Add ID validator; fix authentication secret usage
							parent
							
								
									ef65552c7b
								
							
						
					
					
						commit
						b4729788ab
					
				|  | @ -6,6 +6,10 @@ module.exports = { | |||
|     db: 'cc', | ||||
|   }, | ||||
| 
 | ||||
|   prod: { | ||||
|     env: 'production' | ||||
|   }, | ||||
| 
 | ||||
|   dev: { | ||||
|     env: 'dev' | ||||
|   }, | ||||
|  |  | |||
|  | @ -61,10 +61,10 @@ const createBackup = () => { | |||
| }; | ||||
| 
 | ||||
| // Execute daily @ 02:30 AM
 | ||||
| const cronJobSignature = cron.job('00 09 * * * *', createAllSignatures); | ||||
| const cronJobSignature = cron.job('00 30 02 * * *', createAllSignatures); | ||||
| 
 | ||||
| // Execute on Mon, Thu and Sat @ 04:00 AM
 | ||||
| const cronJobBackup = cron.job('00 30 * * * *', createBackup); | ||||
| const cronJobBackup = cron.job('00 00 04 * * mon,thu,sat', createBackup); | ||||
| 
 | ||||
| module.exports = { | ||||
|   cronJobSignature: cronJobSignature, | ||||
|  |  | |||
|  | @ -12,8 +12,10 @@ const apiAuthentication = (req, res, next) => { | |||
|   // decode token
 | ||||
|   if (token) { | ||||
| 
 | ||||
|     const secret = process.env.NODE_ENV === config.prod.env ? process.env.JWS_SECRET : 'dev-secret'; | ||||
| 
 | ||||
|     // verifies secret and checks exp
 | ||||
|     jwt.verify(token, config.secret, (err, decoded) => { | ||||
|     jwt.verify(token, secret, (err, decoded) => { | ||||
|       if (err) { | ||||
|         return res.status(403).json({success: false, message: 'Failed to authenticate token.'}); | ||||
|       } else { | ||||
|  |  | |||
|  | @ -0,0 +1,20 @@ | |||
| "use strict"; | ||||
| 
 | ||||
| // HTTP status codes by name
 | ||||
| const codes = require('../routes/http-codes'); | ||||
| 
 | ||||
| /** | ||||
|  * check if id has valid UUID format | ||||
|  */ | ||||
| const idValidator = (req, res, next) => { | ||||
|   const reqId = req.params.id; | ||||
| 
 | ||||
|   if (!reqId.match(/^[0-9a-fA-F]{24}$/)) { | ||||
|     const err = new Error("Invalid request id format"); | ||||
|     err.status = codes.notfound; | ||||
|     return next(err); | ||||
|   } | ||||
|   next(); | ||||
| }; | ||||
| 
 | ||||
| exports.idValidator = idValidator; | ||||
|  | @ -11,6 +11,8 @@ const logger = require('debug')('cc:authenticate'); | |||
| // HTTP status codes by name
 | ||||
| const codes = require('./http-codes'); | ||||
| 
 | ||||
| const config = require('../config/config'); | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| 
 | ||||
| const AppUserModel = require('../models/app-user'); | ||||
|  | @ -52,7 +54,10 @@ let authCheck = (username, password, res) => { | |||
|     } | ||||
|     if (user && user.activated && bcrypt.compareSync(password, user.password)) { | ||||
|       // authentication successful
 | ||||
|       let secret = process.env.JWS_SECRET; | ||||
|       const secret = process.env.NODE_ENV === config.prod.env ? process.env.JWS_SECRET : 'dev-secret'; | ||||
| 
 | ||||
|       console.log(secret) | ||||
| 
 | ||||
|       deferred.resolve({ | ||||
|         _id: user._id, | ||||
|         username: user.username, | ||||
|  |  | |||
|  | @ -7,10 +7,12 @@ const logger = require('debug')('cc:campaigns'); | |||
| // HTTP status codes by name
 | ||||
| const codes = require('./http-codes'); | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); | ||||
| const checkMT = require('../middleware/permission-check').checkMT; | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const idValidator = require('../middleware/validators').idValidator; | ||||
| 
 | ||||
| // Mongoose Model using mongoDB
 | ||||
| const CampaignModel = require('../models/campaign'); | ||||
| const WarModel = require('../models/war'); | ||||
|  | @ -41,7 +43,7 @@ campaigns.route('/') | |||
|   ); | ||||
| 
 | ||||
| campaigns.route('/:id') | ||||
|   .get((req, res, next) => { | ||||
|   .get(idValidator, (req, res, next) => { | ||||
|     CampaignModel.findById(req.params.id, (err, item) => { | ||||
|       if (err) { | ||||
|         err.status = codes.servererror; | ||||
|  |  | |||
|  | @ -13,7 +13,9 @@ const codes = require('./http-codes'); | |||
| 
 | ||||
| const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); | ||||
| const checkHl = require('../middleware/permission-check').checkHl; | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const idValidator = require('../middleware/validators').idValidator; | ||||
| 
 | ||||
| // Mongoose Model using mongoDB
 | ||||
| const DecorationModel = require('../models/decoration'); | ||||
|  | @ -71,7 +73,7 @@ decoration.route('/') | |||
|   ); | ||||
| 
 | ||||
