From e87fad64de34b29d980f9b605e579285b79792a8 Mon Sep 17 00:00:00 2001
From: BallisticTurtles <36849344+BallisticTurtles@users.noreply.github.com>
Date: Sun, 28 Jul 2024 20:39:32 +0900
Subject: [PATCH] Backend Seminar Homework #2

---
 client/src/pages/account.tsx   | 12 ++++++++----
 seminar/.env.example           |  3 ++-
 seminar/src/middleware/auth.js |  5 ++---
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/client/src/pages/account.tsx b/client/src/pages/account.tsx
index 37341f5..0504fbf 100644
--- a/client/src/pages/account.tsx
+++ b/client/src/pages/account.tsx
@@ -5,14 +5,15 @@ import {SAPIBase} from "../tools/api";
 import "./css/account.css";
 
 const AccountPage = () => {
-  const [ SAPIKEY, setSAPIKEY ] = React.useState<string>("");
+  const [ SUSERID, setSUSERID ] = React.useState<string>("");
+  const [ SUSERPW, setSUSERPW ] = React.useState<string>("");
   const [ NBalance, setNBalance ] = React.useState<number | "Not Authorized">("Not Authorized");
   const [ NTransaction, setNTransaction ] = React.useState<number | ''>(0);
 
   const getAccountInformation = () => {
     const asyncFun = async() => {
       interface IAPIResponse { balance: number };
-      const { data } = await axios.post<IAPIResponse>(SAPIBase + '/account/getInfo', { credential: SAPIKEY });
+      const { data } = await axios.post<IAPIResponse>(SAPIBase + '/account/getInfo', { credential: {SUSERID, SUSERPW}})
       setNBalance(data.balance);
     }
     asyncFun().catch((e) => window.alert(`AN ERROR OCCURED: ${e}`));
@@ -22,7 +23,7 @@ const AccountPage = () => {
     const asyncFun = async() => {
       if (amount === '') return;
       interface IAPIResponse { success: boolean, balance: number, msg: string };
-      const { data } = await axios.post<IAPIResponse>(SAPIBase + '/account/transaction', { credential: SAPIKEY, amount: amount });
+      const { data } = await axios.post<IAPIResponse>(SAPIBase + '/account/transaction', { credential: {SUSERID, SUSERPW}, amount: amount });
       setNTransaction(0);
       if (!data.success) {
         window.alert('Transaction Failed:' + data.msg);
@@ -40,7 +41,10 @@ const AccountPage = () => {
       <Header/>
       <h2>Account</h2>
       <div className={"account-token-input"}>
-        Enter API Key: <input type={"text"} value={SAPIKEY} onChange={e => setSAPIKEY(e.target.value)}/>
+        Enter User ID: <input type={"text"} value={SUSERID} onChange={e => setSUSERID(e.target.value)}/>
+        <br/>
+        Enter User Password: <input type={"text"} value={SUSERPW} onChange={e => setSUSERPW(e.target.value)}/>
+        <br/>
         <button onClick={e => getAccountInformation()}>GET</button>
       </div>
       <div className={"account-bank"}>
diff --git a/seminar/.env.example b/seminar/.env.example
index ab11afa..0d4ea1c 100644
--- a/seminar/.env.example
+++ b/seminar/.env.example
@@ -1,4 +1,5 @@
 PORT=8080
 NODE_ENV=DEVELOPMENT
-API_KEY=
+USER_ID=mightyian03
+USER_PW=password
 MONGO_URI="mongodb://localhost:27017/todos"
\ No newline at end of file
diff --git a/seminar/src/middleware/auth.js b/seminar/src/middleware/auth.js
index 480f41d..a001978 100644
--- a/seminar/src/middleware/auth.js
+++ b/seminar/src/middleware/auth.js
@@ -1,9 +1,8 @@
 const authMiddleware = (req, res, next) => {
-    if (req.body.credential === process.env.API_KEY) {
+    if (req.body.credential.SUSERID === process.env.USER_ID && req.body.credential.SUSERPW === process.env.USER_PW)  {
         console.log("[AUTH-MIDDLEWARE] Authorized User");
         next();
-    }
-    else {
+    } else {
         console.log("[AUTH-MIDDLEWARE] Not Authorized User");
         res.status(401).json({ error: "Not Authorized" });
     }