diff --git a/api/config/config.js b/api/config/config.js index b6f39ff..621e65f 100644 --- a/api/config/config.js +++ b/api/config/config.js @@ -6,6 +6,10 @@ module.exports = { db: 'cc', }, + prod: { + env: 'production' + }, + dev: { env: 'dev' }, diff --git a/api/cron-job/cron.js b/api/cron-job/cron.js index fc692a9..505e78f 100644 --- a/api/cron-job/cron.js +++ b/api/cron-job/cron.js @@ -61,10 +61,10 @@ const createBackup = () => { }; // Execute daily @ 02:30 AM -const cronJobSignature = cron.job('00 09 * * * *', createAllSignatures); +const cronJobSignature = cron.job('00 30 02 * * *', createAllSignatures); // Execute on Mon, Thu and Sat @ 04:00 AM -const cronJobBackup = cron.job('00 30 * * * *', createBackup); +const cronJobBackup = cron.job('00 00 04 * * mon,thu,sat', createBackup); module.exports = { cronJobSignature: cronJobSignature, diff --git a/api/middleware/auth-middleware.js b/api/middleware/auth-middleware.js index 06b78db..ca1e0de 100644 --- a/api/middleware/auth-middleware.js +++ b/api/middleware/auth-middleware.js @@ -12,8 +12,10 @@ const apiAuthentication = (req, res, next) => { // decode token if (token) { + const secret = process.env.NODE_ENV === config.prod.env ? process.env.JWS_SECRET : 'dev-secret'; + // verifies secret and checks exp - jwt.verify(token, config.secret, (err, decoded) => { + jwt.verify(token, secret, (err, decoded) => { if (err) { return res.status(403).json({success: false, message: 'Failed to authenticate token.'}); } else { diff --git a/api/middleware/validators.js b/api/middleware/validators.js new file mode 100644 index 0000000..d9a668c --- /dev/null +++ b/api/middleware/validators.js @@ -0,0 +1,20 @@ +"use strict"; + +// HTTP status codes by name +const codes = require('../routes/http-codes'); + +/** + * check if id has valid UUID format + */ +const idValidator = (req, res, next) => { + const reqId = req.params.id; + + if (!reqId.match(/^[0-9a-fA-F]{24}$/)) { + const err = new Error("Invalid request id format"); + err.status = codes.notfound; + return next(err); + } + next(); +}; + +exports.idValidator = idValidator; diff --git a/api/routes/authenticate.js b/api/routes/authenticate.js index ebdb834..9e39115 100644 --- a/api/routes/authenticate.js +++ b/api/routes/authenticate.js @@ -11,6 +11,8 @@ const logger = require('debug')('cc:authenticate'); // HTTP status codes by name const codes = require('./http-codes'); +const config = require('../config/config'); + const routerHandling = require('../middleware/router-handling'); const AppUserModel = require('../models/app-user'); @@ -52,7 +54,10 @@ let authCheck = (username, password, res) => { } if (user && user.activated && bcrypt.compareSync(password, user.password)) { // authentication successful - let secret = process.env.JWS_SECRET; + const secret = process.env.NODE_ENV === config.prod.env ? process.env.JWS_SECRET : 'dev-secret'; + + console.log(secret) + deferred.resolve({ _id: user._id, username: user.username, diff --git a/api/routes/campaigns.js b/api/routes/campaigns.js index 381f6a1..e37c010 100644 --- a/api/routes/campaigns.js +++ b/api/routes/campaigns.js @@ -7,10 +7,12 @@ const logger = require('debug')('cc:campaigns'); // HTTP status codes by name const codes = require('./http-codes'); -const routerHandling = require('../middleware/router-handling'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkMT = require('../middleware/permission-check').checkMT; +const routerHandling = require('../middleware/router-handling'); +const idValidator = require('../middleware/validators').idValidator; + // Mongoose Model using mongoDB const CampaignModel = require('../models/campaign'); const WarModel = require('../models/war'); @@ -41,7 +43,7 @@ campaigns.route('/') ); campaigns.route('/:id') - .get((req, res, next) => { + .get(idValidator, (req, res, next) => { CampaignModel.findById(req.params.id, (err, item) => { if (err) { err.status = codes.servererror; diff --git a/api/routes/decorations.js b/api/routes/decorations.js index 3a6daab..0278328 100644 --- a/api/routes/decorations.js +++ b/api/routes/decorations.js @@ -13,7 +13,9 @@ const codes = require('./http-codes'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkHl = require('../middleware/permission-check').checkHl; + const routerHandling = require('../middleware/router-handling'); +const idValidator = require('../middleware/validators').idValidator; // Mongoose Model using mongoDB const DecorationModel = require('../models/decoration'); @@ -71,7 +73,7 @@ decoration.route('/') ); decoration.route('/:id') - .get((req, res, next) => { + .get(idValidator, (req, res, next) => { DecorationModel.findById(req.params.id, (err, item) => { if (err) { err.status = codes.servererror; diff --git a/api/routes/ranks.js b/api/routes/ranks.js index c80e788..e0444a3 100644 --- a/api/routes/ranks.js +++ b/api/routes/ranks.js @@ -13,16 +13,15 @@ const codes = require('./http-codes'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkHl = require('../middleware/permission-check').checkHl; + const routerHandling = require('../middleware/router-handling'); +const idValidator = require('../middleware/validators').idValidator; // Mongoose Model using mongoDB const RankModel = require('../models/rank'); const ranks = express.Router(); -// add middleware for bonus tasks 4 and 5 to find filter and offset/limit params for GET / and GET /:id - - // routes ********************** ranks.route('/') .get((req, res, next) => { @@ -74,7 +73,7 @@ ranks.route('/') ranks.route('/:id') - .get((req, res, next) => { + .get(idValidator, (req, res, next) => { RankModel.findById(req.params.id, (err, item) => { if (err) { err.status = codes.servererror; diff --git a/api/routes/signatures.js b/api/routes/signatures.js index 862157b..9f2f987 100644 --- a/api/routes/signatures.js +++ b/api/routes/signatures.js @@ -16,6 +16,7 @@ const signatures = express.Router(); // routes ********************** signatures.route('/:id') + // does not use idValidator since it works by username .get((req, res, next) => { // decode UTF8-escape sequences (special characters) const uri = decodeURIComponent(req.params.id); diff --git a/api/routes/squads.js b/api/routes/squads.js index e9d5bf4..7f5ac5a 100644 --- a/api/routes/squads.js +++ b/api/routes/squads.js @@ -13,7 +13,9 @@ const codes = require('./http-codes'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkHl = require('../middleware/permission-check').checkHl; + const routerHandling = require('../middleware/router-handling'); +const idValidator = require('../middleware/validators').idValidator; // Mongoose Model using mongoDB const SquadModel = require('../models/squad'); @@ -74,7 +76,7 @@ squads.route('/') ); squads.route('/:id') - .get((req, res, next) => { + .get(idValidator, (req, res, next) => { SquadModel.findById(req.params.id, (err, item) => { if (err) { err.status = codes.servererror; diff --git a/api/routes/users.js b/api/routes/users.js index 5e77d30..501a8a1 100644 --- a/api/routes/users.js +++ b/api/routes/users.js @@ -10,9 +10,11 @@ const codes = require('./http-codes'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkHl = require('../middleware/permission-check').checkHl; + const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo'); const filterHandlerCreator = require('../middleware/filter-handler-mongo'); const routerHandling = require('../middleware/router-handling'); +const idValidator = require('../middleware/validators').idValidator; // Mongoose Model using mongoDB const UserModel = require('../models/user'); @@ -86,7 +88,7 @@ users.route('/') users.route('/:id') - .get((req, res, next) => { + .get(idValidator, (req, res, next) => { UserModel.findById(req.params.id).populate('squadId').exec((err, user) => { if (err) { err.status = codes.servererror; diff --git a/api/routes/wars.js b/api/routes/wars.js index 3c3fe61..f2f90bd 100644 --- a/api/routes/wars.js +++ b/api/routes/wars.js @@ -12,10 +12,14 @@ const logger = require('debug')('cc:wars'); // HTTP status codes by name const codes = require('./http-codes'); +// access check const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkMT = require('../middleware/permission-check').checkMT; -const routerHandling = require('../middleware/router-handling'); +const routerHandling = require('../middleware/router-handling'); +const idValidator = require('../middleware/validators').idValidator; + +// log paser tool const parseWarLog = require('../tools/log-parse-tool'); // Mongoose Model using mongoDB @@ -139,7 +143,7 @@ wars.route('/') ); wars.route('/:id') - .get((req, res, next) => { + .get(idValidator, (req, res, next) => { WarModel.findById(req.params.id, (err, item) => { if (err) { err.status = codes.servererror;