diff --git a/backend/app/config/response.config.js b/backend/app/config/response.config.js index dcf5145..4278756 100644 --- a/backend/app/config/response.config.js +++ b/backend/app/config/response.config.js @@ -1,9 +1,9 @@ -function sendMessage (res, successCode, data) { - res.status(200).json({ status: 'success', successCode: successCode, data: data }); +function sendMessage (res, successCode, data, token=null) { + res.status(200).json({ status: 'success', successCode: successCode, token: token, data: data }); } -function sendError (res, statusCode, errorCode, reason) { - res.status(statusCode).json({ status: 'error', errorCode: errorCode, reason: reason }); +function sendError (res, statusCode, errorCode, reason, token=null) { + res.status(statusCode).json({ status: 'error', errorCode: errorCode, data: { token: token, reason: reason }}); } module.exports = { sendMessage, sendError }; diff --git a/backend/app/config/sessionJWT.config.js b/backend/app/config/sessionJWT.config.js index 0a50b10..b5b76cb 100644 --- a/backend/app/config/sessionJWT.config.js +++ b/backend/app/config/sessionJWT.config.js @@ -12,10 +12,11 @@ const JWTRS256_PRIVATE_KEY = Buffer.from(process.env.JWTRS256_PRIVATE_KEY, 'base const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64').toString('utf-8'); -function createSessionJWT (mail) { +function createSessionJWT (login, role) { return sessionJWTConfig.sign( { - mail: mail, + login: login, + role: role, midExp: Math.floor(Date.now() / 1000) + 1800 }, JWTRS256_PRIVATE_KEY, @@ -28,20 +29,21 @@ function createSessionJWT (mail) { function createSessionCookie(req, res, payload) { let jwtToken; - if ((typeof payload.mail !== 'undefined') && - (typeof payload.midExp !== 'undefined') && + if (typeof payload.login !== 'undefined' && + typeof payload.role !== 'undefined' && + typeof payload.midExp !== 'undefined' && (Math.floor(Date.now() / 1000) <= payload.midExp)) { jwtToken = req.headers.cookie; } else { - jwtToken = createSessionJWT(payload.mail); + jwtToken = createSessionJWT(payload.login, payload.role); } res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false}); } function decodeSessionCookie(sessionid) { if (typeof sessionid === 'undefined') { - return {mail: -1}; + return {login: -1, role: -1}; } try { const token = sessionJWTConfig.verify( @@ -51,7 +53,7 @@ function decodeSessionCookie(sessionid) { return {token: token}; } catch (err) { - return {mail: -1}; + return {login: -1, role: -1}; } } @@ -65,20 +67,28 @@ function setSessionCookie (req, res, session) { } module.exports.setSessionCookie = setSessionCookie; -function getMail(session) { +function getToken(session) { if (typeof session === 'undefined' || typeof session.token === 'undefined') return -1; return session.token; } -module.exports.getMail = getMail; +module.exports.getToken = getToken; -function checkLogin(req, res){ +function checkLogin(req, res, role=null){ if(typeof req.cookies !== 'undefined'){ const session = getSession(req.cookies.SESSIONID); - const token = getMail(session); - if(token.mail === 'undefined' || token.mail === -1){ + const token = getToken(session); + if(token.login === 'undefined' || token.login === -1){ return sendError(res, 500, -1, "User not authenticated."); } else{ - return token; + if(role === null){ + return token; + } else{ + if(token.role !== 'undefined' && token.role === role){ + return token; + } else{ + return sendError(res, 500, -1, "User doesn't have permission.", token); + } + } } } else { return sendError(res, 500, -1, "Cookies don't exist."); diff --git a/backend/app/controllers/tutorial.controller.js b/backend/app/controllers/tutorial.controller.js deleted file mode 100644 index 222aa0c..0000000 --- a/backend/app/controllers/tutorial.controller.js +++ /dev/null @@ -1,117 +0,0 @@ -const db = require("../models/mongodb.model"); -const {sendError, sendMessage} = require ("../config/response.config"); -const Tutorial = db.tutorials; - -// Create and Save a new Tutorial -exports.create = (req, res) => { - // Validate request - if (!req.body.title) { - sendError(res, 400,-1,"Content can not be empty!" ); - } - - // Create a Tutorial - const tutorial = new Tutorial({ - title: req.body.title, - description: req.body.description, - published: req.body.published ? req.body.published : false - }); - - // Save Tutorial in the database - tutorial - .save(tutorial) - .then(data => { - sendMessage(res, 1, data) - }) - .catch(err => { - sendError(res, 500,-1,err.message || "Some error occurred while creating the Tutorial."); - }); -}; - -// Retrieve all Tutorials from the database. -exports.findAll = (req, res) => { - const title = req.query.title; - let condition = title ? { title: { $regex: new RegExp(title), $options: "i" } } : {}; - - Tutorial.find(condition) - .then(data => { - sendMessage(res, 1, data) - }) - .catch(err => { - sendError(res,500,-1,err.message || "Some error occurred while retrieving tutorials."); - }); -}; - -// Find a single Tutorial with an id -exports.findOne = (req, res) => { - const id = req.params.id; - - Tutorial.findById(id) - .then(data => { - if (!data) - sendError(res,404,-1,"Not found Tutorial with id " + id ); - else sendMessage(res, 1, data); - }) - .catch(err => { - sendError(res,500,-1,err.message || "Error retrieving Tutorial with id=" + id ); - }); -}; - -// Update a Tutorial by the id in the request -exports.update = (req, res) => { - if (!req.body) { - sendError(res,400,-1,"Data to update can not be empty!"); - } - - const id = req.params.id; - - Tutorial.findByIdAndUpdate(id, req.body, { useFindAndModify: false }) - .then(data => { - if (!data) { - sendError(res,404,-1,`Cannot update Tutorial with id=${id}. Maybe Tutorial was not found!`); - } else sendMessage(res, 1, { message: "Tutorial was updated successfully." }); - }) - .catch(err => { - sendError(res,500,-1,err.message || "Error updating Tutorial with id=" + id); - }); -}; - -// Delete a Tutorial with the specified id in the request -exports.delete = (req, res) => { - const id = req.params.id; - - Tutorial.findByIdAndRemove(id) - .then(data => { - if (!data) { - sendError(res,404,-1,`Cannot delete Tutorial with id=${id}. Maybe Tutorial was not found!`); - } else { - sendMessage(res, 1, { message: "Tutorial was deleted successfully!" }); - } - }) - .catch(err => { - sendError(res,500,-1,err.message || "Could not delete Tutorial with id=" + id); - }); -}; - -// Delete all Tutorials from the database. -exports.deleteAll = (req, res) => { - Tutorial.deleteMany({}) - .then(data => { - sendMessage(res, 1, { - message: `${data.deletedCount} Tutorials were deleted successfully!` - }); - }) - .catch(err => { - sendError(res,500,-1,err.message || "Some error occurred while removing all tutorials."); - }); -}; - -// Find all published Tutorials -exports.findAllPublished = (req, res) => { - Tutorial.find({ published: true }) - .then(data => { - sendMessage(res, 1, data); - }) - .catch(err => { - sendError(res,500,-1,err.message || "Some error occurred while retrieving tutorials."); - }); -}; diff --git a/backend/app/controllers/user.controller.js b/backend/app/controllers/user.controller.js index 9659cef..51a01d1 100644 --- a/backend/app/controllers/user.controller.js +++ b/backend/app/controllers/user.controller.js @@ -1,27 +1,26 @@ const db = require("../models/mongodb.model"); const {sendError, sendMessage} = require ("../config/response.config"); const checkFormat = require("../config/checkFormat.config"); -const sessionJWT = require('../config/sessionJWT.config'); -const {checkLogin} = require("../config/sessionJWT.config"); +const {checkLogin, setSessionCookie} = require("../config/sessionJWT.config"); const User = db.users; // Authenticate an User exports.auth = (req, res) => { checkFormat(req, res); // Validate request - if (!req.body.mail || !req.body.hashPass) { - sendError(res, 400,-1,"Content can not be empty ! (mail and hashPass needed)"); + if (!req.body.login || !req.body.hashPass) { + sendError(res, 400,-1,"Content can not be empty ! (login and hashPass needed)"); } else{ // Check User in the database User - .findOne({mail: req.body.mail, hashPass: req.body.hashPass}, [{count: {$size: "$_id"}}]) + .findOne({login: req.body.login, hashPass: req.body.hashPass}, {role: true}) .then(data => { if (data !