forked from kaverti/website
Fixes
This commit is contained in:
main1
parent
6d3ae42a95
commit
1e58096097
|
|
@ -63,7 +63,7 @@ yarn-error.log*
|
|||
# Config folder
|
||||
config/
|
||||
config/config.json
|
||||
|
||||
*config.json*
|
||||
# Editor directories and files
|
||||
.idea
|
||||
*.suo
|
||||
|
|
|
|||
|
|
@ -1,27 +1,27 @@
|
|||
{
|
||||
"development": {
|
||||
"username": "troplo",
|
||||
"password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn",
|
||||
"database": "troplo_kaverti",
|
||||
"host": "124.169.200.10",
|
||||
"username": "kaverti",
|
||||
"password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982",
|
||||
"database": "kaverti",
|
||||
"host": "192.168.0.13",
|
||||
"dialect": "mysql",
|
||||
"maintenance": "true",
|
||||
"passkey": "true"
|
||||
},
|
||||
"test": {
|
||||
"username": "troplo",
|
||||
"password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn",
|
||||
"database": "troplo_kaverti",
|
||||
"host": "124.169.200.10",
|
||||
"username": "kaverti",
|
||||
"password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982",
|
||||
"database": "kaverti",
|
||||
"host": "192.168.0.13",
|
||||
"dialect": "mysql",
|
||||
"maintenance": "true",
|
||||
"passkey": "true"
|
||||
},
|
||||
"production": {
|
||||
"username": "troplo",
|
||||
"password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn",
|
||||
"database": "troplo_kaverti",
|
||||
"host": "124.169.200.10",
|
||||
"username": "kaverti",
|
||||
"password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982",
|
||||
"database": "kaverti",
|
||||
"host": "192.168.0.13",
|
||||
"dialect": "mysql",
|
||||
"maintenance": "true",
|
||||
"passkey": "true"
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
'use strict';
|
||||
|
||||
module.exports = {
|
||||
up: (queryInterface, Sequelize) => {
|
||||
return queryInterface.addColumn(
|
||||
'UserConversations',
|
||||
'lastRead',
|
||||
{
|
||||
type: Sequelize.DATE,
|
||||
allowNull: false,
|
||||
defaultValue: new Date(0)
|
||||
}
|
||||
);
|
||||
},
|
||||
|
||||
down: (queryInterface, Sequelize) => {
|
||||
queryInterface.removeColumn('UserConversations', 'lastRead');
|
||||
}
|
||||
};
|
||||
|
|
@ -7,6 +7,7 @@ let {
|
|||
} = require('../models')
|
||||
const cryptoRandomString = require("crypto-random-string")
|
||||
const rateLimit = require("express-rate-limit");
|
||||
const jwt = require('jsonwebtoken');
|
||||
|
||||
const emailLimiter = rateLimit({
|
||||
windowMs: 60000,
|
||||
|
|
@ -19,19 +20,7 @@ const registerLimit = rateLimit({
|
|||
max: 1, // limit each IP to 100 requests per windowMs
|
||||
message: "{\"errors\":[{\"name\":\"rateLimit\",\"message\":\"You may only make 1 request to this endpoint every 5 minutes.\",\"status\":429}]}"
|
||||
});
|
||||
function setUserSession(req, res, username, UserId, admin) {
|
||||
req.userData.loggedIn = true
|
||||
req.userData.username = username
|
||||
req.userData.UserId = UserId
|
||||
res.cookie('username', username)
|
||||
//Not for security purposes, just so client side can determine
|
||||
//to show certain parts of ui or not (i.e. could trivially be spoofed
|
||||
//but the server would not accept any api requests)
|
||||
res.cookie('admin', !!admin)
|
||||
|
||||
if(admin) { req.userData.admin = true }
|
||||
}
|
||||
router.post('/oidfhuisadhi8243', emailLimiter, auth, async(req, res, next) => {
|
||||
router.post('/oidfhuisadhi8243', emailLimiter, async(req, res, next) => {
|
||||
try {
|
||||
await Ban.isIpBanned(req.ip)
|
||||
|
||||
|
|
@ -58,11 +47,13 @@ router.post('/oidfhuisadhi8243', emailLimiter, auth, async(req, res, next) => {
|
|||
let user = await User.create(userParams)
|
||||
await Ip.createIfNotExists(req.ip, user)
|
||||
|
||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
