Paddy/Betterzon
1
0
Fork 0
mirror of https://github.com/Mueller-Patrick/Betterzon.git synced 2025-04-19 15:29:18 +00:00
Code Issues Projects Releases Wiki Activity

BETTERZON-100: Switching session handling to cookies

Browse Source
This commit is contained in:
Patrick Müller 2021-05-13 18:43:09 +02:00
parent 5cc91654c3
commit 0243b9aa55
6 changed files with 4991 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4984
Backend/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
Backend/package.json
View File

@ -11,7 +11,9 @@
"author": "", "author": "",
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"@types/cookie-parser": "^1.4.2",
"bcrypt": "^5.0.1", "bcrypt": "^5.0.1",
"cookie-parser": "^1.4.5",
"cors": "^2.8.5", "cors": "^2.8.5",
"dotenv": "^8.2.0", "dotenv": "^8.2.0",
"express": "^4.17.1", "express": "^4.17.1",

2
Backend/src/index.ts
View File

@ -15,6 +15,7 @@ import {errorHandler} from './middleware/error.middleware';
import {notFoundHandler} from './middleware/notFound.middleware'; import {notFoundHandler} from './middleware/notFound.middleware';
import {usersRouter} from './models/users/users.router'; import {usersRouter} from './models/users/users.router';
import {pricealarmsRouter} from './models/pricealarms/pricealarms.router'; import {pricealarmsRouter} from './models/pricealarms/pricealarms.router';
const cookieParser = require('cookie-parser');
dotenv.config(); dotenv.config();
@ -39,6 +40,7 @@ const app = express();
app.use(helmet()); app.use(helmet());
app.use(cors()); app.use(cors());
app.use(express.json()); app.use(express.json());
app.use(cookieParser());
app.use('/products', productsRouter); app.use('/products', productsRouter);
app.use('/categories', categoriesRouter); app.use('/categories', categoriesRouter);
app.use('/manufacturers', manufacturersRouter); app.use('/manufacturers', manufacturersRouter);

33
Backend/src/models/pricealarms/pricealarms.router.ts
View File

@ -23,17 +23,8 @@ export const pricealarmsRouter = express.Router();
pricealarmsRouter.get('/', async (req: Request, res: Response) => { pricealarmsRouter.get('/', async (req: Request, res: Response) => {
try { try {
// Authenticate user // Authenticate user
const session_id = req.body.session_id;
const session_key = req.body.session_key;
const user_ip = req.connection.remoteAddress ?? ''; const user_ip = req.connection.remoteAddress ?? '';
const user = await UserService.checkSessionWithCookie(req.cookies.betterauth, user_ip);
if (!session_id || !session_key) {
// Missing
res.status(400).send(JSON.stringify({message: 'Missing parameters'}));
return;
}
const user = await UserService.checkSession(session_id, session_key, user_ip);
const priceAlarms = await PriceAlarmsService.getPriceAlarms(user.user_id); const priceAlarms = await PriceAlarmsService.getPriceAlarms(user.user_id);
@ -48,17 +39,8 @@ pricealarmsRouter.get('/', async (req: Request, res: Response) => {
pricealarmsRouter.post('/create', async (req: Request, res: Response) => { pricealarmsRouter.post('/create', async (req: Request, res: Response) => {
try { try {
// Authenticate user // Authenticate user
const session_id = req.body.session_id;
const session_key = req.body.session_key;
const user_ip = req.connection.remoteAddress ?? ''; const user_ip = req.connection.remoteAddress ?? '';
const user = await UserService.checkSessionWithCookie(req.cookies.betterauth, user_ip);
if (!session_id || !session_key) {
// Missing
res.status(400).send(JSON.stringify({message: 'Missing parameters'}));
return;
}
const user = await UserService.checkSession(session_id, session_key, user_ip);
// Get info for price alarm creation // Get info for price alarm creation
const product_id = req.body.product_id; const product_id = req.body.product_id;
@ -90,17 +72,8 @@ pricealarmsRouter.post('/create', async (req: Request, res: Response) => {
pricealarmsRouter.put('/update', async (req: Request, res: Response) => { pricealarmsRouter.put('/update', async (req: Request, res: Response) => {
try { try {
// Authenticate user // Authenticate user
const session_id = req.body.session_id;
const session_key = req.body.session_key;
const user_ip = req.connection.remoteAddress ?? ''; const user_ip = req.connection.remoteAddress ?? '';
const user = await UserService.checkSessionWithCookie(req.cookies.betterauth, user_ip);
if (!session_id || !session_key) {
// Missing
res.status(400).send(JSON.stringify({message: 'Missing parameters'}));
return;
}
const user = await UserService.checkSession(session_id, session_key, user_ip);
// Get info for price alarm creation // Get info for price alarm creation
const alarm_id = req.body.alarm_id; const alarm_id = req.body.alarm_id;

