yutsuo
/
app1
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Phase III Task 4

master
Yutsuo 7 years ago
parent
2781d23822
commit
98e164401f
3 changed files with 44 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      nginx/html/yay.html
  2. 70
      node/app.js
  3. 1
      node/package.json

9
nginx/html/yay.html
Unescape View File

@ -16,18 +16,21 @@
} }
</script> </script>
<!DOCTYPE html>
<html>
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
</head> </head>
<body> <body onload="getAPI()">
<div> <div>
<h1>THOUS HAST SUCCEEDED</h1> <h1>SUCCESS</h1>
</div> </div>
<div> <div>
<h2>THOU ART LOGGED</h2> <h2>YOU ARE LOGGED</h2>
</div> </div>
<div> <div>
<h3>Also if you see the message below you have access to resctricted content:</h3> <h3>Also if you see the message below you have access to resctricted content:</h3>
<h3 id="output"></h3> <h3 id="output"></h3>
</div> </div>
</body> </body>
</html>

70
node/app.js
Unescape View File

@ -14,8 +14,9 @@ const bodyParser= require('body-parser');
const secret = 'wowmuchsecretveryhiddenwow'; const secret = 'wowmuchsecretveryhiddenwow';
const successUrl = 'http://localhost:3002/yay.html'; const successUrl = 'http://localhost:3002/yay.html';
const failureUrl = 'http://localhost:3002/nay.html'; const failureUrl = 'http://localhost:3002/nay.html';
const cookieParser = require('cookie-parser');
// app.use(cookieParser()); app.use(cookieParser());
// const morgan = require('morgan'); // const morgan = require('morgan');
// // use morgan to log requests to the console // // use morgan to log requests to the console
@ -108,30 +109,26 @@ app.get('/', (req, res, next)=>{
// cookie experiments endpoint // cookie experiments endpoint
app.get('/cookie', function(req, res, next) { app.get('/cookie', function(req, res, next) {
// res.cookie('cookiename', 'cookievalue'); // res.cookie('cookiename', 'cookievalue');
res.setHeader('Set-Cookie', 'cookiename=cookievalue; HttpOnly'); // res.setHeader('Set-Cookie', 'cookiename=cookievalue; HttpOnly');
// res.json({message: 'I am inside endpoint /cookie'}); // res.cookie('foo3', 'bar3', { maxAge: 900000, httpOnly: true });
res.json({message: 'I am inside endpoint /cookie'});
res.json(JSON.stringify(req.headers)); res.json(JSON.stringify(req.headers));
res.end(); res.end();
console.log('Learned that cookies when set will not appear immediatly but they will on the next request.');
console.log('\x1b[35m', 'Cookies: ', req.cookies); console.log('\x1b[35m', 'Cookies: ', req.cookies);
console.log('\x1b[35m', 'Cookies: ', res.cookies); console.log('\x1b[35m', 'req.cookies.token below:');
console.log('\x1b[35m', 'Headers:'); console.log(req.cookies.token);
console.log(req.headers);
console.log('\x1b[35m', 'req.headers[\'cookie\']:');
console.log(req.headers['cookie']);
let headerToken = req.headers['cookie'];
let cookieArray = headerToken.split(" ");
console.log('\x1b[35m', 'cookieArray variable below:');
console.log(cookieArray);
console.log('\x1b[35m', 'cookieArray[0] below:');
console.log(cookieArray[0]);
console.log('\x1b[35m', 'cookieArray[1] below:');
console.log(cookieArray[1]);
console.log('\x1b[35m', 'cookieArray[2] below:');
console.log(cookieArray[2]);
console.log('\x1b[35m', 'cookies.get() below:');
}); });
// Clear cookies
app.get('/clear', function(req, res) {
res.clearCookie('token');
res.clearCookie('cookiename');
res.clearCookie('Authorization');
res.clearCookie('foo3');
console.log(req.cookies);
res.status(200).send('Cookies cleared');
})
// Test endpoint for md files rendering // Test endpoint for md files rendering
app.get('/test', function(req, res) { app.get('/test', function(req, res) {
var path = '/app/README.md'; var path = '/app/README.md';
@ -186,9 +183,9 @@ app.post('/token', function(req, res) {
case 'user1': case 'user1':
