fixed API authentication bug. whew.

This commit is contained in:
Ro 2020-05-05 13:44:45 -07:00
parent 8052c861bf
commit f10b25e698
7 changed files with 83 additions and 70 deletions

View file

@ -10,11 +10,11 @@ const _ = require('lodash');
/** /**
* Get Auth Status * Get Auth Status
*/ */
router.get('/', function(req, res) { router.get('/', function (req, res) {
var token = req.headers['x-access-token']; var token = req.headers['x-access-token'];
if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' }); if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' });
jwt.verify(token, 'super-secret-string', function(err, decoded) { jwt.verify(token, 'super-secret-string', function (err, decoded) {
if (err) if (err)
return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' }); return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' });
res.status(200).send(decoded); res.status(200).send(decoded);
@ -24,7 +24,7 @@ router.get('/', function(req, res) {
/** /**
* Get Auth Status * Get Auth Status
*/ */
router.get('/status', function(req, res) { router.get('/status', function (req, res) {
if (req.session.user) { if (req.session.user) {
let session = req.session; let session = req.session;
res.json({ res.json({
@ -42,7 +42,7 @@ router.get('/status', function(req, res) {
/** /**
* Login Member and return token * Login Member and return token
*/ */
router.post('/login', function(req, res) { router.post('/login', function (req, res) {
fs.readJson('site/folks.json').then(folks => { fs.readJson('site/folks.json').then(folks => {
let found = _.find(folks, { handle: req.body.handle }); let found = _.find(folks, { handle: req.body.handle });
if (found) { if (found) {

View file

@ -9,6 +9,7 @@ const fs = require('fs-extra');
const moment = require('moment'); const moment = require('moment');
const book = new Book(); const book = new Book();
const nav = new Navigation(); const nav = new Navigation();
const auth = new Auth();
const _ = require('lodash'); const _ = require('lodash');
const uploadPath = const uploadPath =
'./public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM'); './public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM');
@ -46,41 +47,39 @@ router.get('/', (req, res) => {
* Add/Update Page * Add/Update Page
*/ */
router.post('/write/:task?', feature_upload, (req, res) => { router.post('/write/:task?', feature_upload, (req, res) => {
if (req.session.user) { auth.authCheck(req)
Auth.authCheck(req) .then(() => {
.then(() => { let body = _.mapValues(req.body);
let body = _.mapValues(req.body); let feature = '';
let feature = ''; let task = '';
let task = ''; req.params.task === 'new'
req.params.task === 'new' ? (task = DataEvent.API_PAGE_CREATE)
? (task = DataEvent.API_PAGE_CREATE) : (task = DataEvent.API_PAGE_WRITE);
: (task = DataEvent.API_PAGE_WRITE); if (req.files.length > 0) {
if (req.files.length > 0) { var path = req.files[0].path;
var path = req.files[0].path; feature = '/' + path.substring(7, path.length);
feature = '/' + path.substring(7, path.length); } else {
} else { var url = body.feature_image;
var url = body.feature_image; url != null || url != undefined || url != ''
url != null || url != undefined || url != '' ? (feature = url.substring(21, url.length))
? (feature = url.substring(21, url.length)) : (feature = '');
: (feature = ''); }
} body.feature = feature;
body.feature = feature; body.deleted = false;
body.deleted = false; book.editPage(body, body.page_uuid, task, req.session.user)
book.editPage(body, body.page_uuid, task, req.session.user) .then(result => {
.then(result => { if (result.type === DataEvent.PAGE_CREATE) {
if (result.type === DataEvent.PAGE_CREATE) { nav.updatePageStats();
nav.updatePageStats(); }
} res.json(result);
res.json(result); })
}) .catch(err => {
.catch(err => { res.json(err);
res.json(err); });
}); })
}) .catch(err => {
.catch(err => { res.json(err);
res.json(err); });
});
}
}); });
/** /**
@ -88,22 +87,20 @@ router.post('/write/:task?', feature_upload, (req, res) => {
*/ */
router.post('/delete', (req, res) => { router.post('/delete', (req, res) => {
if (req.session.user) { auth.authCheck(req)
Auth.authCheck(req) .then(() => {
.then(() => { book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user) .then(result => {
.then(result => { //remove item from menu in settings
//remove item from menu in settings res.json(result);
res.json(result); })
}) .catch(err => {
.catch(err => { res.json(err);
res.json(err); });
}); })
}) .catch(err => {
.catch(err => { res.json(err);
res.json(err); });
});
}
}); });
/** /**

