yvachot/PolyNotFound
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove tutorials & add auth manager

Browse source
This commit is contained in:
Yûki VACHOT 2021-10-30 00:40:51 +02:00
parent a748b93133
commit e87c4bb146
9 changed files with 46 additions and 198 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backend/app/config/response.config.js
View file

@ -1,9 +1,9 @@
function sendMessage (res, successCode, data) { function sendMessage (res, successCode, data, token=null) {
res.status(200).json({ status: 'success', successCode: successCode, data: data }); res.status(200).json({ status: 'success', successCode: successCode, token: token, data: data });
} }
function sendError (res, statusCode, errorCode, reason) { function sendError (res, statusCode, errorCode, reason, token=null) {
res.status(statusCode).json({ status: 'error', errorCode: errorCode, reason: reason }); res.status(statusCode).json({ status: 'error', errorCode: errorCode, data: { token: token, reason: reason }});
} }
module.exports = { sendMessage, sendError }; module.exports = { sendMessage, sendError };

36
backend/app/config/sessionJWT.config.js
View file

@ -12,10 +12,11 @@ const JWTRS256_PRIVATE_KEY = Buffer.from(process.env.JWTRS256_PRIVATE_KEY, 'base
const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64').toString('utf-8'); const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64').toString('utf-8');
function createSessionJWT (mail) { function createSessionJWT (login, role) {
return sessionJWTConfig.sign( return sessionJWTConfig.sign(
{ {
mail: mail, login: login,
role: role,
midExp: Math.floor(Date.now() / 1000) + 1800 midExp: Math.floor(Date.now() / 1000) + 1800
}, },
JWTRS256_PRIVATE_KEY, JWTRS256_PRIVATE_KEY,
@ -28,20 +29,21 @@ function createSessionJWT (mail) {
function createSessionCookie(req, res, payload) { function createSessionCookie(req, res, payload) {
let jwtToken; let jwtToken;
if ((typeof payload.mail !== 'undefined') && if (typeof payload.login !== 'undefined' &&
(typeof payload.midExp !== 'undefined') && typeof payload.role !== 'undefined' &&
typeof payload.midExp !== 'undefined' &&
(Math.floor(Date.now() / 1000) <= payload.midExp)) { (Math.floor(Date.now() / 1000) <= payload.midExp)) {
jwtToken = req.headers.cookie; jwtToken = req.headers.cookie;
} }
else { else {
jwtToken = createSessionJWT(payload.mail); jwtToken = createSessionJWT(payload.login, payload.role);
} }
res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false}); res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false});
} }
function decodeSessionCookie(sessionid) { function decodeSessionCookie(sessionid) {
if (typeof sessionid === 'undefined') { if (typeof sessionid === 'undefined') {
return {mail: -1}; return {login: -1, role: -1};
} }
try { try {
const token = sessionJWTConfig.verify( const token = sessionJWTConfig.verify(
@ -51,7 +53,7 @@ function decodeSessionCookie(sessionid) {
return {token: token}; return {token: token};
} }
catch (err) { catch (err) {
return {mail: -1}; return {login: -1, role: -1};
} }
} }
@ -65,20 +67,28 @@ function setSessionCookie (req, res, session) {
} }
module.exports.setSessionCookie = setSessionCookie; module.exports.setSessionCookie = setSessionCookie;
function getMail(session) { function getToken(session) {
if (typeof session === 'undefined' || typeof session.token === 'undefined') return -1; if (typeof session === 'undefined' || typeof session.token === 'undefined') return -1;
return session.token; return session.token;
} }
module.exports.getMail = getMail; module.exports.getToken = getToken;
function checkLogin(req, res){ function checkLogin(req, res, role=null){
if(typeof req.cookies !== 'undefined'){ if(typeof req.cookies !== 'undefined'){
const session = getSession(req.cookies.SESSIONID); const session = getSession(req.cookies.SESSIONID);
const token = getMail(session); const token = getToken(session);
if(token.mail === 'undefined' || token.mail === -1){ if(token.login === 'undefined' || token.login === -1){
return sendError(res, 500, -1, "User not authenticated."); return sendError(res, 500, -1, "User not authenticated.");
} else{ } else{
return token; if(role === null){
return token;
} else{
if(token.role !== 'undefined' && token.role === role){
return token;
} else{
return sendError(res, 500, -1, "User doesn't have permission.", token);
}
}
} }
} else { } else {
return sendError(res, 500, -1, "Cookies don't exist."); return sendError(res, 500, -1, "Cookies don't exist.");

