codex.docs/src/backend/routes/auth.ts

import express, { Request, Response } from 'express';
import jwt from 'jsonwebtoken';
import config from 'config';
import csrf from 'csurf';

const router = express.Router();
const csrfProtection = csrf({ cookie: true });
const parseForm = express.urlencoded({ extended: false });

/**
 * Authorization page
 */
router.get('/auth', csrfProtection, function (req: Request, res: Response) {
  res.render('auth', {
    title: 'Login page',
    csrfToken: req.csrfToken(),
  });
});

/**
 * Process given password
 */
router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
  try {
    if (!process.env.PASSWORD) {
      res.render('auth', {
        title: 'Login page',
        header: 'Password not set',
        csrfToken: req.csrfToken(),
      });

      return;
    }

    if (req.body.password !== process.env.PASSWORD) {
      res.render('auth', {
        title: 'Login page',
        header: 'Wrong password',
        csrfToken: req.csrfToken(),
      });

      return;
    }

    const token = jwt.sign({
      iss: 'Codex Team',
      sub: 'auth',
      iat: Date.now(),
    }, process.env.PASSWORD + config.get('secret'));

    res.cookie('authToken', token, {
      httpOnly: true,
      expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
    });

    res.redirect('/');
  } catch (err) {
    res.render('auth', {
      title: 'Login page',
      header: 'Password not set',
      csrfToken: req.csrfToken(),
    });

    return;
  }
});

export default router;
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00			`import express, { Request, Response } from 'express';`
			`import jwt from 'jsonwebtoken';`
			`import config from 'config';`
			`import csrf from 'csurf';`

			`const router = express.Router();`
			`const csrfProtection = csrf({ cookie: true });`
			`const parseForm = express.urlencoded({ extended: false });`

			`/**`
			`* Authorization page`
			`*/`
			`router.get('/auth', csrfProtection, function (req: Request, res: Response) {`
			`res.render('auth', {`
			`title: 'Login page',`
			`csrfToken: req.csrfToken(),`
			`});`
			`});`

			`/**`
			`* Process given password`
			`*/`
			`router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {`
			`try {`
Password from env variable (#170) * rm: remove the generate password file * rm: commander package * rm: remove the password reading from db * feat: password hash reading from env added * passHash replace with password * raw password comparison added * rm: user model and controller removed * update: auth route and token verification * replace multiple dotenv config with one * .env.sample added with updated docker yml * rm:remove the bcrypt * readme updated with .env * remove generatePassword from package json * updated docs * removed the console.log 2022-04-24 16:54:36 +05:30			`if (!process.env.PASSWORD) {`
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00			`res.render('auth', {`
			`title: 'Login page',`
			`header: 'Password not set',`
			`csrfToken: req.csrfToken(),`
			`});`

			`return;`
			`}`

Password from env variable (#170) * rm: remove the generate password file * rm: commander package * rm: remove the password reading from db * feat: password hash reading from env added * passHash replace with password * raw password comparison added * rm: user model and controller removed * update: auth route and token verification * replace multiple dotenv config with one * .env.sample added with updated docker yml * rm:remove the bcrypt * readme updated with .env * remove generatePassword from package json * updated docs * removed the console.log 2022-04-24 16:54:36 +05:30			`if (req.body.password !== process.env.PASSWORD) {`
			`res.render('auth', {`
			`title: 'Login page',`
			`header: 'Wrong password',`
			`csrfToken: req.csrfToken(),`
			`});`
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00
Password from env variable (#170) * rm: remove the generate password file * rm: commander package * rm: remove the password reading from db * feat: password hash reading from env added * passHash replace with password * raw password comparison added * rm: user model and controller removed * update: auth route and token verification * replace multiple dotenv config with one * .env.sample added with updated docker yml * rm:remove the bcrypt * readme updated with .env * remove generatePassword from package json * updated docs * removed the console.log 2022-04-24 16:54:36 +05:30			`return;`
			`}`
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00
Password from env variable (#170) * rm: remove the generate password file * rm: commander package * rm: remove the password reading from db * feat: password hash reading from env added * passHash replace with password * raw password comparison added * rm: user model and controller removed * update: auth route and token verification * replace multiple dotenv config with one * .env.sample added with updated docker yml * rm:remove the bcrypt * readme updated with .env * remove generatePassword from package json * updated docs * removed the console.log 2022-04-24 16:54:36 +05:30			`const token = jwt.sign({`
			`iss: 'Codex Team',`
			`sub: 'auth',`
			`iat: Date.now(),`
			`}, process.env.PASSWORD + config.get('secret'));`
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00
Password from env variable (#170) * rm: remove the generate password file * rm: commander package * rm: remove the password reading from db * feat: password hash reading from env added * passHash replace with password * raw password comparison added * rm: user model and controller removed * update: auth route and token verification * replace multiple dotenv config with one * .env.sample added with updated docker yml * rm:remove the bcrypt * readme updated with .env * remove generatePassword from package json * updated docs * removed the console.log 2022-04-24 16:54:36 +05:30			`res.cookie('authToken', token, {`
			`httpOnly: true,`
			`expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year`
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00			`});`
Password from env variable (#170) * rm: remove the generate password file * rm: commander package * rm: remove the password reading from db * feat: password hash reading from env added * passHash replace with password * raw password comparison added * rm: user model and controller removed * update: auth route and token verification * replace multiple dotenv config with one * .env.sample added with updated docker yml * rm:remove the bcrypt * readme updated with .env * remove generatePassword from package json * updated docs * removed the console.log 2022-04-24 16:54:36 +05:30
			`res.redirect('/');`
Typescript rewrite (#147) * Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru> 2022-03-05 22:57:23 +04:00			`} catch (err) {`
			`res.render('auth', {`
			`title: 'Login page',`
			`header: 'Password not set',`
			`csrfToken: req.csrfToken(),`
			`});`

			`return;`
			`}`
			`});`

			`export default router;`