||||
res.json(user.toJSON())
|
||||
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||
res.json({
|
||||
accessToken
|
||||
});
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
router.post('/null', emailLimiter, auth, async(req, res, next) => {
|
||||
router.post('/null', emailLimiter, async(req, res, next) => {
|
||||
try {
|
||||
await Ban.isIpBanned(req.ip)
|
||||
|
||||
|
|
@ -89,11 +80,13 @@ router.post('/null', emailLimiter, auth, async(req, res, next) => {
|
|||
let user = await User.create(userParams)
|
||||
await Ip.createIfNotExists(req.ip, user)
|
||||
|
||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
||||
res.json(user.toJSON())
|
||||
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||
res.json({
|
||||
accessToken
|
||||
});
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
router.post('/register', emailLimiter, auth, async(req, res, next) => {
|
||||
router.post('/register', emailLimiter, async(req, res, next) => {
|
||||
try {
|
||||
await Ban.isIpBanned(req.ip)
|
||||
|
||||
|
|
@ -120,8 +113,10 @@ router.post('/register', emailLimiter, auth, async(req, res, next) => {
|
|||
let user = await User.create(userParams)
|
||||
await Ip.createIfNotExists(req.ip, user)
|
||||
|
||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
||||
res.json(user.toJSON())
|
||||
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||
res.json({
|
||||
accessToken
|
||||
});
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -32,15 +32,6 @@ let conversationController = require('../controllers/conversation');
|
|||
const jwt = require('jsonwebtoken');
|
||||
let config = require('../config/server.js')
|
||||
|
||||
function setUserSession(req, res, username, UserId, admin) {
|
||||
req.userData.loggedIn = true
|
||||
req.userData.username = username
|
||||
req.userData.UserId = UserId
|
||||
res.cookie('username', username)
|
||||
|
||||
if(admin) { req.userData.admin = true }
|
||||
}
|
||||
|
||||
router.post('/oidfhuisadhi8243', async(req, res) => {
|
||||
try {
|
||||
await Ban.isIpBanned(req.ip)
|
||||
|
|
@ -68,8 +59,10 @@ router.post('/oidfhuisadhi8243', async(req, res) => {
|
|||
let user = await User.create(userParams)
|
||||
await Ip.createIfNotExists(req.ip, user)
|
||||
|
||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
||||
res.json(user.toJSON())
|
||||
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||
res.json({
|
||||
accessToken
|
||||
});
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
router.post('/', async(req, res, next) => {
|
||||
|
|
@ -100,8 +93,10 @@ router.post('/', async(req, res, next) => {
|
|||
let user = await User.create(userParams)
|
||||
await Ip.createIfNotExists(req.ip, user)
|
||||
|
||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
||||
res.json(user.toJSON())
|
||||
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||
res.json({
|
||||
accessToken
|
||||
});
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
|
||||
|
|
@ -227,12 +222,11 @@ router.post('/login', async(req, res, next) => {
|
|||
if (await userEmail.comparePassword(req.body.password)) {
|
||||
await Ip.createIfNotExists(req.ip, userEmail)
|
||||
|
||||
setUserSession(req, res, userEmail.username, userEmail.id, userEmail.admin)
|
||||
res.json({
|
||||
username: userEmail.username,
|
||||
admin: userEmail.admin,
|
||||
success: true
|
||||
})
|
||||
const accessToken = jwt.sign({ username: userEmail.username, admin: userEmail.admin, executive: userEmail.executive, email: userEmail.email, UserId: userEmail.id, loggedIn: true, bot: userEmail.bot, offset: userEmail.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||
|
||||
res.json({
|
||||
accessToken
|
||||
});
|
||||
} else {
|
||||
res.status(401)
|
||||
res.json({
|
||||
|
|
|
|||
Loading…
Reference in New Issue