From 1e58096097cf32f2ffcda1f743b7a112c3b798ac Mon Sep 17 00:00:00 2001 From: main1 Date: Sat, 24 Oct 2020 15:45:47 +1100 Subject: [PATCH] Fixes --- .gitignore | 2 +- config/config.json | 24 ++++++++++----------- migrations/20201015065046-lr.js | 19 ----------------- routes/user_passkey.js | 37 ++++++++++++++------------------- routes/userutils.js | 32 ++++++++++++---------------- start.sh | 0 6 files changed, 42 insertions(+), 72 deletions(-) delete mode 100644 migrations/20201015065046-lr.js mode change 100644 => 100755 start.sh diff --git a/.gitignore b/.gitignore index e765092..ebccbc9 100644 --- a/.gitignore +++ b/.gitignore @@ -63,7 +63,7 @@ yarn-error.log* # Config folder config/ config/config.json - +*config.json* # Editor directories and files .idea *.suo diff --git a/config/config.json b/config/config.json index 18ebb77..9bf0582 100644 --- a/config/config.json +++ b/config/config.json @@ -1,27 +1,27 @@ { "development": { - "username": "troplo", - "password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn", - "database": "troplo_kaverti", - "host": "124.169.200.10", + "username": "kaverti", + "password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982", + "database": "kaverti", + "host": "192.168.0.13", "dialect": "mysql", "maintenance": "true", "passkey": "true" }, "test": { - "username": "troplo", - "password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn", - "database": "troplo_kaverti", - "host": "124.169.200.10", + "username": "kaverti", + "password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982", + "database": "kaverti", + "host": "192.168.0.13", "dialect": "mysql", "maintenance": "true", "passkey": "true" }, "production": { - "username": "troplo", - "password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn", - "database": "troplo_kaverti", - "host": "124.169.200.10", + "username": "kaverti", + "password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982", + "database": "kaverti", + "host": "192.168.0.13", "dialect": "mysql", "maintenance": "true", "passkey": "true" diff --git a/migrations/20201015065046-lr.js b/migrations/20201015065046-lr.js deleted file mode 100644 index 0164741..0000000 --- a/migrations/20201015065046-lr.js +++ /dev/null @@ -1,19 +0,0 @@ -'use strict'; - -module.exports = { - up: (queryInterface, Sequelize) => { - return queryInterface.addColumn( - 'UserConversations', - 'lastRead', - { - type: Sequelize.DATE, - allowNull: false, - defaultValue: new Date(0) - } - ); - }, - - down: (queryInterface, Sequelize) => { - queryInterface.removeColumn('UserConversations', 'lastRead'); - } -}; diff --git a/routes/user_passkey.js b/routes/user_passkey.js index bb4b33f..c5c7809 100644 --- a/routes/user_passkey.js +++ b/routes/user_passkey.js @@ -7,6 +7,7 @@ let { } = require('../models') const cryptoRandomString = require("crypto-random-string") const rateLimit = require("express-rate-limit"); +const jwt = require('jsonwebtoken'); const emailLimiter = rateLimit({ windowMs: 60000, @@ -19,19 +20,7 @@ const registerLimit = rateLimit({ max: 1, // limit each IP to 100 requests per windowMs message: "{\"errors\":[{\"name\":\"rateLimit\",\"message\":\"You may only make 1 request to this endpoint every 5 minutes.\",\"status\":429}]}" }); -function setUserSession(req, res, username, UserId, admin) { - req.userData.loggedIn = true - req.userData.username = username - req.userData.UserId = UserId - res.cookie('username', username) - //Not for security purposes, just so client side can determine - //to show certain parts of ui or not (i.e. could trivially be spoofed - //but the server would not accept any api requests) - res.cookie('admin', !!admin) - - if(admin) { req.userData.admin = true } -} -router.post('/oidfhuisadhi8243', emailLimiter, auth, async(req, res, next) => { +router.post('/oidfhuisadhi8243', emailLimiter, async(req, res, next) => { try { await Ban.isIpBanned(req.ip) @@ -58,11 +47,13 @@ router.post('/oidfhuisadhi8243', emailLimiter, auth, async(req, res, next) => { let user = await User.create(userParams) await Ip.createIfNotExists(req.ip, user) - setUserSession(req, res, user.username, user.id, userParams.admin) - res.json(user.toJSON()) + const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET); + res.json({ + accessToken + }); } catch (e) { next(e) } }) -router.post('/null', emailLimiter, auth, async(req, res, next) => { +router.post('/null', emailLimiter, async(req, res, next) => { try { await Ban.isIpBanned(req.ip) @@ -89,11 +80,13 @@ router.post('/null', emailLimiter, auth, async(req, res, next) => { let user = await User.create(userParams) await Ip.createIfNotExists(req.ip, user) - setUserSession(req, res, user.username, user.id, userParams.admin) - res.json(user.toJSON()) + const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET); + res.json({ + accessToken + }); } catch (e) { next(e) } }) -router.post('/register', emailLimiter, auth, async(req, res, next) => { +router.post('/register', emailLimiter, async(req, res, next) => { try { await Ban.isIpBanned(req.ip) @@ -120,8 +113,10 @@ router.post('/register', emailLimiter, auth, async(req, res, next) => { let user = await User.create(userParams) await Ip.createIfNotExists(req.ip, user) - setUserSession(req, res, user.username, user.id, userParams.admin) - res.json(user.toJSON()) + const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET); + res.json({ + accessToken + }); } catch (e) { next(e) } }) diff --git a/routes/userutils.js b/routes/userutils.js index b055fc1..560e9fd 100644 --- a/routes/userutils.js +++ b/routes/userutils.js @@ -32,15 +32,6 @@ let conversationController = require('../controllers/conversation'); const jwt = require('jsonwebtoken'); let config = require('../config/server.js') -function setUserSession(req, res, username, UserId, admin) { - req.userData.loggedIn = true - req.userData.username = username - req.userData.UserId = UserId - res.cookie('username', username) - - if(admin) { req.userData.admin = true } -} - router.post('/oidfhuisadhi8243', async(req, res) => { try { await Ban.isIpBanned(req.ip) @@ -68,8 +59,10 @@ router.post('/oidfhuisadhi8243', async(req, res) => { let user = await User.create(userParams) await Ip.createIfNotExists(req.ip, user) - setUserSession(req, res, user.username, user.id, userParams.admin) - res.json(user.toJSON()) + const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET); + res.json({ + accessToken + }); } catch (e) { next(e) } }) router.post('/', async(req, res, next) => { @@ -100,8 +93,10 @@ router.post('/', async(req, res, next) => { let user = await User.create(userParams) await Ip.createIfNotExists(req.ip, user) - setUserSession(req, res, user.username, user.id, userParams.admin) - res.json(user.toJSON()) + const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET); + res.json({ + accessToken + }); } catch (e) { next(e) } }) @@ -227,12 +222,11 @@ router.post('/login', async(req, res, next) => { if (await userEmail.comparePassword(req.body.password)) { await Ip.createIfNotExists(req.ip, userEmail) - setUserSession(req, res, userEmail.username, userEmail.id, userEmail.admin) - res.json({ - username: userEmail.username, - admin: userEmail.admin, - success: true - }) + const accessToken = jwt.sign({ username: userEmail.username, admin: userEmail.admin, executive: userEmail.executive, email: userEmail.email, UserId: userEmail.id, loggedIn: true, bot: userEmail.bot, offset: userEmail.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET); + + res.json({ + accessToken + }); } else { res.status(401) res.json({ diff --git a/start.sh b/start.sh old mode 100644 new mode 100755