forked from kaverti/website
Fixes
This commit is contained in:
main1
parent
6d3ae42a95
commit
1e58096097
|
|
@ -63,7 +63,7 @@ yarn-error.log*
|
||||||
# Config folder
|
# Config folder
|
||||||
config/
|
config/
|
||||||
config/config.json
|
config/config.json
|
||||||
|
*config.json*
|
||||||
# Editor directories and files
|
# Editor directories and files
|
||||||
.idea
|
.idea
|
||||||
*.suo
|
*.suo
|
||||||
|
|
|
||||||
|
|
@ -1,27 +1,27 @@
|
||||||
{
|
{
|
||||||
"development": {
|
"development": {
|
||||||
"username": "troplo",
|
"username": "kaverti",
|
||||||
"password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn",
|
"password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982",
|
||||||
"database": "troplo_kaverti",
|
"database": "kaverti",
|
||||||
"host": "124.169.200.10",
|
"host": "192.168.0.13",
|
||||||
"dialect": "mysql",
|
"dialect": "mysql",
|
||||||
"maintenance": "true",
|
"maintenance": "true",
|
||||||
"passkey": "true"
|
"passkey": "true"
|
||||||
},
|
},
|
||||||
"test": {
|
"test": {
|
||||||
"username": "troplo",
|
"username": "kaverti",
|
||||||
"password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn",
|
"password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982",
|
||||||
"database": "troplo_kaverti",
|
"database": "kaverti",
|
||||||
"host": "124.169.200.10",
|
"host": "192.168.0.13",
|
||||||
"dialect": "mysql",
|
"dialect": "mysql",
|
||||||
"maintenance": "true",
|
"maintenance": "true",
|
||||||
"passkey": "true"
|
"passkey": "true"
|
||||||
},
|
},
|
||||||
"production": {
|
"production": {
|
||||||
"username": "troplo",
|
"username": "kaverti",
|
||||||
"password": "ert54iuhuieht9oge5tiuyrg8hhuiydgfbvtbgfdhijn",
|
"password": "ASDJIASHDyu8w47y8r3e4yreursf7er87yhw887Y&*982",
|
||||||
"database": "troplo_kaverti",
|
"database": "kaverti",
|
||||||
"host": "124.169.200.10",
|
"host": "192.168.0.13",
|
||||||
"dialect": "mysql",
|
"dialect": "mysql",
|
||||||
"maintenance": "true",
|
"maintenance": "true",
|
||||||
"passkey": "true"
|
"passkey": "true"
|
||||||
|
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
||||||
'use strict';
|
|
||||||
|
|
||||||
module.exports = {
|
|
||||||
up: (queryInterface, Sequelize) => {
|
|
||||||
return queryInterface.addColumn(
|
|
||||||
'UserConversations',
|
|
||||||
'lastRead',
|
|
||||||
{
|
|
||||||
type: Sequelize.DATE,
|
|
||||||
allowNull: false,
|
|
||||||
defaultValue: new Date(0)
|
|
||||||
}
|
|
||||||
);
|
|
||||||
},
|
|
||||||
|
|
||||||
down: (queryInterface, Sequelize) => {
|
|
||||||
queryInterface.removeColumn('UserConversations', 'lastRead');
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
@ -7,6 +7,7 @@ let {
|
||||||
} = require('../models')
|
} = require('../models')
|
||||||
const cryptoRandomString = require("crypto-random-string")
|
const cryptoRandomString = require("crypto-random-string")
|
||||||
const rateLimit = require("express-rate-limit");
|
const rateLimit = require("express-rate-limit");
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
const emailLimiter = rateLimit({
|
const emailLimiter = rateLimit({
|
||||||
windowMs: 60000,
|
windowMs: 60000,
|
||||||
|
|
@ -19,19 +20,7 @@ const registerLimit = rateLimit({
|
||||||
max: 1, // limit each IP to 100 requests per windowMs
|
max: 1, // limit each IP to 100 requests per windowMs
|
||||||
message: "{\"errors\":[{\"name\":\"rateLimit\",\"message\":\"You may only make 1 request to this endpoint every 5 minutes.\",\"status\":429}]}"
|
message: "{\"errors\":[{\"name\":\"rateLimit\",\"message\":\"You may only make 1 request to this endpoint every 5 minutes.\",\"status\":429}]}"
|
||||||
});
|
});
|
||||||
function setUserSession(req, res, username, UserId, admin) {
|
router.post('/oidfhuisadhi8243', emailLimiter, async(req, res, next) => {
|
||||||
req.userData.loggedIn = true
|
|
||||||
req.userData.username = username
|
|
||||||
req.userData.UserId = UserId
|
|
||||||
res.cookie('username', username)
|
|
||||||
//Not for security purposes, just so client side can determine
|
|
||||||
//to show certain parts of ui or not (i.e. could trivially be spoofed
|
|
||||||
//but the server would not accept any api requests)
|
|
||||||
res.cookie('admin', !!admin)
|
|
||||||
|
|
||||||
if(admin) { req.userData.admin = true }
|
|
||||||
}
|
|
||||||
router.post('/oidfhuisadhi8243', emailLimiter, auth, async(req, res, next) => {
|
|
||||||
try {
|
try {
|
||||||
await Ban.isIpBanned(req.ip)
|
await Ban.isIpBanned(req.ip)
|
||||||
|
|
||||||
|
|
@ -58,11 +47,13 @@ router.post('/oidfhuisadhi8243', emailLimiter, auth, async(req, res, next) => {
|
||||||
let user = await User.create(userParams)
|
let user = await User.create(userParams)
|
||||||
await Ip.createIfNotExists(req.ip, user)
|
await Ip.createIfNotExists(req.ip, user)
