Phase III Task 4

7 years ago · 6c746a1fcf
6 changed files with 52 additions and 7 deletions
--- a/nginx2/html/nay.html
+++ b/nginx2/html/nay.html
@ -2,6 +2,7 @@
    <div>
        <h1>THOUS HAST FAILED</h1>
    </div>
+    <div>
            <h2>BEGONE FROM MY LAIR, MORTAL</h2>
    </div>
          </form>
--- a/nginx2/html/test.html
+++ b/nginx2/html/test.html
@ -0,0 +1,13 @@
+<script src="http://localhost:3001/app.js"></script>
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width">
+  <title>JS Bin</title>
+</head>
+<body>
+  <h1>TEST HTML calling NodeJS</h1>
+  <div id="message"></div>
+</body>
+</html>
--- a/nginx2/html/test.js
+++ b/nginx2/html/test.js
--- a/nginx2/html/test2.html
+++ b/nginx2/html/test2.html
@ -0,0 +1,17 @@
+<html>
+<head>
+    <script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
+    <script>
+    $( document ).ready(function() {
+        console.log( "document loaded" );
+    });
+ 
+    $( window ).on( "load", function() {
+        console.log( "window loaded" );
+    });
+    </script>
+</head>
+<body>
+    <iframe src="http://techcrunch.com"></iframe>
+</body>
+</html>
--- a/nginx2/html/yay.html
+++ b/nginx2/html/yay.html
@ -2,6 +2,7 @@
    <div>
        <h1>THOUS HAST SUCCEEDED</h1>
    </div>
+    <div>
            <h2>THOU ART LOGGED</h2>
    </div>
          </form>
--- a/node/app.js
+++ b/node/app.js
@ -84,7 +84,8 @@ var thingies = mongoose.model('thingieName', testSchema);

 // Default message for testing
 app.get('/', (req, res, next)=>{
-  res.json([{message:'yes, your nodejs app is really running'}]);
+  // res.json([{message:'yes, your nodejs app is really running'}]);
+  res.send('Oh hay');
  counter++; // for prometheus invocation_count metric
  libCounter.inc(); // for prometheus lib_invocation_count metric
  console.log('Hello, I\'m inside endpoint \'/\'');
@ -119,8 +120,6 @@ app.get('/cookie', function(req, res, next) {
  console.log(cookieArray[1]);
  console.log('\x1b[35m', 'cookieArray[2] below:');
  console.log(cookieArray[2]);
-  console.log('\x1b[35m', 'cookieArray.token below:');
-  console.log(cookieArray.token);
 });

 // Test endpoint for md files rendering
@ -179,6 +178,7 @@ app.post('/token', function(req, res) {
          token = jwt.sign(claims_user, secret);
          // res.cookie('token',token);
          res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
+          res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
          console.log('JWT Token: ' + token);
          console.log(jwt.decode(token));
          res.redirect('http://localhost/yay.html');
@ -208,7 +208,7 @@ app.post('/token', function(req, res) {

 // Restricted route root
 const restrictedRoutes = express.Router();
-app.use('/restricted', restrictedRoutes);
+app.use('/', restrictedRoutes);

 restrictedRoutes.use(function (req, res, next) {
  let sentToken = req.headers['token'];
@ -219,7 +219,17 @@ restrictedRoutes.use(function (req, res, next) {
      } else {
        req.decoded = decoded;
        console.log(decoded);
-        next();
+        console.log(req.decoded['scope']);
+        switch(req.decoded['scope']) {
+          case 'user':
+          res.status(200).send('Need ADMIN scope to access this');
+          break;
+          case 'admin':
+          next();
+          break;
+          default:
+          res.status(401).send('Not authorized');
+        }
      }
    });
  } else {
@ -253,8 +263,11 @@ restrictedRoutes.use(function (req, res, next) {
 // });

 // Restricted endpoint
-restrictedRoutes.get('/access', (req, res) => {
-  res.status(200).json([{secret:'You have access to restricted contents!'}])
+restrictedRoutes.get('/restricted', (req, res) => {
+  // successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
+  res.status(200).json([{secret:'You have access to restricted contents!'}]);
+  // res.status(200).send(successMsg);
+  console.log(successMsg);
 });

 // Restricted route root test (KISS)