diff --git a/package-lock.json b/package-lock.json
index 05d2c4c..8cd28a3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,6 +17,7 @@
"express-validator": "^7.0.1",
"helmet": "^7.1.0",
"hpp": "^0.2.3",
+ "jsonwebtoken": "^9.0.2",
"module-alias": "^2.2.3",
"toobusy-js": "^0.5.1"
},
@@ -28,6 +29,7 @@
"@types/express": "^4.17.21",
"@types/hpp": "^0.2.5",
"@types/jest": "^29.5.11",
+ "@types/jsonwebtoken": "^9.0.6",
"@types/node": "^20.10.6",
"@types/toobusy-js": "^0.5.4",
"@typescript-eslint/eslint-plugin": "^6.18.1",
@@ -1638,6 +1640,15 @@
"integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==",
"dev": true
},
+ "node_modules/@types/jsonwebtoken": {
+ "version": "9.0.6",
+ "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.6.tgz",
+ "integrity": "sha512-/5hndP5dCjloafCXns6SZyESp3Ldq7YjH3zwzwczYnjxIT0Fqzk5ROSYVGfFyczIue7IUEj8hkvLbPoLQ18vQw==",
+ "dev": true,
+ "dependencies": {
+ "@types/node": "*"
+ }
+ },
"node_modules/@types/mime": {
"version": "1.3.5",
"resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz",
@@ -2422,6 +2433,11 @@
"node-int64": "^0.4.0"
}
},
+ "node_modules/buffer-equal-constant-time": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+ "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA=="
+ },
"node_modules/buffer-from": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
@@ -2975,6 +2991,14 @@
"url": "https://github.com/motdotla/dotenv?sponsor=1"
}
},
+ "node_modules/ecdsa-sig-formatter": {
+ "version": "1.0.11",
+ "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+ "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+ "dependencies": {
+ "safe-buffer": "^5.0.1"
+ }
+ },
"node_modules/ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@@ -5025,6 +5049,51 @@
"node": ">=6"
}
},
+ "node_modules/jsonwebtoken": {
+ "version": "9.0.2",
+ "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
+ "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
+ "dependencies": {
+ "jws": "^3.2.2",
+ "lodash.includes": "^4.3.0",
+ "lodash.isboolean": "^3.0.3",
+ "lodash.isinteger": "^4.0.4",
+ "lodash.isnumber": "^3.0.3",
+ "lodash.isplainobject": "^4.0.6",
+ "lodash.isstring": "^4.0.1",
+ "lodash.once": "^4.0.0",
+ "ms": "^2.1.1",
+ "semver": "^7.5.4"
+ },
+ "engines": {
+ "node": ">=12",
+ "npm": ">=6"
+ }
+ },
+ "node_modules/jsonwebtoken/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+ },
+ "node_modules/jwa": {
+ "version": "1.4.1",
+ "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
+ "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
+ "dependencies": {
+ "buffer-equal-constant-time": "1.0.1",
+ "ecdsa-sig-formatter": "1.0.11",
+ "safe-buffer": "^5.0.1"
+ }
+ },
+ "node_modules/jws": {
+ "version": "3.2.2",
+ "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
+ "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
+ "dependencies": {
+ "jwa": "^1.4.1",
+ "safe-buffer": "^5.0.1"
+ }
+ },
"node_modules/keyv": {
"version": "4.5.4",
"resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
@@ -5091,6 +5160,36 @@
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
},
+ "node_modules/lodash.includes": {
+ "version": "4.3.0",
+ "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
+ "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w=="
+ },
+ "node_modules/lodash.isboolean": {
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+ "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg=="
+ },
+ "node_modules/lodash.isinteger": {
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
+ "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA=="
+ },
+ "node_modules/lodash.isnumber": {
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
+ "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw=="
+ },
+ "node_modules/lodash.isplainobject": {
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+ "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA=="
+ },
+ "node_modules/lodash.isstring": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
+ "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw=="
+ },
"node_modules/lodash.memoize": {
"version": "4.1.2",
"resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz",
@@ -5103,11 +5202,15 @@
"integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
"dev": true
},
+ "node_modules/lodash.once": {
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
+ "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="
+ },
