diff options
| -rw-r--r-- | .env.example | 5 | ||||
| -rw-r--r-- | .gitignore | 1 | ||||
| -rwxr-xr-x | app.js | 25 | ||||
| -rw-r--r-- | package-lock.json | 13 | ||||
| -rw-r--r-- | package.json | 1 | ||||
| -rw-r--r-- | server/db/mongoose.js | 14 | ||||
| -rw-r--r-- | server/helpers/setCookie.js | 10 | ||||
| -rw-r--r-- | server/middleware/auth.js | 5 | ||||
| -rw-r--r-- | server/middleware/redirectIfLoggedIn.js | 2 | ||||
| -rw-r--r-- | server/models/User.js | 4 | ||||
| -rw-r--r-- | server/routes/user.js | 2 |
11 files changed, 60 insertions, 22 deletions
diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..3ca9069 --- /dev/null +++ b/.env.example @@ -0,0 +1,5 @@ +DB_CONNECT = +PORT = +COOKIE_MAX_AGE = +JWT_TOKEN_MAX_AGE = +JWT_SECRET = @@ -1 +1,2 @@ node_modules/ +.env @@ -1,8 +1,10 @@ const path = require("path"); const express = require("express"); -// const cors = require('cors'); const cookieParser = require('cookie-parser'); +// const cors = require('cors'); +require('dotenv-safe').config(); require('./server/db/mongoose'); +const setCookie = require('./server/helpers/setCookie'); const userRoutes = require('./server/routes/user'); const auth = require('./server/middleware/auth'); const redirectIfLoggedIn = require('./server/middleware/redirectIfLoggedIn'); @@ -11,22 +13,23 @@ const app = express(); const port = process.env.PORT || 3000; app.use(express.json()); -// app.use(cors()); app.use(cookieParser()); +// app.use(cors()); app.use('/api/user/', userRoutes); -app.use('/admin/', auth, express.static(path.join(__dirname, 'client/admin'), { - setHeaders: function (res, path, stat) { - if (res.req.newToken){ - res.set('Set-Cookie', "token=" + res.req.newToken + ";httpOnly;MaxAge=604800000;Path=/"); - } - } -})); +app.use('/admin/', auth, express.static( + path.join(__dirname, 'client/admin'), + { setHeaders: setCookie } +)); -app.use('/login/', redirectIfLoggedIn, express.static(path.join(__dirname, 'client/login'))); +app.use('/login/', redirectIfLoggedIn, express.static( + path.join(__dirname, 'client/login') +)); -app.use('/', express.static(path.join(__dirname, 'client/public'))); +app.use('/', express.static( + path.join(__dirname, 'client/public') +)); app.get('*', (req, res) => res.redirect('/')); diff --git a/package-lock.json b/package-lock.json index 8dbe3b8..7f05a7b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2847,6 +2847,19 @@ "is-obj": "^1.0.0" } }, + "dotenv": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz", + "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==" + }, + "dotenv-safe": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/dotenv-safe/-/dotenv-safe-8.2.0.tgz", + "integrity": "sha512-uWwWWdUQkSs5a3mySDB22UtNwyEYi0JtEQu+vDzIqr9OjbDdC2Ip13PnSpi/fctqlYmzkxCeabiyCAOROuAIaA==", + "requires": { + "dotenv": "^8.2.0" + } + }, "duplexer3": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", diff --git a/package.json b/package.json index 263bbc7..dc6baf4 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ "bcryptjs": "^2.4.3", "body-parser": "^1.19.0", "cookie-parser": "^1.4.5", + "dotenv-safe": "^8.2.0", "express": "^4.16.4", "jsonwebtoken": "^8.5.1", "mongoose": "^5.10.13", diff --git a/server/db/mongoose.js b/server/db/mongoose.js index 579b5d7..9b89c14 100644 --- a/server/db/mongoose.js +++ b/server/db/mongoose.js @@ -1,6 +1,10 @@ -const mongoose = require("mongoose"); +const mongoose = require('mongoose'); -mongoose.connect('mongodb://127.0.0.1:27017/website-manager', { - useNewUrlParser: true, - useCreateIndex: true, -}); +mongoose.connect( + process.env.DB_CONNECT, + { + useNewUrlParser: true, + useCreateIndex: true, + }, + () => console.log('connected to DB') +); diff --git a/server/helpers/setCookie.js b/server/helpers/setCookie.js new file mode 100644 index 0000000..bb3580c --- /dev/null +++ b/server/helpers/setCookie.js @@ -0,0 +1,10 @@ +const setCookie = function (res, path, stat) { + if (res.req.newToken){ + res.set( + 'Set-Cookie', + 'token='+res.req.newToken+';httpOnly;MaxAge='+process.env.COOKIE_MAX_AGE+';Path=/' + ); + } +} + +module.exports = setCookie; diff --git a/server/middleware/auth.js b/server/middleware/auth.js index 462b100..bec113d 100644 --- a/server/middleware/auth.js +++ b/server/middleware/auth.js @@ -10,13 +10,14 @@ const auth = async (req, res, next) => { } try { - const decoded = jwt.verify(token, 'replaceThisWithSecretString'); + const decoded = jwt.verify(token, process.env.JWT_SECRET); req.userId = decoded._id; req.refreshToken = decoded.ref; return next(); } catch(er) { if (er.message && er.message === 'jwt expired') { - const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString'); + const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET); + console.log('reading db to login') const user = await User.findById(_id); if (!user) { diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js index 62a413c..fe793f7 100644 --- a/server/middleware/redirectIfLoggedIn.js +++ b/server/middleware/redirectIfLoggedIn.js @@ -9,7 +9,7 @@ const redirectIfLoggedIn = async (req, res, next) => { throw new Error(); } - const decoded = jwt.verify(token, 'replaceThisWithSecretString'); + const decoded = jwt.verify(token, process.env.JWT_SECRET); const user = await User.findOne({ _id: decoded._id, 'tokens.token': token }); if (!user) { diff --git a/server/models/User.js b/server/models/User.js index e777878..8cc9c4c 100644 --- a/server/models/User.js +++ b/server/models/User.js @@ -42,8 +42,8 @@ userSchema.methods.generateJwtToken = async function (currentRef) { return jwt.sign( { _id: this._id.toString(), ref }, - 'replaceThisWithSecretString', - { expiresIn: 300 } + process.env.JWT_SECRET, + { expiresIn: parseInt(process.env.JWT_TOKEN_MAX_AGE) } ); } diff --git a/server/routes/user.js b/server/routes/user.js index b3bdee3..91bc0f1 100644 --- a/server/routes/user.js +++ b/server/routes/user.js @@ -31,7 +31,7 @@ router.post('/login', async (req, res) => { const token = await user.generateJwtToken(); res .cookie('token', token, { - maxAge: 604800000, + maxAge: parseInt(process.env.COOKIE_MAX_AGE), secure: false, httpOnly: true, }) |