== null){ - sessionJWT.setSessionCookie(req, res, { mail: req.body.mail }); + setSessionCookie(req, res, { login: req.body.login, role: data.role}); return sendMessage(res, 1, true); } else { - sessionJWT.setSessionCookie(req, res, { mail: -1 }); - return sendError(res, 500, -1, "Invalid mail or password."); + setSessionCookie(req, res, { login: -1, role: -1 }); + return sendError(res, 500, -1, "Invalid login or password."); } }) .catch(err => { @@ -35,17 +34,17 @@ exports.disconnect = (req, res) => { let token; if(checkFormat(req, res) && (token = checkLogin(req, res))) { console.log(token); - sessionJWT.setSessionCookie(req, res, {mail: -1}); - return sendMessage(res, 1, {message: "User disconnected"}); + setSessionCookie(req, res, {login: -1}); + return sendMessage(res, 1, {message: "User disconnected"}, token); } }; // Create and Save a new User exports.create = (req, res) => { - checkFormat(req, res); + checkFormat(req, res); // Validate request - if (!req.body.login || !req.body.hashPass || !req.body.mail || !req.body.role) { - sendError(res, 400,-1,"Content can not be empty ! (login, hashPass, mail and role needed"); + if (!req.body.login || !req.body.hashPass || !req.body.mail) { + sendError(res, 400,-1,"Content can not be empty ! (login, hashPass and mail needed"); } else{ User.exists({login: req.body.login}, function (err, docs){ @@ -81,17 +80,17 @@ exports.create = (req, res) => { // Retrieve all Users from the database. exports.findAll = (req, res) => { let token; - if(checkFormat(req, res) && (token = checkLogin(req, res))){ + if(checkFormat(req, res) && (token = checkLogin(req, res, 10))){ console.log(token); const login = req.query.login; let condition = login ? { login: { $regex: new RegExp(login), $options: "i" } } : {}; User.find(condition, {hashPass: false}) .then(data => { - sendMessage(res, 1, data) + sendMessage(res, 1, data, token) }) .catch(err => { - sendError(res,500,-1,err.message || "Some error occurred while retrieving users."); + sendError(res,500,-1,err.message || "Some error occurred while retrieving users.", token); }); } }; diff --git a/backend/app/models/mongodb.model.js b/backend/app/models/mongodb.model.js index 974b911..58cce74 100644 --- a/backend/app/models/mongodb.model.js +++ b/backend/app/models/mongodb.model.js @@ -6,7 +6,6 @@ mongoose.Promise = global.Promise; const db = {}; db.mongoose = mongoose; db.url = dbConfig.url; -db.tutorials = require("./tutorial.model")(mongoose); db.users = require("./user.model")(mongoose); module.exports = db; diff --git a/backend/app/models/tutorial.model.js b/backend/app/models/tutorial.model.js deleted file mode 100644 index e5809f8..0000000 --- a/backend/app/models/tutorial.model.js +++ /dev/null @@ -1,17 +0,0 @@ -module.exports = mongoose => { - let schema = mongoose.Schema({ - title: String, - description: String, - published: Boolean - }, - { timestamps: true } - ); - - schema.method("toJSON", function() { - const { __v, _id, ...object } = this.toObject(); - object.id = _id; - return object; - }); - - return mongoose.model("tutorial", schema); -}; diff --git a/backend/app/models/user.model.js b/backend/app/models/user.model.js index fe29d74..c9b97b5 100644 --- a/backend/app/models/user.model.js +++ b/backend/app/models/user.model.js @@ -3,7 +3,10 @@ module.exports = mongoose => { login: String, hashPass: String, // WARNING: We don't want to send back the hashPass mail: String, - role: Object + role: { + type: Number, + default: 0 + } }, { timestamps: true } ); diff --git a/backend/app/routes/tutorial.routes.js b/backend/app/routes/tutorial.routes.js deleted file mode 100644 index 5ee5f97..0000000 --- a/backend/app/routes/tutorial.routes.js +++ /dev/null @@ -1,28 +0,0 @@ -module.exports = app => { - const tutorials = require("../controllers/tutorial.controller.js"); - - let router = require("express").Router(); - - // Create a new Tutorial - router.post("/", tutorials.create); - - // Retrieve all Tutorials - router.get("/", tutorials.findAll); - - // Retrieve all published Tutorials - router.get("/published", tutorials.findAllPublished); - - // Retrieve a single Tutorial with id - router.get("/:id", tutorials.findOne); - - // Update a Tutorial with id - router.put("/:id", tutorials.update); - - // Delete a Tutorial with id - router.delete("/:id", tutorials.delete); - - // Create a new Tutorial - router.delete("/", tutorials.deleteAll); - - app.use('/api/tutorials', router); -}; diff --git a/backend/server.js b/backend/server.js index 9e913c0..f349ba7 100644 --- a/backend/server.js +++ b/backend/server.js @@ -27,7 +27,6 @@ db.mongoose }); require("./app/config/sessionJWT.config"); -require("./app/routes/tutorial.routes")(app); require("./app/routes/user.routes")(app); app.listen(port, '0.0.0.0',() => {