Auth cleanup

2025-05-20 11:31:49 +02:00 · 2020-10-03 23:29:03 +02:00 · 2020-10-03 23:29:03 +02:00 · 80682ab883
commit 80682ab883
parent ba02a01838
4 changed files with 42 additions and 12 deletions
--- a/backend/karaoqueue-backend/src/controllers/auth.controller.ts
+++ b/backend/karaoqueue-backend/src/controllers/auth.controller.ts
@ -17,15 +17,16 @@ export class AuthenticationController {
                res.send("Welcome.")
                return res;
            } else {
-                // TODO wrong password.
-                return "Wrong password."
+                res.status(401).send("Wrong user or password.");
+                return res;
            }
        } else {
-            // TODO wrong user.
-            return "Wrong user."
+            res.status(401).send("Wrong user or password.");
+            return res;
        }
    }

+    /* TODO Logout with JWT? */
    @Get("/logout")
    doLogout() {
        return "//TODO logout";
--- a/backend/karaoqueue-backend/src/controllers/songs.controller.ts
+++ b/backend/karaoqueue-backend/src/controllers/songs.controller.ts
@ -1,4 +1,5 @@
-import { Get, QueryParam, JsonController, Put } from "routing-controllers";
+import { Get, QueryParam, JsonController, Put, Authorized } from "routing-controllers";
+

@JsonController("/songs")
 export class SongController {
@ -8,6 +9,7 @@ export class SongController {
    }

    @Put()
+    @Authorized()
    updateSongs() {
        return "//TODO update"
    }
--- a/backend/karaoqueue-backend/src/index.ts
+++ b/backend/karaoqueue-backend/src/index.ts
@ -1,5 +1,5 @@
 import "reflect-metadata";
-import { Request, Response } from "express";
+import { Request, Response, Application } from "express";
 import { Action, createExpressServer } from "routing-controllers";
 import { QueueController } from "./controllers/queue.controller";
 import { SongController } from "./controllers/songs.controller";
@ -7,18 +7,22 @@ import { StatisticsController } from "./controllers/statistics.controller";
 import { AuthenticationController } from "./controllers/auth.controller";
 import { RpcController } from "./controllers/rpc.controller";
 import jwt from "jsonwebtoken";
+import appState from "./containers/appState.container";


 import * as dotenv from "dotenv";
+import DataStoredInToken from "./interfaces/dataStoredInToken.interface";
 dotenv.config();

-const app = createExpressServer({
+const app: Application = createExpressServer({
    routePrefix: "/api",
    cors: true,
+    /* HACK. This definitely needs to be cleaned up... */
    authorizationChecker: async (action: Action) => {
        const req: Request = action.request;
        const secret = process.env.KQUEUE_JWTSECRET;
-        const token = parseCookies(req.headers.cookie)["jwt"];
+        // tslint:disable-next-line: no-string-literal
+        const token = parseCookies(req.headers.cookie)['jwt'];
        if (token) {
            try {
                const verificationResponse = jwt.verify(token, secret);
@ -33,15 +37,37 @@ const app = createExpressServer({
        } else {
            return false;
        }
-        
+    },
+    /* HACK. This definitely needs to be cleaned up... */
+    currentUserChecker: async (action: Action) => {
+        const req: Request = action.request;
+        const secret = process.env.KQUEUE_JWTSECRET;
+        // tslint:disable-next-line: no-string-literal
+        const token = parseCookies(req.headers.cookie)['jwt'];
+        if (token) {
+            try {
+                const verificationResponse = jwt.verify(token, secret);
+                if (verificationResponse) {
+                    return verificationResponse as DataStoredInToken;
+                } else {
+                    return false;
+                }
+            } catch (error) {
+                return false;
+            }
+        } else {
+            return false;
+        }
    },
    controllers: [QueueController, SongController, StatisticsController, AuthenticationController, RpcController]
 });
 app.listen(process.env.KQUEUE_PORT);

+/* HACK. This definitely needs to be cleaned up... */
 function parseCookies(str) {
-    let rx = /([^;=\s]*)=([^;]*)/g;
-    let obj = {};
+    const rx = /([^;=\s]*)=([^;]*)/g;
+    const obj = {};
+    // tslint:disable-next-line: no-conditional-assignment
    for (let m; m = rx.exec(str);)
        obj[m[1]] = decodeURIComponent(m[2]);
    return obj;
--- a/backend/karaoqueue-backend/src/middleware/jwt.middleware.ts
+++ b/backend/karaoqueue-backend/src/middleware/jwt.middleware.ts
@ -4,7 +4,8 @@ import * as jwt from 'jsonwebtoken';

 export class JwtMiddleware {
    public createToken(user: User): string {
-        const expiresIn = 60 * 60; // an hour
+        /* expiresIn is in seconds. We take the env value which is in minutes and multiply it by 60.*/
+        const expiresIn = parseInt(process.env.KQUEUE_JWTEXPIRY,10) * 60;
        const secret = process.env.KQUEUE_JWTSECRET;
        const dataStoredInToken: DataStoredInToken = {
            _id: user.username,