Skip to content

Commit c1477b5

Browse files
snoopysecuritysnoopysecurity
committed
feat: DVWS init
1 parent c0306f4 commit c1477b5

22 files changed

+1680
-2
lines changed

.env

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
JWT_SECRET=access
2+
MONGO_LOCAL_CONN_URL=mongodb://localhost:27017/node-dvws
3+
MONGO_DB_NAME=dvws-user-auth

.gitignore

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -69,8 +69,6 @@ typings/
6969
.yarn-integrity
7070

7171
# dotenv environment variables file
72-
.env
73-
.env.test
7472

7573
# parcel-bundler cache (https://parceljs.org/)
7674
.cache

config.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
module.exports = {
2+
development: {
3+
port: process.env.PORT || 80,
4+
saltingRounds: 10
5+
}
6+
}

controllers/notebook.js

Lines changed: 149 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,149 @@
1+
const mongoose = require('mongoose');
2+
3+
const Note = require('../models/notebook');
4+
const jwt = require('jsonwebtoken')
5+
const connUri = process.env.MONGO_LOCAL_CONN_URL;
6+
var MongoClient = require('mongodb').MongoClient;
7+
function set_cors(req,res) {
8+
if (req.get('origin')) {
9+
res.header('Access-Control-Allow-Origin', req.get('origin'))
10+
res.header('Access-Control-Allow-Credentials', true)
11+
} else {
12+
res.header('Access-Control-Allow-Origin', null)
13+
res.header('Access-Control-Allow-Credentials', true)
14+
}
15+
return res;
16+
};
17+
18+
19+
module.exports = {
20+
list_all_notes: (req, res) => {
21+
res = set_cors(req,res)
22+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
23+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
24+
if(!err) {
25+
let result = {}
26+
const token = req.headers.authorization.split(' ')[1]; // Bearer <token>
27+
const options = {
28+
expiresIn: '2d',
29+
issuer: 'https://github.com/snoopysecurity',
30+
};
31+
result = jwt.verify(token, process.env.JWT_SECRET, options);
32+
Note.find({user: result.user}, {__v:0}, function(err, someValue){
33+
if(err) res.json(err);
34+
res.send(someValue);
35+
});
36+
}
37+
});
38+
39+
},
40+
get_info: (req, res) => {
41+
if (req.path == '/v2/info') {
42+
res.status(403).send({ error: 'Forbidden' })
43+
} else {
44+
var result = {'title' : process.title,'version' :process.version,
45+
'versions' : process.versions, 'arch' : process.arch, 'platform' : process.platform,
46+
'release' : process.release, 'env' : process.env, 'moduleLoadList' : process.moduleLoadList,
47+
'config' : process.config}
48+
res.json(result);
49+
}
50+
51+
},
52+
create_a_note: (req, res) => {
53+
res = set_cors(req,res)
54+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
55+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
56+
if(!err) {
57+
let result = {}
58+
const token = req.headers.authorization.split(' ')[1]; // Bearer <token>
59+
const options = {
60+
expiresIn: '2d',
61+
issuer: 'https://github.com/snoopysecurity',
62+
};
63+
result = jwt.verify(token, process.env.JWT_SECRET, options);
64+
var body = req.body
65+
66+
var new_note = new Note({name: body.name, body: body.body, type: body.type,user: result.user});
67+
new_note.save(function(err, note) {
68+
if (err) {
69+
res.send(err);
70+
} else {
71+
res.json(note);
72+
}
73+
});
74+
75+
}
76+
});
77+
},
78+
read_a_note: (req, res) => {
79+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
80+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
81+
if(!err) {
82+
83+
Note.findById(req.params.noteId, function(err, note) {
84+
if (err)
85+
res.send(err);
86+
res.json(note);
87+
});
88+
}
89+
});
90+
},
91+
92+
update_a_note: (req, res) => {
93+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
94+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
95+
if(!err) {
96+
Note.findOneAndUpdate({_id: req.params.noteId}, req.body, {new: true}, function(err, note) {
97+
if (err)
98+
res.send(err);
99+
res.json(note);
100+
});
101+
}
102+
103+
});
104+
},
105+
106+
delete_a_note: (req, res) => {
107+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
108+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
109+
if(!err) {
110+
Note.remove({
111+
_id: req.params.noteId
112+
}, function(err, note) {
113+
if (err)
114+
res.send(err);
115+
res.json({ message: 'Note successfully deleted' });
116+
});
117+
}
118+
});
119+
120+
},
121+
122+
123+
//old developer code, should be rewritten to use mongoose ORM but cba
124+
125+
search_note: (req, res) => {
126+
res = set_cors(req,res)
127+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
128+
//var searchCriteria = "this.country == " + "'" + country + "'";
129+
connUri2 = connUri.substr(0, connUri.lastIndexOf("/"));
130+
131+
MongoClient.connect(connUri2, {useNewUrlParser: true, useUnifiedTopology: true}, (err, client) => {
132+
if (!err) {
133+
134+
const db = client.db('node-dvws')
135+
const collection = db.collection('notes')
136+
var search_name = req.body.search
137+
var type = 'public' //only display public notes
138+
var query = { $where: `this.type == '${type}' && this.name == '${search_name}'` };
139+
collection.find(query).toArray((err, items) => {
140+
res.send(items);
141+
})
142+
}
143+
144+
145+
});
146+
147+
}
148+
}
149+

