forked from projects/fipamo
fixed API authentication bug. whew.
This commit is contained in:
parent
8052c861bf
commit
f10b25e698
7 changed files with 83 additions and 70 deletions
|
@ -10,11 +10,11 @@ const _ = require('lodash');
|
|||
/**
|
||||
* Get Auth Status
|
||||
*/
|
||||
router.get('/', function(req, res) {
|
||||
router.get('/', function (req, res) {
|
||||
var token = req.headers['x-access-token'];
|
||||
if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' });
|
||||
|
||||
jwt.verify(token, 'super-secret-string', function(err, decoded) {
|
||||
jwt.verify(token, 'super-secret-string', function (err, decoded) {
|
||||
if (err)
|
||||
return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' });
|
||||
res.status(200).send(decoded);
|
||||
|
@ -24,7 +24,7 @@ router.get('/', function(req, res) {
|
|||
/**
|
||||
* Get Auth Status
|
||||
*/
|
||||
router.get('/status', function(req, res) {
|
||||
router.get('/status', function (req, res) {
|
||||
if (req.session.user) {
|
||||
let session = req.session;
|
||||
res.json({
|
||||
|
@ -42,7 +42,7 @@ router.get('/status', function(req, res) {
|
|||
/**
|
||||
* Login Member and return token
|
||||
*/
|
||||
router.post('/login', function(req, res) {
|
||||
router.post('/login', function (req, res) {
|
||||
fs.readJson('site/folks.json').then(folks => {
|
||||
let found = _.find(folks, { handle: req.body.handle });
|
||||
if (found) {
|
||||
|
|
|
@ -9,6 +9,7 @@ const fs = require('fs-extra');
|
|||
const moment = require('moment');
|
||||
const book = new Book();
|
||||
const nav = new Navigation();
|
||||
const auth = new Auth();
|
||||
const _ = require('lodash');
|
||||
const uploadPath =
|
||||
'./public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM');
|
||||
|
@ -46,41 +47,39 @@ router.get('/', (req, res) => {
|
|||
* Add/Update Page
|
||||
*/
|
||||
router.post('/write/:task?', feature_upload, (req, res) => {
|
||||
if (req.session.user) {
|
||||
Auth.authCheck(req)
|
||||
.then(() => {
|
||||
let body = _.mapValues(req.body);
|
||||
let feature = '';
|
||||
let task = '';
|
||||
req.params.task === 'new'
|
||||
? (task = DataEvent.API_PAGE_CREATE)
|
||||
: (task = DataEvent.API_PAGE_WRITE);
|
||||
if (req.files.length > 0) {
|
||||
var path = req.files[0].path;
|
||||
feature = '/' + path.substring(7, path.length);
|
||||
} else {
|
||||
var url = body.feature_image;
|
||||
url != null || url != undefined || url != ''
|
||||
? (feature = url.substring(21, url.length))
|
||||
: (feature = '');
|
||||
}
|
||||
body.feature = feature;
|
||||
body.deleted = false;
|
||||
book.editPage(body, body.page_uuid, task, req.session.user)
|
||||
.then(result => {
|
||||
if (result.type === DataEvent.PAGE_CREATE) {
|
||||
nav.updatePageStats();
|
||||
}
|
||||
res.json(result);
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
}
|
||||
auth.authCheck(req)
|
||||
.then(() => {
|
||||
let body = _.mapValues(req.body);
|
||||
let feature = '';
|
||||
let task = '';
|
||||
req.params.task === 'new'
|
||||
? (task = DataEvent.API_PAGE_CREATE)
|
||||
: (task = DataEvent.API_PAGE_WRITE);
|
||||
if (req.files.length > 0) {
|
||||
var path = req.files[0].path;
|
||||
feature = '/' + path.substring(7, path.length);
|
||||
} else {
|
||||
var url = body.feature_image;
|
||||
url != null || url != undefined || url != ''
|
||||
? (feature = url.substring(21, url.length))
|
||||
: (feature = '');
|
||||
}
|
||||
body.feature = feature;
|
||||
body.deleted = false;
|
||||
book.editPage(body, body.page_uuid, task, req.session.user)
|
||||
.then(result => {
|
||||
if (result.type === DataEvent.PAGE_CREATE) {
|
||||
nav.updatePageStats();
|
||||
}
|
||||
res.json(result);
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
});
|
||||
|
||||
/**
|
||||
|
@ -88,22 +87,20 @@ router.post('/write/:task?', feature_upload, (req, res) => {
|
|||
*/
|
||||
|
||||
router.post('/delete', (req, res) => {
|
||||
if (req.session.user) {
|
||||
Auth.authCheck(req)
|
||||
.then(() => {
|
||||
book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
