From f10b25e698fbcd8ceddde1ccd30244fd19af04f8 Mon Sep 17 00:00:00 2001 From: Ro Date: Tue, 5 May 2020 13:44:45 -0700 Subject: [PATCH] fixed API authentication bug. whew. --- brain/api/v1/auth.js | 8 +-- brain/api/v1/pages.js | 99 ++++++++++++++-------------- brain/api/v1/settings.js | 26 ++++---- brain/data/Auth.js | 10 +++ brain/data/Book.js | 4 +- src/com/controllers/SettingsIndex.js | 1 + src/com/utils/APIUtils.js | 5 +- 7 files changed, 83 insertions(+), 70 deletions(-) diff --git a/brain/api/v1/auth.js b/brain/api/v1/auth.js index ada0306..5e3ad1d 100644 --- a/brain/api/v1/auth.js +++ b/brain/api/v1/auth.js @@ -10,11 +10,11 @@ const _ = require('lodash'); /** * Get Auth Status */ -router.get('/', function(req, res) { +router.get('/', function (req, res) { var token = req.headers['x-access-token']; if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' }); - jwt.verify(token, 'super-secret-string', function(err, decoded) { + jwt.verify(token, 'super-secret-string', function (err, decoded) { if (err) return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' }); res.status(200).send(decoded); @@ -24,7 +24,7 @@ router.get('/', function(req, res) { /** * Get Auth Status */ -router.get('/status', function(req, res) { +router.get('/status', function (req, res) { if (req.session.user) { let session = req.session; res.json({ @@ -42,7 +42,7 @@ router.get('/status', function(req, res) { /** * Login Member and return token */ -router.post('/login', function(req, res) { +router.post('/login', function (req, res) { fs.readJson('site/folks.json').then(folks => { let found = _.find(folks, { handle: req.body.handle }); if (found) { diff --git a/brain/api/v1/pages.js b/brain/api/v1/pages.js index 13bc5eb..7a50cbc 100644 --- a/brain/api/v1/pages.js +++ b/brain/api/v1/pages.js @@ -9,6 +9,7 @@ const fs = require('fs-extra'); const moment = require('moment'); const book = new Book(); const nav = new Navigation(); +const auth = new Auth(); const _ = require('lodash'); const uploadPath = './public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM'); @@ -46,41 +47,39 @@ router.get('/', (req, res) => { * Add/Update Page */ router.post('/write/:task?', feature_upload, (req, res) => { - if (req.session.user) { - Auth.authCheck(req) - .then(() => { - let body = _.mapValues(req.body); - let feature = ''; - let task = ''; - req.params.task === 'new' - ? (task = DataEvent.API_PAGE_CREATE) - : (task = DataEvent.API_PAGE_WRITE); - if (req.files.length > 0) { - var path = req.files[0].path; - feature = '/' + path.substring(7, path.length); - } else { - var url = body.feature_image; - url != null || url != undefined || url != '' - ? (feature = url.substring(21, url.length)) - : (feature = ''); - } - body.feature = feature; - body.deleted = false; - book.editPage(body, body.page_uuid, task, req.session.user) - .then(result => { - if (result.type === DataEvent.PAGE_CREATE) { - nav.updatePageStats(); - } - res.json(result); - }) - .catch(err => { - res.json(err); - }); - }) - .catch(err => { - res.json(err); - }); - } + auth.authCheck(req) + .then(() => { + let body = _.mapValues(req.body); + let feature = ''; + let task = ''; + req.params.task === 'new' + ? (task = DataEvent.API_PAGE_CREATE) + : (task = DataEvent.API_PAGE_WRITE); + if (req.files.length > 0) { + var path = req.files[0].path; + feature = '/' + path.substring(7, path.length); + } else { + var url = body.feature_image; + url != null || url != undefined || url != '' + ? (feature = url.substring(21, url.length)) + : (feature = ''); + } + body.feature = feature; + body.deleted = false; + book.editPage(body, body.page_uuid, task, req.session.user) + .then(result => { + if (result.type === DataEvent.PAGE_CREATE) { + nav.updatePageStats(); + } + res.json(result); + }) + .catch(err => { + res.json(err); + }); + }) + .catch(err => { + res.json(err); + }); }); /** @@ -88,22 +87,20 @@ router.post('/write/:task?', feature_upload, (req, res) => { */ router.post('/delete', (req, res) => { - if (req.session.user) { - Auth.authCheck(req) - .then(() => { - book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user) - .then(result => { - //remove item from menu in settings - res.json(result); - }) - .catch(err => { - res.json(err); - }); - }) - .catch(err => { - res.json(err); - }); - } + auth.authCheck(req) + .then(() => { + book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user) + .then(result => { + //remove item from menu in settings + res.json(result); + }) + .catch(err => { + res.json(err); + }); + }) + .catch(err => { + res.json(err); + }); }); /** diff --git a/brain/api/v1/settings.js b/brain/api/v1/settings.js index a563d56..e2b8c18 100644 --- a/brain/api/v1/settings.js +++ b/brain/api/v1/settings.js @@ -1,4 +1,5 @@ import * as DataEvent from '../../../src/com/events/DataEvent'; +import Auth from '../../data/Auth'; const express = require('express'); const router = express.Router(); const multer = require('multer'); @@ -7,6 +8,7 @@ const moment = require('moment'); const _ = require('lodash'); const settings = require('../../../site/settings.json'); const folks = require('../../../site/folks.json'); +const auth = new Auth(); const uploadPath = './public/assets/images/user/' + moment().format('YYYY') + '/' + moment().format('MM'); fs.ensureDir(uploadPath, () => { @@ -108,18 +110,20 @@ router.post('/nav-sync', (req, res) => { }); router.post('/publish-pages', (req, res) => { - if (req.session.user) { - console.log('PUBLISHING'); - res.json({ - type: DataEvent.API_RENDER_PAGES, - message: 'All Pages Rendered and Published' - }); - } else { - res.json({ - type: DataEvent.REQUEST_LAME, - message: "You're not logged in, champ" + auth.authCheck(req) + .then(() => { + console.log('PUBLISHING'); + res.json({ + type: DataEvent.API_RENDER_PAGES, + message: 'All Pages Rendered and Published' + }); + }) + .catch(err => { + res.json({ + type: err.type, + message: err.message + }); }); - } }); /*** diff --git a/brain/data/Auth.js b/brain/data/Auth.js index 08a46ca..cba8a9a 100644 --- a/brain/data/Auth.js +++ b/brain/data/Auth.js @@ -22,6 +22,16 @@ export default class Auth { return new Promise((resolve, reject) => { let hash = req.headers['x-access-token']; let response = []; + //check to see if user is logged in + if (!req.session.user) { + response = { + status: false, + type: DataEvent.API_REQUEST_LAME, + message: "You're not logged in, champ." + }; + reject(response); + } + //Checks if token is a proper hash, if not reject if (!self.isTokenValid(req.session.token, hash)) { response = { diff --git a/brain/data/Book.js b/brain/data/Book.js index 027503f..897502d 100644 --- a/brain/data/Book.js +++ b/brain/data/Book.js @@ -175,11 +175,11 @@ export default class Pages { } publish() { return new Promise((resolve, reject) => { - let self = this; + //let self = this; //get pages for rendering this.getPage() .then(pages => { - console.log('PAGES', pages); + resolve(pages); }) .catch(err => { reject(err); diff --git a/src/com/controllers/SettingsIndex.js b/src/com/controllers/SettingsIndex.js index f38e35d..4c71c34 100644 --- a/src/com/controllers/SettingsIndex.js +++ b/src/com/controllers/SettingsIndex.js @@ -15,6 +15,7 @@ export default class SettingsIndex { // constructor //-------------------------- constructor() { + api.authStatus(); this.start(); } //-------------------------- diff --git a/src/com/utils/APIUtils.js b/src/com/utils/APIUtils.js index 51ca07f..09ee79e 100644 --- a/src/com/utils/APIUtils.js +++ b/src/com/utils/APIUtils.js @@ -34,7 +34,7 @@ export default class APIUtils { requestData = null ) { var self = this; - return new Promise(function(resolve, reject) { + return new Promise(function (resolve, reject) { var request = new XMLHttpRequest(); request.upload.onprogress = self.handleLoadProgress; request.open(requestType, requestURL, true); @@ -56,7 +56,8 @@ export default class APIUtils { eventType === DataEvent.API_PAGE_WRITE || eventType === DataEvent.API_IMAGES_UPLOAD || eventType === DataEvent.API_SETTINGS_WRITE || - eventType === DataEvent.API_PAGE_DELETE + eventType === DataEvent.API_PAGE_DELETE || + eventType === DataEvent.API_RENDER_PAGES ) request.setRequestHeader('x-access-token', self.token); switch (contentType) {