controllers/users.js

Lines changed: 218 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,218 @@
1+
const mongoose = require('mongoose');
2+
const bcrypt = require('bcrypt');
3+
const jwt = require('jsonwebtoken');
4+
5+
const connUri = process.env.MONGO_LOCAL_CONN_URL;
6+
const User = require('../models/users');
7+
8+
function set_cors(req,res) {
9+
if (req.get('origin')) {
10+
res.header('Access-Control-Allow-Origin', req.get('origin'))
11+
res.header('Access-Control-Allow-Credentials', true)
12+
} else {
13+
res.header('Access-Control-Allow-Origin', null)
14+
res.header('Access-Control-Allow-Credentials', true)
15+
}
16+
return res;
17+
};
18+
19+
20+
21+
module.exports = {
22+
add: (req, res) => {
23+
mongoose.connect(connUri, { useNewUrlParser : true, useUnifiedTopology: true }, (err) => {
24+
let result = {};
25+
let status = 201;
26+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
27+
if (!err) {
28+
const { username, password } = req.body;
29+
30+
31+
User.findOne({username}, function(err,obj) {
32+
if (obj != null) {
33+
if (obj.username) {
34+
status = 409;
35+
res.set({ 'content-type': 'text/html; charset=null' });
36+
res.status(status).send('User ' + obj.username + ' already exists');
37+
}
38+
} else {
39+
40+
const { username, password } = req.body;
41+
const user = new User(req.body); // document = instance of a model
42+
// TODO: We can hash the password here as well before we insert
43+
user.save((err, user) => {
44+
if (!err) {
45+
result.status = status;
46+
result.user = user.username;
47+
result.password = user.password;
48+
} else {
49+
status = 500;
50+
result.status = status;
51+
result.error = err;
52+
}
53+
res.status(status).send(result);
54+
// Close the connection after saving
55+
mongoose.connection.close();
56+
});
57+
58+
}
59+
60+
});
61+
62+
} else {
63+
status = 500;
64+
result.status = status;
65+
result.error = err;
66+
res.status(status).send(result);
67+
68+
mongoose.connection.close();
69+
}
70+
71+
});
72+
73+
},
74+
75+
checkadmin: (req, res) => {
76+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
77+
const token = req.headers.authorization.split(' ')[1]; // Bearer <token>
78+
const options = {
79+
expiresIn: '2d',
80+
issuer: 'https://github.com/snoopysecurity',
81+
permissions: ["user:admin"]
82+
};
83+
result = jwt.verify(token, process.env.JWT_SECRET, options);
84+
if (result.permissions.includes('user:admin')) {
85+
endresult = {}
86+
endresult['Success'] = 'User is Admin Privileged'
87+
endresult['AdminURL'] = '/api/v2/users'
88+
res.send(endresult);
89+
} else {
90+
endresult = {}
91+
endresult['Error'] = 'Error: User is missing [user:admin] privilege'
92+
endresult['User'] = result.user
93+
res.send(endresult);
94+
95+
}
96+
},
97+
98+
99+
100+
login: (req, res) => {
101+
const { username, password } = req.body;
102+
//set_cors(req,res);
103+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
104+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
105+
let result = {};
106+
let status = 200;
107+
if(!err) {
108+
109+
