diff --git a/nginx/html/yay.html b/nginx/html/yay.html
index b141226..9deafdf 100644
--- a/nginx/html/yay.html
+++ b/nginx/html/yay.html
@@ -16,18 +16,21 @@
}
+
+
-
+
-
THOUS HAST SUCCEEDED
+ SUCCESS
-
THOU ART LOGGED
+ YOU ARE LOGGED
Also if you see the message below you have access to resctricted content:
-
\ No newline at end of file
+
+
\ No newline at end of file
diff --git a/node/app.js b/node/app.js
index c598387..67acb30 100755
--- a/node/app.js
+++ b/node/app.js
@@ -14,8 +14,9 @@ const bodyParser= require('body-parser');
const secret = 'wowmuchsecretveryhiddenwow';
const successUrl = 'http://localhost:3002/yay.html';
const failureUrl = 'http://localhost:3002/nay.html';
+const cookieParser = require('cookie-parser');
-// app.use(cookieParser());
+app.use(cookieParser());
// const morgan = require('morgan');
// // use morgan to log requests to the console
@@ -108,30 +109,26 @@ app.get('/', (req, res, next)=>{
// cookie experiments endpoint
app.get('/cookie', function(req, res, next) {
// res.cookie('cookiename', 'cookievalue');
- res.setHeader('Set-Cookie', 'cookiename=cookievalue; HttpOnly');
- // res.json({message: 'I am inside endpoint /cookie'});
+ // res.setHeader('Set-Cookie', 'cookiename=cookievalue; HttpOnly');
+ // res.cookie('foo3', 'bar3', { maxAge: 900000, httpOnly: true });
+ res.json({message: 'I am inside endpoint /cookie'});
res.json(JSON.stringify(req.headers));
res.end();
- console.log('Learned that cookies when set will not appear immediatly but they will on the next request.');
console.log('\x1b[35m', 'Cookies: ', req.cookies);
- console.log('\x1b[35m', 'Cookies: ', res.cookies);
- console.log('\x1b[35m', 'Headers:');
- console.log(req.headers);
- console.log('\x1b[35m', 'req.headers[\'cookie\']:');
- console.log(req.headers['cookie']);
- let headerToken = req.headers['cookie'];
- let cookieArray = headerToken.split(" ");
- console.log('\x1b[35m', 'cookieArray variable below:');
- console.log(cookieArray);
- console.log('\x1b[35m', 'cookieArray[0] below:');
- console.log(cookieArray[0]);
- console.log('\x1b[35m', 'cookieArray[1] below:');
- console.log(cookieArray[1]);
- console.log('\x1b[35m', 'cookieArray[2] below:');
- console.log(cookieArray[2]);
- console.log('\x1b[35m', 'cookies.get() below:');
+ console.log('\x1b[35m', 'req.cookies.token below:');
+ console.log(req.cookies.token);
});
+// Clear cookies
+app.get('/clear', function(req, res) {
+ res.clearCookie('token');
+ res.clearCookie('cookiename');
+ res.clearCookie('Authorization');
+ res.clearCookie('foo3');
+ console.log(req.cookies);
+ res.status(200).send('Cookies cleared');
+})
+
// Test endpoint for md files rendering
app.get('/test', function(req, res) {
var path = '/app/README.md';
@@ -186,9 +183,9 @@ app.post('/token', function(req, res) {
case 'user1':
if (req.body.password === 'pass1') {
let token = jwt.sign(claims_user, secret);
- // res.cookie('token',token);
- res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
- res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
+ res.cookie('token', token);
+ // res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
+ // res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
console.log('JWT Token: ' + token);
console.log(jwt.decode(token));
res.redirect(successUrl);
@@ -199,8 +196,8 @@ app.post('/token', function(req, res) {
case 'power':
if (req.body.password === 'weak') {
let token = jwt.sign(claims_power, secret);
- // res.cookie('token',token);
- res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
+ res.cookie('token', token);
+ // res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
console.log('JWT Token: ' + token);
console.log(jwt.decode(token));
res.redirect(successUrl);
@@ -220,11 +217,18 @@ app.post('/token', function(req, res) {
const restrictedRoutes = express.Router();
app.use('/restricted', restrictedRoutes);
+// setting CORS headers
+restrictedRoutes.all('/', function(req, res, next) {
+ res.header("Access-Control-Allow-Origin", "*");
+ res.header("Access-Control-Allow-Headers", "X-Requested-With");
+ next()
+});
+
restrictedRoutes.use(function (req, res, next) {
- let sentToken = req.headers['token'];
- // let sentToken =
- if (sentToken) {
- jwt.verify(sentToken, secret, function (err, decoded) {
+ // let sentToken = req.headers['token'];
+ // let sentToken = req.cookies.token;
+ if (req.cookies.token) {
+ jwt.verify(req.cookies.token, secret, function (err, decoded) {
if (err) {
return res.json({ message: 'invalid token' });
} else {
@@ -233,13 +237,13 @@ restrictedRoutes.use(function (req, res, next) {
console.log(req.decoded['scope']);
switch(req.decoded['scope']) {
case 'user':
- res.status(200).send('Need ADMIN scope to access this');
+ res.status(200).json([{message: 'Need ADMIN scope to access this'}]);
break;
case 'admin':
next();
break;
default:
- res.status(401).send('Not authorized');
+ res.status(401).json([{message: 'Not authorized'}]);
}
}
});
@@ -275,10 +279,10 @@ restrictedRoutes.use(function (req, res, next) {
// Restricted endpoint
restrictedRoutes.get('/', (req, res) => {
- // successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
+ // let successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
res.status(200).json([{secret:'You have access to restricted contents!'}]);
// res.status(200).send(successMsg);
- console.log(successMsg);
+ console.log(JSON.stringify({secret:'You have access to restricted contents!'}));
});
// Restricted route root test (KISS)
diff --git a/node/package.json b/node/package.json
index 33102b1..e0f40f5 100755
--- a/node/package.json
+++ b/node/package.json
@@ -22,7 +22,6 @@
"body-parser": "^1.18.3",
"jsonwebtoken": "^8.4.0",
"morgan": "^1.9.1",
- "cookies": "^0.7.3",
"cookie-parser": "^1.4.3"
}
}