|
||||||
|
|
||||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||||
res.json(user.toJSON())
|
res.json({
|
||||||
|
accessToken
|
||||||
|
});
|
||||||
} catch (e) { next(e) }
|
} catch (e) { next(e) }
|
||||||
})
|
})
|
||||||
router.post('/null', emailLimiter, auth, async(req, res, next) => {
|
router.post('/null', emailLimiter, async(req, res, next) => {
|
||||||
try {
|
try {
|
||||||
await Ban.isIpBanned(req.ip)
|
await Ban.isIpBanned(req.ip)
|
||||||
|
|
||||||
|
|
@ -89,11 +80,13 @@ router.post('/null', emailLimiter, auth, async(req, res, next) => {
|
||||||
let user = await User.create(userParams)
|
let user = await User.create(userParams)
|
||||||
await Ip.createIfNotExists(req.ip, user)
|
await Ip.createIfNotExists(req.ip, user)
|
||||||
|
|
||||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||||
res.json(user.toJSON())
|
res.json({
|
||||||
|
accessToken
|
||||||
|
});
|
||||||
} catch (e) { next(e) }
|
} catch (e) { next(e) }
|
||||||
})
|
})
|
||||||
router.post('/register', emailLimiter, auth, async(req, res, next) => {
|
router.post('/register', emailLimiter, async(req, res, next) => {
|
||||||
try {
|
try {
|
||||||
await Ban.isIpBanned(req.ip)
|
await Ban.isIpBanned(req.ip)
|
||||||
|
|
||||||
|
|
@ -120,8 +113,10 @@ router.post('/register', emailLimiter, auth, async(req, res, next) => {
|
||||||
let user = await User.create(userParams)
|
let user = await User.create(userParams)
|
||||||
await Ip.createIfNotExists(req.ip, user)
|
await Ip.createIfNotExists(req.ip, user)
|
||||||
|
|
||||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||||
res.json(user.toJSON())
|
res.json({
|
||||||
|
accessToken
|
||||||
|
});
|
||||||
} catch (e) { next(e) }
|
} catch (e) { next(e) }
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,15 +32,6 @@ let conversationController = require('../controllers/conversation');
|
||||||
const jwt = require('jsonwebtoken');
|
const jwt = require('jsonwebtoken');
|
||||||
let config = require('../config/server.js')
|
let config = require('../config/server.js')
|
||||||
|
|
||||||
function setUserSession(req, res, username, UserId, admin) {
|
|
||||||
req.userData.loggedIn = true
|
|
||||||
req.userData.username = username
|
|
||||||
req.userData.UserId = UserId
|
|
||||||
res.cookie('username', username)
|
|
||||||
|
|
||||||
if(admin) { req.userData.admin = true }
|
|
||||||
}
|
|
||||||
|
|
||||||
router.post('/oidfhuisadhi8243', async(req, res) => {
|
router.post('/oidfhuisadhi8243', async(req, res) => {
|
||||||
try {
|
try {
|
||||||
await Ban.isIpBanned(req.ip)
|
await Ban.isIpBanned(req.ip)
|
||||||
|
|
@ -68,8 +59,10 @@ router.post('/oidfhuisadhi8243', async(req, res) => {
|
||||||
let user = await User.create(userParams)
|
let user = await User.create(userParams)
|
||||||
await Ip.createIfNotExists(req.ip, user)
|
await Ip.createIfNotExists(req.ip, user)
|
||||||
|
|
||||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||||
res.json(user.toJSON())
|
res.json({
|
||||||
|
accessToken
|
||||||
|
});
|
||||||
} catch (e) { next(e) }
|
} catch (e) { next(e) }
|
||||||
})
|
})
|
||||||
router.post('/', async(req, res, next) => {
|
router.post('/', async(req, res, next) => {
|
||||||
|
|
@ -100,8 +93,10 @@ router.post('/', async(req, res, next) => {
|
||||||
let user = await User.create(userParams)
|
let user = await User.create(userParams)
|
||||||
await Ip.createIfNotExists(req.ip, user)
|
await Ip.createIfNotExists(req.ip, user)
|
||||||
|
|
||||||
setUserSession(req, res, user.username, user.id, userParams.admin)
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||||
res.json(user.toJSON())
|
res.json({
|
||||||
|
accessToken
|
||||||
|
});
|
||||||
} catch (e) { next(e) }
|
} catch (e) { next(e) }
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
@ -227,12 +222,11 @@ router.post('/login', async(req, res, next) => {
|
||||||
if (await userEmail.comparePassword(req.body.password)) {
|
if (await userEmail.comparePassword(req.body.password)) {
|
||||||
await Ip.createIfNotExists(req.ip, userEmail)
|
await Ip.createIfNotExists(req.ip, userEmail)
|
||||||
|
|
||||||
setUserSession(req, res, userEmail.username, userEmail.id, userEmail.admin)
|
const accessToken = jwt.sign({ username: userEmail.username, admin: userEmail.admin, executive: userEmail.executive, email: userEmail.email, UserId: userEmail.id, loggedIn: true, bot: userEmail.bot, offset: userEmail.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
||||||
res.json({
|
|
||||||
username: userEmail.username,
|
res.json({
|
||||||
admin: userEmail.admin,
|
accessToken
|
||||||
success: true
|
});
|
||||||
})
|
|
||||||
} else {
|
} else {
|
||||||
res.status(401)
|
res.status(401)
|
||||||
res.json({
|
res.json({
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue