From 52bb5f36a9d77d762db40ce9d6f14b99178f4a3d Mon Sep 17 00:00:00 2001 From: Ro Date: Tue, 28 Apr 2020 14:07:21 -0700 Subject: [PATCH] moved auth methods to their own standalone class --- brain/api/v1/pages.js | 64 ++++----------------------------- brain/data/Auth.js | 68 +++++++++++++++++++++++++++++++++++ brain/routes/dash/pages.js | 2 +- brain/routes/dash/settings.js | 2 +- 4 files changed, 76 insertions(+), 60 deletions(-) create mode 100644 brain/data/Auth.js diff --git a/brain/api/v1/pages.js b/brain/api/v1/pages.js index 3471eef..e7c16a6 100644 --- a/brain/api/v1/pages.js +++ b/brain/api/v1/pages.js @@ -1,4 +1,5 @@ import Book from '../../data/Book'; +import Auth from '../../data/Auth'; import Navigation from '../../data/Navigation'; import * as DataEvent from '../../../src/com/events/DataEvent'; const express = require('express'); @@ -6,8 +7,6 @@ const router = express.Router(); const multer = require('multer'); const fs = require('fs-extra'); const moment = require('moment'); -const jwt = require('jsonwebtoken'); -const bCrypt = require('bcrypt-nodejs'); const book = new Book(); const nav = new Navigation(); const _ = require('lodash'); @@ -17,10 +16,10 @@ fs.ensureDir(uploadPath, () => { // dir has now been created, including the directory it is to be placed in }); var storage = multer.diskStorage({ - destination: function(req, file, cb) { + destination: function (req, file, cb) { cb(null, uploadPath); }, - filename: function(req, file, cb) { + filename: function (req, file, cb) { var splice = file.originalname.split(':'); cb(null, splice[0]); } @@ -48,7 +47,7 @@ router.get('/', (req, res) => { */ router.post('/write/:task?', feature_upload, (req, res) => { if (req.session.user) { - authCheck(req) + Auth.authCheck(req) .then(() => { let body = _.mapValues(req.body); let feature = ''; @@ -90,7 +89,7 @@ router.post('/write/:task?', feature_upload, (req, res) => { router.post('/delete', (req, res) => { if (req.session.user) { - authCheck(req) + Auth.authCheck(req) .then(() => { book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user) .then(result => { @@ -111,7 +110,7 @@ router.post('/delete', (req, res) => { * Uploads image from a Page content */ -router.post('/add-post-image', post_upload, function(req, res) { +router.post('/add-post-image', post_upload, function (req, res) { //console.log(req.body); var image = req.files[0].path; return res.json({ @@ -122,54 +121,3 @@ router.post('/add-post-image', post_upload, function(req, res) { }); module.exports = router; - -/** - * Checks to make sure received token matches - * @parameter token: created token - * @parameter hashedToken: encrypted token - */ - -function isTokenValid(token, hashedToken) { - return bCrypt.compareSync(token, hashedToken); -} - -/** - * Makes sure access token is legit - * @parameter req - */ - -function authCheck(req) { - return new Promise((resolve, reject) => { - let hash = req.headers['x-access-token']; - let response = []; - //Checks if token is a proper hash, if not reject - if (!isTokenValid(req.session.token, hash)) { - response = { - status: false, - type: DataEvent.API_REQUEST_LAME, - message: 'No Token Present. Auth Blocked' - }; - reject(response); - //res.json(); - } else { - var member = req.session.user; - jwt.verify(req.session.token, member.key, function(err, decoded) { - if (err) { - response = { - status: false, - type: DataEvent.API_REQUEST_LAME, - message: 'Invalid Token. Auth Blocked' - }; - reject(response); - } - response = { - status: true, - type: DataEvent.API_REQUEST_GOOD, - message: 'Token Verified', - token: decoded - }; - resolve(response); - }); - } - }); -} diff --git a/brain/data/Auth.js b/brain/data/Auth.js new file mode 100644 index 0000000..08a46ca --- /dev/null +++ b/brain/data/Auth.js @@ -0,0 +1,68 @@ +import * as DataEvent from '../../src/com/events/DataEvent'; +const bCrypt = require('bcrypt-nodejs'); +const jwt = require('jsonwebtoken'); + +export default class Auth { + //-------------------------- + // constructor + //-------------------------- + constructor() {} + //-------------------------- + // methods + //-------------------------- + start() {} + + /** + * Makes sure access token is legit + * @parameter req + */ + + authCheck(req) { + let self = this; + return new Promise((resolve, reject) => { + let hash = req.headers['x-access-token']; + let response = []; + //Checks if token is a proper hash, if not reject + if (!self.isTokenValid(req.session.token, hash)) { + response = { + status: false, + type: DataEvent.API_REQUEST_LAME, + message: 'No Token Present. Auth Blocked' + }; + reject(response); + //res.json(); + } else { + var member = req.session.user; + jwt.verify(req.session.token, member.key, function (err, decoded) { + if (err) { + response = { + status: false, + type: DataEvent.API_REQUEST_LAME, + message: 'Invalid Token. Auth Blocked' + }; + reject(response); + } + response = { + status: true, + type: DataEvent.API_REQUEST_GOOD, + message: 'Token Verified', + token: decoded + }; + resolve(response); + }); + } + }); + } + + /** + * Checks to make sure received token matches + * @parameter token: created token + * @parameter hashedToken: encrypted token + */ + isTokenValid(token, hashedToken) { + return bCrypt.compareSync(token, hashedToken); + } + //-------------------------- + // event handlers + //-------------------------- +} diff --git a/brain/routes/dash/pages.js b/brain/routes/dash/pages.js index c12b72e..4a16dd3 100644 --- a/brain/routes/dash/pages.js +++ b/brain/routes/dash/pages.js @@ -15,7 +15,7 @@ router.get('/list/:filter?/:page?', function(req, res) { var pageNum = req.params.page; var filter = req.params.filter; if (pageNum == '' || pageNum == null) pageNum = 1; - if (filter == '' || filter == null) filter = 'all'; + if (filter == '' || filter == null) filter = "all"; if (req.session.user) { book.getPage() .then(pages => { diff --git a/brain/routes/dash/settings.js b/brain/routes/dash/settings.js index 6702c59..be91ea8 100644 --- a/brain/routes/dash/settings.js +++ b/brain/routes/dash/settings.js @@ -12,7 +12,7 @@ router.get('/', function(req, res) { settings = obj; }) .catch(() => { - //console.error(err) + console.error(err); }); loadThemes().then(themes => { if (req.session.user) {