surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gestione Refresh Token Completata !

Browse Source
This commit is contained in:
Surya Paolo
2024-04-11 11:43:19 +02:00
parent 07c210c59e
commit c2d76ff10a
12 changed files with 51 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env.dev.pcb
View File

@@ -33,7 +33,7 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400 REFRESH_TOKEN_LIFE=7d
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

2
.env.dev.riso
View File

@@ -33,7 +33,7 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400 REFRESH_TOKEN_LIFE=7d
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

8
.env.development
View File

@@ -1,11 +1,11 @@
DATABASE=test_PiuCheBuono DATABASE=test_FreePlanet
UDB=paofreeplanet UDB=paofreeplanet
PDB=mypassword@1A PDB=mypassword@1A
SEND_EMAIL=0 SEND_EMAIL=0
SEND_EMAIL_ORDERS=1 SEND_EMAIL_ORDERS=1
PORT=3000 PORT=3000
appTelegram_TEST=["1","17"] appTelegram_TEST=["1","13"]
appTelegram=["1","17"] appTelegram=["1","13"]
DOMAIN=mongodb://localhost:27017/ DOMAIN=mongodb://localhost:27017/
AUTH_MONGODB=true AUTH_MONGODB=true
MONGODB_USER=admin MONGODB_USER=admin
@@ -33,7 +33,7 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400 REFRESH_TOKEN_LIFE=7d
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

2
.env.prod.pcb
View File

@@ -31,5 +31,5 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
SECRTK=jAxKm02emx5SeJvz2IGmtRf6YqCgope SECRTK=jAxKm02emx5SeJvz2IGmtRf6YqCgope
TOKEN_LIFE=2h TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400 REFRESH_TOKEN_LIFE=7d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNVZZ AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNVZZ

2
.env.test.pcb
View File

@@ -30,5 +30,5 @@ PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=2h TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400 REFRESH_TOKEN_LIFE=7d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV

2
.env.test.risosrv
View File

@@ -27,5 +27,5 @@ PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=2h TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400 REFRESH_TOKEN_LIFE=7d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV

5
emails/ecommerce/makeorder/it/html.pug
View File

@@ -75,6 +75,11 @@ html
- var qty = rec.order.quantity - var qty = rec.order.quantity
- var qtypreordered = rec.order.quantitypreordered - var qtypreordered = rec.order.quantitypreordered
if (rec.order.product.productInfo.sfuso && rec.order.product.productInfo.weight)
qtypreordered = (qtypreordered * rec.order.product.productInfo.weight);
else
qtypreordered = qtypreordered + ' x ' + rec.order.product.productInfo.weight;
- var unit = rec.order.product.productInfo.unitstr - var unit = rec.order.product.productInfo.unitstr
- index = index + 1 - index = index + 1

10
src/server/middleware/authenticate.js
View File

@@ -13,7 +13,7 @@ const auth_default = (req, res, next) => {
const authenticate = (req, res, next) => { const authenticate = (req, res, next) => {
const token = req.header('x-auth'); const token = req.header('x-auth');
//const refreshToken = req.header('x-refrTok'); //const refreshToken = req.header('x-refrtok');
// console.log('authenticate... '); // console.log('authenticate... ');
@@ -55,7 +55,7 @@ const authenticate = (req, res, next) => {
req.token = token; req.token = token;
// req.refreshToken = refreshToken; // req.refreshToken = refreshToken;
req.access = access; req.access = access;
next(); next(); // Esegui il codice successivo
}); });
} }
// tools.mylog('userid', user._id); // tools.mylog('userid', user._id);
@@ -72,7 +72,7 @@ const authenticate = (req, res, next) => {
const authenticate_noerror = (req, res, next) => { const authenticate_noerror = (req, res, next) => {
try { try {
const token = req.header('x-auth'); const token = req.header('x-auth');
const refreshToken = req.header('x-refrTok'); const refreshToken = req.header('x-refrtok');
const access = 'auth'; const access = 'auth';
@@ -81,17 +81,21 @@ const authenticate_noerror = (req, res, next) => {
req.user = null; req.user = null;
req.token = null; req.token = null;
req.access = null; req.access = null;
req.code = ris.code;
} else { } else {
req.user = ris.user; req.user = ris.user;
req.token = token; req.token = token;
req.refreshToken = refreshToken; req.refreshToken = refreshToken;
req.access = access; req.access = access;
req.code = ris.code;
} }
// Vai avanti ad eseguire il codice, in ogni modo !
next(); next();
}).catch((e) => { }).catch((e) => {
req.user = null; req.user = null;
req.token = null; req.token = null;
req.access = null; req.access = null;
req.code = 0;
}); });
} catch (e) { } catch (e) {
console.error('Err', e); console.error('Err', e);

