diff --git a/nginx2/html/nay.html b/nginx2/html/nay.html
index d451e50..bcdbc07 100644
--- a/nginx2/html/nay.html
+++ b/nginx2/html/nay.html
@@ -2,6 +2,7 @@
THOUS HAST FAILED
+
BEGONE FROM MY LAIR, MORTAL
diff --git a/nginx2/html/test.html b/nginx2/html/test.html
new file mode 100644
index 0000000..3888b26
--- /dev/null
+++ b/nginx2/html/test.html
@@ -0,0 +1,13 @@
+
+
+
+
+
+
+ JS Bin
+
+
+ TEST HTML calling NodeJS
+
+
+
\ No newline at end of file
diff --git a/nginx2/html/test.js b/nginx2/html/test.js
new file mode 100644
index 0000000..e69de29
diff --git a/nginx2/html/test2.html b/nginx2/html/test2.html
new file mode 100644
index 0000000..69b1764
--- /dev/null
+++ b/nginx2/html/test2.html
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/nginx2/html/yay.html b/nginx2/html/yay.html
index 6137f06..ab5e5c0 100644
--- a/nginx2/html/yay.html
+++ b/nginx2/html/yay.html
@@ -2,6 +2,7 @@
THOUS HAST SUCCEEDED
+
THOU ART LOGGED
diff --git a/node/app.js b/node/app.js
index 9c092f9..8e3b2c6 100755
--- a/node/app.js
+++ b/node/app.js
@@ -84,7 +84,8 @@ var thingies = mongoose.model('thingieName', testSchema);
// Default message for testing
app.get('/', (req, res, next)=>{
- res.json([{message:'yes, your nodejs app is really running'}]);
+ // res.json([{message:'yes, your nodejs app is really running'}]);
+ res.send('Oh hay');
counter++; // for prometheus invocation_count metric
libCounter.inc(); // for prometheus lib_invocation_count metric
console.log('Hello, I\'m inside endpoint \'/\'');
@@ -119,8 +120,6 @@ app.get('/cookie', function(req, res, next) {
console.log(cookieArray[1]);
console.log('\x1b[35m', 'cookieArray[2] below:');
console.log(cookieArray[2]);
- console.log('\x1b[35m', 'cookieArray.token below:');
- console.log(cookieArray.token);
});
// Test endpoint for md files rendering
@@ -179,6 +178,7 @@ app.post('/token', function(req, res) {
token = jwt.sign(claims_user, secret);
// res.cookie('token',token);
res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
+ res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
console.log('JWT Token: ' + token);
console.log(jwt.decode(token));
res.redirect('http://localhost/yay.html');
@@ -208,7 +208,7 @@ app.post('/token', function(req, res) {
// Restricted route root
const restrictedRoutes = express.Router();
-app.use('/restricted', restrictedRoutes);
+app.use('/', restrictedRoutes);
restrictedRoutes.use(function (req, res, next) {
let sentToken = req.headers['token'];
@@ -219,7 +219,17 @@ restrictedRoutes.use(function (req, res, next) {
} else {
req.decoded = decoded;
console.log(decoded);
- next();
+ console.log(req.decoded['scope']);
+ switch(req.decoded['scope']) {
+ case 'user':
+ res.status(200).send('Need ADMIN scope to access this');
+ break;
+ case 'admin':
+ next();
+ break;
+ default:
+ res.status(401).send('Not authorized');
+ }
}
});
} else {
@@ -253,8 +263,11 @@ restrictedRoutes.use(function (req, res, next) {
// });
// Restricted endpoint
-restrictedRoutes.get('/access', (req, res) => {
- res.status(200).json([{secret:'You have access to restricted contents!'}])
+restrictedRoutes.get('/restricted', (req, res) => {
+ // successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
+ res.status(200).json([{secret:'You have access to restricted contents!'}]);
+ // res.status(200).send(successMsg);
+ console.log(successMsg);
});
// Restricted route root test (KISS)