User.findOne({username}, (err, user) => {
110+
if (!err && user) {
111+
// We could compare passwords in our model instead of below as well
112+
bcrypt.compare(password, user.password).then(match => {
113+
if (match) {
114+
status = 200;
115+
if (user.admin == true) {
116+
const payload = { user: user.username,"permissions": [
117+
"user:read",
118+
"user:write",
119+
"user:admin"
120+
] };
121+
const options = { expiresIn: '2d', issuer: 'https://github.com/snoopysecurity' };
122+
const secret = process.env.JWT_SECRET;
123+
const token = jwt.sign(payload, secret, options);
124+
125+
result.token = token;
126+
result.status = status;
127+
result.result = user;
128+
} else {
129+
130+
const payload = { user: user.username,"permissions": [
131+
"user:read",
132+
"user:write"
133+
] };
134+
const options = { expiresIn: '2d', issuer: 'https://github.com/snoopysecurity' };
135+
const secret = process.env.JWT_SECRET;
136+
const token = jwt.sign(payload, secret, options);
137+
138+
result.token = token;
139+
result.status = status;
140+
result.result = user;
141+
}
142+
// Create a token
143+
144+
} else {
145+
status = 401;
146+
result.status = status;
147+
result.error = `Authentication error`;
148+
}
149+
res.setHeader('Authorization', 'Bearer '+ result.token);
150+
//res.cookie("SESSIONID", result.token, {httpOnly:true, secure:true});
151+
res.status(status).send(result);
152+
}).catch(err => {
153+
status = 500;
154+
result.status = status;
155+
result.error = err;
156+
res.status(status).send(result);
157+
158+
mongoose.connection.close();
159+
});
160+
} else {
161+
status = 404;
162+
result.status = status;
163+
result.error = 'Login Failed! User ' + username + ' not found!';
164+
res.status(status).send(result);
165+
}
166+
}).then(() =>
167+
mongoose.connection.close());
168+
} else {
169+
status = 500;
170+
result.status = status;
171+
result.error = err;
172+
res.status(status).send(result);
173+
174+
mongoose.connection.close();
175+
}
176+
});
177+
},
178+
179+
getAll: (req, res) => {
180+
//res = set_cors(req,res)
181+
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private')
182+
mongoose.connect(connUri, { useNewUrlParser: true, useUnifiedTopology: true }, (err) => {
183+
let result = {};
184+
let status = 200;
185+
if (!err) {
186+
187+
if (result) {
188+
User.find({}, (err, users) => {
189+
if (!err) {
190+
result.status = status;
191+
result.error = err;
192+
result.result = users;
193+
} else {
194+
status = 500;
195+
result.status = status;
196+
result.error = err;
197+
}
198+
res.status(status).send(result);
199+
}).then(() => mongoose.connection.close());
200+
} else {
201+
status = 401;
202+
result.status = status;
203+
result.error = `Authentication error`;
204+
res.status(status).send(result);
205+
206+
mongoose.connection.close();
207+
}
208+
} else {
209+
status = 500;
210+
result.status = status;
211+
result.error = err;
212+
res.status(status).send(result);
213+
214+
mongoose.connection.close();
215+
}
216+
});
217+
}
218+
};

0 commit comments

Comments
 (0)