From 0712bdcc1e9c67bdde0a89c94ca5d72822ead854 Mon Sep 17 00:00:00 2001
From: Mark Powers <markppowers0@gmail.com>
Date: Thu, 2 Jan 2020 13:04:28 -0600
Subject: Add support for multiuser

---
 src/index.html |  6 +++---
 src/index.js   |  4 ++++
 src/main.js    |  4 +++-
 src/server.js  | 53 ++++++++++++++++++++++++++++-------------------------
 4 files changed, 38 insertions(+), 29 deletions(-)

diff --git a/src/index.html b/src/index.html
index 0703c8b..ef86835 100644
--- a/src/index.html
+++ b/src/index.html
@@ -2,7 +2,7 @@
 <html lang="en">
 
 <head>
-    <title>Mark's Budget</title>
+    <title>Budget</title>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <link rel="shortcut icon" href="/favicon.ico">
@@ -13,8 +13,8 @@
 </head>
 
 <body>
-    <h1>Mark's Budget</h1>
     <div id="data">
+        <h1 v-if="summary.username">{{summary.username}}'s budget</h1>
         <div>
             <button v-bind:class="{ bold: activeTab == 0 }" v-on:click="setTab(0)">Ledger</button>
             <button v-bind:class="{ bold: activeTab == 1 }" v-on:click="setTab(1)">Summary</button>
@@ -54,7 +54,7 @@
                 </tr>
 
             </table>
-        </div v-if="activeTab == 0">
+        </div>
 
         <table v-if="activeTab == 10">
             <tr>
diff --git a/src/index.js b/src/index.js
index 01de277..f783076 100644
--- a/src/index.js
+++ b/src/index.js
@@ -67,6 +67,10 @@ function setUpModels() {
         type: Sequelize.STRING,
         allowNull: false,
       },
+      username: {
+        type: Sequelize.STRING,
+        allowNull: false,
+      },
     }),
     "users": database.define('user', {
       username: {
diff --git a/src/main.js b/src/main.js
index 6dbc3c0..b5e6b86 100644
--- a/src/main.js
+++ b/src/main.js
@@ -4,7 +4,7 @@ window.onload = function () {
         data: {
             activeTab: 0,
             transactions: [],
-            summary: {},
+            summary: {username : ""},
             selTodoType: "all",
         },
         methods: {
@@ -173,6 +173,8 @@ window.onload = function () {
                     this.summary.year.sort(function(a, b){
                         return a.y-b.y;
                     })
+
+                    this.summary.username = response.username
                 });
         },
         computed: {
diff --git a/src/server.js b/src/server.js
index 7251a63..53db084 100644
--- a/src/server.js
+++ b/src/server.js
@@ -25,7 +25,7 @@ function hashWithSalt(password, salt){
 
 function setUpRoutes(models, jwtFunctions, database) {
     // Authentication routine
-    server.use(function (req, res, next) {
+    server.use(async function (req, res, next) {
         if (!req.path.toLowerCase().startsWith("/login")) {
             let cookie = req.cookies.authorization
             if (!cookie) {
@@ -35,15 +35,16 @@ function setUpRoutes(models, jwtFunctions, database) {
             }
             try {
                 const decryptedUserId = jwtFunctions.verify(cookie);
-                models.users.findOne({ where: { username: decryptedUserId } }).then((user, error) => {
-                    if (user) {
-                        res.locals.user = user.get({ plain: true });
-                    } else {
-                        console.debug("Redirecting to login - invalid cookie")
-                        res.redirect('/login');
-                        return;
-                    }
-                });
+                var user = await models.users.findOne({ where: { username: decryptedUserId } });
+                // .then((user, error) => {
+                if (user) {
+                    res.locals.user = user.get({ plain: true });
+                } else {
+                    console.debug("Redirecting to login - invalid cookie")
+                    res.redirect('/login');
+                    return;
+                }
+                // });
             } catch (e) {
                 res.status(400).send(e.message);
             }
@@ -78,7 +79,7 @@ function setUpRoutes(models, jwtFunctions, database) {
 