12
src/server/models/user.js
View File

@@ -63,6 +63,7 @@ const UserSchema = new mongoose.Schema({
type: String, type: String,
required: true, required: true,
}, },
group: { group: {
type: Number, type: Number,
}, },
@@ -538,9 +539,11 @@ UserSchema.methods.generateAuthToken = function (req) {
let token = null; let token = null;
let numsec = process.env.TOKEN_LIFE;
if (attiva_scadenza) if (attiva_scadenza)
token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username }, token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SIGNCODE, { expiresIn: process.env.TOKEN_LIFE }).toString(); process.env.SIGNCODE, { expiresIn: numsec }).toString();
else else
token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username }, token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SIGNCODE).toString(); process.env.SIGNCODE).toString();
@@ -560,6 +563,7 @@ UserSchema.methods.generateAuthToken = function (req) {
user.lasttimeonline = new Date(); user.lasttimeonline = new Date();
return user.save().then(() => { return user.save().then(() => {
console.log('Salvato refreshToken su DB', refreshToken);
// console.log("TOKEN CREATO IN LOGIN : " + token); // console.log("TOKEN CREATO IN LOGIN : " + token);
return { token, refreshToken }; return { token, refreshToken };
}).catch(err => { }).catch(err => {
@@ -721,10 +725,9 @@ UserSchema.statics.findByToken = async function (token, typeaccess, con_auth) {
if (e.expiredAt) { if (e.expiredAt) {
code = server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED;
if (con_auth) { if (con_auth) {
return { user: null, code: server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED }; return { user: null, code };
} else {
} }
} else { } else {
console.error('Err findByToken:', e); console.error('Err findByToken:', e);
@@ -765,6 +768,7 @@ UserSchema.statics.findByTokenAnyAccess = function (token) {
try { try {
decoded = jwt.verify(token, process.env.SIGNCODE); decoded = jwt.verify(token, process.env.SIGNCODE);
} catch (e) { } catch (e) {
console.error('Err findByTokenAnyAccess:', e);
return Promise.resolve(null); return Promise.resolve(null);
} }

21
src/server/router/index_router.js
View File

@@ -260,7 +260,7 @@ router.post(process.env.LINK_UPDATE_PWD, async (req, res) => {
// Salva lo User // Salva lo User
user.save().then(() => { user.save().then(() => {
res.header('x-auth', ris.token) res.header('x-auth', ris.token)
.header('x-refrTok', ris.refreshToken) .header('x-refrtok', ris.refreshToken)
.send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno .send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno
}); });
}); });
@@ -1384,12 +1384,12 @@ router.get('/loadsite/:userId/:idapp', authenticate_noerror, (req, res) => {
}); });
router.get('/loadsite/:userId/:idapp/:vers', authenticate_noerror, router.get('/loadsite/:userId/:idapp/:vers', authenticate_noerror,
(req, res) => { async (req, res) => {
let versionstr = req.params.vers; let versionstr = req.params.vers;
let version = tools.getVersionint(versionstr); let version = tools.getVersionint(versionstr);
load(req, res, version); return await load(req, res, version);
}); });
@@ -1397,6 +1397,12 @@ function load(req, res, version) {
const userId = req.params.userId; const userId = req.params.userId;
const idapp = req.params.idapp; const idapp = req.params.idapp;
let status = 200
if (req.code === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
status = server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED
}
if (!version) { if (!version) {
version = '0'; version = '0';
} }
@@ -1585,7 +1591,7 @@ function load(req, res, version) {
} catch (e) { } } catch (e) { }
} }
if (version < 91) { if (version < 91) {
res.send({ res.status(status).send({
bookedevent: arrdata[0], bookedevent: arrdata[0],
eventlist: arrdata[1], eventlist: arrdata[1],
operators: arrdata[2], operators: arrdata[2],
@@ -1612,7 +1618,7 @@ function load(req, res, version) {
internalpages: arrdata[23], internalpages: arrdata[23],
}); });
} else { } else {
res.send({ res.status(status).send({
bookedevent: arrdata[0], bookedevent: arrdata[0],
eventlist: arrdata[1], eventlist: arrdata[1],
operators: arrdata[2], operators: arrdata[2],
@@ -1663,6 +1669,7 @@ function load(req, res, version) {
subcatprods: arrdata[46], subcatprods: arrdata[46],
catprods_gas: arrdata[47], catprods_gas: arrdata[47],
catAI: arrdata[48], catAI: arrdata[48],
code: req.code,
}); });
const prova = 1; const prova = 1;
@@ -1680,7 +1687,7 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate_noerror, async (req, res
// console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId); // console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId);
if (!req.user) { if (!req.user) {
return res.status(404).send(); return res.status(200).send();
} }
await CfgServer.find({ idapp }).then((arrcfgrec) => { await CfgServer.find({ idapp }).then((arrcfgrec) => {
@@ -1702,7 +1709,7 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate_noerror, async (req, res
if (!ObjectID.isValid(userId)) { if (!ObjectID.isValid(userId)) {
return res.status(404).send(); return res.status(404).send();
} }
last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp); last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp);
last_notifs = SendNotif.findLastNotifsByUserIdAndIdApp(req.user.username, idapp, 40); last_notifs = SendNotif.findLastNotifsByUserIdAndIdApp(req.user.username, idapp, 40);