if (req.body.password === 'pass1') { if (req.body.password === 'pass1') {
let token = jwt.sign(claims_user, secret); let token = jwt.sign(claims_user, secret);
// res.cookie('token',token); res.cookie('token', token);
res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly'); // res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly'); // res.setHeader('Set-Cookie', 'Authorization=Bearer ' + token + '; HttpOnly');
console.log('JWT Token: ' + token); console.log('JWT Token: ' + token);
console.log(jwt.decode(token)); console.log(jwt.decode(token));
res.redirect(successUrl); res.redirect(successUrl);
@ -199,8 +196,8 @@ app.post('/token', function(req, res) {
case 'power': case 'power':
if (req.body.password === 'weak') { if (req.body.password === 'weak') {
let token = jwt.sign(claims_power, secret); let token = jwt.sign(claims_power, secret);
// res.cookie('token',token); res.cookie('token', token);
res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly'); // res.setHeader('Set-Cookie', 'token=' + token + '; HttpOnly');
console.log('JWT Token: ' + token); console.log('JWT Token: ' + token);
console.log(jwt.decode(token)); console.log(jwt.decode(token));
res.redirect(successUrl); res.redirect(successUrl);
@ -220,11 +217,18 @@ app.post('/token', function(req, res) {
const restrictedRoutes = express.Router(); const restrictedRoutes = express.Router();
app.use('/restricted', restrictedRoutes); app.use('/restricted', restrictedRoutes);
// setting CORS headers
restrictedRoutes.all('/', function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-Requested-With");
next()
});
restrictedRoutes.use(function (req, res, next) { restrictedRoutes.use(function (req, res, next) {
let sentToken = req.headers['token']; // let sentToken = req.headers['token'];
// let sentToken = // let sentToken = req.cookies.token;
if (sentToken) { if (req.cookies.token) {
jwt.verify(sentToken, secret, function (err, decoded) { jwt.verify(req.cookies.token, secret, function (err, decoded) {
if (err) { if (err) {
return res.json({ message: 'invalid token' }); return res.json({ message: 'invalid token' });
} else { } else {
@ -233,13 +237,13 @@ restrictedRoutes.use(function (req, res, next) {
console.log(req.decoded['scope']); console.log(req.decoded['scope']);
switch(req.decoded['scope']) { switch(req.decoded['scope']) {
case 'user': case 'user':
res.status(200).send('Need ADMIN scope to access this'); res.status(200).json([{message: 'Need ADMIN scope to access this'}]);
break; break;
case 'admin': case 'admin':
next(); next();
break; break;
default: default:
res.status(401).send('Not authorized'); res.status(401).json([{message: 'Not authorized'}]);
} }
} }
}); });
@ -275,10 +279,10 @@ restrictedRoutes.use(function (req, res, next) {
// Restricted endpoint // Restricted endpoint
restrictedRoutes.get('/', (req, res) => { restrictedRoutes.get('/', (req, res) => {
// successMsg = JSON.stringify({secret:'You have access to restricted contents!'}); // let successMsg = JSON.stringify({secret:'You have access to restricted contents!'});
res.status(200).json([{secret:'You have access to restricted contents!'}]); res.status(200).json([{secret:'You have access to restricted contents!'}]);
// res.status(200).send(successMsg); // res.status(200).send(successMsg);
console.log(successMsg); console.log(JSON.stringify({secret:'You have access to restricted contents!'}));
}); });
// Restricted route root test (KISS) // Restricted route root test (KISS)

1
node/package.json
Unescape View File

@ -22,7 +22,6 @@
"body-parser": "^1.18.3", "body-parser": "^1.18.3",
"jsonwebtoken": "^8.4.0", "jsonwebtoken": "^8.4.0",
"morgan": "^1.9.1", "morgan": "^1.9.1",
"cookies": "^0.7.3",
"cookie-parser": "^1.4.3" "cookie-parser": "^1.4.3"
} }
} }

Write Preview
Loading…
Cancel
Save