     server.get(`/transaction`, async (req, res, next) => {
         try {
-            var result = await database.query("SELECT * FROM transactions ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
+            var result = await database.query("SELECT * FROM transactions WHERE username = '" + res.locals.user.username + "' ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
             res.status(200).send(result);
             next();
         } catch (e) {
@@ -90,8 +91,9 @@ function setUpRoutes(models, jwtFunctions, database) {
         try {
             let item = req.body;
             console.log(item);
+            item.username = res.locals.user.username
             await models.transaction.create(item);
-            var result = await database.query("SELECT * FROM transactions ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
+            var result = await database.query("SELECT * FROM transactions WHERE username = '" + res.locals.user.username + "' ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
             res.status(200).send(result);
         } catch (e) {
             console.log(e);
@@ -102,8 +104,8 @@ function setUpRoutes(models, jwtFunctions, database) {
         try {
             let id = req.body.id;
             console.log(`Deleting ${id}`);
-            await models.transaction.destroy({ where: { id: id } });
-            var result = await database.query("SELECT * FROM transactions ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
+            await models.transaction.destroy({ where: { id: id, username: res.locals.user.username } });
+            var result = await database.query("SELECT * FROM transactions WHERE username = '" + res.locals.user.username + "' ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
             res.status(200).send(result);
         } catch (e) {
             console.log(e);
@@ -115,11 +117,11 @@ function setUpRoutes(models, jwtFunctions, database) {
             let id = req.body.id;
             let update = req.body.update;
             console.log(`Updating ${id}`);
-            var toUpdate = await models.transaction.findOne({ where: { id: id } });
+            var toUpdate = await models.transaction.findOne({ where: { id: id, username:res.locals.user.username } });
             console.log(toUpdate)
             console.log(update)
             await toUpdate.update(update);
-            var result = await database.query("SELECT * FROM transactions ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
+            var result = await database.query("SELECT * FROM transactions WHERE username = '" + res.locals.user.username + "' ORDER BY `when` DESC", { type: database.QueryTypes.SELECT })
             res.status(200).send(result);
         } catch (e) {
             console.log(e);
@@ -130,20 +132,21 @@ function setUpRoutes(models, jwtFunctions, database) {
         try {
             res.status(200).send({
                 week: {
-                    out: await database.query("SELECT year(`when`) as y, week(`when`) as w, sum(amount) as s FROM transactions where amount > 0 group by year(`when`), WEEK(`when`);", { type: database.QueryTypes.SELECT }),
-                    in: await database.query("SELECT year(`when`)as y,   week(`when`) as w, sum(amount) as s FROM transactions where amount < 0 group by year(`when`), WEEK(`when`);", { type: database.QueryTypes.SELECT }),
-                    net: await database.query("SELECT year(`when`) as y, week(`when`) as w, sum(amount) as s FROM transactions group by year(`when`), WEEK(`when`);", { type: database.QueryTypes.SELECT }),
+                    out: await database.query("SELECT year(`when`) as y, week(`when`) as w, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' and amount > 0 group by year(`when`), WEEK(`when`);", { type: database.QueryTypes.SELECT }),
+                    in: await database.query("SELECT year(`when`)as y,   week(`when`) as w, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' and amount < 0 group by year(`when`), WEEK(`when`);", { type: database.QueryTypes.SELECT }),
+                    net: await database.query("SELECT year(`when`) as y, week(`when`) as w, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' group by year(`when`), WEEK(`when`);", { type: database.QueryTypes.SELECT }),
                 },
                 month: {
-                    out: await database.query("SELECT year(`when`) as y, month(`when`) as m, sum(amount) as s FROM transactions where amount > 0 group by year(`when`), month(`when`);", { type: database.QueryTypes.SELECT }),
-                    in: await database.query("SELECT year(`when`)  as y, month(`when`) as m, sum(amount) as s FROM transactions where amount < 0 group by year(`when`), month(`when`);", { type: database.QueryTypes.SELECT }),
-                    net: await database.query("SELECT year(`when`) as y, month(`when`) as m, sum(amount) as s FROM transactions group by year(`when`), month(`when`);", { type: database.QueryTypes.SELECT }),
+                    out: await database.query("SELECT year(`when`) as y, month(`when`) as m, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' and amount > 0 group by year(`when`), month(`when`);", { type: database.QueryTypes.SELECT }),
+                    in: await database.query("SELECT year(`when`)  as y, month(`when`) as m, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' and amount < 0 group by year(`when`), month(`when`);", { type: database.QueryTypes.SELECT }),
+                    net: await database.query("SELECT year(`when`) as y, month(`when`) as m, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' group by year(`when`), month(`when`);", { type: database.QueryTypes.SELECT }),
                 },
                 year: {
-                    out: await database.query("SELECT year(`when`) as y, sum(amount) as s FROM transactions where amount > 0 group by year(`when`);", { type: database.QueryTypes.SELECT }),
-                    in: await database.query("SELECT year(`when`)  as y, sum(amount) as s FROM transactions where amount < 0 group by year(`when`);", { type: database.QueryTypes.SELECT }),
-                    net: await database.query("SELECT year(`when`) as y, sum(amount) as s FROM transactions group by year(`when`);", { type: database.QueryTypes.SELECT }),
+                    out: await database.query("SELECT year(`when`) as y, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' and amount > 0 group by year(`when`);", { type: database.QueryTypes.SELECT }),
+                    in: await database.query("SELECT year(`when`)  as y, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' and amount < 0 group by year(`when`);", { type: database.QueryTypes.SELECT }),
+                    net: await database.query("SELECT year(`when`) as y, sum(amount) as s FROM transactions where username = '" + res.locals.user.username + "' group by year(`when`);", { type: database.QueryTypes.SELECT }),
                 },
+                username: res.locals.user.username
             });
             next();
         } catch (e) {
-- 
cgit v1.2.3