[enh] there should be a signed cookie authentification

This commit is contained in:
alban 2020-05-21 20:46:47 +02:00
parent 69734ba649
commit 61fae38dde
5 changed files with 104 additions and 83 deletions

View File

@ -24,21 +24,6 @@ curl -X PUT 'http://localhost:9200/changelog' -d '
const authorizationToken = process.env.AUTH_TOKEN || "hello"; const authorizationToken = process.env.AUTH_TOKEN || "hello";
const port = process.env.APP_PORT || 3000; const port = process.env.APP_PORT || 3000;
function requireAuthentication( req, res, next ){
const userAuth = req.get("AuthorizationToken") || req.query.authorizationToken;
console.log( "userAuth : "+userAuth)
if( userAuth && userAuth === authorizationToken ) next();
else res.end("Auth required");
}
const elasticsearch = require('elasticsearch');
var client = new elasticsearch.Client({
host: process.env.ES_CONNECT,
// log: 'trace',
apiVersion: '7.7'
});
const express = require('express'); const express = require('express');
const app = express(); const app = express();
@ -46,9 +31,6 @@ const app = express();
app.set('view engine', 'pug'); app.set('view engine', 'pug');
app.use(express.static('public')); app.use(express.static('public'));
app.all('*', requireAuthentication)
const bodyParser = require('body-parser'); const bodyParser = require('body-parser');
app.use(bodyParser.json()); app.use(bodyParser.json());
app.use(bodyParser.raw()); app.use(bodyParser.raw());
@ -56,73 +38,30 @@ app.use(bodyParser.text({ type : "text/*" }));
app.disable('x-powered-by'); app.disable('x-powered-by');
const routes = { var cookieParser = require('cookie-parser')
main: (req, res) => { app.use(cookieParser('secret'))
client.search({index:"changelog", "size":100,"sort":"created_at:desc"}).then( (results,err) => { function requireAuthentication( req, res, next ){
res.render('index', { var userAuth = '';
title: 'changelog',
error: err,
data: JSON.stringify( results),
authorizationToken: authorizationToken
});
}); if( req.signedCookies.AuthorizationToken){
userAuth = req.signedCookies.AuthorizationToken;
},
search: (req, res) => {
const query = req.query.q;
const search = {
index:"changelog",
size:100,
body:{
query:{
multi_match:{
query: query
} }
else if( "AuthorizationToken" in req.query ){
userAuth = req.query.AuthorizationToken;
res.cookie('AuthorizationToken', userAuth, {signed: true});
}else if (req.get("AuthorizationToken") ){
userAuth = req.get('AuthorizationToken');
} }
}, console.log( `user : ${userAuth}, auth: ${authorizationToken}` )
sort:"_score,created_at:desc" if( userAuth && userAuth === authorizationToken ){
}; next();
client.search(search).then( (results,err) => {
res.json(results );
}, (err) => {
res.status(404);
res.json({data: {} });
});
},
health: (req, res) => {
// Do an ES request
client.ping({ requestTimeout: 100}).then(
() => {
res.json({"health":100,"msg":"OK"});
}, () => {
res.json({"health":0,"msg":"Lost connection to ES"});
});
},
add: (req, res) => {
const body = req.body;
body.created_at = new Date().toISOString();
client.index({
index: 'changelog',
body: body
}).then( (e) => {
res.end("ok");
}, (e) => {
res.status(400);
res.end("error");
});
} }
}; else res.end("Auth required");}
app.all('*', requireAuthentication);
const routes = require( "./routes");
app.get('/health', routes.health); app.get('/health', routes.health);
app.get('/search', routes.search); app.get('/search', routes.search);
app.post('/*', routes.add); app.post('/*', routes.add);
app.get('/*', routes.main); app.get('/*', routes.main);
app.patch('/*', routes.main); app.patch('/*', routes.main);

9
package-lock.json generated
View File

@ -212,6 +212,15 @@
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz", "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
"integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==" "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
}, },
"cookie-parser": {
"version": "1.4.5",
"resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz",
"integrity": "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==",
"requires": {
"cookie": "0.4.0",
"cookie-signature": "1.0.6"
}
},
"cookie-signature": { "cookie-signature": {
"version": "1.0.6", "version": "1.0.6",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",

View File

@ -10,6 +10,7 @@
"license": "GPLv3", "license": "GPLv3",
"dependencies": { "dependencies": {
"body-parser": "^1.18.3", "body-parser": "^1.18.3",
"cookie-parser": "^1.4.5",
"elasticsearch": "^16.7.1", "elasticsearch": "^16.7.1",
"express": "^4.17.1", "express": "^4.17.1",
"lodash": "^4.17.10", "lodash": "^4.17.10",

73
routes/index.js Normal file
View File

@ -0,0 +1,73 @@
"use strict"
const elasticsearch = require('elasticsearch');
var client = new elasticsearch.Client({
host: process.env.ES_CONNECT,
// log: 'trace',
apiVersion: '7.7'
});
const routes = {
main: (req, res) => {
client.search({index:"changelog", "size":100,"sort":"created_at:desc"}).then( (results,err) => {
res.render('index', {
title: 'changelog',
error: err,
data: JSON.stringify( results),
authorizationToken: process.env.AUTH_TOKEN
});
});
},
search: (req, res) => {
const query = req.query.q;
const search = {
index:"changelog",
size:100,
body:{
query:{
multi_match:{
query: query
}
}
},
sort:"_score,created_at:desc"
};
client.search(search).then( (results,err) => {
res.json(results );
}, (err) => {
res.status(404);
res.json({data: {} });
});
},
health: (req, res) => {
// Do an ES request
client.ping({ requestTimeout: 100}).then(
() => {
res.json({"health":100,"msg":"OK"});
}, () => {
res.json({"health":0,"msg":"Lost connection to ES"});
});
},
add: (req, res) => {
const body = req.body;
body.created_at = new Date().toISOString();
client.index({
index: 'changelog',
body: body
}).then( (e) => {
res.end("ok");
}, (e) => {
res.status(400);
res.end("error");
});
}
};
module.exports = routes;

View File

@ -31,6 +31,5 @@ html(lang="en")
script. script.
var initData = !{data}; var initData = !{data};
var authorizationToken = " !{authorizationToken}";
script(type = "text/javascript",src='/js/app.js') script(type = "text/javascript",src='/js/app.js')