From c21eba4246be5c9831705a86592b45c70648c167 Mon Sep 17 00:00:00 2001 From: Mark Powers Date: Sat, 2 Feb 2019 10:51:10 -0500 Subject: Add admin panel --- src/html/admin.html | 2 +- src/html/bread.html | 2 +- src/html/index.html | 2 +- src/html/login.html | 25 +++++++++++++++++++++++ src/index.js | 28 +++++++++++++++++++++++--- src/server.js | 58 +++++++++++++++++++++++++++++++++++++++++------------ 6 files changed, 98 insertions(+), 19 deletions(-) create mode 100644 src/html/login.html (limited to 'src') diff --git a/src/html/admin.html b/src/html/admin.html index 7c87ba6..d0d2e81 100644 --- a/src/html/admin.html +++ b/src/html/admin.html @@ -27,7 +27,7 @@ - + diff --git a/src/html/bread.html b/src/html/bread.html index e6eeb47..1ce1478 100644 --- a/src/html/bread.html +++ b/src/html/bread.html @@ -18,7 +18,7 @@ }, created() { fetch(new Request('/posts/bread')).then(response => response.json()) - .then(response => this.posts = response.data); + .then(response => this.posts = response); } }); } diff --git a/src/html/index.html b/src/html/index.html index c7e398b..01f6e4e 100644 --- a/src/html/index.html +++ b/src/html/index.html @@ -19,7 +19,7 @@ }, created() { fetch(new Request('/posts/index')).then(response => response.json()) - .then(response => this.posts = response.data); + .then(response => this.posts = response); } }); } diff --git a/src/html/login.html b/src/html/login.html new file mode 100644 index 0000000..53a2d06 --- /dev/null +++ b/src/html/login.html @@ -0,0 +1,25 @@ + + + + + Mark's Kitchen - Login + + + + + + + +
+

Login

+
+
+ + + +
+
+
+ + + \ No newline at end of file diff --git a/src/index.js b/src/index.js index b47824a..925a166 100644 --- a/src/index.js +++ b/src/index.js @@ -2,8 +2,21 @@ const server = require('./server'); const Sequelize = require('sequelize'); const fs = require('fs'); const path = require('path'); +const jwt = require('jsonwebtoken'); -const dbCreds = JSON.parse(fs.readFileSync(path.join(__dirname, 'config.json'))).database; +const config = JSON.parse(fs.readFileSync(path.join(__dirname, 'config.json'))); + +const dbCreds = config.database; +const secret = config.jwt_secret; + +const jwtFunctions = { + sign: function(message) { + return jwt.sign({ value: message }, secret); + }, + verify: function(token) { + return jwt.verify(token, secret).value; + } +} const database = new Sequelize(dbCreds.database, dbCreds.user, dbCreds.password, { logging(str) { @@ -43,7 +56,16 @@ function setUpModels(){ },}), "pictures": database.define('pictures', { source: { type: Sequelize.TEXT, allowNull: false}, - }) + }), + "users": database.define('user', { + username: { + type: Sequelize.STRING, + allowNull: false, + }, + password: { + type: Sequelize.STRING, + allowNull: false, + },}) } models.pictures.belongsTo(models.posts); return models; @@ -52,6 +74,6 @@ function setUpModels(){ const models = setUpModels(); sync(); -server.setUpRoutes(models); +server.setUpRoutes(models, jwtFunctions); server.listen(); diff --git a/src/server.js b/src/server.js index 4cf76d1..c6630e8 100644 --- a/src/server.js +++ b/src/server.js @@ -1,6 +1,8 @@ const express = require('express'); const bodyParser = require('body-parser'); +const cookieParser = require('cookie-parser'); const request = require('request'); +const crypto = require('crypto'); const multer = require('multer'); var storage = multer.diskStorage({ @@ -8,13 +10,10 @@ var storage = multer.diskStorage({ cb(null, 'src/uploads/') }, filename: function (req, file, cb) { - console.log(file); var ext = ""; if(file.originalname.includes(".")){ ext = "." + file.originalname.split(".")[1]; - console.log(ext); } - console.log(ext); return cb(null, 'img-' + Date.now()+ext) } }) @@ -24,21 +23,46 @@ const port = 80; const server = express(); // server.use(bodyParser.json()); +server.use(cookieParser()) server.use(bodyParser.urlencoded({ extended: true })); +// Route logging server.use(function (req, res, next) { console.debug("express:", req.method, req.originalUrl); next() }) - function listen(){ server.listen(port, () => console.info(`Listening on port ${port}!`)); } -function setUpRoutes(models){ +function setUpRoutes(models, jwtFunctions){ + // Authentication routine + server.use(function(req, res, next) { + if(req.path.startsWith("/admin")){ + let cookie = req.cookies.authorization + if (!cookie) { + res.redirect('/login'); + } + try { + const decryptedUserId = jwtFunctions.verify(cookie); + models.users.findOne({where: {username: decryptedUserId}}).then((user, error) => { + if (user) { + res.locals.user = user.get({ plain: true }); + } else { + res.redirect('/login'); + } + }); + } catch (e){ + res.status(400).send(e.message); + } + } + next(); + }) + server.get('/', (req, res) => res.sendFile(__dirname + "/html/index.html")) server.get('/index', (req, res) => res.sendFile(__dirname + "/html/index.html")) server.get('/admin', (req, res) => res.sendFile(__dirname + "/html/admin.html")); + server.get('/login', (req, res) => res.sendFile(__dirname + "/html/login.html")) server.get('/bread', (req, res) => res.sendFile(__dirname + "/html/bread.html")); server.get('/essay', (req, res) => res.sendFile(__dirname + "/html/essay.html")); server.get('/snake', (req, res) => res.sendFile(__dirname + "/html/snake.html")); @@ -55,16 +79,15 @@ function setUpRoutes(models){ const images = await models.pictures.findAll({ attributes: ["source"], where: { postId: post.id }}).map(x => x.source); post.images = images; } - res.status(200).send({ success: true, data: posts }); + res.status(200).send(posts); next(); } catch (e) { - res.status(400).send({ success: false, error: e.message }); + res.status(400).send(e.message); } }) server.post('/posts', upload.array('images'), async (req, res, next) => { try { console.log(req.body); - const type = req.body.type const newPost = await models.posts.create(req.body); req.files.forEach(async (file) => { @@ -75,8 +98,21 @@ function setUpRoutes(models){ res.redirect(`/${type}`); next(); } catch (e) { - res.status(400).send({ success: false, error: e.message }); + res.status(400).send(e.message); + } + }) + server.post('/login', async (req, res, next) => { + console.log(req.body); + const hash = crypto.createHash("sha512").update(req.body.password, "binary").digest("base64"); + console.log(hash); + const user = await models.users.findOne({where: { username: req.body.username, password: hash }}) + if(user){ + const token = jwtFunctions.sign(user.username); + res.redirect('/admin'); + } else { + res.redirect('/login'); } + next(); }) @@ -84,10 +120,6 @@ function setUpRoutes(models){ server.get('/css/:id', (req, res) => { res.sendFile(__dirname + "/css/"+req.params.id); }); - server.get('/photo/:id', (req, res) => { - // res.setHeater("Content-Type", "image") - res.sendFile(__dirname + "/photo/"+req.params.id); - }); server.get('/uploads/:id', (req, res) => { res.sendFile(__dirname + "/uploads/"+req.params.id); }); -- cgit v1.2.3