117
backend/app/controllers/tutorial.controller.js
View file

@ -1,117 +0,0 @@
const db = require("../models/mongodb.model");
const {sendError, sendMessage} = require ("../config/response.config");
const Tutorial = db.tutorials;
// Create and Save a new Tutorial
exports.create = (req, res) => {
// Validate request
if (!req.body.title) {
sendError(res, 400,-1,"Content can not be empty!" );
}
// Create a Tutorial
const tutorial = new Tutorial({
title: req.body.title,
description: req.body.description,
published: req.body.published ? req.body.published : false
});
// Save Tutorial in the database
tutorial
.save(tutorial)
.then(data => {
sendMessage(res, 1, data)
})
.catch(err => {
sendError(res, 500,-1,err.message || "Some error occurred while creating the Tutorial.");
});
};
// Retrieve all Tutorials from the database.
exports.findAll = (req, res) => {
const title = req.query.title;
let condition = title ? { title: { $regex: new RegExp(title), $options: "i" } } : {};
Tutorial.find(condition)
.then(data => {
sendMessage(res, 1, data)
})
.catch(err => {
sendError(res,500,-1,err.message || "Some error occurred while retrieving tutorials.");
});
};
// Find a single Tutorial with an id
exports.findOne = (req, res) => {
const id = req.params.id;
Tutorial.findById(id)
.then(data => {
if (!data)
sendError(res,404,-1,"Not found Tutorial with id " + id );
else sendMessage(res, 1, data);
})
.catch(err => {
sendError(res,500,-1,err.message || "Error retrieving Tutorial with id=" + id );
});
};
// Update a Tutorial by the id in the request
exports.update = (req, res) => {
if (!req.body) {
sendError(res,400,-1,"Data to update can not be empty!");
}
const id = req.params.id;
Tutorial.findByIdAndUpdate(id, req.body, { useFindAndModify: false })
.then(data => {
if (!data) {
sendError(res,404,-1,`Cannot update Tutorial with id=${id}. Maybe Tutorial was not found!`);
} else sendMessage(res, 1, { message: "Tutorial was updated successfully." });
})
.catch(err => {
sendError(res,500,-1,err.message || "Error updating Tutorial with id=" + id);
});
};
// Delete a Tutorial with the specified id in the request
exports.delete = (req, res) => {
const id = req.params.id;
Tutorial.findByIdAndRemove(id)
.then(data => {
if (!data) {
sendError(res,404,-1,`Cannot delete Tutorial with id=${id}. Maybe Tutorial was not found!`);
} else {
sendMessage(res, 1, { message: "Tutorial was deleted successfully!" });
}
})
.catch(err => {
sendError(res,500,-1,err.message || "Could not delete Tutorial with id=" + id);
});
};
// Delete all Tutorials from the database.
exports.deleteAll = (req, res) => {
Tutorial.deleteMany({})
.then(data => {
sendMessage(res, 1, {
message: `${data.deletedCount} Tutorials were deleted successfully!`
});
})
.catch(err => {
sendError(res,500,-1,err.message || "Some error occurred while removing all tutorials.");
});
};
// Find all published Tutorials
exports.findAllPublished = (req, res) => {
Tutorial.find({ published: true })
.then(data => {
sendMessage(res, 1, data);
})
.catch(err => {
sendError(res,500,-1,err.message || "Some error occurred while retrieving tutorials.");
});
};