14
Backend/src/models/users/users.router.ts
View File

@ -47,7 +47,7 @@ usersRouter.post('/register', async (req: Request, res: Response) => {
const session: Session = await UserService.createUser(username, password, email, ip); const session: Session = await UserService.createUser(username, password, email, ip);
// Send the session details back to the user // Send the session details back to the user
res.status(201).send(session); res.cookie('betterauth', JSON.stringify({id: session.session_id, key: session.session_key}), {expires: new Date(Date.now() + 1000*60*60*24*30)}).sendStatus(201);
} catch (e) { } catch (e) {
console.log('Error handling a request: ' + e.message); console.log('Error handling a request: ' + e.message);
res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."}));
@ -77,7 +77,7 @@ usersRouter.post('/login', async (req: Request, res: Response) => {
} }
// Send the session details back to the user // Send the session details back to the user
res.status(201).send(session); res.cookie('betterauth', JSON.stringify({id: session.session_id, key: session.session_key}), {expires: new Date(Date.now() + 1000*60*60*24*30)}).sendStatus(200);
} catch (e) { } catch (e) {
console.log('Error handling a request: ' + e.message); console.log('Error handling a request: ' + e.message);
res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."}));
@ -87,18 +87,10 @@ usersRouter.post('/login', async (req: Request, res: Response) => {
// POST users/checkSessionValid // POST users/checkSessionValid
usersRouter.post('/checkSessionValid', async (req: Request, res: Response) => { usersRouter.post('/checkSessionValid', async (req: Request, res: Response) => {
try { try {
const sessionId: string = req.body.sessionId;
const sessionKey: string = req.body.sessionKey;
const ip: string = req.connection.remoteAddress ?? ''; const ip: string = req.connection.remoteAddress ?? '';
if (!sessionId || !sessionKey) {
// Missing
res.status(400).send(JSON.stringify({message: 'Missing parameters'}));
return;
}
// Update the user entry and create a session // Update the user entry and create a session
const user: User = await UserService.checkSession(sessionId, sessionKey, ip); const user: User = await UserService.checkSessionWithCookie(req.cookies.betterauth, ip);
if(!user.user_id) { if(!user.user_id) {
// Error logging in, probably wrong username / password // Error logging in, probably wrong username / password

20
Backend/src/models/users/users.service.ts
View File

@ -68,7 +68,7 @@ export const createUser = async (username: string, password: string, email: stri
return { return {
session_id: sessionId, session_id: sessionId,
session_key: sessionKey, session_key: sessionKey,
session_key_hash: '', session_key_hash: 'HIDDEN',
last_IP: ip last_IP: ip
}; };
@ -135,7 +135,7 @@ export const login = async (username: string, password: string, ip: string): Pro
return { return {
session_id: sessionId, session_id: sessionId,
session_key: sessionKey, session_key: sessionKey,
session_key_hash: '', session_key_hash: 'HIDDEN',
last_IP: ip last_IP: ip
}; };
@ -213,7 +213,7 @@ export const checkSession = async (sessionId: string, sessionKey: string, ip: st
user_id: userId, user_id: userId,
username: username, username: username,
email: email, email: email,
password_hash: '', password_hash: 'HIDDEN',
registration_date: registrationDate, registration_date: registrationDate,
last_login_date: lastLoginDate last_login_date: lastLoginDate
}; };
@ -229,6 +229,20 @@ export const checkSession = async (sessionId: string, sessionKey: string, ip: st
return {} as User; return {} as User;
}; };
/**
* Calls the checkSession method after extracting the required information from the authentication cookie
* @param cookie The betterauth cookie
* @param ip The users IP address
*/
export const checkSessionWithCookie = async(cookie: any, ip: string): Promise<User> => {
const parsedCookie = JSON.parse(cookie);
const session_id = parsedCookie.id;
const session_key = parsedCookie.key;
return checkSession(session_id, session_key, '');
}
/** /**
* Used in the checkUsernameAndEmail method as return value * Used in the checkUsernameAndEmail method as return value
*/ */