Phase III Task 4

nginx2/html/nay.html

@@ -2,6 +2,7 @@
     <div>
         <h1>THOUS HAST FAILED</h1>
     </div>
+    <div>
             <h2>BEGONE FROM MY LAIR, MORTAL</h2>
     </div>
           </form>

nginx2/html/test.html

@@ -0,0 +1,13 @@
+<script src="http://localhost:3001/app.js"></script>
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width">
+  <title>JS Bin</title>
+</head>
+<body>
+  <h1>TEST HTML calling NodeJS</h1>
+  <div id="message"></div>
+</body>
+</html>

nginx2/html/test2.html

@@ -0,0 +1,17 @@
+<html>
+<head>
+    <script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
+    <script>
+    $( document ).ready(function() {
+        console.log( "document loaded" );
+    });
+ 
+    $( window ).on( "load", function() {
+        console.log( "window loaded" );
+    });
+    </script>
+</head>
+<body>
+    <iframe src="http://techcrunch.com"></iframe>
+</body>
+</html>

nginx2/html/yay.html

@@ -2,6 +2,7 @@
     <div>
         <h1>THOUS HAST SUCCEEDED</h1>
     </div>
+    <div>
             <h2>THOU ART LOGGED</h2>
     </div>
           </form>

node/app.js

@@ -84,7 +84,8 @@ var thingies = mongoose.model('thingieName', testSchema);
 
 // Default message for testing
 app.get('/', (req, res, next)=>{
-  res.json([{message:'yes, your nodejs app is really running'}]);
+  // res.json([{message:'yes, your nodejs app is really running'}]);
+  res.send('Oh hay');
   counter++; // for prometheus invocation_count metric
   libCounter.inc(); // for prometheus lib_invocation_count metric
   console.log('Hello, I\'m inside endpoint \'/\'');
@@ -119,8 +120,6 @@ app.get('/cookie', function(req, res, next) {
   console.log(cookieArray[1]);
   console.log('\x1b[35m', 'cookieArray[2] below:');
   console.log(cookieArray[2]);
-  console.log('\x1b[35m', 'cookieArray.token below:');
-  console.log(cookieArray.token);
 });
 
 // Test endpoint for md files rendering
@@ -179,6 +178,7 @@ app.post('/token', function(req, res) {
           token = jwt.sign(claims_user, secret);
           // res.cookie('token',token);
           res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
+          res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
           console.log('JWT Token: ' + token);
           console.log(jwt.decode(token));
           res.redirect('http://localhost/yay.html');
@@ -208,7 +208,7 @@ app.post('/token', function(req, res) {
 
 // Restricted route root
 const restrictedRoutes = express.Router();
-app.use('/restricted', restrictedRoutes);
+app.use('/', restrictedRoutes);
 
 restrictedRoutes.use(function (req, res, next) {
   let sentToken = req.headers['token'];
@@ -219,7 +219,17 @@ restrictedRoutes.use(function (req, res, next) {
       } else {
         req.decoded = decoded;
         console.log(decoded);
-        next();
+        console.log(req.decoded['scope']);
+        switch(req.decoded['scope']) {
+          case 'user':
+          res.status(200).send('Need ADMIN scope to access this');
+          break;
+          case 'admin':
+          next();
+          break;
+          default:
+          res.status(401).send('Not authorized');
+        }
       }
     });
   } else {
@@ -253,8 +263,11 @@ restrictedRoutes.use(function (req, res, next) {
 // });
 
 // Restricted endpoint
-restrictedRoutes.get('/access', (req, res) => {
+restrictedRoutes.get('/restricted', (req, res) => {
-  res.status(200).json([{secret:'You have access to restricted contents!'}])
+  // successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
+  res.status(200).json([{secret:'You have access to restricted contents!'}]);
+  // res.status(200).send(successMsg);
+  console.log(successMsg);
 });
 
 // Restricted route root test (KISS)