From f10b25e698fbcd8ceddde1ccd30244fd19af04f8 Mon Sep 17 00:00:00 2001
From: Ro <ro@playvicio.us>
Date: Tue, 5 May 2020 13:44:45 -0700
Subject: [PATCH] fixed API authentication bug. whew.

---
 brain/api/v1/auth.js                 |  8 +--
 brain/api/v1/pages.js                | 99 ++++++++++++++--------------
 brain/api/v1/settings.js             | 26 ++++----
 brain/data/Auth.js                   | 10 +++
 brain/data/Book.js                   |  4 +-
 src/com/controllers/SettingsIndex.js |  1 +
 src/com/utils/APIUtils.js            |  5 +-
 7 files changed, 83 insertions(+), 70 deletions(-)

diff --git a/brain/api/v1/auth.js b/brain/api/v1/auth.js
index ada0306..5e3ad1d 100644
--- a/brain/api/v1/auth.js
+++ b/brain/api/v1/auth.js
@@ -10,11 +10,11 @@ const _ = require('lodash');
 /**
  * Get Auth Status
  */
-router.get('/', function(req, res) {
+router.get('/', function (req, res) {
 	var token = req.headers['x-access-token'];
 	if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' });
 
-	jwt.verify(token, 'super-secret-string', function(err, decoded) {
+	jwt.verify(token, 'super-secret-string', function (err, decoded) {
 		if (err)
 			return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' });
 		res.status(200).send(decoded);
@@ -24,7 +24,7 @@ router.get('/', function(req, res) {
 /**
  * Get Auth Status
  */
-router.get('/status', function(req, res) {
+router.get('/status', function (req, res) {
 	if (req.session.user) {
 		let session = req.session;
 		res.json({
@@ -42,7 +42,7 @@ router.get('/status', function(req, res) {
 /**
  * Login Member and return token
  */
-router.post('/login', function(req, res) {
+router.post('/login', function (req, res) {
 	fs.readJson('site/folks.json').then(folks => {
 		let found = _.find(folks, { handle: req.body.handle });
 		if (found) {
diff --git a/brain/api/v1/pages.js b/brain/api/v1/pages.js
index 13bc5eb..7a50cbc 100644
--- a/brain/api/v1/pages.js
+++ b/brain/api/v1/pages.js
@@ -9,6 +9,7 @@ const fs = require('fs-extra');
 const moment = require('moment');
 const book = new Book();
 const nav = new Navigation();
+const auth = new Auth();
 const _ = require('lodash');
 const uploadPath =
 	'./public/assets/images/blog/' + moment().format('YYYY') + '/' + moment().format('MM');
@@ -46,41 +47,39 @@ router.get('/', (req, res) => {
  * Add/Update Page
  */
 router.post('/write/:task?', feature_upload, (req, res) => {
-	if (req.session.user) {
-		Auth.authCheck(req)
-			.then(() => {
-				let body = _.mapValues(req.body);
-				let feature = '';
-				let task = '';
-				req.params.task === 'new'
-					? (task = DataEvent.API_PAGE_CREATE)
-					: (task = DataEvent.API_PAGE_WRITE);
-				if (req.files.length > 0) {
-					var path = req.files[0].path;
-					feature = '/' + path.substring(7, path.length);
-				} else {
-					var url = body.feature_image;
-					url != null || url != undefined || url != ''
-						? (feature = url.substring(21, url.length))
-						: (feature = '');
-				}
-				body.feature = feature;
-				body.deleted = false;
-				book.editPage(body, body.page_uuid, task, req.session.user)
-					.then(result => {
-						if (result.type === DataEvent.PAGE_CREATE) {
-							nav.updatePageStats();
-						}
-						res.json(result);
-					})
-					.catch(err => {
-						res.json(err);
-					});
-			})
-			.catch(err => {
-				res.json(err);
-			});
-	}
+	auth.authCheck(req)
+		.then(() => {
+			let body = _.mapValues(req.body);
+			let feature = '';
+			let task = '';
+			req.params.task === 'new'
+				? (task = DataEvent.API_PAGE_CREATE)
+				: (task = DataEvent.API_PAGE_WRITE);
+			if (req.files.length > 0) {
+				var path = req.files[0].path;
+				feature = '/' + path.substring(7, path.length);
+			} else {
+				var url = body.feature_image;
+				url != null || url != undefined || url != ''
+					? (feature = url.substring(21, url.length))
+					: (feature = '');
+			}
+			body.feature = feature;
+			body.deleted = false;
+			book.editPage(body, body.page_uuid, task, req.session.user)
+				.then(result => {
+					if (result.type === DataEvent.PAGE_CREATE) {
+						nav.updatePageStats();
+					}
+					res.json(result);
+				})
+				.catch(err => {
+					res.json(err);
+				});
+		})
+		.catch(err => {
+			res.json(err);
+		});
 });
 
 /**
@@ -88,22 +87,20 @@ router.post('/write/:task?', feature_upload, (req, res) => {
  */
 
 router.post('/delete', (req, res) => {
-	if (req.session.user) {
-		Auth.authCheck(req)
-			.then(() => {
-				book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
-					.then(result => {
-						//remove item from menu in settings
-						res.json(result);
-					})
-					.catch(err => {
-						res.json(err);
-					});
-			})
-			.catch(err => {
-				res.json(err);
-			});
-	}
+	auth.authCheck(req)
+		.then(() => {
+			book.editPage([], req.body.id, DataEvent.API_PAGE_DELETE, req.session.user)
+				.then(result => {
+					//remove item from menu in settings
+					res.json(result);
+				})
+				.catch(err => {
+					res.json(err);
+				});
+		})
+		.catch(err => {
+			res.json(err);
+		});
 });
 
 /**
diff --git a/brain/api/v1/settings.js b/brain/api/v1/settings.js
index a563d56..e2b8c18 100644
--- a/brain/api/v1/settings.js
+++ b/brain/api/v1/settings.js
@@ -1,4 +1,5 @@
 import * as DataEvent from '../../../src/com/events/DataEvent';
+import Auth from '../../data/Auth';
 const express = require('express');
 const router = express.Router();
 const multer = require('multer');
@@ -7,6 +8,7 @@ const moment = require('moment');
 const _ = require('lodash');
 const settings = require('../../../site/settings.json');
 const folks = require('../../../site/folks.json');
+const auth = new Auth();
 const uploadPath =
 	'./public/assets/images/user/' + moment().format('YYYY') + '/' + moment().format('MM');
 fs.ensureDir(uploadPath, () => {
@@ -108,18 +110,20 @@ router.post('/nav-sync', (req, res) => {
 });
 
 router.post('/publish-pages', (req, res) => {
-	if (req.session.user) {
-		console.log('PUBLISHING');
-		res.json({
-			type: DataEvent.API_RENDER_PAGES,
-			message: 'All Pages Rendered and Published'
-		});
-	} else {
-		res.json({
-			type: DataEvent.REQUEST_LAME,
-			message: "You're not logged in, champ"
+	auth.authCheck(req)
+		.then(() => {
+			console.log('PUBLISHING');
+			res.json({
+				type: DataEvent.API_RENDER_PAGES,
+				message: 'All Pages Rendered and Published'
+			});
+		})
+		.catch(err => {
+			res.json({
+				type: err.type,
+				message: err.message
+			});
 		});
-	}
 });
 
 /***
diff --git a/brain/data/Auth.js b/brain/data/Auth.js
index 08a46ca..cba8a9a 100644
--- a/brain/data/Auth.js
+++ b/brain/data/Auth.js
@@ -22,6 +22,16 @@ export default class Auth {
 		return new Promise((resolve, reject) => {
 			let hash = req.headers['x-access-token'];
 			let response = [];
+			//check to see if user is logged in
+			if (!req.session.user) {
+				response = {
+					status: false,
+					type: DataEvent.API_REQUEST_LAME,
+					message: "You're not logged in, champ."
+				};
+				reject(response);
+			}
+
 			//Checks if token is a proper hash, if not reject
 			if (!self.isTokenValid(req.session.token, hash)) {
 				response = {
diff --git a/brain/data/Book.js b/brain/data/Book.js
index 027503f..897502d 100644
--- a/brain/data/Book.js
+++ b/brain/data/Book.js
@@ -175,11 +175,11 @@ export default class Pages {
 	}
 	publish() {
 		return new Promise((resolve, reject) => {
-			let self = this;
+			//let self = this;
 			//get pages for rendering
 			this.getPage()
 				.then(pages => {
-					console.log('PAGES', pages);
+					resolve(pages);
 				})
 				.catch(err => {
 					reject(err);
diff --git a/src/com/controllers/SettingsIndex.js b/src/com/controllers/SettingsIndex.js
index f38e35d..4c71c34 100644
--- a/src/com/controllers/SettingsIndex.js
+++ b/src/com/controllers/SettingsIndex.js
@@ -15,6 +15,7 @@ export default class SettingsIndex {
 	// constructor
 	//--------------------------
 	constructor() {
+		api.authStatus();
 		this.start();
 	}
 	//--------------------------
diff --git a/src/com/utils/APIUtils.js b/src/com/utils/APIUtils.js
index 51ca07f..09ee79e 100644
--- a/src/com/utils/APIUtils.js
+++ b/src/com/utils/APIUtils.js
@@ -34,7 +34,7 @@ export default class APIUtils {
 		requestData = null
 	) {
 		var self = this;
-		return new Promise(function(resolve, reject) {
+		return new Promise(function (resolve, reject) {
 			var request = new XMLHttpRequest();
 			request.upload.onprogress = self.handleLoadProgress;
 			request.open(requestType, requestURL, true);
@@ -56,7 +56,8 @@ export default class APIUtils {
 					eventType === DataEvent.API_PAGE_WRITE ||
 					eventType === DataEvent.API_IMAGES_UPLOAD ||
 					eventType === DataEvent.API_SETTINGS_WRITE ||
-					eventType === DataEvent.API_PAGE_DELETE
+					eventType === DataEvent.API_PAGE_DELETE ||
+					eventType === DataEvent.API_RENDER_PAGES
 				)
 					request.setRequestHeader('x-access-token', self.token);
 				switch (contentType) {