From 8bd3d9a41ed65168cdc66ddb3c3659cbd1496da3 Mon Sep 17 00:00:00 2001 From: Ro Date: Fri, 11 Oct 2019 16:10:55 -0700 Subject: [PATCH] added new auth route, implemented token authentication, new static files folder for rendered pages --- brain/api/v1/auth.js | 59 +++++++++++++++++++++++ brain/app.js | 7 ++- brain/routes/back/index.js | 31 +----------- package-lock.json | 90 +++++++++++++++++++++++++++++++++-- package.json | 1 + public/admin/index.html | 1 + public/index.html | 1 + themes/default-dark/frame.pug | 2 +- 8 files changed, 154 insertions(+), 38 deletions(-) create mode 100644 brain/api/v1/auth.js create mode 100644 public/admin/index.html create mode 100644 public/index.html diff --git a/brain/api/v1/auth.js b/brain/api/v1/auth.js new file mode 100644 index 0000000..f986755 --- /dev/null +++ b/brain/api/v1/auth.js @@ -0,0 +1,59 @@ +const express = require('express'); +const router = express.Router(); +const bCrypt = require('bcrypt-nodejs'); +const jwt = require('jsonwebtoken'); +const Models = require('../../models'); + +/** + * Get Auth Status + */ +router.get('/', function(req, res) { + var token = req.headers['x-access-token']; + if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' }); + + jwt.verify(token, 'super-secret-string', function(err, decoded) { + if (err) + return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' }); + + res.status(200).send(decoded); + }); +}); +/** + * Login Member and return token + */ +router.post('/login', function(req, res) { + Models.User.findOne({ + where: { + handle: req.body.handle + } + }) + .then(user => { + if (!isValidPassword(user, req.body.password)) { + return res.json({ + message: 'CHECK YOUR PASSWORD' + }); + } + + let token = jwt.sign({ id: user._id }, 'super-secret-string', { + expiresIn: 86400 // expires in 24 hours + }); + + let session = req.session; + session.user = user; + session.token = token; + + res.json({ auth: 'Yes', token: session.token }); + }) + .catch(() => { + return res.json({ + message: 'NOT FOUND, HAWS' + }); + }); +}); + +//router.post('/logout', function(req, res) {}); +module.exports = router; + +function isValidPassword(user, password) { + return bCrypt.compareSync(password, user.password); +} diff --git a/brain/app.js b/brain/app.js index 5c374be..8fb1d0d 100644 --- a/brain/app.js +++ b/brain/app.js @@ -23,8 +23,9 @@ app.use( }) ); app.use(cookieParser()); -app.use(express.static(path.join(__dirname, '../content'))); -app.use(express.static(path.join(__dirname, '../themes'))); +app.use(express.static(path.join(__dirname, '../public'), { extensions: ['html'] })); +//app.use(express.static(path.join(__dirname, '../content'))); +//app.use(express.static(path.join(__dirname, '../themes'))); app.use( session({ store: new MemoryStore({ @@ -49,11 +50,13 @@ var navDashboard = require('./routes/back/dash_nav'); var postLibrary = require('./api/content/posts'); var settings = require('./api/content/settings'); var mailer = require('./api/mail/mailer'); +var auth = require('./api/v1/auth'); // API PATHS app.use('/api/post', postLibrary); app.use('/api/settings', settings); app.use('/api/mail', mailer); +app.use('/api/v1/auth', auth); // PAGES app.use('/', front); app.use('/@/dashboard', back); diff --git a/brain/routes/back/index.js b/brain/routes/back/index.js index 4e9e947..1385cd9 100644 --- a/brain/routes/back/index.js +++ b/brain/routes/back/index.js @@ -1,7 +1,6 @@ const express = require('express'); const router = express.Router(); const Models = require('../../models'); -const bCrypt = require('bcrypt-nodejs'); //-------------------------- // Index //-------------------------- @@ -40,32 +39,7 @@ router.get('/', function(req, res) { //next(err); }); }); -//-------------------------- -// Login -//-------------------------- -/* Handle Login POST */ -router.post('/login', function(req, res) { - Models.User.findOne({ - where: { - handle: req.body.handle - } - }) - .then(user => { - if (!isValidPassword(user, req.body.password)) { - return res.json({ - message: 'CHECK YOUR PASSWORD' - }); - } - let session = req.session; - session.user = user; - res.redirect('/@/dashboard'); - }) - .catch(() => { - return res.json({ - message: 'NOT FOUND, HAWS' - }); - }); -}); + //-------------------------- // Logout //-------------------------- @@ -76,6 +50,3 @@ router.post('/logout', function(req, res) { }); }); module.exports = router; -var isValidPassword = function(user, password) { - return bCrypt.compareSync(password, user.password); -}; diff --git a/package-lock.json b/package-lock.json index a177982..2937d6a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2056,6 +2056,11 @@ } } }, + "buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=" + }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -2732,6 +2737,14 @@ "safer-buffer": "^2.1.0" } }, + "ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "requires": { + "safe-buffer": "^5.0.1" + } + }, "editorconfig": { "version": "0.15.3", "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-0.15.3.tgz", @@ -4598,6 +4611,30 @@ "graceful-fs": "^4.1.6" } }, + "jsonwebtoken": { + "version": "8.5.1", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz", + "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==", + "requires": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^5.6.0" + }, + "dependencies": { + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + } + } + }, "jsprim": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz", @@ -4618,6 +4655,25 @@ "promise": "^7.0.1" } }, + "jwa": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "requires": { + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "jws": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "requires": { + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" + } + }, "kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", @@ -4672,6 +4728,26 @@ "resolved": "https://registry.npmjs.org/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz", "integrity": "sha1-ZHYsSGGAglGKw99Mz11YhtriA0c=" }, + "lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=" + }, + "lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=" + }, + "lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=" + }, + "lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=" + }, "lodash.isplainobject": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", @@ -4687,6 +4763,11 @@ "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==" }, + "lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=" + }, "lodash.pickby": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/lodash.pickby/-/lodash.pickby-4.6.0.tgz", @@ -5543,7 +5624,7 @@ }, "proper-lockfile": { "version": "1.2.0", - "resolved": "https://registry.npmjs.org/proper-lockfile/-/proper-lockfile-1.2.0.tgz", + "resolved": "http://registry.npmjs.org/proper-lockfile/-/proper-lockfile-1.2.0.tgz", "integrity": "sha1-zv9d2J0+XxD7deHo52vHWAGlnDQ=", "requires": { "err-code": "^1.0.0", @@ -5998,7 +6079,7 @@ }, "safe-regex": { "version": "1.1.0", - "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz", + "resolved": "http://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz", "integrity": "sha1-QKNmnzsHfR6UPURinhV91IAjvy4=", "dev": true, "optional": true, @@ -6051,8 +6132,7 @@ "semver": { "version": "5.7.1", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" }, "send": { "version": "0.17.1", @@ -6717,7 +6797,7 @@ }, "through": { "version": "2.3.8", - "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "resolved": "http://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=" }, "thunkify": { diff --git a/package.json b/package.json index 98a0b3a..f54fa93 100644 --- a/package.json +++ b/package.json @@ -34,6 +34,7 @@ "fs-extra": "latest", "highlight.js": "^9.15.10", "jsdom": "^12.2.0", + "jsonwebtoken": "^8.5.1", "lodash": "^4.17.15", "mailgun-js": "^0.18.0", "markdown-it": "^8.4.1", diff --git a/public/admin/index.html b/public/admin/index.html new file mode 100644 index 0000000..2e1ca9f --- /dev/null +++ b/public/admin/index.html @@ -0,0 +1 @@ +This is the admin sections \ No newline at end of file diff --git a/public/index.html b/public/index.html new file mode 100644 index 0000000..f21ee3f --- /dev/null +++ b/public/index.html @@ -0,0 +1 @@ +What up, doe \ No newline at end of file diff --git a/themes/default-dark/frame.pug b/themes/default-dark/frame.pug index 5d25110..585a77c 100644 --- a/themes/default-dark/frame.pug +++ b/themes/default-dark/frame.pug @@ -13,6 +13,6 @@ html(xmlns='http://www.w3.org/1999/xhtml', lang='en', xml:lang="en") .main-container#main-content block main-content script(src='/'+theme+'/assets/js/toolkit.min.js' type="text/javascript") - script(src='/'+theme+'/assets/js/start.min.js' type="text/javascript") + script(src='/'+theme+'/assets/js/awujo.min.js' type="text/javascript")