[enh] there should be a signed cookie authentification
This commit is contained in:
parent
69734ba649
commit
61fae38dde
101
index.js
101
index.js
@ -24,21 +24,6 @@ curl -X PUT 'http://localhost:9200/changelog' -d '
|
||||
const authorizationToken = process.env.AUTH_TOKEN || "hello";
|
||||
const port = process.env.APP_PORT || 3000;
|
||||
|
||||
function requireAuthentication( req, res, next ){
|
||||
const userAuth = req.get("AuthorizationToken") || req.query.authorizationToken;
|
||||
console.log( "userAuth : "+userAuth)
|
||||
if( userAuth && userAuth === authorizationToken ) next();
|
||||
else res.end("Auth required");
|
||||
}
|
||||
|
||||
|
||||
const elasticsearch = require('elasticsearch');
|
||||
var client = new elasticsearch.Client({
|
||||
host: process.env.ES_CONNECT,
|
||||
// log: 'trace',
|
||||
apiVersion: '7.7'
|
||||
});
|
||||
|
||||
|
||||
const express = require('express');
|
||||
const app = express();
|
||||
@ -46,9 +31,6 @@ const app = express();
|
||||
app.set('view engine', 'pug');
|
||||
app.use(express.static('public'));
|
||||
|
||||
app.all('*', requireAuthentication)
|
||||
|
||||
|
||||
const bodyParser = require('body-parser');
|
||||
app.use(bodyParser.json());
|
||||
app.use(bodyParser.raw());
|
||||
@ -56,73 +38,30 @@ app.use(bodyParser.text({ type : "text/*" }));
|
||||
app.disable('x-powered-by');
|
||||
|
||||
|
||||
const routes = {
|
||||
main: (req, res) => {
|
||||
client.search({index:"changelog", "size":100,"sort":"created_at:desc"}).then( (results,err) => {
|
||||
res.render('index', {
|
||||
title: 'changelog',
|
||||
error: err,
|
||||
data: JSON.stringify( results),
|
||||
authorizationToken: authorizationToken
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
},
|
||||
search: (req, res) => {
|
||||
const query = req.query.q;
|
||||
const search = {
|
||||
index:"changelog",
|
||||
size:100,
|
||||
body:{
|
||||
query:{
|
||||
multi_match:{
|
||||
query: query
|
||||
}
|
||||
}
|
||||
},
|
||||
sort:"_score,created_at:desc"
|
||||
};
|
||||
client.search(search).then( (results,err) => {
|
||||
res.json(results );
|
||||
|
||||
}, (err) => {
|
||||
res.status(404);
|
||||
res.json({data: {} });
|
||||
});
|
||||
|
||||
},
|
||||
health: (req, res) => {
|
||||
|
||||
// Do an ES request
|
||||
client.ping({ requestTimeout: 100}).then(
|
||||
() => {
|
||||
res.json({"health":100,"msg":"OK"});
|
||||
}, () => {
|
||||
res.json({"health":0,"msg":"Lost connection to ES"});
|
||||
});
|
||||
},
|
||||
add: (req, res) => {
|
||||
|
||||
const body = req.body;
|
||||
body.created_at = new Date().toISOString();
|
||||
client.index({
|
||||
index: 'changelog',
|
||||
body: body
|
||||
}).then( (e) => {
|
||||
res.end("ok");
|
||||
|
||||
}, (e) => {
|
||||
res.status(400);
|
||||
res.end("error");
|
||||
});
|
||||
}
|
||||
};
|
||||
var cookieParser = require('cookie-parser')
|
||||
app.use(cookieParser('secret'))
|
||||
function requireAuthentication( req, res, next ){
|
||||
var userAuth = '';
|
||||
|
||||
if( req.signedCookies.AuthorizationToken){
|
||||
userAuth = req.signedCookies.AuthorizationToken;
|
||||
}
|
||||
else if( "AuthorizationToken" in req.query ){
|
||||
userAuth = req.query.AuthorizationToken;
|
||||
res.cookie('AuthorizationToken', userAuth, {signed: true});
|
||||
}else if (req.get("AuthorizationToken") ){
|
||||
userAuth = req.get('AuthorizationToken');
|
||||
}
|
||||
