Added exceptions to auth middleware, basic redirects

2025-04-01 20:24:18 +02:00 · 2020-04-03 10:09:59 +02:00
parent feb9eab5ad
commit 840f64c66b
3 changed files with 33 additions and 15 deletions
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -88,13 +88,19 @@ app.use(session({
  saveUninitialized: true
 }))
 app.use(cookieParser())
+app.use(bodyParser.urlencoded({
+  limit: '10mb',
+  extended: true
+}))
+app.use(bodyParser.json({
+  limit: '10mb'
+}))
 app.set('view engine', 'ejs')
 app.set('views', [
  './modules/api/views',
  './sharedViews'
 ])
 app.use(auth({
-  debugLog: true,
  authDB: authDB
 }))
 app.use(express.static('public'))
@@ -103,13 +109,6 @@ app.use(busboy({
    fileSize: 50000 * 1024 * 1024
  }
 }))
-app.use(bodyParser.urlencoded({
-  limit: '10mb',
-  extended: true
-}))
-app.use(bodyParser.json({
-  limit: '10mb'
-}))

 var data = actions.LoadJSON(dataFile)
 var version = ''
@@ -143,12 +142,12 @@ Load()

 app.post('/login', (req, res) => {
  logger.LogReq(req)
-  console.log(req.body)
+  const pw = req.body.pw
  // FIXME: redirect to original url
  const user = 'u'
  // TODO: get user
  // TODO: check if pw is correct
-  res.cookie('pw', req.query.pw).redirect('/')
+  res.cookie('pw', pw).redirect('/')
  req.session.user = user
 })

--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@@ -3,14 +3,25 @@ const dbtools = require('../../utils/dbtools.js')

 const usersDBName = 'users'

+const exceptions = [
+  'favicon',
+  '/login'
+]
+
 // TODO: session

 module.exports = function (options) {
-  const { debugLog, authDB } = options
+  const { authDB } = options

  return function (req, res, next) {
-    if (debugLog) {
-      logger.Log('AUTH: ' + req.url)
+    logger.DebugLog(`AUTH: ${req.url}`, 'auth', 1)
+    const isException = exceptions.some((exc) => {
+      return req.url === exc
+    })
+
+    if (isException) {
+      next()
+      return
    }

    const user = GetUserByPW(authDB, req.cookies.pw)
@@ -24,7 +35,14 @@ module.exports = function (options) {
 }

 function GetUserByPW (db, password) {
-  return dbtools.Select(db, usersDBName, {
+  if (password === undefined) {
+    return
+  }
+
+  const res = dbtools.Select(db, usersDBName, {
    pw: password
-  })[0]
+  })
+  if (res) {
+    return res[0]
+  }
 }
--- a/server.js
+++ b/server.js
@@ -38,6 +38,7 @@ const loggableKeywords = [
 ]
 let modules = JSON.parse(utils.ReadFile(modulesFile))

+console.clear()
 logger.Load()

 try {