diff --git a/-H b/-H new file mode 100644 index 0000000..d47cb60 --- /dev/null +++ b/-H @@ -0,0 +1 @@ +no token found \ No newline at end of file diff --git a/nginx2/html/index.html b/nginx2/html/index.html index 2c5accb..8a98278 100644 --- a/nginx2/html/index.html +++ b/nginx2/html/index.html @@ -7,11 +7,11 @@
- +
- +
diff --git a/node/app.js b/node/app.js index 8445cb6..c7a96f7 100755 --- a/node/app.js +++ b/node/app.js @@ -14,9 +14,21 @@ const colors = require('colors'); const secret = 'wowmuchsecretveryhiddenwow'; // const morgan = require('morgan'); -// use morgan to log requests to the console +// // use morgan to log requests to the console // app.use(morgan('dev')); +// global controller +// app.get('/*',function(req,res,next){ +// res.header.token = 'sample-token'; +// next(); // http://expressjs.com/guide.html#passing-route control +// }); + +// a middleware with no mount path; gets executed for every request to the app +// app.use(function(req, res, next) { +// res.setHeader('charset', 'utf-8') +// next(); +// }); + // database connection (with retries) const options = { autoIndex: false, // Don't build indexes @@ -69,11 +81,14 @@ var testSchema = new Schema({ var thingies = mongoose.model('thingieName', testSchema); // Default message for testing -app.get('/', (req, res)=>{ +app.get('/', (req, res, next)=>{ res.json([{message:'yes, your nodejs app is really running'}]); counter++; // for prometheus invocation_count metric libCounter.inc(); // for prometheus lib_invocation_count metric - console.log('Hello, I\'m inside endpoint \'/\''.green); + console.log('Hello, I\'m inside endpoint \'/\''); + console.log('HTTP headers below:'); + console.log(req.headers); + next(); }); // Test endpoint for md files rendering @@ -126,15 +141,12 @@ app.post('/token', function(req, res) { scope: 'user' }; - let token = ''; - switch(req.body.username) { case 'user1': if (req.body.password === 'pass1') { token = jwt.sign(claims_user, secret); console.log('JWT Token: ' + token); console.log(jwt.decode(token)); - // req.headers['access-token'] = token; res.redirect('http://localhost/yay.html'); } else { res.redirect('http://localhost/nay.html'); @@ -145,7 +157,6 @@ app.post('/token', function(req, res) { token = jwt.sign(claims_power, secret); console.log('JWT Token: ' + token); console.log(jwt.decode(token)); - // req.headers['access-token'] = token; res.redirect('http://localhost/yay.html'); } else { res.redirect('http://localhost/nay.html'); @@ -160,28 +171,36 @@ app.post('/token', function(req, res) { // Restricted route -// const restrictedRoutes = express.Router(); -// app.use('/restricted', restrictedRoutes); - -// restrictedRoutes.use((req, res, next) => { -// if (req.headers['access-token']) { -// jwt.verify(req.headers['access-token'], secret), (err, decoded) => { -// if (err) { -// return res.json({ message: 'invalid token' }); -// } else { -// req.decoded = decoded; -// next(); -// } -// } -// } else { -// res.status(500).send('no token found'); -// } -// }); +const restrictedRoutes = express.Router(); +app.use('/restricted', restrictedRoutes); + +restrictedRoutes.use((req, res) => { + if (req.headers['token']) { + jwt.verify(req.headers['token'], secret), (err, decoded) => { + if (err) { + return res.json({ message: 'invalid token' }); + } else { + req.decoded = decoded; + } + } + } else { + res.status(500).send('no token found'); + } +}); // Restricted endpoint -// restrictedRoutes.get('/restricted', (req, res) => { -// res.json([{secret:'you can see this message if you have access'}]) -// }); +restrictedRoutes.get('/restricted', (req, res) => { + res.json([{secret:'you can see this message if you have access'}]) +}); + +// JWT decode test +app.get('/decode', function(req, res){ + if (req.headers['token']) { + var decode = jwt.verify(req.headers['token'], secret); + console.log(decode); + res.status(200).send('success'); + } +}) // Mongo query app.get('/info', function(req, res){