31
backend/app/controllers/user.controller.js
View file

@ -1,27 +1,26 @@
const db = require("../models/mongodb.model"); const db = require("../models/mongodb.model");
const {sendError, sendMessage} = require ("../config/response.config"); const {sendError, sendMessage} = require ("../config/response.config");
const checkFormat = require("../config/checkFormat.config"); const checkFormat = require("../config/checkFormat.config");
const sessionJWT = require('../config/sessionJWT.config'); const {checkLogin, setSessionCookie} = require("../config/sessionJWT.config");
const {checkLogin} = require("../config/sessionJWT.config");
const User = db.users; const User = db.users;
// Authenticate an User // Authenticate an User
exports.auth = (req, res) => { exports.auth = (req, res) => {
checkFormat(req, res); checkFormat(req, res);
// Validate request // Validate request
if (!req.body.mail || !req.body.hashPass) { if (!req.body.login || !req.body.hashPass) {
sendError(res, 400,-1,"Content can not be empty ! (mail and hashPass needed)"); sendError(res, 400,-1,"Content can not be empty ! (login and hashPass needed)");
} else{ } else{
// Check User in the database // Check User in the database
User User
.findOne({mail: req.body.mail, hashPass: req.body.hashPass}, [{count: {$size: "$_id"}}]) .findOne({login: req.body.login, hashPass: req.body.hashPass}, {role: true})
.then(data => { .then(data => {
if (data !== null){ if (data !== null){
sessionJWT.setSessionCookie(req, res, { mail: req.body.mail }); setSessionCookie(req, res, { login: req.body.login, role: data.role});
return sendMessage(res, 1, true); return sendMessage(res, 1, true);
} else { } else {
sessionJWT.setSessionCookie(req, res, { mail: -1 }); setSessionCookie(req, res, { login: -1, role: -1 });
return sendError(res, 500, -1, "Invalid mail or password."); return sendError(res, 500, -1, "Invalid login or password.");
} }
}) })
.catch(err => { .catch(err => {
@ -35,17 +34,17 @@ exports.disconnect = (req, res) => {
let token; let token;
if(checkFormat(req, res) && (token = checkLogin(req, res))) { if(checkFormat(req, res) && (token = checkLogin(req, res))) {
console.log(token); console.log(token);
sessionJWT.setSessionCookie(req, res, {mail: -1}); setSessionCookie(req, res, {login: -1});
return sendMessage(res, 1, {message: "User disconnected"}); return sendMessage(res, 1, {message: "User disconnected"}, token);
} }
}; };
// Create and Save a new User // Create and Save a new User
exports.create = (req, res) => { exports.create = (req, res) => {
checkFormat(req, res); checkFormat(req, res);
// Validate request // Validate request
if (!req.body.login || !req.body.hashPass || !req.body.mail || !req.body.role) { if (!req.body.login || !req.body.hashPass || !req.body.mail) {
sendError(res, 400,-1,"Content can not be empty ! (login, hashPass, mail and role needed"); sendError(res, 400,-1,"Content can not be empty ! (login, hashPass and mail needed");
} }
else{ else{
User.exists({login: req.body.login}, function (err, docs){ User.exists({login: req.body.login}, function (err, docs){
@ -81,17 +80,17 @@ exports.create = (req, res) => {
// Retrieve all Users from the database. // Retrieve all Users from the database.
exports.findAll = (req, res) => { exports.findAll = (req, res) => {
let token; let token;
if(checkFormat(req, res) && (token = checkLogin(req, res))){ if(checkFormat(req, res) && (token = checkLogin(req, res, 10))){
console.log(token); console.log(token);
const login = req.query.login; const login = req.query.login;
let condition = login ? { login: { $regex: new RegExp(login), $options: "i" } } : {}; let condition = login ? { login: { $regex: new RegExp(login), $options: "i" } } : {};
User.find(condition, {hashPass: false}) User.find(condition, {hashPass: false})
.then(data => { .then(data => {
sendMessage(res, 1, data) sendMessage(res, 1, data, token)
}) })
.catch(err => { .catch(err => {
sendError(res,500,-1,err.message || "Some error occurred while retrieving users."); sendError(res,500,-1,err.message || "Some error occurred while retrieving users.", token);
}); });
} }
}; };

1
backend/app/models/mongodb.model.js
View file

@ -6,7 +6,6 @@ mongoose.Promise = global.Promise;
const db = {}; const db = {};
db.mongoose = mongoose; db.mongoose = mongoose;
db.url = dbConfig.url; db.url = dbConfig.url;
db.tutorials = require("./tutorial.model")(mongoose);
db.users = require("./user.model")(mongoose); db.users = require("./user.model")(mongoose);
module.exports = db; module.exports = db;

17
backend/app/models/tutorial.model.js
View file

@ -1,17 +0,0 @@
module.exports = mongoose => {
let schema = mongoose.Schema({
title: String,
description: String,
published: Boolean
},
{ timestamps: true }
);
schema.method("toJSON", function() {
const { __v, _id, ...object } = this.toObject();
object.id = _id;
return object;
});
return mongoose.model("tutorial", schema);
};

5
backend/app/models/user.model.js
View file

@ -3,7 +3,10 @@ module.exports = mongoose => {
login: String, login: String,
hashPass: String, // WARNING: We don't want to send back the hashPass hashPass: String, // WARNING: We don't want to send back the hashPass
mail: String, mail: String,
role: Object role: {
type: Number,
default: 0
}
}, },
{ timestamps: true } { timestamps: true }
); );

28
backend/app/routes/tutorial.routes.js
View file

@ -1,28 +0,0 @@
module.exports = app => {
const tutorials = require("../controllers/tutorial.controller.js");
let router = require("express").Router();
// Create a new Tutorial
router.post("/", tutorials.create);
// Retrieve all Tutorials
router.get("/", tutorials.findAll);
// Retrieve all published Tutorials
router.get("/published", tutorials.findAllPublished);
// Retrieve a single Tutorial with id
router.get("/:id", tutorials.findOne);
// Update a Tutorial with id
router.put("/:id", tutorials.update);
// Delete a Tutorial with id
router.delete("/:id", tutorials.delete);
// Create a new Tutorial
router.delete("/", tutorials.deleteAll);
app.use('/api/tutorials', router);
};

1
backend/server.js
View file

@ -27,7 +27,6 @@ db.mongoose
}); });
require("./app/config/sessionJWT.config"); require("./app/config/sessionJWT.config");
require("./app/routes/tutorial.routes")(app);
require("./app/routes/user.routes")(app); require("./app/routes/user.routes")(app);
app.listen(port, '0.0.0.0',() => { app.listen(port, '0.0.0.0',() => {