token encyrption working. never send token to the front end.

This commit is contained in:
Ro 2019-12-02 17:59:04 -08:00
parent f3339089ff
commit 0f6ce7c3d8
4 changed files with 42 additions and 12 deletions

View file

@ -30,7 +30,7 @@ router.get('/status', function(req, res) {
res.json({
type: DataEvent.API_REQUEST_GOOD,
message: 'Auth is Good',
token: session.token
token: session.hashToken
});
} else {
res.json({
@ -60,10 +60,11 @@ router.post('/login', function(req, res) {
let session = req.session;
session.user = found;
session.token = token;
session.hashToken = hashToken(token);
res.json({
type: DataEvent.REQUEST_GOOD,
message: 'Welcome Back',
token: session.token
token: session.hashToken
});
} else {
res.json({
@ -80,3 +81,7 @@ module.exports = router;
function isValidPassword(user, password) {
return bCrypt.compareSync(password, user.password);
}
function hashToken(token) {
return bCrypt.hashSync(token, bCrypt.genSaltSync(10), null);
}

View file

@ -6,7 +6,9 @@ const multer = require('multer');
const fs = require('fs-extra');
const moment = require('moment');
const jwt = require('jsonwebtoken');
const bCrypt = require('bcrypt-nodejs');
const book = new Book();
const _ = require('lodash');
const uploadPath =
'./public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM');
fs.ensureDir(uploadPath, () => {
@ -42,8 +44,17 @@ router.get('/', (req, res) => {
Update Page
*/
router.post('/write/:task?', feature_upload, (req, res) => {
/**
if (req.session.user) {
//Get enctrypted hashed token from header request
let hash = req.headers['x-access-token'];
//Checks if token is a proper hash, if not reject
if (!isTokenValid(req.session.token, hash)) {
res.json({
type: DataEvent.API_REQUEST_LAME,
message: 'Invalid Token. Auth Blocked'
});
} else {
//console.log('TOKEN IS GOOD');
var member = req.session.user;
jwt.verify(req.session.token, member.key, function(err, decoded) {
if (err) {
@ -52,7 +63,8 @@ router.post('/write/:task?', feature_upload, (req, res) => {
console.log('YUP', decoded);
});
}
*/
}
var feature = '';
if (req.files.length > 0) {
var path = req.files[0].path;
@ -141,3 +153,7 @@ router.post('/add-post-image', post_upload, function(req, res) {
});
module.exports = router;
function isTokenValid(token, hashedToken) {
return bCrypt.compareSync(token, hashedToken);
}

View file

@ -135,7 +135,10 @@ export default class PostEditor {
)
.then(response => {
let r = JSON.parse(response.request['response']);
if (r.type === DataEvent.PAGE_ERROR) {
if (
r.type === DataEvent.PAGE_ERROR ||
r.type === DataEvent.API_REQUEST_LAME
) {
notify.alert(r.message, false);
} else {
if (r.type === DataEvent.PAGE_UPDATED) {

View file

@ -52,6 +52,12 @@ export default class APIUtils {
}
};
if (requestType == REQUEST_TYPE_PUT || requestType == REQUEST_TYPE_POST) {
if (
eventType === DataEvent.API_PAGE_WRITE ||
eventType === DataEvent.API_IMAGES_UPLOAD ||
eventType === DataEvent.API_SETTINGS_WRITE
)
request.setRequestHeader('x-access-token', self.token);
switch (contentType) {
case CONTENT_TYPE_JSON:
request.setRequestHeader('Content-type', 'application/' + contentType);