[enh] there should be a minimal auth

This commit is contained in:
alban 2020-05-16 18:20:04 +02:00
parent aae4e3df8d
commit db9c25363a
4 changed files with 84 additions and 17 deletions

View File

@ -20,6 +20,17 @@ PUT /changelog
"use strict" "use strict"
const authorizationToken = process.env.AUTH_TOKEN || "hello";
const port = process.env.APP_PORT || 3000;
function requireAuthentication( req, res, next ){
const userAuth = req.get("authorizationToken") || req.query.authorizationToken;
console.log( "userAuth : "+userAuth)
if( userAuth && userAuth === authorizationToken ) next();
else res.end("Auth required");
}
const elasticsearch = require('elasticsearch'); const elasticsearch = require('elasticsearch');
var client = new elasticsearch.Client({ var client = new elasticsearch.Client({
host: process.env.ES_CONNECT, host: process.env.ES_CONNECT,
@ -31,12 +42,11 @@ var client = new elasticsearch.Client({
const express = require('express'); const express = require('express');
const app = express(); const app = express();
app.set('view engine', 'pug'); app.set('view engine', 'pug');
app.use(express.static('public')); app.use(express.static('public'));
app.all('*', requireAuthentication)
const port = process.env.APP_PORT || 3000;
const bodyParser = require('body-parser'); const bodyParser = require('body-parser');
app.use(bodyParser.json()); app.use(bodyParser.json());
@ -47,15 +57,32 @@ app.disable('x-powered-by');
const routes = { const routes = {
main: (req, res) => { main: (req, res) => {
client.search({index:"changelog", "sort":"created_at:desc"}).then( (results,err) => { client.search({index:"changelog", "size":100,"sort":"created_at:desc"}).then( (results,err) => {
res.render('index', { title: 'changelog', error: err, data: JSON.stringify( results) }); res.render('index', {
title: 'changelog',
error: err,
data: JSON.stringify( results),
authorizationToken: authorizationToken
});
}); });
}, },
search: (req, res) => { search: (req, res) => {
const query = req.query.q; const query = req.query.q;
client.search({index:"changelog",body:{query:{multi_match:{query:query}}}}).then( (results,err) => { const search = {
index:"changelog",
size:100,
body:{
query:{
multi_match:{
query: query
}
}
},
sort:"_score,created_at:desc"
};
client.search(search).then( (results,err) => {
res.json(results ); res.json(results );
}, (err) => { }, (err) => {

20
public/css/site.css Normal file
View File

@ -0,0 +1,20 @@
/*
Created on : 16 mai 2020
Author : alban
*/
.log {
margin-bottom: 10px;
border-top: 1px solid #eee;
padding-top: 6px;
}
.log h4 {
white-space: pre;
font-family: monospace;
}
.log p {
color: #666;
}

View File

@ -1,24 +1,37 @@
/* global initData */ /* global initData, authorizationToken */
// List of HTML entities for escaping.
var htmlEscapes = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#x27;',
'/': '&#x2F;'
};
/** // Regex containing the keys listed immediately above.
* var htmlEscaper = /[&<>"'\/]/g;
* @type type
*/
const serviceContainer = {};
// Escape a string for HTML interpolation.
escape = function(string) {
return ('' + string).replace(htmlEscaper, function(match) {
return htmlEscapes[match];
});
};
function updatePage(data){ function updatePage(data){
var content = ""; var content = "";
$.each(data.hits.hits, (k,v)=>{ $.each(data.hits.hits, (k,v)=>{
var item = v._source; var item = v._source;
content += ` content += `
<div class="log row-fluid"> <div class="log row-fluid">
<div class="span9"> <div class="span9">
<p>${item.created_at} ${item.author} ${item.server} <p>${escape(item.created_at)} -- ${escape(item.author)} -- ${escape(item.server)}
<h4> ${item.content}</h4> <h4> ${escape(item.content)}</h4>
</span> </span>
</div> </div>
`; `;
@ -27,12 +40,17 @@ function updatePage(data){
} }
$("input").on("keydown",function(e){ $("input").on("keyup",function(e){
const el = $(e.target); const el = $(e.target);
const val = el.val(); const val = el.val();
if( val.length < 3 ){ return; } if( val.length < 3 ){ return; }
$.ajax("/search",{ $.ajax("/search",{
data: {q:val} beforeSend: function(request) {
request.setRequestHeader("authorizationToken", authorizationToken);
},
data: {
q:val,
}
}) })
.done(function(data) { .done(function(data) {
updatePage(data); updatePage(data);

View File

@ -6,7 +6,7 @@ html(lang="en")
meta(charset='utf-8') meta(charset='utf-8')
meta(name='viewport', content='width=device-width, initial-scale=1') meta(name='viewport', content='width=device-width, initial-scale=1')
link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css') link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css')
script(type = "text/javascript",src='/js/lodash.min.js') link(rel='stylesheet', href='css/site.css')
script(type = "text/javascript",src='https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js') script(type = "text/javascript",src='https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js')
body body
<nav class="navbar navbar-expand-lg navbar-light bg-light justify-content-between"> <nav class="navbar navbar-expand-lg navbar-light bg-light justify-content-between">
@ -31,4 +31,6 @@ html(lang="en")
script. script.
var initData = !{data}; var initData = !{data};
var authorizationToken = " !{authorizationToken}";
script(type = "text/javascript",src='/js/app.js') script(type = "text/javascript",src='/js/app.js')