| decoration.route('/:id') | ||||
|   .get((req, res, next) => { | ||||
|   .get(idValidator, (req, res, next) => { | ||||
|     DecorationModel.findById(req.params.id, (err, item) => { | ||||
|       if (err) { | ||||
|         err.status = codes.servererror; | ||||
|  |  | |||
|  | @ -13,16 +13,15 @@ const codes = require('./http-codes'); | |||
| 
 | ||||
| const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); | ||||
| const checkHl = require('../middleware/permission-check').checkHl; | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const idValidator = require('../middleware/validators').idValidator; | ||||
| 
 | ||||
| // Mongoose Model using mongoDB
 | ||||
| const RankModel = require('../models/rank'); | ||||
| 
 | ||||
| const ranks = express.Router(); | ||||
| 
 | ||||
| // add middleware for bonus tasks 4 and 5 to find filter and offset/limit params  for GET / and GET /:id
 | ||||
| 
 | ||||
| 
 | ||||
| // routes **********************
 | ||||
| ranks.route('/') | ||||
|   .get((req, res, next) => { | ||||
|  | @ -74,7 +73,7 @@ ranks.route('/') | |||
| 
 | ||||
| 
 | ||||
| ranks.route('/:id') | ||||
|   .get((req, res, next) => { | ||||
|   .get(idValidator, (req, res, next) => { | ||||
|     RankModel.findById(req.params.id, (err, item) => { | ||||
|       if (err) { | ||||
|         err.status = codes.servererror; | ||||
|  |  | |||
|  | @ -16,6 +16,7 @@ const signatures = express.Router(); | |||
| 
 | ||||
| // routes **********************
 | ||||
| signatures.route('/:id') | ||||
|   // does not use idValidator since it works by username
 | ||||
|   .get((req, res, next) => { | ||||
|     // decode UTF8-escape sequences (special characters)
 | ||||
|     const uri = decodeURIComponent(req.params.id); | ||||
|  |  | |||
|  | @ -13,7 +13,9 @@ const codes = require('./http-codes'); | |||
| 
 | ||||
| const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); | ||||
| const checkHl = require('../middleware/permission-check').checkHl; | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const idValidator = require('../middleware/validators').idValidator; | ||||
| 
 | ||||
| // Mongoose Model using mongoDB
 | ||||
| const SquadModel = require('../models/squad'); | ||||
|  | @ -74,7 +76,7 @@ squads.route('/') | |||
|   ); | ||||
| 
 | ||||
| squads.route('/:id') | ||||
|   .get((req, res, next) => { | ||||
|   .get(idValidator, (req, res, next) => { | ||||
|     SquadModel.findById(req.params.id, (err, item) => { | ||||
|       if (err) { | ||||
|         err.status = codes.servererror; | ||||
|  |  | |||
|  | @ -10,9 +10,11 @@ const codes = require('./http-codes'); | |||
| 
 | ||||
| const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); | ||||
| const checkHl = require('../middleware/permission-check').checkHl; | ||||
| 
 | ||||
| const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo'); | ||||
| const filterHandlerCreator = require('../middleware/filter-handler-mongo'); | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const idValidator = require('../middleware/validators').idValidator; | ||||
| 
 | ||||
| // Mongoose Model using mongoDB
 | ||||
| const UserModel = require('../models/user'); | ||||
|  | @ -86,7 +88,7 @@ users.route('/') | |||
| 
 | ||||
| 
 | ||||
| users.route('/:id') | ||||
|   .get((req, res, next) => { | ||||
|   .get(idValidator, (req, res, next) => { | ||||
|     UserModel.findById(req.params.id).populate('squadId').exec((err, user) => { | ||||
|       if (err) { | ||||
|         err.status = codes.servererror; | ||||
|  |  | |||
|  | @ -12,10 +12,14 @@ const logger = require('debug')('cc:wars'); | |||
| // HTTP status codes by name
 | ||||
| const codes = require('./http-codes'); | ||||
| 
 | ||||
| // access check
 | ||||
| const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); | ||||
| const checkMT = require('../middleware/permission-check').checkMT; | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| 
 | ||||
| const routerHandling = require('../middleware/router-handling'); | ||||
| const idValidator = require('../middleware/validators').idValidator; | ||||
| 
 | ||||
| // log paser tool
 | ||||
| const parseWarLog = require('../tools/log-parse-tool'); | ||||
| 
 | ||||
| // Mongoose Model using mongoDB
 | ||||
|  | @ -139,7 +143,7 @@ wars.route('/') | |||
|   ); | ||||
| 
 | ||||
| wars.route('/:id') | ||||
|   .get((req, res, next) => { | ||||
|   .get(idValidator, (req, res, next) => { | ||||
|     WarModel.findById(req.params.id, (err, item) => { | ||||
|       if (err) { | ||||
|         err.status = codes.servererror; | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue