forked from projects/fipamo
moved auth methods to their own standalone class
This commit is contained in:
parent
ea1795e0fa
commit
52bb5f36a9
4 changed files with 76 additions and 60 deletions
|
@ -1,4 +1,5 @@
|
||||||
import Book from '../../data/Book';
|
import Book from '../../data/Book';
|
||||||
|
import Auth from '../../data/Auth';
|
||||||
import Navigation from '../../data/Navigation';
|
import Navigation from '../../data/Navigation';
|
||||||
import * as DataEvent from '../../../src/com/events/DataEvent';
|
import * as DataEvent from '../../../src/com/events/DataEvent';
|
||||||
const express = require('express');
|
const express = require('express');
|
||||||
|
@ -6,8 +7,6 @@ const router = express.Router();
|
||||||
const multer = require('multer');
|
const multer = require('multer');
|
||||||
const fs = require('fs-extra');
|
const fs = require('fs-extra');
|
||||||
const moment = require('moment');
|
const moment = require('moment');
|
||||||
const jwt = require('jsonwebtoken');
|
|
||||||
const bCrypt = require('bcrypt-nodejs');
|
|
||||||
const book = new Book();
|
const book = new Book();
|
||||||
const nav = new Navigation();
|
const nav = new Navigation();
|
||||||
const _ = require('lodash');
|
const _ = require('lodash');
|
||||||
|
@ -17,10 +16,10 @@ fs.ensureDir(uploadPath, () => {
|
||||||
// dir has now been created, including the directory it is to be placed in
|
// dir has now been created, including the directory it is to be placed in
|
||||||
});
|
});
|
||||||
var storage = multer.diskStorage({
|
var storage = multer.diskStorage({
|
||||||
destination: function(req, file, cb) {
|
destination: function (req, file, cb) {
|
||||||
cb(null, uploadPath);
|
cb(null, uploadPath);
|
||||||
},
|
},
|
||||||
filename: function(req, file, cb) {
|
filename: function (req, file, cb) {
|
||||||
var splice = file.originalname.split(':');
|
var splice = file.originalname.split(':');
|
||||||
cb(null, splice[0]);
|
cb(null, splice[0]);
|
||||||
}
|
}
|
||||||
|
@ -48,7 +47,7 @@ router.get('/', (req, res) => {
|
||||||
*/
|
*/
|
||||||
router.post('/write/:task?', feature_upload, (req, res) => {
|
router.post('/write/:task?', feature_upload, (req, res) => {
|
||||||
if (req.session.user) {
|
if (req.session.user) {
|
||||||
authCheck(req)
|
Auth.authCheck(req)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
let body = _.mapValues(req.body);
|
let body = _.mapValues(req.body);
|
||||||
let feature = '';
|
let feature = '';
|
||||||
|
@ -90,7 +89,7 @@ router.post('/write/:task?', feature_upload, (req, res) => {
|
||||||
|
|
||||||
router.post('/delete', (req, res) => {
|
router.post('/delete', (req, res) => {
|
||||||
if (req.session.user) {
|
if (req.session.user) {
|
||||||
authCheck(req)
|
Auth.authCheck(req)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
|
book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
|
||||||
.then(result => {
|
.then(result => {
|
||||||
|
@ -111,7 +110,7 @@ router.post('/delete', (req, res) => {
|
||||||
* Uploads image from a Page content
|
* Uploads image from a Page content
|
||||||
*/
|
*/
|
||||||
|
|
||||||
router.post('/add-post-image', post_upload, function(req, res) {
|
router.post('/add-post-image', post_upload, function (req, res) {
|
||||||
//console.log(req.body);
|
//console.log(req.body);
|
||||||
var image = req.files[0].path;
|
var image = req.files[0].path;
|
||||||
return res.json({
|
return res.json({
|
||||||
|
@ -122,54 +121,3 @@ router.post('/add-post-image', post_upload, function(req, res) {
|
||||||
});
|
});
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
|
||||||
/**
|
|
||||||
* Checks to make sure received token matches
|
|
||||||
* @parameter token: created token
|
|
||||||
* @parameter hashedToken: encrypted token
|
|
||||||
*/
|
|
||||||
|
|
||||||
function isTokenValid(token, hashedToken) {
|
|
||||||
return bCrypt.compareSync(token, hashedToken);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Makes sure access token is legit
|
|
||||||
* @parameter req
|
|
||||||
*/
|
|
||||||
|
|
||||||
function authCheck(req) {
|
|
||||||
return new Promise((resolve, reject) => {
|
|
||||||
let hash = req.headers['x-access-token'];
|
|
||||||
