surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Manage multiple login, in different browsers... Multi Token...

Browse Source
This commit is contained in:
Paolo Arena
2019-02-09 18:03:14 +01:00
parent 318ff7a798
commit 636ee92786
8 changed files with 50 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server/middleware/authenticate.js
View File

@@ -1,3 +1,5 @@
const server_constants = require('../tools/server_constants');
var {User} = require('../models/user');
const tools = require('../tools/general');
@@ -5,20 +7,25 @@ const tools = require('../tools/general');
var authenticate = (req, res, next) => {
var token = req.header('x-auth');
tools.mylogshow("TOKEN = " + token);
const useragent = req.get('User-Agent');
User.findByToken(token).then((user) => {
tools.mylog("TOKEN = ", token);
tools.mylog("USER-AGENT = ", useragent);
User.findByToken(token, 'auth ' + useragent).then((user) => {
if (!user) {
return Promise.reject();
tools.mylogshow("TOKEN NOT FOUND! Maybe Connected to other Page");
return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);
// res.status().send();
}
tools.mylogshow('userid', user._id)
tools.mylog('userid', user._id);
req.user = user;
req.token = token;
next();
}).catch((e) => {
tools.mylogshow("ERR = " + e);
res.status(401).send();
tools.mylogshow("ERR =", e);
res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send();
});
};

22
server/models/user.js
View File

@@ -4,6 +4,8 @@ const validator = require('validator');
const jwt = require('jsonwebtoken');
const _ = require('lodash');
const tools = require('../tools/general');
mongoose.Promise = global.Promise;
mongoose.level = "F";
@@ -80,19 +82,23 @@ UserSchema.methods.toJSON = function () {
return _.pick(userObject, ['_id', 'email', 'verified_email', 'username', 'userId']);
};
UserSchema.methods.generateAuthToken = function () {
UserSchema.methods.generateAuthToken = function (req) {
// console.log("GENERA TOKEN : ");
var user = this;
var access = 'auth';
const useragent = req.get('User-Agent');
tools.mylog("GENERATE USER-AGENT = ", useragent);
var access = 'auth ' + useragent;
var token = jwt.sign({ _id: user._id.toHexString(), access }, process.env.SIGNCODE).toString();
// CANCELLA I PRECEDENTI !
user.tokens = [];
// CANCELLA IL PRECEDENTE !
user.tokens = user.tokens.filter(function(tok) { return tok.access !== access; });
user.tokens.push({ access, token });
return user.save()
.then(() => {
//console.log("TOKEN USCITA : " + token)
console.log("TOKEN CREATO IN LOGIN : " + token)
return token;
})
.catch(err => {
@@ -100,20 +106,20 @@ UserSchema.methods.generateAuthToken = function () {
});
};
UserSchema.statics.findByToken = function (token) {
UserSchema.statics.findByToken = function (token, typeaccess) {
var User = this;
var decoded;
try {
decoded = jwt.verify(token, process.env.SIGNCODE);
} catch (e) {
return Promise.reject();
return Promise.resolve(null);
}
return User.findOne({
'_id': decoded._id,
'tokens.token': token,
'tokens.access': 'auth'
'tokens.access': typeaccess
});
};

2
server/router/index_router.js
View File

@@ -87,7 +87,7 @@ router.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
user.password = password;
// Crea token
user.generateAuthToken().then(token => {
user.generateAuthToken(req).then(token => {
user.tokenforgot = ''; // Svuota il tokenforgot perché non ti servirà più...
// Salva lo User

12
server/router/todos_router.js
View File

@@ -38,7 +38,7 @@ router.post('/', authenticate, (req, res) => {
return res.status(404).send({ code: server_constants.RIS_CODE_TODO_CREATING_NOTMYUSER });
}
tools.mylog('POST ', todo.descr);
tools.mylog('POST :', todo.descr, todo._id);
todo.modified = false;
if (!todo.descr) {
@@ -51,7 +51,7 @@ router.post('/', authenticate, (req, res) => {
let idobj = writeresult._id;
Todo.findById(idobj)
.then(record => {
tools.mylog('REC SAVED :', record);
tools.mylog('REC SAVED :', record.descr);
res.send({record});
})
}).catch((e) => {
@@ -154,6 +154,8 @@ router.patch('/:id', authenticate, (req, res) => {
todo.modified = false;
tools.mylog('PATCH ', todo.descr, todo._id);
res.send({todo});
}).catch((e) => {
res.status(400).send();
@@ -178,7 +180,7 @@ router.get('/:userId', authenticate, (req, res) => {
// Extract all the todos of the userId only
Todo.findAllByUserId(userId).then((todos) => {
tools.mylog('todos', todos)
// tools.mylog('todos', todos)
res.send({ todos });
}).catch((e) => {
console.log(e);
@@ -187,7 +189,7 @@ router.get('/:userId', authenticate, (req, res) => {
});
router.delete('/:id', (req, res) => {
router.delete('/:id', authenticate, (req, res) => {
var id = req.params.id;
if (!ObjectID.isValid(id)) {
@@ -199,6 +201,8 @@ router.delete('/:id', (req, res) => {
return res.status(404).send();
}
tools.mylog('DELETED ', todo.descr, todo._id);
res.send({todo});
}).catch((e) => {
res.status(400).send();

10
server/router/users_router.js
View File

@@ -36,7 +36,7 @@ router.post('/', (req, res) => {
tools.mylog("TROVATO USERNAME ? ", user.username, usertrovato);
if (usertrovato !== null) {
return user.generateAuthToken();
return user.generateAuthToken(req);
} else {
res.status(11100).send();
return 0;
@@ -76,7 +76,7 @@ router.post('/login', (req, res) => {
var body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']);
var user = new User(body);
tools.mylog("username: " + user.username + " pwd = " + user.password);
tools.mylog("LOGIN: username: " + user.username + " pwd = " + user.password);
tools.mylog("user REC:", user);
@@ -91,7 +91,7 @@ router.post('/login', (req, res) => {
tools.mylogshow("NOT FOUND !");
res.status(404).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
} else {
return user.generateAuthToken().then((token) => {
return user.generateAuthToken(req).then((token) => {
var usertosend = User();
usertosend.username = user.username;
usertosend.email = user.email;
@@ -105,10 +105,12 @@ router.post('/login', (req, res) => {
// tools.mylog(usertosend);
res.header('x-auth', token).send({usertosend, code: server_constants.RIS_CODE_OK});
// tools.mylog("TROVATOOO!");
tools.mylog('FINE LOGIN')
});
}
}).catch((e) => {
tools.mylog("ERR: " + e);
tools.mylog("ERRORE IN LOGIN: " + e);
res.status(400).send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC });
});
});

1
server/server.js
View File

@@ -120,4 +120,3 @@ if (process.env.NODE_ENV === 'production') {
//});
module.exports = { app };

9
server/tests/server.test.js
View File

@@ -170,12 +170,12 @@ describe('DELETE /users/me/token', () => {
});
});
it('should return 401 deleting an invalid token', (done) => {
it('should return 403 deleting with an invalid token', (done) => {
request(app)
.delete('/users/me/token')
.set('x-auth', users[0].tokens[0].token + '1')
.send()
.expect(401)
.expect(403)
.end((err, res) => {
if (err) {
return done(err);
@@ -276,14 +276,15 @@ describe('GET /todos/:id', () => {
.end(done);
});
it('should return [] if user not found', (done) => {
it('FORBIDDEN ! should return [] if user not found', (done) => {
var hexId = new ObjectID().toHexString();
request(app)
.get(`/todos/${users[0]._id + '111'}`)
.get(`/todos/${hexId}`)
.set('x-auth', users[0].tokens[0].token)
.expect(404)
.expect((res) => {
console.log('res', res.status)
expect(res.body.todos).toBe(undefined);
})
.end(done);

3
server/tools/server_constants.js
View File

@@ -10,4 +10,7 @@ module.exports = Object.freeze({
RIS_CODE_OK: 1,
RIS_CODE_LOGIN_OK: 1,
RIS_CODE_HTTP_INVALID_TOKEN: 403,
});