mirror of
https://github.com/codex-team/codex.docs.git
synced 2025-08-08 06:55:26 +02:00
Deleted using salt (now user is only one), changed verifying password to bcrypt.compare, added httpyOnly property to jwt cookie
This commit is contained in:
timakasucces
parent
8767098e4f
commit
d63323d37f
3 changed files with 36 additions and 48 deletions
|
|
@ -1,10 +1,10 @@
|
|||
#!/usr/bin/env node
|
||||
|
||||
let { password: db } = require('../src/utils/database');
|
||||
let { password: db } = require('./src/utils/database');
|
||||
const program = require('commander');
|
||||
|
||||
const bcrypt = require('bcrypt');
|
||||
const saltRounds = 10;
|
||||
const saltRounds = 12;
|
||||
|
||||
/**
|
||||
* Script for generating password, that will be used to create and edit pages in CodeX.Docs.
|
||||
|
|
@ -16,47 +16,30 @@ program
|
|||
.usage('[password]')
|
||||
.arguments('<password>')
|
||||
.action(async function (password) {
|
||||
let userDoc = null;
|
||||
|
||||
bcrypt.genSalt(saltRounds, function (err1, salt) {
|
||||
if (err1) {
|
||||
return ('Salt generation error');
|
||||
bcrypt.hash(password, saltRounds, async (error, hash) => {
|
||||
if (error) {
|
||||
return 'Hash generating error';
|
||||
}
|
||||
|
||||
bcrypt.hash(password, salt, async (err2, hash) => {
|
||||
if (err2) {
|
||||
return ('Hash generation error');
|
||||
}
|
||||
await db.remove({}, {multi: true});
|
||||
const userDoc = { passHash: hash };
|
||||
|
||||
userDoc = { passHash: hash };
|
||||
await db.remove({}, {multi: true});
|
||||
await db.insert(userDoc);
|
||||
|
||||
await db.insert(userDoc);
|
||||
console.log('Password was successfully generated');
|
||||
|
||||
console.log('Salt:', salt);
|
||||
console.log('Insert the salt in to the SALT field in .env file');
|
||||
});
|
||||
console.log('Password was successfully generated');
|
||||
});
|
||||
});
|
||||
|
||||
program.parse(process.argv);
|
||||
|
||||
program.on('--help', () => {
|
||||
console.log('');
|
||||
console.log("Don't forget to insert salt value to the .env file after adding a new password!");
|
||||
console.log('');
|
||||
console.log('Example:');
|
||||
console.log('node generatePassword qwerty');
|
||||
console.log('yarn generatePassword qwerty');
|
||||
console.log('');
|
||||
});
|
||||
|
||||
program.on('command:*', function () {
|
||||
console.error('Invalid command: %s\nSee --help or -h for a list of available commands.', program.args.join(' '));
|
||||
process.exit(1);
|
||||
});
|
||||
program.parse(process.argv);
|
||||
|
||||
if (process.argv.length === 2) {
|
||||
if (process.argv.length !== 3) {
|
||||
console.error('Invalid command: %s\nSee --help or -h for a list of available commands.', program.args.join(' '));
|
||||
process.exit(1);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@
|
|||
"test": "cross-env NODE_ENV=testing mocha --recursive ./test",
|
||||
"lint": "eslint --fix --cache ./src/**/*.js",
|
||||
"build": "webpack ./src/frontend/js/app.js --o='./public/dist/[name].bundle.js' --output-library=Docs --output-public-path=/dist/ -p --watch",
|
||||
"precommit": "yarn lint && yarn test --exit"
|
||||
"precommit": "yarn lint && yarn test --exit",
|
||||
"generatePassword": "node ./generatePassword.js"
|
||||
},
|
||||
"dependencies": {
|
||||
"@babel/polyfill": "^7.0.0",
|
||||
|
|
|
|||
|
|
@ -15,35 +15,39 @@ const parseForm = bodyParser.urlencoded({ extended: false });
|
|||
* Authorization page
|
||||
*/
|
||||
router.get('/auth', csrfProtection, function (req, res) {
|
||||
res.render('auth', { title: 'Login page ', header: 'Enter password', csrfToken: req.csrfToken() });
|
||||
res.render('auth', {
|
||||
title: 'Login page',
|
||||
header: 'Enter password',
|
||||
csrfToken: req.csrfToken()
|
||||
});
|
||||
});
|
||||
|
||||
/**
|
||||
* Process given password
|
||||
*/
|
||||
router.post('/auth', parseForm, csrfProtection, async (req, res) => {
|
||||
let salt = process.env.SALT;
|
||||
let userDoc = await Users.get();
|
||||
|
||||
bcrypt.hash(req.body.password, salt, async function (err, hash) {
|
||||
if (err) {
|
||||
res.status(500);
|
||||
const passHash = userDoc.passHash;
|
||||
|
||||
bcrypt.compare(req.body.password, passHash, async (err, result) => {
|
||||
if (err || result === false) {
|
||||
res.render('auth', {
|
||||
title: 'Login page',
|
||||
header: 'Wrong password',
|
||||
csrfToken: req.csrfToken()
|
||||
});
|
||||
}
|
||||
|
||||
const userDoc = await Users.get();
|
||||
const token = jwt.sign({
|
||||
'iss': 'Codex Team',
|
||||
'sub': 'auth',
|
||||
'iat': Date.now()
|
||||
}, passHash + config.secret);
|
||||
|
||||
if (userDoc) {
|
||||
const token = jwt.sign({
|
||||
'iss': 'Codex Team',
|
||||
'sub': 'auth',
|
||||
'iat': Date.now()
|
||||
}, userDoc.passHash + config.secret);
|
||||
res.cookie('authToken', token, { httpOnly: true });
|
||||
|
||||
res.cookie('authToken', token);
|
||||
|
||||
res.redirect('/');
|
||||
} else {
|
||||
res.render('auth', { title: 'Login page', header: 'Wrong password', csrfToken: req.csrfToken() });
|
||||
}
|
||||
res.redirect('/');
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue