Add local username/password auth

Author: gdjy098

__tests__/routes.test.js

@@ -1,5 +1,6 @@
 const request = require('supertest');
 const express = require('express');
+const session = require('express-session');
 const routes = require('../src/routes');
 const { initializeTestDb } = require('./test-database');
 
@@ -13,6 +14,15 @@ function createTestApp() {
   const app = express();
   app.use(express.json());
   app.use(express.urlencoded({ extended: true }));
+
+  app.use(
+    session({
+      secret: 'test-session-secret',
+      resave: false,
+      saveUninitialized: false,
+      cookie: { httpOnly: true },
+    })
+  );
 
   // Simple mock for res.render
   app.use((req, res, next) => {
@@ -65,6 +75,37 @@ describe('Routes', () => {
     expect(recipe.title).toBe(newRecipe.title);
   });
 
+  test('POST /register should create a new user and redirect to profile', async () => {
+    const response = await request(app)
+      .post('/register')
+      .send({ username: 'testuser', password: 'password123' });
+
+    expect(response.status).toBe(302);
+    expect(response.headers.location).toBe('/profile');
+
+    const user = await db.get('SELECT * FROM users WHERE username = ?', ['testuser']);
+    expect(user).toBeDefined();
+  });
+
+  test('POST /login should authenticate and redirect to profile', async () => {
+    await request(app)
+      .post('/register')
+      .send({ username: 'loginuser', password: 'password123' });
+
+    const response = await request(app)
+      .post('/login')
+      .send({ username: 'loginuser', password: 'password123' });
+
+    expect(response.status).toBe(302);
+    expect(response.headers.location).toBe('/profile');
+  });
+
+  test('GET /profile should redirect to login when not authenticated', async () => {
+    const response = await request(app).get('/profile');
+    expect(response.status).toBe(302);
+    expect(response.headers.location).toBe('/login');
+  });
+
     test('POST /recipes/:id/delete should delete a recipe', async () => {
       // 先插入一条菜谱
       const recipe = {

__tests__/test-database.js

@@ -23,6 +23,13 @@ async function createTables(db) {
     ingredients TEXT,
     method TEXT
   )`)
+
+	// Create the 'users' table for authentication
+	await db.exec(`CREATE TABLE IF NOT EXISTS users (
+		id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+		username TEXT NOT NULL UNIQUE,
+		password_hash TEXT NOT NULL
+	)`)
 }
 
 module.exports = { getTestDbConnection, initializeTestDb }

index.js

@@ -1,5 +1,6 @@
 const express = require('express')
 const exphbs = require('express-handlebars')
+const session = require('express-session')
 const { initializeDb } = require('./src/database')
 const routes = require('./src/routes')
 
@@ -10,6 +11,20 @@ app.use(express.json())
 app.use(express.urlencoded({ extended: true }))
 app.use(express.static('public'))
 
+app.use(
+	session({
+		secret: process.env.SESSION_SECRET || 'dev-session-secret',
+		resave: false,
+		saveUninitialized: false,
+		cookie: { httpOnly: true },
+	})
+)
+
+app.use((req, res, next) => {
+	res.locals.currentUser = req.session.user || null
+	next()
+})
+
 app.engine(
 	'hbs',
 	exphbs.engine({

package-lock.json

@@ -12,8 +12,10 @@
 	"author": "Microsoft",
 	"license": "MIT",
 	"dependencies": {
+		"bcryptjs": "^2.4.3",
 		"express": "^5.1.0",
 		"express-handlebars": "^7.1.3",
+		"express-session": "^1.17.3",
 		"sqlite": "^5.1.1",
 		"sqlite3": "^5.1.7"
 	},

package.json

@@ -7,6 +7,13 @@ async function createTables(db) {
     ingredients TEXT,
     method TEXT
   )`)
+
+  // Create the 'users' table for authentication
+  await db.exec(`CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+    username TEXT NOT NULL UNIQUE,
+    password_hash TEXT NOT NULL
+  )`)
 }
 
 module.exports = { createTables }

src/database/schema.js

@@ -1,8 +1,16 @@
 const express = require('express')
+const bcrypt = require('bcryptjs')
 const { getDbConnection } = require('./database')
 
 const router = express.Router()
 
