Fixes and upgrades (logging in / CORS headers expose / registering)
This commit is contained in:
@@ -16,7 +16,7 @@ export default ({ app, secret }) => {
|
|||||||
max: 100, //requests from a single IP for a time window
|
max: 100, //requests from a single IP for a time window
|
||||||
});
|
});
|
||||||
|
|
||||||
app.use(cors());
|
app.use(cors({ exposedHeaders: "x-auth-token" }));
|
||||||
app.use(helmet());
|
app.use(helmet());
|
||||||
app.use(limiter);
|
app.use(limiter);
|
||||||
app.use(bodyParser.json({ limit: "100kb" })); // limit JSON body payload size
|
app.use(bodyParser.json({ limit: "100kb" })); // limit JSON body payload size
|
||||||
|
|||||||
@@ -40,6 +40,9 @@ const restaurantSchema = mongoose.Schema({
|
|||||||
},
|
},
|
||||||
phone: Number,
|
phone: Number,
|
||||||
hidden: Boolean,
|
hidden: Boolean,
|
||||||
|
subscriptionActive: Boolean,
|
||||||
|
subscriptionStarted: String,
|
||||||
|
subscriptionDue: String,
|
||||||
dishes: [mongoose.Types.ObjectId],
|
dishes: [mongoose.Types.ObjectId],
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@@ -18,15 +18,8 @@ const userSchema = mongoose.Schema({
|
|||||||
type: String,
|
type: String,
|
||||||
required: true,
|
required: true,
|
||||||
},
|
},
|
||||||
restaurantId: mongoose.Types.ObjectId,
|
restaurants: [mongoose.Types.ObjectId],
|
||||||
subscriptionActive: {
|
trialUsed: Boolean,
|
||||||
type: Boolean,
|
|
||||||
required: true,
|
|
||||||
},
|
|
||||||
subscriptionDue: {
|
|
||||||
type: String,
|
|
||||||
required: true,
|
|
||||||
},
|
|
||||||
});
|
});
|
||||||
|
|
||||||
export default mongoose.model("User", userSchema);
|
export default mongoose.model("User", userSchema);
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ var error = function (err) {
|
|||||||
|
|
||||||
router.post("/login", (req, res) => {
|
router.post("/login", (req, res) => {
|
||||||
if (req.body.password && req.body.email) {
|
if (req.body.password && req.body.email) {
|
||||||
services.fetchUserHash(req.body.email, (result) => {
|
services.fetchUser(req.body.email, (result) => {
|
||||||
if (!result) {
|
if (!result) {
|
||||||
res.sendStatus(404);
|
res.sendStatus(404);
|
||||||
} else {
|
} else {
|
||||||
@@ -31,8 +31,14 @@ router.post("/login", (req, res) => {
|
|||||||
res.sendStatus(500);
|
res.sendStatus(500);
|
||||||
} else {
|
} else {
|
||||||
if (result) {
|
if (result) {
|
||||||
var token = services.generateAuthToken(user);
|
const userNoPass = {
|
||||||
res.header("x-auth-token", token).status(202).send();
|
firstname: user.firstname,
|
||||||
|
lastname: user.lastname,
|
||||||
|
email: user.email,
|
||||||
|
id: user._id,
|
||||||
|
};
|
||||||
|
var token = services.generateAuthToken(userNoPass);
|
||||||
|
res.header("x-auth-token", token).status(202).send(userNoPass);
|
||||||
} else {
|
} else {
|
||||||
res.sendStatus(401);
|
res.sendStatus(401);
|
||||||
}
|
}
|
||||||
@@ -45,21 +51,6 @@ router.post("/login", (req, res) => {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
router.post("/check", (req, res) => {
|
|
||||||
const token = req.headers["x-auth-token"];
|
|
||||||
if (!token) {
|
|
||||||
res.sendStatus(401);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
services.validateUserToken(token, (result) => {
|
|
||||||
if (!result) {
|
|
||||||
res.sendStatus(401);
|
|
||||||
} else {
|
|
||||||
res.send(result);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
router.post("/register", (req, res) => {
|
router.post("/register", (req, res) => {
|
||||||
services.checkEmailTaken(req.body.email, (result) => {
|
services.checkEmailTaken(req.body.email, (result) => {
|
||||||
if (result) {
|
if (result) {
|
||||||
@@ -72,8 +63,6 @@ router.post("/register", (req, res) => {
|
|||||||
password: hashedPass,
|
password: hashedPass,
|
||||||
firstname: req.body.firstname,
|
firstname: req.body.firstname,
|
||||||
lastname: req.body.lastname,
|
lastname: req.body.lastname,
|
||||||
subscriptionActive: true,
|
|
||||||
subscriptionDue: services.halfYearFromNowDate(),
|
|
||||||
});
|
});
|
||||||
user.save((err) => {
|
user.save((err) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ export function validateRestaurant(id, callback) {
|
|||||||
} else callback(false);
|
} else callback(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
export function fetchUserHash(email, callback) {
|
export function fetchUser(email, callback) {
|
||||||
User.findOne({ email: email }, (err, res) => {
|
User.findOne({ email: email }, (err, res) => {
|
||||||
if (err || res === null) {
|
if (err || res === null) {
|
||||||
callback(false);
|
callback(false);
|
||||||
@@ -34,7 +34,13 @@ export function fetchUserHash(email, callback) {
|
|||||||
|
|
||||||
export function generateAuthToken(user) {
|
export function generateAuthToken(user) {
|
||||||
const token = jwt.sign(
|
const token = jwt.sign(
|
||||||
{ email: user.email, subcsriptionActive: user.subscriptionActive },
|
{
|
||||||
|
email: user.email,
|
||||||
|
firstname: user.firstname,
|
||||||
|
lastname: user.lastname,
|
||||||
|
id: user._id,
|
||||||
|
restaurants: user.restaurants,
|
||||||
|
},
|
||||||
jwtSecret,
|
jwtSecret,
|
||||||
{ expiresIn: "1h" }
|
{ expiresIn: "1h" }
|
||||||
);
|
);
|
||||||
@@ -224,16 +230,6 @@ export function composeNewContact(request) {
|
|||||||
name: "UserID",
|
name: "UserID",
|
||||||
value: request._id,
|
value: request._id,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
type: "CUSTOM",
|
|
||||||
name: "Subscription Started",
|
|
||||||
value: toShortDate(dateNow),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
type: "CUSTOM",
|
|
||||||
name: "Subscription Due",
|
|
||||||
value: request.subscriptionDue,
|
|
||||||
},
|
|
||||||
],
|
],
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user