From 6c746a1fcfea3843d03aa9e0e493862a51b97ef7 Mon Sep 17 00:00:00 2001 From: Yutsuo Date: Thu, 3 Jan 2019 13:05:26 -0200 Subject: [PATCH] Phase III Task 4 --- nginx2/html/nay.html | 1 + nginx2/html/test.html | 13 +++++++++++++ nginx2/html/test.js | 0 nginx2/html/test2.html | 17 +++++++++++++++++ nginx2/html/yay.html | 1 + node/app.js | 27 ++++++++++++++++++++------- 6 files changed, 52 insertions(+), 7 deletions(-) create mode 100644 nginx2/html/test.html create mode 100644 nginx2/html/test.js create mode 100644 nginx2/html/test2.html diff --git a/nginx2/html/nay.html b/nginx2/html/nay.html index d451e50..bcdbc07 100644 --- a/nginx2/html/nay.html +++ b/nginx2/html/nay.html @@ -2,6 +2,7 @@

THOUS HAST FAILED

+

BEGONE FROM MY LAIR, MORTAL

diff --git a/nginx2/html/test.html b/nginx2/html/test.html new file mode 100644 index 0000000..3888b26 --- /dev/null +++ b/nginx2/html/test.html @@ -0,0 +1,13 @@ + + + + + + + JS Bin + + +

TEST HTML calling NodeJS

+
+ + \ No newline at end of file diff --git a/nginx2/html/test.js b/nginx2/html/test.js new file mode 100644 index 0000000..e69de29 diff --git a/nginx2/html/test2.html b/nginx2/html/test2.html new file mode 100644 index 0000000..69b1764 --- /dev/null +++ b/nginx2/html/test2.html @@ -0,0 +1,17 @@ + + + + + + + + + \ No newline at end of file diff --git a/nginx2/html/yay.html b/nginx2/html/yay.html index 6137f06..ab5e5c0 100644 --- a/nginx2/html/yay.html +++ b/nginx2/html/yay.html @@ -2,6 +2,7 @@

THOUS HAST SUCCEEDED

+

THOU ART LOGGED

diff --git a/node/app.js b/node/app.js index 9c092f9..8e3b2c6 100755 --- a/node/app.js +++ b/node/app.js @@ -84,7 +84,8 @@ var thingies = mongoose.model('thingieName', testSchema); // Default message for testing app.get('/', (req, res, next)=>{ - res.json([{message:'yes, your nodejs app is really running'}]); + // res.json([{message:'yes, your nodejs app is really running'}]); + res.send('Oh hay'); counter++; // for prometheus invocation_count metric libCounter.inc(); // for prometheus lib_invocation_count metric console.log('Hello, I\'m inside endpoint \'/\''); @@ -119,8 +120,6 @@ app.get('/cookie', function(req, res, next) { console.log(cookieArray[1]); console.log('\x1b[35m', 'cookieArray[2] below:'); console.log(cookieArray[2]); - console.log('\x1b[35m', 'cookieArray.token below:'); - console.log(cookieArray.token); }); // Test endpoint for md files rendering @@ -179,6 +178,7 @@ app.post('/token', function(req, res) { token = jwt.sign(claims_user, secret); // res.cookie('token',token); res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly'); + res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly'); console.log('JWT Token: ' + token); console.log(jwt.decode(token)); res.redirect('http://localhost/yay.html'); @@ -208,7 +208,7 @@ app.post('/token', function(req, res) { // Restricted route root const restrictedRoutes = express.Router(); -app.use('/restricted', restrictedRoutes); +app.use('/', restrictedRoutes); restrictedRoutes.use(function (req, res, next) { let sentToken = req.headers['token']; @@ -219,7 +219,17 @@ restrictedRoutes.use(function (req, res, next) { } else { req.decoded = decoded; console.log(decoded); - next(); + console.log(req.decoded['scope']); + switch(req.decoded['scope']) { + case 'user': + res.status(200).send('Need ADMIN scope to access this'); + break; + case 'admin': + next(); + break; + default: + res.status(401).send('Not authorized'); + } } }); } else { @@ -253,8 +263,11 @@ restrictedRoutes.use(function (req, res, next) { // }); // Restricted endpoint -restrictedRoutes.get('/access', (req, res) => { - res.status(200).json([{secret:'You have access to restricted contents!'}]) +restrictedRoutes.get('/restricted', (req, res) => { + // successMsg = JSON.stringify({secret:'You have access to restricted contents!'}); + res.status(200).json([{secret:'You have access to restricted contents!'}]); + // res.status(200).send(successMsg); + console.log(successMsg); }); // Restricted route root test (KISS)