+function requireAuth(req, res, next) {
+	if (!req.session.user) {
+		return res.redirect('/login')
+	}
+	return next()
+}
+
 router.get('/', (req, res) => {
 	res.render('home', { title: 'Recipe App' })
 })
@@ -20,6 +28,66 @@ router.get('/recipes/:id', async (req, res) => {
 	res.render('recipe', { recipe })
 })
 
+router.get('/register', (req, res) => {
+	res.render('register')
+})
+
+router.post('/register', async (req, res) => {
+	const db = await getDbConnection()
+	const { username, password } = req.body
+
+	if (!username || !password) {
+		return res.render('register', { error: 'Username and password are required.' })
+	}
+
+	const existingUser = await db.get('SELECT * FROM users WHERE username = ?', [username])
+	if (existingUser) {
+		return res.render('register', { error: 'Username already exists.' })
+	}
+
+	const passwordHash = await bcrypt.hash(password, 10)
+	await db.run('INSERT INTO users (username, password_hash) VALUES (?, ?)', [username, passwordHash])
+	const createdUser = await db.get('SELECT id, username FROM users WHERE username = ?', [username])
+	req.session.user = { id: createdUser.id, username: createdUser.username }
+	return res.redirect('/profile')
+})
+
+router.get('/login', (req, res) => {
+	res.render('login')
+})
+
+router.post('/login', async (req, res) => {
+	const db = await getDbConnection()
+	const { username, password } = req.body
+
+	if (!username || !password) {
+		return res.render('login', { error: 'Username and password are required.' })
+	}
+
+	const user = await db.get('SELECT * FROM users WHERE username = ?', [username])
+	if (!user) {
+		return res.render('login', { error: 'Invalid username or password.' })
+	}
+
+	const passwordMatches = await bcrypt.compare(password, user.password_hash)
+	if (!passwordMatches) {
+		return res.render('login', { error: 'Invalid username or password.' })
+	}
+
+	req.session.user = { id: user.id, username: user.username }
+	return res.redirect('/profile')
+})
+
+router.post('/logout', (req, res) => {
+	req.session.destroy(() => {
+		res.redirect('/')
+	})
+})
+
+router.get('/profile', requireAuth, async (req, res) => {
+	res.render('profile', { user: req.session.user })
+})
+
 router.post('/recipes', async (req, res) => {
 	const db = await getDbConnection()
 	const { title, ingredients, method } = req.body

src/routes.js

@@ -13,6 +13,17 @@
             <ul>
                 <li><a href="/">Home</a></li>
                 <li><a href="/recipes">All Recipes</a></li>
+                {{#if currentUser}}
+                    <li><a href="/profile">Profile</a></li>
+                    <li>
+                        <form action="/logout" method="POST" style="display:inline;">
+                            <button type="submit" class="btn btn-link">Logout</button>
+                        </form>
+                    </li>
+                {{else}}
+                    <li><a href="/login">Login</a></li>
+                    <li><a href="/register">Register</a></li>
+                {{/if}}
             </ul>
         </nav>
     </header>

views/layouts/main.hbs

@@ -0,0 +1,24 @@
+<div class="auth-container">
+    <h1>Login</h1>
+
+    {{#if error}}
+        <div class="alert alert-error">{{error}}</div>
+    {{/if}}
+
+    <form action="/login" method="POST" class="auth-form">
+        <div class="form-group">
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="username" required>
+        </div>
+
+        <div class="form-group">
+            <label for="password">Password:</label>
+            <input type="password" id="password" name="password" required>
+        </div>
+
+        <div class="form-actions">
+            <button type="submit" class="btn btn-primary">Login</button>
+            <a href="/register" class="btn btn-secondary">Create Account</a>
+        </div>
+    </form>
+</div>

views/login.hbs

@@ -0,0 +1,10 @@
+<div class="profile-container">
+    <h1>Profile</h1>
+
+    {{#if user}}
+        <p>Signed in as <strong>{{user.username}}</strong>.</p>
+        <p>Your saved recipes will appear here once the favorites feature is added.</p>
+    {{else}}
+        <p>Please <a href="/login">login</a> to view your profile.</p>
+    {{/if}}
+</div>