From 1949f1522d937aa7ee3a2acd5abacafa879fdf70 Mon Sep 17 00:00:00 2001
From: Jonasz Bigda <jonasz@bankai.pl>
Date: Wed, 10 Feb 2021 19:09:24 +0100
Subject: [PATCH] admin data

---
 app.js               |  6 ------
 config/index.js      |  3 +--
 routes/routeAdmin.js | 14 +++++++-------
 services/services.js | 12 ------------
 4 files changed, 8 insertions(+), 27 deletions(-)

diff --git a/app.js b/app.js
index f5e1fa8..6644915 100644
--- a/app.js
+++ b/app.js
@@ -3,12 +3,6 @@ const { port, dbPass, cookiesSecret } = config;
 const express = require("express");
 const app = express();
 const loaders = require("./loaders/index.js");
-
-/* const crypto = require("crypto")
-crypto.generateKeyPair("rsa", { modulusLength: 2048 }, (err, publicKey, privateKey) => {
-  console.log(publicKey.export({ format: "pem", type: "pkcs1" }))
-  console.log(privateKey.export({ format: "pem", type: "pkcs1" }))
-}) */
 //
 // Server init function
 //
diff --git a/config/index.js b/config/index.js
index d4021e0..943e1cb 100644
--- a/config/index.js
+++ b/config/index.js
@@ -12,5 +12,4 @@ exports.jwtSecret = process.env.JWT_SECRET;
 exports.MAIL_PASS = process.env.MAIL_PASS;
 exports.s3_key = process.env.S3_KEY;
 exports.s3_secret = process.env.S3_SECRET;
-exports.appkey = process.env.APP_KEY
-exports.publicKey = process.env.PUBLIC_KEY
\ No newline at end of file
+exports.appkey = process.env.APP_KEY
\ No newline at end of file
diff --git a/routes/routeAdmin.js b/routes/routeAdmin.js
index 482cd45..8aeb9b1 100644
--- a/routes/routeAdmin.js
+++ b/routes/routeAdmin.js
@@ -1,23 +1,23 @@
 const express = require("express");
+const jwt = require('jsonwebtoken')
 const { appkey } = require("../config")
 const { fetchAllAdminData } = require("../services/databaseServices.js");
 const {
     newError,
-    handleError,
-    encryptRSA
+    handleError
   } = require("../services/services.js");
 
 var router = express.Router();
 
 router.post("/getall", async (req, res) => {
     try {
-        if(req.body.key === appkey){
-            const results = await fetchAllAdminData();
-            const encrypted = encryptRSA(results)
-            res.send(encrypted) 
-        } else {
+        const verified = jwt.verify(req.body.token, appkey, {ignoreExpiration: false})
+        if(!verified){
             throw newError("Brak dostępu", 403)
         }
+        const results = await fetchAllAdminData();
+        const encrypted = jwt.sign(results, appkey, {expiresIn: "30m"})
+        res.send(encrypted) 
     } catch (error) {
         handleError(error, res)
     }
diff --git a/services/services.js b/services/services.js
index 4f0f58c..ebdfbca 100644
--- a/services/services.js
+++ b/services/services.js
@@ -26,17 +26,6 @@ function handleError(error, responseObject) {
   }
 }
 
-function encryptRSA(data) {
-  const encrypted = crypto.publicEncrypt({
-    key: publicKey,
-    padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
-    oaepHash: "sha256"
-  },
-    Buffer.from(JSON.stringify(data))
-  )
-  return encrypted;
-}
-
 async function validateRestaurant(id) {
   if (!mongoose.Types.ObjectId.isValid(id))
     throw newError("Nieprawidłowy ID", 204);
@@ -205,4 +194,3 @@ exports.hashPass = hashPass;
 exports.saveImage = saveImage;
 exports.generateRefreshToken = generateRefreshToken;
 exports.validateRefreshToken = validateRefreshToken;
-exports.encryptRSA = encryptRSA