diff --git a/config/index.js b/config/index.js
index 42e364b..47bff79 100644
--- a/config/index.js
+++ b/config/index.js
@@ -15,7 +15,8 @@ if (fs.existsSync(path.resolve(__dirname, configPath))) {
} else {
config = {
database: '.db',
- port: 3000
+ port: 3000,
+ secret: 'secret'
};
}
diff --git a/package.json b/package.json
index d554c3c..9b3547d 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
"express": "~4.16.0",
"http-errors": "~1.7.1",
"jsonwebtoken": "^8.4.0",
+ "md5": "^2.2.1",
"module-dispatcher": "^1.0.2",
"morgan": "~1.9.0",
"multer": "^1.3.1",
diff --git a/src/routes/auth.js b/src/routes/auth.js
index 63a6060..ca15acb 100644
--- a/src/routes/auth.js
+++ b/src/routes/auth.js
@@ -2,6 +2,8 @@ const express = require('express');
const router = express.Router();
const { password: db } = require('../utils/database/index');
const jwt = require('jsonwebtoken');
+const config = require('../../config/index');
+const md5 = require('md5');
/* GET authorization page. */
router.get('/auth', function (req, res, next) {
@@ -9,20 +11,20 @@ router.get('/auth', function (req, res, next) {
});
router.post('/auth', async (req, res) => {
- const passwordDoc = await db.findOne({password: req.body.password});
+ const passwordDoc = await db.findOne({password: md5(req.body.password)});
if (passwordDoc !== null) {
const token = jwt.sign({
'iss': 'Codex Team',
'sub': 'auth',
'iat': Date.now()
- }, passwordDoc.password);
+ }, passwordDoc.password + config.secret);
res.cookie('authToken', token);
res.redirect('/');
} else {
- res.render('auth', { title: 'Login page', header: 'Wrong password!
Try once more' });
+ res.render('auth', { title: 'Login page', header: 'Wrong password' });
}
});
diff --git a/src/routes/home.js b/src/routes/home.js
index 5e78936..05eed38 100644
--- a/src/routes/home.js
+++ b/src/routes/home.js
@@ -3,18 +3,9 @@ const verifyToken = require('./middlewares/token');
const router = express.Router();
/* GET home page. */
-router.get('/', async function (req, res, next) {
- let isAuthorized = false;
+router.get('/', async function (req, res) {
+ const isAuthorized = await verifyToken(req.cookies.authToken);
- await verifyToken(req.cookies.authToken).then(
- async () => {
- console.log('Authorized user entered page');
- isAuthorized = true;
- },
- () => {
- console.log('Not authorized');
- }
- );
res.render('index', { title: 'Express', isAuthorized: isAuthorized });
});
diff --git a/src/routes/middlewares/token.js b/src/routes/middlewares/token.js
index 3050f1a..7f5d3e5 100644
--- a/src/routes/middlewares/token.js
+++ b/src/routes/middlewares/token.js
@@ -1,14 +1,18 @@
require('dotenv').config();
+const config = require('../../../config/index');
const jwt = require('jsonwebtoken');
module.exports = function verifyToken(token) {
- return new Promise((resolve, reject) => {
- jwt.verify(token, process.env.PASSWORD, (err, decodedToken) => {
- if (err || !decodedToken) {
- return reject(err);
- }
- resolve(decodedToken);
- });
+ let isAuthorized = false;
+
+ jwt.verify(token, process.env.PASSWORD + config.secret, (err, decodedToken) => {
+ if (err || !decodedToken) {
+ return (err);
+ } else {
+ isAuthorized = true;
+ }
});
+
+ return isAuthorized;
};
diff --git a/src/routes/pages.js b/src/routes/pages.js
index 0d950cd..9c64db8 100644
--- a/src/routes/pages.js
+++ b/src/routes/pages.js
@@ -27,27 +27,26 @@ router.get('/page/new', async (req, res) => {
* Edit page form
*/
router.get('/page/edit/:id', async (req, res, next) => {
