aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/html/admin.html2
-rw-r--r--src/html/bread.html2
-rw-r--r--src/html/index.html2
-rw-r--r--src/html/login.html25
-rw-r--r--src/index.js28
-rw-r--r--src/server.js58
6 files changed, 98 insertions, 19 deletions
diff --git a/src/html/admin.html b/src/html/admin.html
index 7c87ba6..d0d2e81 100644
--- a/src/html/admin.html
+++ b/src/html/admin.html
@@ -27,7 +27,7 @@
<option value="index">Index</option>
</select>
</div>
- <input type="submit">
+ <input type="submit" value="Submit">
</form>
</div>
</div>
diff --git a/src/html/bread.html b/src/html/bread.html
index e6eeb47..1ce1478 100644
--- a/src/html/bread.html
+++ b/src/html/bread.html
@@ -18,7 +18,7 @@
},
created() {
fetch(new Request('/posts/bread')).then(response => response.json())
- .then(response => this.posts = response.data);
+ .then(response => this.posts = response);
}
});
}
diff --git a/src/html/index.html b/src/html/index.html
index c7e398b..01f6e4e 100644
--- a/src/html/index.html
+++ b/src/html/index.html
@@ -19,7 +19,7 @@
},
created() {
fetch(new Request('/posts/index')).then(response => response.json())
- .then(response => this.posts = response.data);
+ .then(response => this.posts = response);
}
});
}
diff --git a/src/html/login.html b/src/html/login.html
new file mode 100644
index 0000000..53a2d06
--- /dev/null
+++ b/src/html/login.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+ <title>Mark's Kitchen - Login</title>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+ <link rel="stylesheet" type="text/css" href="/css/bootstrap.css">
+ <link rel="stylesheet" type="text/css" href="/css/styles.css">
+</head>
+
+<body>
+ <div>
+ <h1>Login</h1>
+ <div class="form">
+ <form action="/login" method="post" enctype="application/x-www-form-urlencoded">
+ <input type="text" placeholder="Enter Username" name="username" required>
+ <input type="password" placeholder="Enter Password" name="password" required>
+ <input type="submit">
+ </form>
+ </div>
+ </div>
+</body>
+
+</html> \ No newline at end of file
diff --git a/src/index.js b/src/index.js
index b47824a..925a166 100644
--- a/src/index.js
+++ b/src/index.js
@@ -2,8 +2,21 @@ const server = require('./server');
const Sequelize = require('sequelize');
const fs = require('fs');
const path = require('path');
+const jwt = require('jsonwebtoken');
-const dbCreds = JSON.parse(fs.readFileSync(path.join(__dirname, 'config.json'))).database;
+const config = JSON.parse(fs.readFileSync(path.join(__dirname, 'config.json')));
+
+const dbCreds = config.database;
+const secret = config.jwt_secret;
+
+const jwtFunctions = {
+ sign: function(message) {
+ return jwt.sign({ value: message }, secret);
+ },
+ verify: function(token) {
+ return jwt.verify(token, secret).value;
+ }
+}
const database = new Sequelize(dbCreds.database, dbCreds.user, dbCreds.password, {
logging(str) {
@@ -43,7 +56,16 @@ function setUpModels(){
},}),
"pictures": database.define('pictures', {
source: { type: Sequelize.TEXT, allowNull: false},
- })
+ }),
+ "users": database.define('user', {
+ username: {
+ type: Sequelize.STRING,
+ allowNull: false,
+ },
+ password: {
+ type: Sequelize.STRING,
+ allowNull: false,
+ },})
}
models.pictures.belongsTo(models.posts);
return models;
@@ -52,6 +74,6 @@ function setUpModels(){
const models = setUpModels();
sync();
-server.setUpRoutes(models);
+server.setUpRoutes(models, jwtFunctions);
server.listen();
diff --git a/src/server.js b/src/server.js
index 4cf76d1..c6630e8 100644
--- a/src/server.js
+++ b/src/server.js
@@ -1,6 +1,8 @@
const express = require('express');
const bodyParser = require('body-parser');
+const cookieParser = require('cookie-parser');