12
src/server/router/users_router.js
View File

@@ -301,7 +301,7 @@ router.post('/', async (req, res) => {
const { token, refreshToken } = await myuser.generateAuthToken(req); const { token, refreshToken } = await myuser.generateAuthToken(req);
res res
.header('x-auth', token) .header('x-auth', token)
.header('x-refrTok', refreshToken) .header('x-refrtok', refreshToken)
.send(myuser); .send(myuser);
return true; return true;
} }
@@ -363,7 +363,7 @@ router.post('/', async (req, res) => {
// } // }
res res
.header('x-auth', ris.token) .header('x-auth', ris.token)
.header('x-refrTok', ris.refreshToken) .header('x-refrtok', ris.refreshToken)
.send(user); .send(user);
return true; return true;
}); });
@@ -619,11 +619,13 @@ router.post('/newtok', async (req, res) => {
// Ottieni l'utente in base al refreshtoken // Ottieni l'utente in base al refreshtoken
const recFound = await User.findOne({ 'tokens.refreshToken': refreshToken }); const recFound = await User.findOne({ 'tokens.refreshToken': refreshToken });
console.log('recFound', recFound ? recFound.name : 'NOTFOUND', 'Token=', refreshToken);
if (recFound) { if (recFound) {
return recFound.generateAuthToken(req) return recFound.generateAuthToken(req)
.then((ris) => { .then((ris) => {
return res.status(200).send({ return res.status(200).send({
usertosend, usertosend: recFound,
token: ris.token, token: ris.token,
refreshToken: ris.refreshToken refreshToken: ris.refreshToken
}); });
@@ -634,7 +636,7 @@ router.post('/newtok', async (req, res) => {
console.error('Err', e); console.error('Err', e);
} }
res.status(404).send({ code: server_constants.RIS_CODE_LOGIN_ERR }); res.status(404).send({ code: server_constants.RIS_CODE_HTTP_INVALID_TOKEN });
}); });
@@ -722,7 +724,7 @@ router.post('/login', (req, res) => {
// SEND TOKEN AND CODE RESULT // SEND TOKEN AND CODE RESULT
return res return res
.header('x-auth', myris.token) .header('x-auth', myris.token)
.header('x-refrTok', myris.refreshToken) .header('x-refrtok', myris.refreshToken)
.send({ .send({
usertosend: myris.usertosend, usertosend: myris.usertosend,
code: server_constants.RIS_CODE_OK, code: server_constants.RIS_CODE_OK,

2
src/server/server.js
View File

@@ -157,7 +157,7 @@ myLoad().then(ris => {
}); });
app.use(cors({ app.use(cors({
exposedHeaders: ['x-auth', 'x-refrTok'], exposedHeaders: ['x-auth', 'x-refrtok'],
})); }));
app.use(bodyParser.json()); app.use(bodyParser.json());