Docker/codex.docs
Docker/codex.docs
1
0
Fork 0
mirror of https://github.com/codex-team/codex.docs.git synced 2025-08-08 15:05:26 +02:00
Code Issues Releases Activity

added secret to password, md5 hashing, removed promise from verifyToken, deleted links when not authorized

Browse source
This commit is contained in:
timakasucces 2019-01-19 20:44:15 +03:00
parent 5d6319915f
commit 5054d356fa
9 changed files with 59 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/index.js
View file

@ -15,7 +15,8 @@ if (fs.existsSync(path.resolve(__dirname, configPath))) {
} else { } else {
config = { config = {
database: '.db', database: '.db',
port: 3000 port: 3000,
secret: 'secret'
}; };
} }

1
package.json
View file

@ -21,6 +21,7 @@
"express": "~4.16.0", "express": "~4.16.0",
"http-errors": "~1.7.1", "http-errors": "~1.7.1",
"jsonwebtoken": "^8.4.0", "jsonwebtoken": "^8.4.0",
"md5": "^2.2.1",
"module-dispatcher": "^1.0.2", "module-dispatcher": "^1.0.2",
"morgan": "~1.9.0", "morgan": "~1.9.0",
"multer": "^1.3.1", "multer": "^1.3.1",

8
src/routes/auth.js
View file

@ -2,6 +2,8 @@ const express = require('express');
const router = express.Router(); const router = express.Router();
const { password: db } = require('../utils/database/index'); const { password: db } = require('../utils/database/index');
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const config = require('../../config/index');
const md5 = require('md5');
/* GET authorization page. */ /* GET authorization page. */
router.get('/auth', function (req, res, next) { router.get('/auth', function (req, res, next) {
@ -9,20 +11,20 @@ router.get('/auth', function (req, res, next) {
}); });
router.post('/auth', async (req, res) => { router.post('/auth', async (req, res) => {
const passwordDoc = await db.findOne({password: req.body.password}); const passwordDoc = await db.findOne({password: md5(req.body.password)});
if (passwordDoc !== null) { if (passwordDoc !== null) {
const token = jwt.sign({ const token = jwt.sign({
'iss': 'Codex Team', 'iss': 'Codex Team',
'sub': 'auth', 'sub': 'auth',
'iat': Date.now() 'iat': Date.now()
}, passwordDoc.password); }, passwordDoc.password + config.secret);
res.cookie('authToken', token); res.cookie('authToken', token);
res.redirect('/'); res.redirect('/');
} else { } else {
res.render('auth', { title: 'Login page', header: 'Wrong password!<br \\/>Try once more' }); res.render('auth', { title: 'Login page', header: 'Wrong password' });
} }
}); });

13
src/routes/home.js
View file

@ -3,18 +3,9 @@ const verifyToken = require('./middlewares/token');
const router = express.Router(); const router = express.Router();
/* GET home page. */ /* GET home page. */
router.get('/', async function (req, res, next) { router.get('/', async function (req, res) {
let isAuthorized = false; const isAuthorized = await verifyToken(req.cookies.authToken);
await verifyToken(req.cookies.authToken).then(
async () => {
console.log('Authorized user entered page');
isAuthorized = true;
},
() => {
console.log('Not authorized');
}
);
res.render('index', { title: 'Express', isAuthorized: isAuthorized }); res.render('index', { title: 'Express', isAuthorized: isAuthorized });
}); });

18
src/routes/middlewares/token.js
View file

@ -1,14 +1,18 @@
require('dotenv').config(); require('dotenv').config();
const config = require('../../../config/index');
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
module.exports = function verifyToken(token) { module.exports = function verifyToken(token) {
return new Promise((resolve, reject) => { let isAuthorized = false;
jwt.verify(token, process.env.PASSWORD, (err, decodedToken) => {
if (err || !decodedToken) { jwt.verify(token, process.env.PASSWORD + config.secret, (err, decodedToken) => {
return reject(err); if (err || !decodedToken) {
} return (err);
resolve(decodedToken); } else {
}); isAuthorized = true;
}
}); });
return isAuthorized;
}; };

