foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-05 15:58:03 -05:00
Code Issues Releases Wiki Activity

Add fallback cookie auth method

Browse Source
This commit is contained in:
Jack 2017-10-14 17:49:11 -04:00
parent ce95188285
commit 3bba0a7f53
Signed by: foltik
GPG Key ID: 303F88F996E95541
4 changed files with 60 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/routes.js
View File

@ -12,7 +12,19 @@ var path = require('path');
var jwt = require('express-jwt');
var jwtauth = jwt({
secret: fs.readFileSync(path.join(__dirname, '../jwt.pem'), 'utf8'),
userProperty: 'payload'
userProperty: 'payload',
getToken: function(req) {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
// First check Authorization header
return req.headers.authorization.split(' ')[1];
} else if (req.cookies && req.cookies['shimapan-token']) {
// Get from cookies as fallback
return req.cookies['shimapan-token'];
}
// no token received
return null;
}
});
module.exports = function(app) {
@ -23,8 +35,8 @@ module.exports = function(app) {
app.use('/api/auth', auth);
app.use('/register', register);
app.use('/login', login);
app.use('/panel', panel);
app.use('/panel*', panel);
app.use('/panel', jwtauth, panel);
app.use('/panel*', jwtauth, panel);
app.use(function(err, req, res, next) {
if (err.name === 'UnauthorizedError') {

57
app/routes/auth.js
View File

@ -16,14 +16,14 @@ function checkUsername(username, callback) {
if (username.length > 30) return callback(null, false);
if (striptags(username) !== username) return callback(null, false);
User.find({username: username}).limit(1).count(function(err, count) {
User.find({username: username}).limit(1).count(function (err, count) {
if (err) return callback(err);
(count === 0) ? callback(null, true) : callback(null, false);
});
}
function checkInvite(code, callback) {
Invite.findOne({code: code}, function(err, invite) {
Invite.findOne({code: code}, function (err, invite) {
if (err) return callback(err);
if (!invite || invite.used || invite.exp < new Date())
callback(null, false);
@ -33,25 +33,25 @@ function checkInvite(code, callback) {
}
function useInvite(code, username) {
Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function(err, res) {
Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function (err, res) {
if (err) throw err;
});
}
router.post('/register', function(req, res) {
router.post('/register', function (req, res) {
// Validate the parameters
async.parallel({
userCheck: function(callback) {
checkUsername(req.body.username, function(err, valid) {
userCheck: function (callback) {
checkUsername(req.body.username, function (err, valid) {
callback(err, valid);
});
},
inviteCheck: function(callback) {
checkInvite(req.body.invite, function(err, valid, invite) {
inviteCheck: function (callback) {
checkInvite(req.body.invite, function (err, valid, invite) {
callback(err, {valid: valid, invite: invite});
});
}
}, function(err, result) {
}, function (err, result) {
if (!result.userCheck) {
res.status(401).json({'message': 'Invalid username.'});
} else if (!result.inviteCheck.valid) {
@ -64,27 +64,44 @@ router.post('/register', function(req, res) {
user.date = new Date();
user.setPassword(req.body.password);
user.save(function(err) {
if (err)
user.save(function (err) {
if (err) {
res.status(500).json({'message': 'Internal server error.'});
else
res.status(200).json({'token': user.genJwt()});
})
} else {
res.status(200)
.cookie('shimapan-token', user.genJwt(), {
expires: new Date(Date.now() + 604800000),
httpOnly: true
})
.json({'token': user.genJwt()});
}
});
}
});
});
router.post('/login', function(req, res) {
passport.authenticate('local', function(err, user, info) {
if (err)
router.post('/login', function (req, res) {
passport.authenticate('local', function (err, user, info) {
if (err) {
res.status(500).json(err);
else if (user)
res.status(200).json({'token': user.genJwt() });
else
} else if (user) {
res.status(200)
.cookie('shimapan-token', user.genJwt(), {
expires: new Date(Date.now() + 604800000),
httpOnly: true
})
.json({'token': user.genJwt()});
} else {
res.status(401).json(info);
}
})(req, res);
});
router.get('/logout', function(req, res) {
res.clearCookie('shimapan-token');
res.status(200).json({'message': 'Successfully logged out.'});
});
module.exports = router;

7
public/js/services/AuthSvc.js
View File

@ -42,7 +42,12 @@ angular.module('AuthSvc', []).service('AuthService', ['$http', '$window', functi
};
this.logout = function() {
$window.localStorage.removeItem('shimapan-token');
$window.location.href = '/';
$http({
method: 'GET',
url: '/api/auth/logout'
}).then(function(res) {
$window.location.href = '/';
});
};
this.isLoggedIn = function() {
var payload = decodeToken(getToken());

2
server.js
View File

@ -4,6 +4,7 @@ var methodOverride = require('method-override');
var mongoose = require('mongoose');
var morgan = require('morgan');
var passport = require('passport');
var cookieParser = require('cookie-parser');
var app = express();
@ -21,6 +22,7 @@ db.on('error', function(err) {
require('./config/passport.js');
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.json({ type: 'application/json' }));
app.use(bodyParser.urlencoded({ extended: true }));