)
.json({
username: user.username,
first_name: user.first_name,
last_name: user.last_name,
email: user.email,
token: token,
user_id: user.id,
});
} else {
res.status(401).json({ message: "Invalid Credentials" });
}
})
.catch((err) => {
res.status(500).json(err);
});
});
function generateToken(user) {
const payload = {
userid: user.id,
username: user.username,
};
const options = {
expiresIn: "1h",
};
const token = jwt.sign(payload, secrets.jwtSecret, options);
return token;
}
module.exports = router;
I want to check if email already exist in mysql database using express-validator package to do this. The example about checking email is not for mysql database.
The code is submitting form values successfully but the checks are being skipped. This is a middleware but the middleware is not been implemented before inserting into the database.
The solution I currently implemented is from stackoverflow. But still not working for me
router.post("/register",[
body('username').not().isEmpty().isLength({ min: 4 }).trim().escape(),
//check if email is aleady existing in the database
body('email').not().isEmpty().isEmail().normalizeEmail().custom(async (email, {req})=>{
const getEmails = "SELECT * FROM users WHERE email=" + req.body.email;
return await con.query(getEmails, [email], (error, rows, fields)=>{
if(error){
console.log("the email is not ok",error)
}else{
if (rows.length != 0) {
res.redirect('/guests/register');
return Promise.reject("user already exists.");
}else{
return true;
}
}
})
}),//end check if email already exit
body('phone').not().isEmpty().isLength({ min: 6 }),
body('password').not().isEmpty().isLength({ min: 6 }),
//check if password match
body('passwordConfirmation').not().isEmpty().isLength({ min: 6 }).custom((value, { req }) => {
if (value !== req.body.password) {
throw new Error('Password confirmation does not match password');
}
return true;
}),
//check if password match
], async function(req, res, next) {
try{
var usernames = req.body.username;
var emails = req.body.email;
var phones = req.body.phone;
const hashedPassword = await bcrypt.hash(req.body.password, 10);
let sql = "INSERT INTO `users` (username, email, phone, password) VALUES ('" + usernames + "', '" + emails + "', '" + phones + "', '" + hashedPassword + "')";
con.query(sql, function (err, result) {
if (err) throw err;
console.log("1 record inserted, ID: " + result.insertId);
res.redirect('/guests/login');
})
}catch{
//console.log("something is wrong", error)
res.redirect('/guests/register');
}
});
This code works for me:
const express = require('express');
const router = express.Router();
const { check,validationResult } = require('express-validator');
const bcrypt = require('bcrypt');
const bcryptRounds = 10;
router.post('/register', [
check('username')
.exists()
.trim()
.matches(/^[a-zA-Z\ö\ç\ş\ı\ğ\ü\Ö\Ç\Ş\İ\Ğ\Ü ]{3,16}$/)
.withMessage('Invalid username!'),
check('mentionName')
.exists()
.trim()
.matches(/^(?=.*[a-z])[a-z0-9_]{3,15}$/)
.custom(async mentionName => {
const value = await isMentionNameInUse(mentionName);
if (value) {
throw new Error('Mention name is already exists!!!');
}
})
.withMessage('Invalid mention name!!!'),
check('email')
.exists()
.isLength({ min: 6, max: 100 })
.isEmail()
.normalizeEmail()
.trim()
.custom(async email => {
const value = await isEmailInUse(email);
if (value) {
throw new Error('Email is already exists!!!');
}
})
.withMessage('Invalid email address!!!'),
check('password')
.exists()
.isLength({ min: 6, max: 16 })
.escape()
.trim()
.withMessage('Invalid password!!!'),
check('rePassword').exists().custom((value, { req }) => {
if (value !== req.body.password) {
throw new Error('The passwords is not same!!!');
}
return true;
})
],
function (req, res) {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(422).json({ errors: errors.array() });
} else {
console.log("----->START USER REGISTRATION");
const username = req.body.username;
const mentionName = '#'+req.body.mentionName;
const email = req.body.email;
const pass = req.body.password;
bcrypt.hash(pass, bcryptRounds, function(err, hash) {
console.log("HASH PASS : "+hash);
//INSERT USER
});
}
});
function isMentionNameInUse(mentionName){
var conn = require('../../modules/mysql_db');
return new Promise((resolve, reject) => {
conn.query('SELECT COUNT(*) AS total FROM users_table WHERE m_name = ?', [mentionName], function (error, results, fields) {
if(!error){
console.log("MENTION COUNT : "+results[0].total);
return resolve(results[0].total > 0);
} else {
return reject(new Error('Database error!!'));
}
}
);
});
}
function isEmailInUse(email){
var conn = require('../../modules/mysql_db');
return new Promise((resolve, reject) => {
conn.query('SELECT COUNT(*) AS total FROM users_table WHERE email = ?', [email], function (error, results, fields) {
if(!error){
console.log("EMAIL COUNT : "+results[0].total);
return resolve(results[0].total > 0);
} else {
return reject(new Error('Database error!!'));
}
}
);
});
}
The problem is that it shows that it is successfully logged in (201) without the redirect code, but with it, it shows a 302 error and the email_address is undefined.
What could be the problem here? I still can't come to a conclusion.
The problem may be in the order of the code I guess?
const login = async (req, res, next) => {
const { email_address, password, user_email, user_password}: { email_address: string, password: string, user_email: string, user_password: string } = req.body;
try {
const userWithDetails = 'SELECT * FROM users WHERE email_address = user_email AND password = user_password'; //w form info
if (userWithDetails) {
req.session.loggedin = true; //true
req.session.email_address = email_address; //undefined
console.log(req.session.email_address)
// return res.redirect('./index.html')
}
res.status(201).send('Succesfully signed in');
// res.status(403).send('Password is not correct');
} catch(error) {
res.status(404).send(`User with email ${email_address} not found!`);
}
await next;
};
NEW CODE ***
const login = async (req, res, next) => {
const { email_address, password}: { email_address: string, password: string} = req.body;
const userWithDetails = 'SELECT * FROM users WHERE email_address = ?';
return con.query(userWithDetails, email_address, (err, results) => {
if (err) {
console.error(err);
}
const user = results.find(emailObj => emailObj.email_address === email_address);
if (results && results.length && user.email_address) {
req.session.loggedin = true;
req.session.email_address = email_address;
const matchPassword: boolean = bcrypt.compareSync(password, user.password);
if (matchPassword) {
const token = jwt.sign({ user }, 'aaaa', { expiresIn: '1h'});
res.status(200).send({message: 'Logged in', token: token});
} else {
res.status(403).send('Password is not correct');
}
} else {
res.status(404).send(`User with email ${email_address} not found!`);
}
});
await next;
}
You don't execute your sql query at any point.
You just say :
query = 'select blabla'
if(query){...}
Of course this will always be true. You want to run the query on your database.
Also in your query you don't properly use the variables, see string formatting :
let my_var = `SELECT xxx from xxx where username = '${username}'`
Also please sanitize the parameters to prevent SQL Injection...