console.log( `user : ${userAuth}, auth: ${authorizationToken}` )
|
||||
if( userAuth && userAuth === authorizationToken ){
|
||||
next();
|
||||
}
|
||||
else res.end("Auth required");}
|
||||
app.all('*', requireAuthentication);
|
||||
|
||||
const routes = require( "./routes");
|
||||
app.get('/health', routes.health);
|
||||
app.get('/search', routes.search);
|
||||
|
||||
app.post('/*', routes.add);
|
||||
app.get('/*', routes.main);
|
||||
app.patch('/*', routes.main);
|
||||
|
9
package-lock.json
generated
9
package-lock.json
generated
@ -212,6 +212,15 @@
|
||||
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
|
||||
"integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
|
||||
},
|
||||
"cookie-parser": {
|
||||
"version": "1.4.5",
|
||||
"resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz",
|
||||
"integrity": "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==",
|
||||
"requires": {
|
||||
"cookie": "0.4.0",
|
||||
"cookie-signature": "1.0.6"
|
||||
}
|
||||
},
|
||||
"cookie-signature": {
|
||||
"version": "1.0.6",
|
||||
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
|
||||
|
@ -10,6 +10,7 @@
|
||||
"license": "GPLv3",
|
||||
"dependencies": {
|
||||
"body-parser": "^1.18.3",
|
||||
"cookie-parser": "^1.4.5",
|
||||
"elasticsearch": "^16.7.1",
|
||||
"express": "^4.17.1",
|
||||
"lodash": "^4.17.10",
|
||||
|
73
routes/index.js
Normal file
73
routes/index.js
Normal file
@ -0,0 +1,73 @@
|
||||
"use strict"
|
||||
|
||||
const elasticsearch = require('elasticsearch');
|
||||
var client = new elasticsearch.Client({
|
||||
host: process.env.ES_CONNECT,
|
||||
// log: 'trace',
|
||||
apiVersion: '7.7'
|
||||
});
|
||||
|
||||
|
||||
const routes = {
|
||||
main: (req, res) => {
|
||||
client.search({index:"changelog", "size":100,"sort":"created_at:desc"}).then( (results,err) => {
|
||||
res.render('index', {
|
||||
title: 'changelog',
|
||||
error: err,
|
||||
data: JSON.stringify( results),
|
||||
authorizationToken: process.env.AUTH_TOKEN
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
},
|
||||
search: (req, res) => {
|
||||
const query = req.query.q;
|
||||
const search = {
|
||||
index:"changelog",
|
||||
size:100,
|
||||
body:{
|
||||
query:{
|
||||
multi_match:{
|
||||
query: query
|
||||
}
|
||||
}
|
||||
},
|
||||
sort:"_score,created_at:desc"
|
||||
};
|
||||
client.search(search).then( (results,err) => {
|
||||
res.json(results );
|
||||
|
||||
}, (err) => {
|
||||
res.status(404);
|
||||
res.json({data: {} });
|
||||
});
|
||||
|
||||
},
|
||||
health: (req, res) => {
|
||||
|
||||
// Do an ES request
|
||||
client.ping({ requestTimeout: 100}).then(
|
||||
() => {
|
||||
res.json({"health":100,"msg":"OK"});
|
||||
}, () => {
|
||||
res.json({"health":0,"msg":"Lost connection to ES"});
|
||||
});
|
||||
},
|
||||
add: (req, res) => {
|
||||
|
||||
const body = req.body;
|
||||
body.created_at = new Date().toISOString();
|
||||
client.index({
|
||||
index: 'changelog',
|
||||
body: body
|
||||
}).then( (e) => {
|
||||
res.end("ok");
|
||||
|
||||
}, (e) => {
|
||||
res.status(400);
|
||||
res.end("error");
|
||||
});
|
||||
}
|
||||
};
|
||||
module.exports = routes;
|
@ -31,6 +31,5 @@ html(lang="en")
|
||||
|
||||
script.
|
||||
var initData = !{data};
|
||||
var authorizationToken = " !{authorizationToken}";
|
||||
|
||||
script(type = "text/javascript",src='/js/app.js')
|
||||
|
Loading…
Reference in New Issue
Block a user