yutsuo
/
app1
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Phase III Task 4

master
Yutsuo 7 years ago
parent
2781d23822
commit
98e164401f
3 changed files with 44 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      nginx/html/yay.html
  2. 70
      node/app.js
  3. 1
      node/package.json

11
nginx/html/yay.html
Unescape View File

@ -16,18 +16,21 @@
}
</script>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<body onload="getAPI()">
<div>
<h1>THOUS HAST SUCCEEDED</h1>
<h1>SUCCESS</h1>
</div>
<div>
<h2>THOU ART LOGGED</h2>
<h2>YOU ARE LOGGED</h2>
</div>
<div>
<h3>Also if you see the message below you have access to resctricted content:</h3>
<h3 id="output"></h3>
</div>
</body>
</body>
</html>

70
node/app.js
Unescape View File

@ -14,8 +14,9 @@ const bodyParser= require('body-parser');
const secret = 'wowmuchsecretveryhiddenwow';
const successUrl = 'http://localhost:3002/yay.html';
const failureUrl = 'http://localhost:3002/nay.html';
const cookieParser = require('cookie-parser');
// app.use(cookieParser());
app.use(cookieParser());
// const morgan = require('morgan');
// // use morgan to log requests to the console
@ -108,30 +109,26 @@ app.get('/', (req, res, next)=>{
// cookie experiments endpoint
app.get('/cookie', function(req, res, next) {
// res.cookie('cookiename', 'cookievalue');
res.setHeader('Set-Cookie', 'cookiename=cookievalue; HttpOnly');
// res.json({message: 'I am inside endpoint /cookie'});
// res.setHeader('Set-Cookie', 'cookiename=cookievalue; HttpOnly');
// res.cookie('foo3', 'bar3', { maxAge: 900000, httpOnly: true });
res.json({message: 'I am inside endpoint /cookie'});
res.json(JSON.stringify(req.headers));
res.end();
console.log('Learned that cookies when set will not appear immediatly but they will on the next request.');
console.log('\x1b[35m', 'Cookies: ', req.cookies);
console.log('\x1b[35m', 'Cookies: ', res.cookies);
console.log('\x1b[35m', 'Headers:');
console.log(req.headers);
console.log('\x1b[35m', 'req.headers[\'cookie\']:');
console.log(req.headers['cookie']);
let headerToken = req.headers['cookie'];
let cookieArray = headerToken.split(" ");
console.log('\x1b[35m', 'cookieArray variable below:');
console.log(cookieArray);
console.log('\x1b[35m', 'cookieArray[0] below:');
console.log(cookieArray[0]);
console.log('\x1b[35m', 'cookieArray[1] below:');
console.log(cookieArray[1]);
console.log('\x1b[35m', 'cookieArray[2] below:');
console.log(cookieArray[2]);
console.log('\x1b[35m', 'cookies.get() below:');
console.log('\x1b[35m', 'req.cookies.token below:');
console.log(req.cookies.token);
});
// Clear cookies
app.get('/clear', function(req, res) {
res.clearCookie('token');
res.clearCookie('cookiename');
res.clearCookie('Authorization');
res.clearCookie('foo3');
console.log(req.cookies);
res.status(200).send('Cookies cleared');
})
// Test endpoint for md files rendering
app.get('/test', function(req, res) {
var path = '/app/README.md';
@ -186,9 +183,9 @@ app.post('/token', function(req, res) {
case 'user1':
if (req.body.password === 'pass1') {
let token = jwt.sign(claims_user, secret);
// res.cookie('token',token);
res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
res.cookie('token', token);
// res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
// res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
console.log('JWT Token: ' + token);
console.log(jwt.decode(token));
res.redirect(successUrl);
@ -199,8 +196,8 @@ app.post('/token', function(req, res) {
case 'power':
if (req.body.password === 'weak') {
let token = jwt.sign(claims_power, secret);
// res.cookie('token',token);
res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
res.cookie('token', token);
// res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
console.log('JWT Token: ' + token);
console.log(jwt.decode(token));
res.redirect(successUrl);
@ -220,11 +217,18 @@ app.post('/token', function(req, res) {
const restrictedRoutes = express.Router();
app.use('/restricted', restrictedRoutes);
// setting CORS headers
restrictedRoutes.all('/', function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next()
});
restrictedRoutes.use(function (req, res, next) {
let sentToken = req.headers['token'];
// let sentToken =
if (sentToken) {
jwt.verify(sentToken, secret, function (err, decoded) {
// let sentToken = req.headers['token'];
// let sentToken = req.cookies.token;
if (req.cookies.token) {
jwt.verify(req.cookies.token, secret, function (err, decoded) {
if (err) {
return res.json({ message: 'invalid token' });
} else {
@ -233,13 +237,13 @@ restrictedRoutes.use(function (req, res, next) {
console.log(req.decoded['scope']);
switch(req.decoded['scope']) {
case 'user':
res.status(200).send('Need ADMIN scope to access this');
res.status(200).json([{message: 'Need ADMIN scope to access this'}]);
break;
case 'admin':
next();
break;
default:
res.status(401).send('Not authorized');
res.status(401).json([{message: 'Not authorized'}]);
}
}
});
@ -275,10 +279,10 @@ restrictedRoutes.use(function (req, res, next) {
// Restricted endpoint
restrictedRoutes.get('/', (req, res) => {
// successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
// let successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
res.status(200).json([{secret:'You have access to restricted contents!'}]);
// res.status(200).send(successMsg);
console.log(successMsg);
console.log(JSON.stringify({secret:'You have access to restricted contents!'}));
});
// Restricted route root test (KISS)

1
node/package.json
Unescape View File

@ -22,7 +22,6 @@
"body-parser": "^1.18.3",
"jsonwebtoken": "^8.4.0",
"morgan": "^1.9.1",
"cookies": "^0.7.3",
"cookie-parser": "^1.4.3"
}
}

Write Preview
Loading…
Cancel
Save