Authentication (#22)

* Authorization added * added secret to password, md5 hashing, removed promise from verifyToken, deleted links when not authorized * added dbinsert script * turned verifyToken to middleware, added description for dbinsert, added hidden csrf field in auth form * added middlewares, user model and controller * JSDoc fix * wrong password processing fix * added comments to dbinsert script, moved salt and passHash to singe db doc * Moved salt to .env, upgradedscript for generating password was, fixed comments and JSDoc * Deleted using salt (now user is only one), changed verifying password to bcrypt.compare, added httpyOnly property to jwt cookie
2025-07-19 13:19:42 +02:00 · 2019-03-06 13:22:57 +03:00 · 2019-03-06 13:22:57 +03:00 · 58d3892d8f
commit 58d3892d8f
parent 718be6d2f6
33 changed files with 1464 additions and 58 deletions
--- a/src/routes/pages.js
+++ b/src/routes/pages.js
@ -3,10 +3,13 @@ const router = express.Router();
 const Pages = require('../controllers/pages');
 const PagesOrder = require('../controllers/pagesOrder');

+const verifyToken = require('./middlewares/token');
+const allowEdit = require('./middlewares/locals');
+
 /**
 * Create new page form
 */
-router.get('/page/new', async (req, res) => {
+router.get('/page/new', verifyToken, allowEdit, async (req, res, next) => {
  let pagesAvailable = await Pages.getAll();

  res.render('pages/form', {
@ -18,7 +21,7 @@ router.get('/page/new', async (req, res) => {
 /**
 * Edit page form
 */
-router.get('/page/edit/:id', async (req, res, next) => {
+router.get('/page/edit/:id', verifyToken, allowEdit, async (req, res, next) => {
  const pageId = req.params.id;

  try {
@ -40,7 +43,7 @@ router.get('/page/edit/:id', async (req, res, next) => {
 /**
 * View page
 */
-router.get('/page/:id', async (req, res, next) => {
+router.get('/page/:id', verifyToken, async (req, res, next) => {
  const pageId = req.params.id;

  try {