View file

@ -1,4 +1,5 @@
import * as DataEvent from '../../../src/com/events/DataEvent'; import * as DataEvent from '../../../src/com/events/DataEvent';
import Auth from '../../data/Auth';
const express = require('express'); const express = require('express');
const router = express.Router(); const router = express.Router();
const multer = require('multer'); const multer = require('multer');
@ -7,6 +8,7 @@ const moment = require('moment');
const _ = require('lodash'); const _ = require('lodash');
const settings = require('../../../site/settings.json'); const settings = require('../../../site/settings.json');
const folks = require('../../../site/folks.json'); const folks = require('../../../site/folks.json');
const auth = new Auth();
const uploadPath = const uploadPath =
'./public/assets/images/user/' + moment().format('YYYY') + '/' + moment().format('MM'); './public/assets/images/user/' + moment().format('YYYY') + '/' + moment().format('MM');
fs.ensureDir(uploadPath, () => { fs.ensureDir(uploadPath, () => {
@ -108,18 +110,20 @@ router.post('/nav-sync', (req, res) => {
}); });
router.post('/publish-pages', (req, res) => { router.post('/publish-pages', (req, res) => {
if (req.session.user) { auth.authCheck(req)
console.log('PUBLISHING'); .then(() => {
res.json({ console.log('PUBLISHING');
type: DataEvent.API_RENDER_PAGES, res.json({
message: 'All Pages Rendered and Published' type: DataEvent.API_RENDER_PAGES,
message: 'All Pages Rendered and Published'
});
})
.catch(err => {
res.json({
type: err.type,
message: err.message
});
}); });
} else {
res.json({
type: DataEvent.REQUEST_LAME,
message: "You're not logged in, champ"
});
}
}); });
/*** /***

View file

@ -22,6 +22,16 @@ export default class Auth {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
let hash = req.headers['x-access-token']; let hash = req.headers['x-access-token'];
let response = []; let response = [];
//check to see if user is logged in
if (!req.session.user) {
response = {
status: false,
type: DataEvent.API_REQUEST_LAME,
message: "You're not logged in, champ."
};
reject(response);
}
//Checks if token is a proper hash, if not reject //Checks if token is a proper hash, if not reject
if (!self.isTokenValid(req.session.token, hash)) { if (!self.isTokenValid(req.session.token, hash)) {
response = { response = {

View file

@ -175,11 +175,11 @@ export default class Pages {
} }
publish() { publish() {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
let self = this; //let self = this;
//get pages for rendering //get pages for rendering
this.getPage() this.getPage()
.then(pages => { .then(pages => {
console.log('PAGES', pages); resolve(pages);
}) })
.catch(err => { .catch(err => {
reject(err); reject(err);

View file

@ -15,6 +15,7 @@ export default class SettingsIndex {
// constructor // constructor
//-------------------------- //--------------------------
constructor() { constructor() {
api.authStatus();
this.start(); this.start();
} }
//-------------------------- //--------------------------

View file

@ -34,7 +34,7 @@ export default class APIUtils {
requestData = null requestData = null
) { ) {
var self = this; var self = this;
return new Promise(function(resolve, reject) { return new Promise(function (resolve, reject) {
var request = new XMLHttpRequest(); var request = new XMLHttpRequest();
request.upload.onprogress = self.handleLoadProgress; request.upload.onprogress = self.handleLoadProgress;
request.open(requestType, requestURL, true); request.open(requestType, requestURL, true);
@ -56,7 +56,8 @@ export default class APIUtils {
eventType === DataEvent.API_PAGE_WRITE || eventType === DataEvent.API_PAGE_WRITE ||
eventType === DataEvent.API_IMAGES_UPLOAD || eventType === DataEvent.API_IMAGES_UPLOAD ||
eventType === DataEvent.API_SETTINGS_WRITE || eventType === DataEvent.API_SETTINGS_WRITE ||
eventType === DataEvent.API_PAGE_DELETE eventType === DataEvent.API_PAGE_DELETE ||
eventType === DataEvent.API_RENDER_PAGES
) )
request.setRequestHeader('x-access-token', self.token); request.setRequestHeader('x-access-token', self.token);
switch (contentType) { switch (contentType) {