47
src/routes/pages.js
View file

@ -27,27 +27,26 @@ router.get('/page/new', async (req, res) => {
* Edit page form * Edit page form
*/ */
router.get('/page/edit/:id', async (req, res, next) => { router.get('/page/edit/:id', async (req, res, next) => {
verifyToken(req.cookies.authToken).then( const isAuthorized = await verifyToken(req.cookies.authToken);
async () => {
const pageId = req.params.id;
try { if (isAuthorized) {
let page = await Pages.get(pageId); const pageId = req.params.id;
let pagesAvailable = await Pages.getAllExceptChildrens(pageId);
res.render('pages/form', { try {
pagesAvailable, let page = await Pages.get(pageId);
page let pagesAvailable = await Pages.getAllExceptChildrens(pageId);
});
} catch (error) { res.render('pages/form', {
res.status(404); pagesAvailable,
next(error); page
} });
}, } catch (error) {
() => { res.status(404);
res.render('auth', { title: 'Login page', header: 'Enter password to do this!' }); next(error);
} }
); } else {
res.render('auth', { title: 'Login page', header: 'Enter password to do this!' });
}
}); });
/** /**
@ -55,17 +54,7 @@ router.get('/page/edit/:id', async (req, res, next) => {
*/ */
router.get('/page/:id', async (req, res, next) => { router.get('/page/:id', async (req, res, next) => {
const pageId = req.params.id; const pageId = req.params.id;
let isAuthorized = false; let isAuthorized = await verifyToken(req.cookies.authToken);
await verifyToken(req.cookies.authToken).then(
async () => {
console.log('Authorized user entered page');
isAuthorized = true;
},
() => {
console.log('Not authorized');
}
);
try { try {
let page = await Pages.get(pageId); let page = await Pages.get(pageId);

2
src/views/components/header.twig
View file

@ -9,8 +9,6 @@
{{ svg('plus') }} {{ svg('plus') }}
Add Page Add Page
</a> </a>
{% else %}
<a class="docs-header__button" href="/auth">Authorize</a>
{% endif %} {% endif %}
</li> </li>
{% for option in config.menu %} {% for option in config.menu %}

4
src/views/pages/page.twig
View file

@ -17,10 +17,6 @@
<a href="/page/edit/{{ page._id }}" class="page__header-button"> <a href="/page/edit/{{ page._id }}" class="page__header-button">
Edit Edit
</a> </a>
{% else %}
<a href="/auth" class="page__header-button">
Authorize to edit
</a>
{% endif %} {% endif %}
</time> </time>
</header> </header>

21
yarn.lock
View file

@ -1506,6 +1506,11 @@ chardet@^0.7.0:
resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e" resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.7.0.tgz#90094849f0937f2eedc2425d0d28a9e5f0cbad9e"
integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA== integrity sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==
charenc@~0.0.1:
version "0.0.2"
resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667"
integrity sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc=
check-error@^1.0.2: check-error@^1.0.2:
version "1.0.2" version "1.0.2"
resolved "https://registry.yarnpkg.com/check-error/-/check-error-1.0.2.tgz#574d312edd88bb5dd8912e9286dd6c0aed4aac82" resolved "https://registry.yarnpkg.com/check-error/-/check-error-1.0.2.tgz#574d312edd88bb5dd8912e9286dd6c0aed4aac82"
@ -1922,6 +1927,11 @@ cross-spawn@^6.0.0, cross-spawn@^6.0.5:
shebang-command "^1.2.0" shebang-command "^1.2.0"
which "^1.2.9" which "^1.2.9"
crypt@~0.0.1:
version "0.0.2"
resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b"
integrity sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs=
crypto-browserify@^3.11.0: crypto-browserify@^3.11.0:
version "3.12.0" version "3.12.0"
resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec" resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec"
@ -3540,7 +3550,7 @@ is-binary-path@^1.0.0:
dependencies: dependencies:
binary-extensions "^1.0.0" binary-extensions "^1.0.0"
is-buffer@^1.1.5: is-buffer@^1.1.5, is-buffer@~1.1.1:
version "1.1.6" version "1.1.6"
resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be" resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w== integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
@ -4198,6 +4208,15 @@ md5.js@^1.3.4:
inherits "^2.0.1" inherits "^2.0.1"
safe-buffer "^5.1.2" safe-buffer "^5.1.2"
md5@^2.2.1:
version "2.2.1"
resolved "https://registry.yarnpkg.com/md5/-/md5-2.2.1.tgz#53ab38d5fe3c8891ba465329ea23fac0540126f9"
integrity sha1-U6s41f48iJG6RlMp6iP6wFQBJvk=
dependencies:
charenc "~0.0.1"
crypt "~0.0.1"
is-buffer "~1.1.1"
mdn-data@~1.1.0: mdn-data@~1.1.0:
version "1.1.4" version "1.1.4"
resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-1.1.4.tgz#50b5d4ffc4575276573c4eedb8780812a8419f01" resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-1.1.4.tgz#50b5d4ffc4575276573c4eedb8780812a8419f01"