Skip to content

Commit

Permalink
Fix auth by requiring body/cookie parser
Browse files Browse the repository at this point in the history
  • Loading branch information
@yeojoey
yeojoey committed Mar 2, 2017
1 parent d9bc505 commit c1cf5fd
Show file tree
Hide file tree
Showing 6 changed files with 53 additions and 16 deletions.
12 changes: 10 additions & 2 deletions app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ var app = module.exports = express ();
var fs = require ('fs');
var path = require ('path');


app.set ('rootPath', __dirname);

// parse config file
Expand All @@ -27,11 +28,17 @@ app.set ('view engine', 'ejs');
// File Limitation
app.set ('MAX_FILE_SIZE', 30000000); // In Bytes, equals to 30Mb

//use router to handle different url request
app.use (router);
var cookieParser = require ('cookie-parser');
var bodyParser = require ('body-parser');

app.use (bodyParser.json ());
app.use (bodyParser.urlencoded ({extended: false}));
app.use (cookieParser ());


//use router to handle different url request
app.use (router);

//error handling
app.use
(
Expand All @@ -56,3 +63,4 @@ var server = app.listen
}
)


3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
"start": "node ./app"
},
"dependencies": {
"body-parser": "^1.17.0",
"ejs": "~2.3.3",
"express": "~4.13.1"
}
}
}
20 changes: 19 additions & 1 deletion source/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ var verify = function (token, callback) {
})
}

var protectCSRF = function (req, res, next) {
req.cookies.token = null;
return next();
}

// ensureAuth is a middleware that ensures the JSON web token has been verified.

var ensureAuth = function (req, res, next) {
Expand Down Expand Up @@ -44,6 +49,19 @@ var ensureAuth = function (req, res, next) {

}

var setAuth = function (id, name) {
var tmpuser = {};
tmpuser.id = id;
tmpuser.name = name

//set token
var token = jwt.sign (tmpuser, app.get ('jwt-secret'), {
expiresIn: '30d'
});
return token;
}


module.exports.verify = verify;
module.exports.ensureAuth = ensureAuth;
module.exports.ensureAuth = ensureAuth;
module.exports.setAuth = setAuth;
13 changes: 11 additions & 2 deletions source/controller/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,22 @@
*/
var get = function (req, res, next)
{
var user = "Test";
var auth = req.body.auth;
var user;
if (auth.success) {
console.log(auth);
console.log('');
console.log(auth.decoded);
user = auth.decoded;
}
res.render
(
'index',
{
title: 'E-Tutorial - Login',
user: user
user: user,
ip: req.app.get('server-ip'),
port: req.app.get('server-port')
}
);
}
Expand Down
15 changes: 8 additions & 7 deletions source/controller/login.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,15 @@ var usehttps = app.get('use-https');

var ivleToken;


if (!usehttps) {
protocol = 'http';
}

var get = function (req, res, next) {
var auth = req.body.auth;
if (auth.success) {
res.redirect('/');
}
res.redirect('https://ivle.nus.edu.sg/api/login/?apikey=' + app.get('api-key') + '&url=' + protocol + '://' + app.get ('server-ip') + ':' + app.get('server-port') + '/login/callback');
}

Expand All @@ -31,7 +34,6 @@ var callback = function (req, res, next) {
if (result != undefined) {
result.Token = ivleToken;


User.findOne({
where:{
id: result.UserID
Expand All @@ -45,10 +47,10 @@ var callback = function (req, res, next) {
gender: result.Gender,
token: result.Token,
}).then(function(user){
//var authToken = auth.setAuth (result.UserID, result.Name);
var authToken = auth.setAuth (result.UserID, result.Name);
//logger.info(result.UserID + ' created user');
//return res.redirect (app.get('server-ip') + ':' + app.get('server-port'), {token: authToken});
return res.redirect (protocol + '://' + app.get ('server-ip') + ':' + app.get('server-port'));
return res.redirect (protocol + '://' + app.get ('server-ip') + ':' + app.get('server-port'), {token: authToken});
}).catch(function(err){
//logger.error(result.UserID + ' create user failed');
return res.json({success:false, at:'Create user', message:err});
Expand All @@ -62,10 +64,9 @@ var callback = function (req, res, next) {
}
}).then(function(user){
// TODO: integrate auth
// var authToken = auth.setAuth (result.UserID, result.Name);
var authToken = auth.setAuth (result.UserID, result.Name);
//logger.info(result.UserID + ' updated user information');
//return res.redirect (app.get('server-ip') + ':' + app.get('server-port'), {token: authToken});
return res.redirect (protocol + '://' + app.get ('server-ip') + ':' + app.get('server-port'));
return res.redirect (protocol + '://' + app.get ('server-ip') + ':' + app.get('server-port'), {token: authToken});
}).catch(function(err){
//logger.error(result.UserID + ' update user information failed');
console.log(err.stack);
Expand Down
6 changes: 3 additions & 3 deletions source/router.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@
var express = require ('express');
var router = express.Router ();

var auth = require('./auth');
var index = require ('./controller/index');
var login = require ('./controller/login');


router.get ('/', index.get);

router.get ('/login', login.get);
router.get ('/', auth.ensureAuth, index.get);
router.get ('/login', auth.ensureAuth, login.get);
router.get ('/login/callback', login.callback);

module.exports = router;

0 comments on commit c1cf5fd

Please sign in to comment.