"node_modules/lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
- "dev": true,
"dependencies": {
"yallist": "^4.0.0"
},
@@ -5969,7 +6072,6 @@
"version": "7.5.4",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
"integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
- "dev": true,
"dependencies": {
"lru-cache": "^6.0.0"
},
@@ -6718,8 +6820,7 @@
"node_modules/yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
- "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
- "dev": true
+ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
},
"node_modules/yargs": {
"version": "17.7.2",
diff --git a/package.json b/package.json
index 23940e3..944db7b 100644
--- a/package.json
+++ b/package.json
@@ -25,6 +25,7 @@
"@types/express": "^4.17.21",
"@types/hpp": "^0.2.5",
"@types/jest": "^29.5.11",
+ "@types/jsonwebtoken": "^9.0.6",
"@types/node": "^20.10.6",
"@types/toobusy-js": "^0.5.4",
"@typescript-eslint/eslint-plugin": "^6.18.1",
@@ -50,6 +51,7 @@
"express-validator": "^7.0.1",
"helmet": "^7.1.0",
"hpp": "^0.2.3",
+ "jsonwebtoken": "^9.0.2",
"module-alias": "^2.2.3",
"toobusy-js": "^0.5.1"
},
diff --git a/src/controller/read.ts b/src/controller/read.ts
index ed79df3..439df34 100644
--- a/src/controller/read.ts
+++ b/src/controller/read.ts
@@ -2,11 +2,14 @@ import express, { Request, Response, NextFunction } from 'express';
import * as file from '@src/scripts/file';
import { create as createError } from '@src/middleware/error';
import { validationResult, query } from 'express-validator';
+import jwt from 'jsonwebtoken';
import logger from '@src/scripts/logger';
+import { create } from 'domain';
const router = express.Router();
router.get('/',
+ isLoggedIn,
[query('index').isInt().withMessage("not an integer")
.isLength({ max: 3 }).withMessage("not in range")
.toInt()],
@@ -32,8 +35,6 @@ router.get('/',
});
-
-// TODO will be converted to middleware
// TODO write test for checking the limit on request body
router.get("/login/", async function login(req: Request, res: Response) {
logger.log("login was called");
@@ -46,7 +47,54 @@ router.post("/login/", async function postLogin(req: Request, res: Response) {
logger.log("post login was called");
logger.log(req.body);
res.locals.text = "post recieved";
- res.render("login-form");
+
+ // TODO login authentication here
+ const validLogin = true;
+ if (!validLogin) {
+ return res.redirect("/read/login");
+ } else {
+ createToken(req, res);
+ res.render("login-form"); // TODO Send Token only
+ }
});
+function isLoggedIn(req: Request, res: Response) {
+ const result = validateToken(req, res);
+ if (!result) {
+ return res.redirect("/read/login");
+ }
+}
+
+
+function validateToken(req: Request, res: Response) {
+ const key = process.env.KEYB;
+ const header = req.header('Authorization');
+ const [type, token] = header ? header.split(' ') : "";
+ let payload: string | jwt.JwtPayload = "";
+ if (type === 'Bearer' && typeof token !== 'undefined' && key) {
+ try {
+ payload = jwt.verify(token, key);
+ res.status(200).send({ code: 0, message: `all good` });
+ } catch (err) {
+ res.status(401).send({ code: 123, message: 'Invalid or expired token.' });
+ }
+ console.log("payload: " + payload + " _ " + !!payload);
+ return !!payload;
+ } else {
+ return false;
+ }
+}
+
+
+function createToken(req: Request, res: Response) {
+ const key = process.env.KEYB;
+ if (!key) { throw new Error('KEYA is not defined in the environment variables'); }
+ const id = Math.random().toString(36).substring(2, 8);
+ const payload = {
+ _id: id
+ };
+ const token = jwt.sign(payload, key, { expiresIn: 60 * 1 });
+ res.locals.token = token;
+}
+
export default router;
\ No newline at end of file
diff --git a/src/models/entry.ts b/src/models/entry.ts
index 1f510bf..df52dad 100644
--- a/src/models/entry.ts
+++ b/src/models/entry.ts
@@ -118,13 +118,12 @@ export function checkTime(value: string) {
function checkKey(value: string) {
- if (process.env.NODE_ENV != "production" && value == "test") {
- return true; // dev testing convenience
- }
-
if (!value) {
throw new Error('Key required');
}
+ if (process.env.NODE_ENV != "production" && value == "test") {
+ return true; // dev testing convenience
+ }
value = decodeURIComponent(value);
diff --git a/views/login-form.ejs b/views/login-form.ejs
index 7964e2c..6d6826e 100644
--- a/views/login-form.ejs
+++ b/views/login-form.ejs
@@ -15,6 +15,8 @@
+
+ Token: <%= locals.token %>