xarvh/fipamo
1
0
Fork 0
forked from projects/fipamo
Code Pull requests Activity

moved auth methods to their own standalone class

Browse source
This commit is contained in:
Ro 2020-04-28 14:07:21 -07:00
parent ea1795e0fa
commit 52bb5f36a9
4 changed files with 76 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
brain/api/v1/pages.js
View file

@ -1,4 +1,5 @@
import Book from '../../data/Book'; import Book from '../../data/Book';
import Auth from '../../data/Auth';
import Navigation from '../../data/Navigation'; import Navigation from '../../data/Navigation';
import * as DataEvent from '../../../src/com/events/DataEvent'; import * as DataEvent from '../../../src/com/events/DataEvent';
const express = require('express'); const express = require('express');
@ -6,8 +7,6 @@ const router = express.Router();
const multer = require('multer'); const multer = require('multer');
const fs = require('fs-extra'); const fs = require('fs-extra');
const moment = require('moment'); const moment = require('moment');
const jwt = require('jsonwebtoken');
const bCrypt = require('bcrypt-nodejs');
const book = new Book(); const book = new Book();
const nav = new Navigation(); const nav = new Navigation();
const _ = require('lodash'); const _ = require('lodash');
@ -48,7 +47,7 @@ router.get('/', (req, res) => {
*/ */
router.post('/write/:task?', feature_upload, (req, res) => { router.post('/write/:task?', feature_upload, (req, res) => {
if (req.session.user) { if (req.session.user) {
authCheck(req) Auth.authCheck(req)
.then(() => { .then(() => {
let body = _.mapValues(req.body); let body = _.mapValues(req.body);
let feature = ''; let feature = '';
@ -90,7 +89,7 @@ router.post('/write/:task?', feature_upload, (req, res) => {
router.post('/delete', (req, res) => { router.post('/delete', (req, res) => {
if (req.session.user) { if (req.session.user) {
authCheck(req) Auth.authCheck(req)
.then(() => { .then(() => {
book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user) book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
.then(result => { .then(result => {
@ -122,54 +121,3 @@ router.post('/add-post-image', post_upload, function(req, res) {
}); });
module.exports = router; module.exports = router;
/**
* Checks to make sure received token matches
* @parameter token: created token
* @parameter hashedToken: encrypted token
*/
function isTokenValid(token, hashedToken) {
return bCrypt.compareSync(token, hashedToken);
}
/**
* Makes sure access token is legit
* @parameter req
*/
function authCheck(req) {
return new Promise((resolve, reject) => {
let hash = req.headers['x-access-token'];
let response = [];
//Checks if token is a proper hash, if not reject
if (!isTokenValid(req.session.token, hash)) {
response = {
status: false,
type: DataEvent.API_REQUEST_LAME,
message: 'No Token Present. Auth Blocked'
};
reject(response);
//res.json();
} else {
var member = req.session.user;
jwt.verify(req.session.token, member.key, function(err, decoded) {
if (err) {
response = {
status: false,
type: DataEvent.API_REQUEST_LAME,
message: 'Invalid Token. Auth Blocked'
};
reject(response);
}
response = {
status: true,
type: DataEvent.API_REQUEST_GOOD,
message: 'Token Verified',
token: decoded
};
resolve(response);
});
}
});
}

68
brain/data/Auth.js Normal file
View file

@ -0,0 +1,68 @@
import * as DataEvent from '../../src/com/events/DataEvent';
const bCrypt = require('bcrypt-nodejs');
const jwt = require('jsonwebtoken');
export default class Auth {
//--------------------------
// constructor
//--------------------------
constructor() {}
//--------------------------
// methods
//--------------------------
start() {}
/**
* Makes sure access token is legit
* @parameter req
*/
authCheck(req) {
let self = this;
return new Promise((resolve, reject) => {
let hash = req.headers['x-access-token'];
let response = [];
//Checks if token is a proper hash, if not reject
if (!self.isTokenValid(req.session.token, hash)) {
response = {
status: false,
type: DataEvent.API_REQUEST_LAME,
message: 'No Token Present. Auth Blocked'
};
reject(response);
//res.json();
} else {
var member = req.session.user;
jwt.verify(req.session.token, member.key, function (err, decoded) {
if (err) {
response = {
status: false,
type: DataEvent.API_REQUEST_LAME,
message: 'Invalid Token. Auth Blocked'
};
reject(response);
}
response = {
status: true,
type: DataEvent.API_REQUEST_GOOD,
message: 'Token Verified',
token: decoded
};
resolve(response);
});
}
});
}
/**
* Checks to make sure received token matches
* @parameter token: created token
* @parameter hashedToken: encrypted token
*/
isTokenValid(token, hashedToken) {
return bCrypt.compareSync(token, hashedToken);
}
//--------------------------
// event handlers
//--------------------------
}

2
brain/routes/dash/pages.js
View file

@ -15,7 +15,7 @@ router.get('/list/:filter?/:page?', function(req, res) {
var pageNum = req.params.page; var pageNum = req.params.page;
var filter = req.params.filter; var filter = req.params.filter;
if (pageNum == '' || pageNum == null) pageNum = 1; if (pageNum == '' || pageNum == null) pageNum = 1;
if (filter == '' || filter == null) filter = 'all'; if (filter == '' || filter == null) filter = "all";
if (req.session.user) { if (req.session.user) {
book.getPage() book.getPage()
.then(pages => { .then(pages => {

2
brain/routes/dash/settings.js
View file

@ -12,7 +12,7 @@ router.get('/', function(req, res) {
settings = obj; settings = obj;
}) })
.catch(() => { .catch(() => {
//console.error(err) console.error(err);
}); });
loadThemes().then(themes => { loadThemes().then(themes => {
if (req.session.user) { if (req.session.user) {