const request = require('request');
+const crypto = require('crypto');
const multer = require('multer');
var storage = multer.diskStorage({
@@ -8,13 +10,10 @@ var storage = multer.diskStorage({
cb(null, 'src/uploads/')
},
filename: function (req, file, cb) {
- console.log(file);
var ext = "";
if(file.originalname.includes(".")){
ext = "." + file.originalname.split(".")[1];
- console.log(ext);
}
- console.log(ext);
return cb(null, 'img-' + Date.now()+ext)
}
})
@@ -24,21 +23,46 @@ const port = 80;
const server = express();
// server.use(bodyParser.json());
+server.use(cookieParser())
server.use(bodyParser.urlencoded({ extended: true }));
+// Route logging
server.use(function (req, res, next) {
console.debug("express:", req.method, req.originalUrl);
next()
})
-
function listen(){
server.listen(port, () => console.info(`Listening on port ${port}!`));
}
-function setUpRoutes(models){
+function setUpRoutes(models, jwtFunctions){
+ // Authentication routine
+ server.use(function(req, res, next) {
+ if(req.path.startsWith("/admin")){
+ let cookie = req.cookies.authorization
+ if (!cookie) {
+ res.redirect('/login');
+ }
+ try {
+ const decryptedUserId = jwtFunctions.verify(cookie);
+ models.users.findOne({where: {username: decryptedUserId}}).then((user, error) => {
+ if (user) {
+ res.locals.user = user.get({ plain: true });
+ } else {
+ res.redirect('/login');
+ }
+ });
+ } catch (e){
+ res.status(400).send(e.message);
+ }
+ }
+ next();
+ })
+
server.get('/', (req, res) => res.sendFile(__dirname + "/html/index.html"))
server.get('/index', (req, res) => res.sendFile(__dirname + "/html/index.html"))
server.get('/admin', (req, res) => res.sendFile(__dirname + "/html/admin.html"));
+ server.get('/login', (req, res) => res.sendFile(__dirname + "/html/login.html"))
server.get('/bread', (req, res) => res.sendFile(__dirname + "/html/bread.html"));
server.get('/essay', (req, res) => res.sendFile(__dirname + "/html/essay.html"));
server.get('/snake', (req, res) => res.sendFile(__dirname + "/html/snake.html"));
@@ -55,16 +79,15 @@ function setUpRoutes(models){
const images = await models.pictures.findAll({ attributes: ["source"], where: { postId: post.id }}).map(x => x.source);
post.images = images;
}
- res.status(200).send({ success: true, data: posts });
+ res.status(200).send(posts);
next();
} catch (e) {
- res.status(400).send({ success: false, error: e.message });
+ res.status(400).send(e.message);
}
})
server.post('/posts', upload.array('images'), async (req, res, next) => {
try {
console.log(req.body);
-
const type = req.body.type
const newPost = await models.posts.create(req.body);
req.files.forEach(async (file) => {
@@ -75,8 +98,21 @@ function setUpRoutes(models){
res.redirect(`/${type}`);
next();
} catch (e) {
- res.status(400).send({ success: false, error: e.message });
+ res.status(400).send(e.message);
+ }
+ })
+ server.post('/login', async (req, res, next) => {
+ console.log(req.body);
+ const hash = crypto.createHash("sha512").update(req.body.password, "binary").digest("base64");
+ console.log(hash);
+ const user = await models.users.findOne({where: { username: req.body.username, password: hash }})
+ if(user){
+ const token = jwtFunctions.sign(user.username);
+ res.redirect('/admin');
+ } else {
+ res.redirect('/login');
}
+ next();
})
@@ -84,10 +120,6 @@ function setUpRoutes(models){
server.get('/css/:id', (req, res) => {
res.sendFile(__dirname + "/css/"+req.params.id);
});
- server.get('/photo/:id', (req, res) => {
- // res.setHeater("Content-Type", "image")
- res.sendFile(__dirname + "/photo/"+req.params.id);
- });
server.get('/uploads/:id', (req, res) => {
res.sendFile(__dirname + "/uploads/"+req.params.id);
});