|
|
|
@ -11,6 +11,7 @@ const marked = require('marked'); |
|
|
|
const jwt = require('jsonwebtoken'); |
|
|
|
const jwt = require('jsonwebtoken'); |
|
|
|
const bodyParser= require('body-parser'); |
|
|
|
const bodyParser= require('body-parser'); |
|
|
|
const colors = require('colors'); |
|
|
|
const colors = require('colors'); |
|
|
|
|
|
|
|
const secret = 'wowmuchsecretveryhiddenwow';
|
|
|
|
|
|
|
|
|
|
|
|
// const morgan = require('morgan');
|
|
|
|
// const morgan = require('morgan');
|
|
|
|
// use morgan to log requests to the console
|
|
|
|
// use morgan to log requests to the console
|
|
|
|
@ -57,7 +58,7 @@ collectDefaultMetrics({ timeout: 5000 }); |
|
|
|
|
|
|
|
|
|
|
|
// new schema model object based on the structure of what I want to put on MongoDB collection
|
|
|
|
// new schema model object based on the structure of what I want to put on MongoDB collection
|
|
|
|
var testSchema = new Schema({ |
|
|
|
var testSchema = new Schema({ |
|
|
|
color: { |
|
|
|
thingies: { |
|
|
|
type: String |
|
|
|
type: String |
|
|
|
} |
|
|
|
} |
|
|
|
},{ |
|
|
|
},{ |
|
|
|
@ -65,7 +66,7 @@ var testSchema = new Schema({ |
|
|
|
}); |
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
// new object that will hold the data using model structure made above
|
|
|
|
// new object that will hold the data using model structure made above
|
|
|
|
var thingies = mongoose.model('colorName', testSchema); |
|
|
|
var thingies = mongoose.model('thingieName', testSchema); |
|
|
|
|
|
|
|
|
|
|
|
// Default message for testing
|
|
|
|
// Default message for testing
|
|
|
|
app.get('/', (req, res)=>{ |
|
|
|
app.get('/', (req, res)=>{ |
|
|
|
@ -130,10 +131,10 @@ app.post('/token', function(req, res) { |
|
|
|
switch(req.body.username) { |
|
|
|
switch(req.body.username) { |
|
|
|
case 'user1': |
|
|
|
case 'user1': |
|
|
|
if (req.body.password === 'pass1') { |
|
|
|
if (req.body.password === 'pass1') { |
|
|
|
token = jwt.sign(claims_user, 'wowmuchsecretveryhiddenwow'); |
|
|
|
token = jwt.sign(claims_user, secret); |
|
|
|
console.log('JWT Token: ' + token); |
|
|
|
console.log('JWT Token: ' + token); |
|
|
|
console.log(jwt.decode(token)); |
|
|
|
console.log(jwt.decode(token)); |
|
|
|
req.headers['access-token'] = token; |
|
|
|
// req.headers['access-token'] = token;
|
|
|
|
res.redirect('http://localhost/yay.html'); |
|
|
|
res.redirect('http://localhost/yay.html'); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
res.redirect('http://localhost/nay.html'); |
|
|
|
res.redirect('http://localhost/nay.html'); |
|
|
|
@ -141,10 +142,10 @@ app.post('/token', function(req, res) { |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 'power': |
|
|
|
case 'power': |
|
|
|
if (req.body.password === 'weak') { |
|
|
|
if (req.body.password === 'weak') { |
|
|
|
token = jwt.sign(claims_power, 'wowmuchsecretveryhiddenwow'); |
|
|
|
token = jwt.sign(claims_power, secret); |
|
|
|
console.log('JWT Token: ' + token); |
|
|
|
console.log('JWT Token: ' + token); |
|
|
|
console.log(jwt.decode(token)); |
|
|
|
console.log(jwt.decode(token)); |
|
|
|
req.headers['access-token'] = token; |
|
|
|
// req.headers['access-token'] = token;
|
|
|
|
res.redirect('http://localhost/yay.html'); |
|
|
|
res.redirect('http://localhost/yay.html'); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
res.redirect('http://localhost/nay.html'); |
|
|
|
res.redirect('http://localhost/nay.html'); |
|
|
|
@ -153,15 +154,34 @@ app.post('/token', function(req, res) { |
|
|
|
default: |
|
|
|
default: |
|
|
|
res.status(500).send('User not found'); |
|
|
|
res.status(500).send('User not found'); |
|
|
|
}
|
|
|
|
}
|
|
|
|
console.log('HEADER (req.headers): ' + req.headers['access-token']); |
|
|
|
console.log('http headers below:') |
|
|
|
|
|
|
|
console.log(req.headers); |
|
|
|
}); |
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Restricted endpoint
|
|
|
|
// Restricted route
|
|
|
|
const restrictRoutes = express.Router(); |
|
|
|
// const restrictedRoutes = express.Router();
|
|
|
|
app.use('/restricted', restrictRoutes); |
|
|
|
// app.use('/restricted', restrictedRoutes);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// restrictedRoutes.use((req, res, next) => {
|
|
|
|
|
|
|
|
// if (req.headers['access-token']) {
|
|
|
|
|
|
|
|
// jwt.verify(req.headers['access-token'], secret), (err, decoded) => {
|
|
|
|
|
|
|
|
// if (err) {
|
|
|
|
|
|
|
|
// return res.json({ message: 'invalid token' });
|
|
|
|
|
|
|
|
// } else {
|
|
|
|
|
|
|
|
// req.decoded = decoded;
|
|
|
|
|
|
|
|
// next();
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// } else {
|
|
|
|
|
|
|
|
// res.status(500).send('no token found');
|
|
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
// });
|
|
|
|
|
|
|
|
|
|
|
|
restrictRoutes.use((req, res, next) => {}); |
|
|
|
// Restricted endpoint
|
|
|
|
|
|
|
|
// restrictedRoutes.get('/restricted', (req, res) => {
|
|
|
|
|
|
|
|
// res.json([{secret:'you can see this message if you have access'}])
|
|
|
|
|
|
|
|
// });
|
|
|
|
|
|
|
|
|
|
|
|
// Mongo query
|
|
|
|
// Mongo query
|
|
|
|
app.get('/info', function(req, res){ |
|
|
|
app.get('/info', function(req, res){ |
|
|
|
@ -176,7 +196,7 @@ app.post('/info/add/:name', function(req, res){ |
|
|
|
var item = {thingies: req.params.name}; |
|
|
|
var item = {thingies: req.params.name}; |
|
|
|
var data = new thingies(item); |
|
|
|
var data = new thingies(item); |
|
|
|
data.save(); |
|
|
|
data.save(); |
|
|
|
res.send('thingie ' + req.params.name + ' added to database'); |
|
|
|
res.send('thingie ' + req.params.name + ' added to database' + '\n'); |
|
|
|
}); |
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
connectWithRetry(); |
|
|
|
connectWithRetry(); |
|
|
|
|
