foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-07 08:42:49 -05:00
Code Issues Releases Wiki Activity

Add fallback cookie auth method

Browse Source
This commit is contained in:
Jack 2017-10-14 17:49:11 -04:00
parent ce95188285
commit 3bba0a7f53
Signed by: foltik
GPG Key ID: 303F88F996E95541
4 changed files with 60 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/routes.js
View File

@ -12,7 +12,19 @@ var path = require('path');
var jwt = require('express-jwt'); var jwt = require('express-jwt');
var jwtauth = jwt({ var jwtauth = jwt({
secret: fs.readFileSync(path.join(__dirname, '../jwt.pem'), 'utf8'), secret: fs.readFileSync(path.join(__dirname, '../jwt.pem'), 'utf8'),
userProperty: 'payload' userProperty: 'payload',
getToken: function(req) {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
// First check Authorization header
return req.headers.authorization.split(' ')[1];
} else if (req.cookies && req.cookies['shimapan-token']) {
// Get from cookies as fallback
return req.cookies['shimapan-token'];
}
// no token received
return null;
}
}); });
module.exports = function(app) { module.exports = function(app) {
@ -23,8 +35,8 @@ module.exports = function(app) {
app.use('/api/auth', auth); app.use('/api/auth', auth);
app.use('/register', register); app.use('/register', register);
app.use('/login', login); app.use('/login', login);
app.use('/panel', panel); app.use('/panel', jwtauth, panel);
app.use('/panel*', panel); app.use('/panel*', jwtauth, panel);
app.use(function(err, req, res, next) { app.use(function(err, req, res, next) {
if (err.name === 'UnauthorizedError') { if (err.name === 'UnauthorizedError') {

57
app/routes/auth.js
View File

@ -16,14 +16,14 @@ function checkUsername(username, callback) {
if (username.length > 30) return callback(null, false); if (username.length > 30) return callback(null, false);
if (striptags(username) !== username) return callback(null, false); if (striptags(username) !== username) return callback(null, false);
User.find({username: username}).limit(1).count(function(err, count) { User.find({username: username}).limit(1).count(function (err, count) {
if (err) return callback(err); if (err) return callback(err);
(count === 0) ? callback(null, true) : callback(null, false); (count === 0) ? callback(null, true) : callback(null, false);
}); });
} }
function checkInvite(code, callback) { function checkInvite(code, callback) {
Invite.findOne({code: code}, function(err, invite) { Invite.findOne({code: code}, function (err, invite) {
if (err) return callback(err); if (err) return callback(err);
if (!invite || invite.used || invite.exp < new Date()) if (!invite || invite.used || invite.exp < new Date())
callback(null, false); callback(null, false);
@ -33,25 +33,25 @@ function checkInvite(code, callback) {
} }
function useInvite(code, username) { function useInvite(code, username) {
Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function(err, res) { Invite.updateOne({code: code}, {recipient: username, used: new Date()}, function (err, res) {
if (err) throw err; if (err) throw err;
}); });
} }
router.post('/register', function(req, res) { router.post('/register', function (req, res) {
// Validate the parameters // Validate the parameters
async.parallel({ async.parallel({
userCheck: function(callback) { userCheck: function (callback) {
checkUsername(req.body.username, function(err, valid) { checkUsername(req.body.username, function (err, valid) {
callback(err, valid); callback(err, valid);
}); });
}, },
inviteCheck: function(callback) { inviteCheck: function (callback) {
checkInvite(req.body.invite, function(err, valid, invite) { checkInvite(req.body.invite, function (err, valid, invite) {
callback(err, {valid: valid, invite: invite}); callback(err, {valid: valid, invite: invite});
}); });
} }
}, function(err, result) { }, function (err, result) {
if (!result.userCheck) { if (!result.userCheck) {
res.status(401).json({'message': 'Invalid username.'}); res.status(401).json({'message': 'Invalid username.'});
} else if (!result.inviteCheck.valid) { } else if (!result.inviteCheck.valid) {
@ -64,27 +64,44 @@ router.post('/register', function(req, res) {
user.date = new Date(); user.date = new Date();
user.setPassword(req.body.password); user.setPassword(req.body.password);
user.save(function(err) { user.save(function (err) {
if (err) if (err) {
res.status(500).json({'message': 'Internal server error.'}); res.status(500).json({'message': 'Internal server error.'});
else } else {
res.status(200).json({'token': user.genJwt()}); res.status(200)
}) .cookie('shimapan-token', user.genJwt(), {
expires: new Date(Date.now() + 604800000),
httpOnly: true
})
.json({'token': user.genJwt()});
}
});
} }
}); });
}); });
router.post('/login', function(req, res) { router.post('/login', function (req, res) {
passport.authenticate('local', function(err, user, info) { passport.authenticate('local', function (err, user, info) {
if (err) if (err) {
res.status(500).json(err); res.status(500).json(err);
else if (user) } else if (user) {
res.status(200).json({'token': user.genJwt() }); res.status(200)
else .cookie('shimapan-token', user.genJwt(), {
expires: new Date(Date.now() + 604800000),
httpOnly: true
})
.json({'token': user.genJwt()});
} else {
res.status(401).json(info); res.status(401).json(info);
}
})(req, res); })(req, res);
}); });
router.get('/logout', function(req, res) {
res.clearCookie('shimapan-token');
res.status(200).json({'message': 'Successfully logged out.'});
});
module.exports = router; module.exports = router;

7
public/js/services/AuthSvc.js
View File

@ -42,7 +42,12 @@ angular.module('AuthSvc', []).service('AuthService', ['$http', '$window', functi
}; };
this.logout = function() { this.logout = function() {
$window.localStorage.removeItem('shimapan-token'); $window.localStorage.removeItem('shimapan-token');
$window.location.href = '/'; $http({
method: 'GET',
url: '/api/auth/logout'
}).then(function(res) {
$window.location.href = '/';
});
}; };
this.isLoggedIn = function() { this.isLoggedIn = function() {
var payload = decodeToken(getToken()); var payload = decodeToken(getToken());

2
server.js
View File

@ -4,6 +4,7 @@ var methodOverride = require('method-override');
var mongoose = require('mongoose'); var mongoose = require('mongoose');
var morgan = require('morgan'); var morgan = require('morgan');
var passport = require('passport'); var passport = require('passport');
var cookieParser = require('cookie-parser');
var app = express(); var app = express();
@ -21,6 +22,7 @@ db.on('error', function(err) {
require('./config/passport.js'); require('./config/passport.js');
app.use(cookieParser());
app.use(bodyParser.json()); app.use(bodyParser.json());
app.use(bodyParser.json({ type: 'application/json' })); app.use(bodyParser.json({ type: 'application/json' }));
app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.urlencoded({ extended: true }));