|
||||
.then(result => {
|
||||
//remove item from menu in settings
|
||||
res.json(result);
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
}
|
||||
auth.authCheck(req)
|
||||
.then(() => {
|
||||
book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
|
||||
.then(result => {
|
||||
//remove item from menu in settings
|
||||
res.json(result);
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
res.json(err);
|
||||
});
|
||||
});
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import * as DataEvent from '../../../src/com/events/DataEvent';
|
||||
import Auth from '../../data/Auth';
|
||||
const express = require('express');
|
||||
const router = express.Router();
|
||||
const multer = require('multer');
|
||||
|
@ -7,6 +8,7 @@ const moment = require('moment');
|
|||
const _ = require('lodash');
|
||||
const settings = require('../../../site/settings.json');
|
||||
const folks = require('../../../site/folks.json');
|
||||
const auth = new Auth();
|
||||
const uploadPath =
|
||||
'./public/assets/images/user/' + moment().format('YYYY') + '/' + moment().format('MM');
|
||||
fs.ensureDir(uploadPath, () => {
|
||||
|
@ -108,18 +110,20 @@ router.post('/nav-sync', (req, res) => {
|
|||
});
|
||||
|
||||
router.post('/publish-pages', (req, res) => {
|
||||
if (req.session.user) {
|
||||
console.log('PUBLISHING');
|
||||
res.json({
|
||||
type: DataEvent.API_RENDER_PAGES,
|
||||
message: 'All Pages Rendered and Published'
|
||||
auth.authCheck(req)
|
||||
.then(() => {
|
||||
console.log('PUBLISHING');
|
||||
res.json({
|
||||
type: DataEvent.API_RENDER_PAGES,
|
||||
message: 'All Pages Rendered and Published'
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
res.json({
|
||||
type: err.type,
|
||||
message: err.message
|
||||
});
|
||||
});
|
||||
} else {
|
||||
res.json({
|
||||
type: DataEvent.REQUEST_LAME,
|
||||
message: "You're not logged in, champ"
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
/***
|
||||
|
|
|
@ -22,6 +22,16 @@ export default class Auth {
|
|||
return new Promise((resolve, reject) => {
|
||||
let hash = req.headers['x-access-token'];
|
||||
let response = [];
|
||||
//check to see if user is logged in
|
||||
if (!req.session.user) {
|
||||
response = {
|
||||
status: false,
|
||||
type: DataEvent.API_REQUEST_LAME,
|
||||
message: "You're not logged in, champ."
|
||||
};
|
||||
reject(response);
|
||||
}
|
||||
|
||||
//Checks if token is a proper hash, if not reject
|
||||
if (!self.isTokenValid(req.session.token, hash)) {
|
||||
response = {
|
||||
|
|
|
@ -175,11 +175,11 @@ export default class Pages {
|
|||
}
|
||||
publish() {
|
||||
return new Promise((resolve, reject) => {
|
||||
let self = this;
|
||||
//let self = this;
|
||||
//get pages for rendering
|
||||
this.getPage()
|
||||
.then(pages => {
|
||||
console.log('PAGES', pages);
|
||||
resolve(pages);
|
||||
})
|
||||
.catch(err => {
|
||||
reject(err);
|
||||
|
|
|
@ -15,6 +15,7 @@ export default class SettingsIndex {
|
|||
// constructor
|
||||
//--------------------------
|
||||
constructor() {
|
||||
api.authStatus();
|
||||
this.start();
|
||||
}
|
||||
//--------------------------
|
||||
|
|
|
@ -34,7 +34,7 @@ export default class APIUtils {
|
|||
requestData = null
|
||||
) {
|
||||
var self = this;
|
||||
return new Promise(function(resolve, reject) {
|
||||
return new Promise(function (resolve, reject) {
|
||||
var request = new XMLHttpRequest();
|
||||
request.upload.onprogress = self.handleLoadProgress;
|
||||
request.open(requestType, requestURL, true);
|
||||
|
@ -56,7 +56,8 @@ export default class APIUtils {
|
|||
eventType === DataEvent.API_PAGE_WRITE ||
|
||||
eventType === DataEvent.API_IMAGES_UPLOAD ||
|
||||
eventType === DataEvent.API_SETTINGS_WRITE ||
|
||||
eventType === DataEvent.API_PAGE_DELETE
|
||||
eventType === DataEvent.API_PAGE_DELETE ||
|
||||
eventType === DataEvent.API_RENDER_PAGES
|
||||
)
|
||||
request.setRequestHeader('x-access-token', self.token);
|
||||
switch (contentType) {
|
||||
|
|
Loading…
Reference in a new issue