[enh] there should be a minimal auth

This commit is contained in:
alban 2020-05-16 18:20:04 +02:00
parent aae4e3df8d
commit db9c25363a
4 changed files with 84 additions and 17 deletions

View File

@ -20,6 +20,17 @@ PUT /changelog
"use strict"
const authorizationToken = process.env.AUTH_TOKEN || "hello";
const port = process.env.APP_PORT || 3000;
function requireAuthentication( req, res, next ){
const userAuth = req.get("authorizationToken") || req.query.authorizationToken;
console.log( "userAuth : "+userAuth)
if( userAuth && userAuth === authorizationToken ) next();
else res.end("Auth required");
}
const elasticsearch = require('elasticsearch');
var client = new elasticsearch.Client({
host: process.env.ES_CONNECT,
@ -31,12 +42,11 @@ var client = new elasticsearch.Client({
const express = require('express');
const app = express();
app.set('view engine', 'pug');
app.use(express.static('public'));
app.all('*', requireAuthentication)
const port = process.env.APP_PORT || 3000;
const bodyParser = require('body-parser');
app.use(bodyParser.json());
@ -47,15 +57,32 @@ app.disable('x-powered-by');
const routes = {
main: (req, res) => {
client.search({index:"changelog", "sort":"created_at:desc"}).then( (results,err) => {
res.render('index', { title: 'changelog', error: err, data: JSON.stringify( results) });
client.search({index:"changelog", "size":100,"sort":"created_at:desc"}).then( (results,err) => {
res.render('index', {
title: 'changelog',
error: err,
data: JSON.stringify( results),
authorizationToken: authorizationToken
});
});
},
search: (req, res) => {
const query = req.query.q;
client.search({index:"changelog",body:{query:{multi_match:{query:query}}}}).then( (results,err) => {
const search = {
index:"changelog",
size:100,
body:{
query:{
multi_match:{
query: query
}
}
},
sort:"_score,created_at:desc"
};
client.search(search).then( (results,err) => {
res.json(results );
}, (err) => {

20
public/css/site.css Normal file
View File

@ -0,0 +1,20 @@
/*
Created on : 16 mai 2020
Author : alban
*/
.log {
margin-bottom: 10px;
border-top: 1px solid #eee;
padding-top: 6px;
}
.log h4 {
white-space: pre;
font-family: monospace;
}
.log p {
color: #666;
}

View File

@ -1,24 +1,37 @@
/* global initData */
/* global initData, authorizationToken */
// List of HTML entities for escaping.
var htmlEscapes = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#x27;',
'/': '&#x2F;'
};
/**
*
* @type type
*/
const serviceContainer = {};
// Regex containing the keys listed immediately above.
var htmlEscaper = /[&<>"'\/]/g;
// Escape a string for HTML interpolation.
escape = function(string) {
return ('' + string).replace(htmlEscaper, function(match) {
return htmlEscapes[match];
});
};
function updatePage(data){
var content = "";
$.each(data.hits.hits, (k,v)=>{
var item = v._source;
content += `
<div class="log row-fluid">
<div class="span9">
<p>${item.created_at} ${item.author} ${item.server}
<h4> ${item.content}</h4>
<p>${escape(item.created_at)} -- ${escape(item.author)} -- ${escape(item.server)}
<h4> ${escape(item.content)}</h4>
</span>
</div>
`;
@ -27,12 +40,17 @@ function updatePage(data){
}
$("input").on("keydown",function(e){
$("input").on("keyup",function(e){
const el = $(e.target);
const val = el.val();
if( val.length < 3 ){ return; }
$.ajax("/search",{
data: {q:val}
beforeSend: function(request) {
request.setRequestHeader("authorizationToken", authorizationToken);
},
data: {
q:val,
}
})
.done(function(data) {
updatePage(data);

View File

@ -6,7 +6,7 @@ html(lang="en")
meta(charset='utf-8')
meta(name='viewport', content='width=device-width, initial-scale=1')
link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css')
script(type = "text/javascript",src='/js/lodash.min.js')
link(rel='stylesheet', href='css/site.css')
script(type = "text/javascript",src='https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js')
body
<nav class="navbar navbar-expand-lg navbar-light bg-light justify-content-between">
@ -31,4 +31,6 @@ html(lang="en")
script.
var initData = !{data};
var authorizationToken = " !{authorizationToken}";
script(type = "text/javascript",src='/js/app.js')