token encyrption working. never send token to the front end.

pull/20/head
Ro 5 years ago
parent f3339089ff
commit 0f6ce7c3d8

@ -30,7 +30,7 @@ router.get('/status', function(req, res) {
res.json({ res.json({
type: DataEvent.API_REQUEST_GOOD, type: DataEvent.API_REQUEST_GOOD,
message: 'Auth is Good', message: 'Auth is Good',
token: session.token token: session.hashToken
}); });
} else { } else {
res.json({ res.json({
@ -60,10 +60,11 @@ router.post('/login', function(req, res) {
let session = req.session; let session = req.session;
session.user = found; session.user = found;
session.token = token; session.token = token;
session.hashToken = hashToken(token);
res.json({ res.json({
type: DataEvent.REQUEST_GOOD, type: DataEvent.REQUEST_GOOD,
message: 'Welcome Back', message: 'Welcome Back',
token: session.token token: session.hashToken
}); });
} else { } else {
res.json({ res.json({
@ -80,3 +81,7 @@ module.exports = router;
function isValidPassword(user, password) { function isValidPassword(user, password) {
return bCrypt.compareSync(password, user.password); return bCrypt.compareSync(password, user.password);
} }
function hashToken(token) {
return bCrypt.hashSync(token, bCrypt.genSaltSync(10), null);
}

@ -6,7 +6,9 @@ const multer = require('multer');
const fs = require('fs-extra'); const fs = require('fs-extra');
const moment = require('moment'); const moment = require('moment');
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const bCrypt = require('bcrypt-nodejs');
const book = new Book(); const book = new Book();
const _ = require('lodash');
const uploadPath = const uploadPath =
'./public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM'); './public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM');
fs.ensureDir(uploadPath, () => { fs.ensureDir(uploadPath, () => {
@ -42,17 +44,27 @@ router.get('/', (req, res) => {
Update Page Update Page
*/ */
router.post('/write/:task?', feature_upload, (req, res) => { router.post('/write/:task?', feature_upload, (req, res) => {
/**
if (req.session.user) { if (req.session.user) {
var member = req.session.user; //Get enctrypted hashed token from header request
jwt.verify(req.session.token, member.key, function(err, decoded) { let hash = req.headers['x-access-token'];
if (err) { //Checks if token is a proper hash, if not reject
console('NOPE', err); if (!isTokenValid(req.session.token, hash)) {
} res.json({
console.log('YUP', decoded); type: DataEvent.API_REQUEST_LAME,
}); message: 'Invalid Token. Auth Blocked'
});
} else {
//console.log('TOKEN IS GOOD');
var member = req.session.user;
jwt.verify(req.session.token, member.key, function(err, decoded) {
if (err) {
console('NOPE', err);
}
console.log('YUP', decoded);
});
}
} }
*/
var feature = ''; var feature = '';
if (req.files.length > 0) { if (req.files.length > 0) {
var path = req.files[0].path; var path = req.files[0].path;
@ -141,3 +153,7 @@ router.post('/add-post-image', post_upload, function(req, res) {
}); });
module.exports = router; module.exports = router;
function isTokenValid(token, hashedToken) {
return bCrypt.compareSync(token, hashedToken);
}

@ -135,7 +135,10 @@ export default class PostEditor {
) )
.then(response => { .then(response => {
let r = JSON.parse(response.request['response']); let r = JSON.parse(response.request['response']);
if (r.type === DataEvent.PAGE_ERROR) { if (
r.type === DataEvent.PAGE_ERROR ||
r.type === DataEvent.API_REQUEST_LAME
) {
notify.alert(r.message, false); notify.alert(r.message, false);
} else { } else {
if (r.type === DataEvent.PAGE_UPDATED) { if (r.type === DataEvent.PAGE_UPDATED) {

@ -52,6 +52,12 @@ export default class APIUtils {
} }
}; };
if (requestType == REQUEST_TYPE_PUT || requestType == REQUEST_TYPE_POST) { if (requestType == REQUEST_TYPE_PUT || requestType == REQUEST_TYPE_POST) {
if (
eventType === DataEvent.API_PAGE_WRITE ||
eventType === DataEvent.API_IMAGES_UPLOAD ||
eventType === DataEvent.API_SETTINGS_WRITE
)
request.setRequestHeader('x-access-token', self.token);
switch (contentType) { switch (contentType) {
case CONTENT_TYPE_JSON: case CONTENT_TYPE_JSON:
request.setRequestHeader('Content-type', 'application/' + contentType); request.setRequestHeader('Content-type', 'application/' + contentType);

Loading…
Cancel
Save