Docker/codex.docs
Docker/codex.docs
1
0
Fork 0
mirror of https://github.com/codex-team/codex.docs.git synced 2025-08-08 06:55:26 +02:00
Code Issues Releases Activity

Deleted using salt (now user is only one), changed verifying password to bcrypt.compare, added httpyOnly property to jwt cookie

Browse source
This commit is contained in:
timakasucces 2019-03-01 21:37:22 +03:00
parent 8767098e4f
commit d63323d37f
3 changed files with 36 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

41
generatePassword.js
View file

@ -1,10 +1,10 @@
#!/usr/bin/env node #!/usr/bin/env node
let { password: db } = require('../src/utils/database'); let { password: db } = require('./src/utils/database');
const program = require('commander'); const program = require('commander');
const bcrypt = require('bcrypt'); const bcrypt = require('bcrypt');
const saltRounds = 10; const saltRounds = 12;
/** /**
* Script for generating password, that will be used to create and edit pages in CodeX.Docs. * Script for generating password, that will be used to create and edit pages in CodeX.Docs.
@ -16,47 +16,30 @@ program
.usage('[password]') .usage('[password]')
.arguments('<password>') .arguments('<password>')
.action(async function (password) { .action(async function (password) {
let userDoc = null; bcrypt.hash(password, saltRounds, async (error, hash) => {
if (error) {
bcrypt.genSalt(saltRounds, function (err1, salt) { return 'Hash generating error';
if (err1) {
return ('Salt generation error');
} }
bcrypt.hash(password, salt, async (err2, hash) => { const userDoc = { passHash: hash };
if (err2) {
return ('Hash generation error');
}
await db.remove({}, {multi: true});
userDoc = { passHash: hash }; await db.remove({}, {multi: true});
await db.insert(userDoc);
await db.insert(userDoc); console.log('Password was successfully generated');
console.log('Password was successfully generated');
console.log('Salt:', salt);
console.log('Insert the salt in to the SALT field in .env file');
});
}); });
}); });
program.parse(process.argv);
program.on('--help', () => { program.on('--help', () => {
console.log('');
console.log("Don't forget to insert salt value to the .env file after adding a new password!");
console.log(''); console.log('');
console.log('Example:'); console.log('Example:');
console.log('node generatePassword qwerty'); console.log('yarn generatePassword qwerty');
console.log(''); console.log('');
}); });
program.on('command:*', function () { program.parse(process.argv);
console.error('Invalid command: %s\nSee --help or -h for a list of available commands.', program.args.join(' '));
process.exit(1);
});
if (process.argv.length === 2) { if (process.argv.length !== 3) {
console.error('Invalid command: %s\nSee --help or -h for a list of available commands.', program.args.join(' ')); console.error('Invalid command: %s\nSee --help or -h for a list of available commands.', program.args.join(' '));
process.exit(1); process.exit(1);
} }

3
package.json
View file

@ -9,7 +9,8 @@
"test": "cross-env NODE_ENV=testing mocha --recursive ./test", "test": "cross-env NODE_ENV=testing mocha --recursive ./test",
"lint": "eslint --fix --cache ./src/**/*.js", "lint": "eslint --fix --cache ./src/**/*.js",
"build": "webpack ./src/frontend/js/app.js --o='./public/dist/[name].bundle.js' --output-library=Docs --output-public-path=/dist/ -p --watch", "build": "webpack ./src/frontend/js/app.js --o='./public/dist/[name].bundle.js' --output-library=Docs --output-public-path=/dist/ -p --watch",
"precommit": "yarn lint && yarn test --exit" "precommit": "yarn lint && yarn test --exit",
"generatePassword": "node ./generatePassword.js"
}, },
"dependencies": { "dependencies": {
"@babel/polyfill": "^7.0.0", "@babel/polyfill": "^7.0.0",

40
src/routes/auth.js
View file

@ -15,35 +15,39 @@ const parseForm = bodyParser.urlencoded({ extended: false });
* Authorization page * Authorization page
*/ */
router.get('/auth', csrfProtection, function (req, res) { router.get('/auth', csrfProtection, function (req, res) {
res.render('auth', { title: 'Login page ', header: 'Enter password', csrfToken: req.csrfToken() }); res.render('auth', {
title: 'Login page',
header: 'Enter password',
csrfToken: req.csrfToken()
});
}); });
/** /**
* Process given password * Process given password
*/ */
router.post('/auth', parseForm, csrfProtection, async (req, res) => { router.post('/auth', parseForm, csrfProtection, async (req, res) => {
let salt = process.env.SALT; let userDoc = await Users.get();
bcrypt.hash(req.body.password, salt, async function (err, hash) { const passHash = userDoc.passHash;
if (err) {
res.status(500); bcrypt.compare(req.body.password, passHash, async (err, result) => {
if (err || result === false) {
res.render('auth', {
title: 'Login page',
header: 'Wrong password',
csrfToken: req.csrfToken()
});
} }
const userDoc = await Users.get(); const token = jwt.sign({
'iss': 'Codex Team',
'sub': 'auth',
'iat': Date.now()
}, passHash + config.secret);
if (userDoc) { res.cookie('authToken', token, { httpOnly: true });
const token = jwt.sign({
'iss': 'Codex Team',
'sub': 'auth',
'iat': Date.now()
}, userDoc.passHash + config.secret);
res.cookie('authToken', token); res.redirect('/');
res.redirect('/');
} else {
res.render('auth', { title: 'Login page', header: 'Wrong password', csrfToken: req.csrfToken() });
}
}); });
}); });