jonaszbigda/menui_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes and upgrades (logging in / CORS headers expose / registering)

Browse Source
This commit is contained in:
Jonasz Bigda
2020-08-09 17:50:03 +02:00
parent 91cba76bff
commit 65939f314f
5 changed files with 23 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
loaders/express.js
View File

@@ -16,7 +16,7 @@ export default ({ app, secret }) => {
max: 100, //requests from a single IP for a time window
});
app.use(cors());
app.use(cors({ exposedHeaders: "x-auth-token" }));
app.use(helmet());
app.use(limiter);
app.use(bodyParser.json({ limit: "100kb" })); // limit JSON body payload size

3
models/restaurant.js
View File

@@ -40,6 +40,9 @@ const restaurantSchema = mongoose.Schema({
},
phone: Number,
hidden: Boolean,
subscriptionActive: Boolean,
subscriptionStarted: String,
subscriptionDue: String,
dishes: [mongoose.Types.ObjectId],
});

11
models/users.js
View File

@@ -18,15 +18,8 @@ const userSchema = mongoose.Schema({
type: String,
required: true,
},
restaurantId: mongoose.Types.ObjectId,
subscriptionActive: {
type: Boolean,
required: true,
},
subscriptionDue: {
type: String,
required: true,
},
restaurants: [mongoose.Types.ObjectId],
trialUsed: Boolean,
});
export default mongoose.model("User", userSchema);

29
routes/routeUser.js
View File

@@ -18,7 +18,7 @@ var error = function (err) {
router.post("/login", (req, res) => {
if (req.body.password && req.body.email) {
services.fetchUserHash(req.body.email, (result) => {
services.fetchUser(req.body.email, (result) => {
if (!result) {
res.sendStatus(404);
} else {
@@ -31,8 +31,14 @@ router.post("/login", (req, res) => {
res.sendStatus(500);
} else {
if (result) {
var token = services.generateAuthToken(user);
res.header("x-auth-token", token).status(202).send();
const userNoPass = {
firstname: user.firstname,
lastname: user.lastname,
email: user.email,
id: user._id,
};
var token = services.generateAuthToken(userNoPass);
res.header("x-auth-token", token).status(202).send(userNoPass);
} else {
res.sendStatus(401);
}
@@ -45,21 +51,6 @@ router.post("/login", (req, res) => {
}
});
router.post("/check", (req, res) => {
const token = req.headers["x-auth-token"];
if (!token) {
res.sendStatus(401);
return;
}
services.validateUserToken(token, (result) => {
if (!result) {
res.sendStatus(401);
} else {
res.send(result);
}
});
});
router.post("/register", (req, res) => {
services.checkEmailTaken(req.body.email, (result) => {
if (result) {
@@ -72,8 +63,6 @@ router.post("/register", (req, res) => {
password: hashedPass,
firstname: req.body.firstname,
lastname: req.body.lastname,
subscriptionActive: true,
subscriptionDue: services.halfYearFromNowDate(),
});
user.save((err) => {
if (err) {

20
services/services.js
View File

@@ -22,7 +22,7 @@ export function validateRestaurant(id, callback) {
} else callback(false);
}
export function fetchUserHash(email, callback) {
export function fetchUser(email, callback) {
User.findOne({ email: email }, (err, res) => {
if (err || res === null) {
callback(false);
@@ -34,7 +34,13 @@ export function fetchUserHash(email, callback) {
export function generateAuthToken(user) {
const token = jwt.sign(
{ email: user.email, subcsriptionActive: user.subscriptionActive },
{
email: user.email,
firstname: user.firstname,
lastname: user.lastname,
id: user._id,
restaurants: user.restaurants,
},
jwtSecret,
{ expiresIn: "1h" }
);
@@ -224,16 +230,6 @@ export function composeNewContact(request) {
name: "UserID",
value: request._id,
},
{
type: "CUSTOM",
name: "Subscription Started",
value: toShortDate(dateNow),
},
{
type: "CUSTOM",
name: "Subscription Due",
value: request.subscriptionDue,
},
],
};