- verifyToken(req.cookies.authToken).then(
- async () => {
- const pageId = req.params.id;
+ const isAuthorized = await verifyToken(req.cookies.authToken);
- try {
- let page = await Pages.get(pageId);
- let pagesAvailable = await Pages.getAllExceptChildrens(pageId);
+ if (isAuthorized) {
+ const pageId = req.params.id;
- res.render('pages/form', {
- pagesAvailable,
- page
- });
- } catch (error) {
- res.status(404);
- next(error);
- }
- },
- () => {
- res.render('auth', { title: 'Login page', header: 'Enter password to do this!' });
+ try {
+ let page = await Pages.get(pageId);
+ let pagesAvailable = await Pages.getAllExceptChildrens(pageId);
+
+ res.render('pages/form', {
+ pagesAvailable,
+ page
+ });
+ } catch (error) {
+ res.status(404);
+ next(error);
}
- );
+ } else {
+ res.render('auth', { title: 'Login page', header: 'Enter password to do this!' });
+ }
});
/**
@@ -55,17 +54,7 @@ router.get('/page/edit/:id', async (req, res, next) => {
*/
router.get('/page/:id', async (req, res, next) => {
const pageId = req.params.id;
- let isAuthorized = false;
-
- await verifyToken(req.cookies.authToken).then(
- async () => {
- console.log('Authorized user entered page');
- isAuthorized = true;
- },
- () => {
- console.log('Not authorized');
- }
- );
+ let isAuthorized = await verifyToken(req.cookies.authToken);
try {
let page = await Pages.get(pageId);
diff --git a/src/views/components/header.twig b/src/views/components/header.twig
index 7c54e31..aecdbd1 100644
--- a/src/views/components/header.twig
+++ b/src/views/components/header.twig
@@ -9,8 +9,6 @@
{{ svg('plus') }}
Add Page
- {% else %}
-
{% endif %}
{% for option in config.menu %}
diff --git a/src/views/pages/page.twig b/src/views/pages/page.twig
index 1178c08..f0e5d33 100644
--- a/src/views/pages/page.twig
+++ b/src/views/pages/page.twig
@@ -17,10 +17,6 @@
- {% else %}
-
{% endif %}
diff --git a/yarn.lock b/yarn.lock
index c94db1b..f195ea4 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1506,6 +1506,11 @@ chardet@^0.7.0:
resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e"
integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==
+charenc@~0.0.1:
+ version "0.0.2"
+ resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667"
+ integrity sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc=
+
check-error@^1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/check-error/-/check-error-1.0.2.tgz#574d312edd88bb5dd8912e9286dd6c0aed4aac82"
@@ -1922,6 +1927,11 @@ cross-spawn@^6.0.0, cross-spawn@^6.0.5:
shebang-command "^1.2.0"
which "^1.2.9"
+crypt@~0.0.1:
+ version "0.0.2"
+ resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b"
+ integrity sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs=
+
crypto-browserify@^3.11.0:
version "3.12.0"
resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec"
@@ -3540,7 +3550,7 @@ is-binary-path@^1.0.0:
dependencies:
binary-extensions "^1.0.0"
-is-buffer@^1.1.5:
+is-buffer@^1.1.5, is-buffer@~1.1.1:
version "1.1.6"
resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
@@ -4198,6 +4208,15 @@ md5.js@^1.3.4:
inherits "^2.0.1"
safe-buffer "^5.1.2"
+md5@^2.2.1:
+ version "2.2.1"
+ resolved "https://registry.yarnpkg.com/md5/-/md5-2.2.1.tgz#53ab38d5fe3c8891ba465329ea23fac0540126f9"
+ integrity sha1-U6s41f48iJG6RlMp6iP6wFQBJvk=
+ dependencies:
+ charenc "~0.0.1"
+ crypt "~0.0.1"
+ is-buffer "~1.1.1"
+
mdn-data@~1.1.0:
version "1.1.4"
resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-1.1.4.tgz#50b5d4ffc4575276573c4eedb8780812a8419f01"