let response = [];
|
|
||||||
//Checks if token is a proper hash, if not reject
|
|
||||||
if (!isTokenValid(req.session.token, hash)) {
|
|
||||||
response = {
|
|
||||||
status: false,
|
|
||||||
type: DataEvent.API_REQUEST_LAME,
|
|
||||||
message: 'No Token Present. Auth Blocked'
|
|
||||||
};
|
|
||||||
reject(response);
|
|
||||||
//res.json();
|
|
||||||
} else {
|
|
||||||
var member = req.session.user;
|
|
||||||
jwt.verify(req.session.token, member.key, function(err, decoded) {
|
|
||||||
if (err) {
|
|
||||||
response = {
|
|
||||||
status: false,
|
|
||||||
type: DataEvent.API_REQUEST_LAME,
|
|
||||||
message: 'Invalid Token. Auth Blocked'
|
|
||||||
};
|
|
||||||
reject(response);
|
|
||||||
}
|
|
||||||
response = {
|
|
||||||
status: true,
|
|
||||||
type: DataEvent.API_REQUEST_GOOD,
|
|
||||||
message: 'Token Verified',
|
|
||||||
token: decoded
|
|
||||||
};
|
|
||||||
resolve(response);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
68
brain/data/Auth.js
Normal file
68
brain/data/Auth.js
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
import * as DataEvent from '../../src/com/events/DataEvent';
|
||||||
|
const bCrypt = require('bcrypt-nodejs');
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
|
export default class Auth {
|
||||||
|
//--------------------------
|
||||||
|
// constructor
|
||||||
|
//--------------------------
|
||||||
|
constructor() {}
|
||||||
|
//--------------------------
|
||||||
|
// methods
|
||||||
|
//--------------------------
|
||||||
|
start() {}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Makes sure access token is legit
|
||||||
|
* @parameter req
|
||||||
|
*/
|
||||||
|
|
||||||
|
authCheck(req) {
|
||||||
|
let self = this;
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
let hash = req.headers['x-access-token'];
|
||||||
|
let response = [];
|
||||||
|
//Checks if token is a proper hash, if not reject
|
||||||
|
if (!self.isTokenValid(req.session.token, hash)) {
|
||||||
|
response = {
|
||||||
|
status: false,
|
||||||
|
type: DataEvent.API_REQUEST_LAME,
|
||||||
|
message: 'No Token Present. Auth Blocked'
|
||||||
|
};
|
||||||
|
reject(response);
|
||||||
|
//res.json();
|
||||||
|
} else {
|
||||||
|
var member = req.session.user;
|
||||||
|
jwt.verify(req.session.token, member.key, function (err, decoded) {
|
||||||
|
if (err) {
|
||||||
|
response = {
|
||||||
|
status: false,
|
||||||
|
type: DataEvent.API_REQUEST_LAME,
|
||||||
|
message: 'Invalid Token. Auth Blocked'
|
||||||
|
};
|
||||||
|
reject(response);
|
||||||
|
}
|
||||||
|
response = {
|
||||||
|
status: true,
|
||||||
|
type: DataEvent.API_REQUEST_GOOD,
|
||||||
|
message: 'Token Verified',
|
||||||
|
token: decoded
|
||||||
|
};
|
||||||
|
resolve(response);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks to make sure received token matches
|
||||||
|
* @parameter token: created token
|
||||||
|
* @parameter hashedToken: encrypted token
|
||||||
|
*/
|
||||||
|
isTokenValid(token, hashedToken) {
|
||||||
|
return bCrypt.compareSync(token, hashedToken);
|
||||||
|
}
|
||||||
|
//--------------------------
|
||||||
|
// event handlers
|
||||||
|
//--------------------------
|
||||||
|
}
|
|
@ -15,7 +15,7 @@ router.get('/list/:filter?/:page?', function(req, res) {
|
||||||
var pageNum = req.params.page;
|
var pageNum = req.params.page;
|
||||||
var filter = req.params.filter;
|
var filter = req.params.filter;
|
||||||
if (pageNum == '' || pageNum == null) pageNum = 1;
|
if (pageNum == '' || pageNum == null) pageNum = 1;
|
||||||
if (filter == '' || filter == null) filter = 'all';
|
if (filter == '' || filter == null) filter = "all";
|
||||||
if (req.session.user) {
|
if (req.session.user) {
|
||||||
book.getPage()
|
book.getPage()
|
||||||
.then(pages => {
|
.then(pages => {
|
||||||
|
|
|
@ -12,7 +12,7 @@ router.get('/', function(req, res) {
|
||||||
settings = obj;
|
settings = obj;
|
||||||
})
|
})
|
||||||
.catch(() => {
|
.catch(() => {
|
||||||
//console.error(err)
|
console.error(err);
|
||||||
});
|
});
|
||||||
loadThemes().then(themes => {
|
loadThemes().then(themes => {
|
||||||
if (req.session.user) {
|
if (req.session.user) {
|
||||||
|
|
Loading…
Reference in a new issue