mirror of
https://github.com/stolksdorf/homebrewery.git
synced 2025-12-12 22:15:55 +00:00
Removing the admin key, switching to full basic auth
This commit is contained in:
Scott Tolksdorf
@@ -2,13 +2,43 @@ const React = require('react');
|
|||||||
const createClass = require('create-react-class');
|
const createClass = require('create-react-class');
|
||||||
const cx = require('classnames');
|
const cx = require('classnames');
|
||||||
|
|
||||||
|
const request = require('superagent');
|
||||||
|
|
||||||
|
|
||||||
const BrewCleanup = createClass({
|
const BrewCleanup = createClass({
|
||||||
displayName : 'BrewCleanup',
|
displayName : 'BrewCleanup',
|
||||||
getDefaultProps(){
|
getDefaultProps(){
|
||||||
return {
|
return {
|
||||||
|
adminKey : '',
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
|
getInitialState() {
|
||||||
|
return {
|
||||||
|
count : 0,
|
||||||
|
|
||||||
|
pending : false,
|
||||||
|
primed : false
|
||||||
|
};
|
||||||
|
},
|
||||||
|
prime(){
|
||||||
|
if(this.state.primed) return this.cleanup();
|
||||||
|
this.setState({ pending: true });
|
||||||
|
|
||||||
|
request.get('/admin/cleanup')
|
||||||
|
.query({ admin_key: this.props.adminKey })
|
||||||
|
.then((res)=> this.setState({count : res.body.count }))
|
||||||
|
.catch((err)=>this.setState({ error : err }))
|
||||||
|
.finally(()=>this.setState({ pending : false }))
|
||||||
|
},
|
||||||
|
cleanup(){
|
||||||
|
this.setState({ pending: true });
|
||||||
|
|
||||||
|
request.post('/admin/cleanup')
|
||||||
|
.query({ admin_key: this.props.adminKey })
|
||||||
|
.then((res)=> this.setState({count : res.body.count }))
|
||||||
|
.catch((err)=>this.setState({ error : err }))
|
||||||
|
.finally(()=>this.setState({ pending : false, primed : false }))
|
||||||
|
},
|
||||||
render(){
|
render(){
|
||||||
return <div className='BrewCleanup'>
|
return <div className='BrewCleanup'>
|
||||||
BrewCleanup Component Ready.
|
BrewCleanup Component Ready.
|
||||||
|
|||||||
@@ -1,6 +1,5 @@
|
|||||||
const React = require('react');
|
const React = require('react');
|
||||||
const createClass = require('create-react-class');
|
const createClass = require('create-react-class');
|
||||||
const _ = require('lodash');
|
|
||||||
const cx = require('classnames');
|
const cx = require('classnames');
|
||||||
|
|
||||||
const request = require('superagent');
|
const request = require('superagent');
|
||||||
@@ -21,7 +20,6 @@ const BrewLookup = createClass({
|
|||||||
error : null
|
error : null
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
|
|
||||||
handleChange(e){
|
handleChange(e){
|
||||||
this.setState({ query : e.target.value });
|
this.setState({ query : e.target.value });
|
||||||
},
|
},
|
||||||
@@ -29,7 +27,7 @@ const BrewLookup = createClass({
|
|||||||
this.setState({ searching: true, error: null });
|
this.setState({ searching: true, error: null });
|
||||||
|
|
||||||
request.get(`/admin/lookup/${this.state.query}`)
|
request.get(`/admin/lookup/${this.state.query}`)
|
||||||
.query({ admin_key: this.props.adminKey })
|
//.query({ admin_key: this.props.adminKey })
|
||||||
.then((res)=> this.setState({foundBrew : res.body}))
|
.then((res)=> this.setState({foundBrew : res.body}))
|
||||||
.catch((err)=>this.setState({ error : err }))
|
.catch((err)=>this.setState({ error : err }))
|
||||||
.finally(()=>this.setState({ searching : false }))
|
.finally(()=>this.setState({ searching : false }))
|
||||||
@@ -72,7 +70,7 @@ const BrewLookup = createClass({
|
|||||||
</button>
|
</button>
|
||||||
|
|
||||||
{this.state.error
|
{this.state.error
|
||||||
&& <div className='error'>{this.state.error}</div>
|
&& <div className='error'>{this.state.error.toString()}</div>
|
||||||
}
|
}
|
||||||
|
|
||||||
{this.state.foundBrew
|
{this.state.foundBrew
|
||||||
|
|||||||
8
package-lock.json
generated
8
package-lock.json
generated
@@ -1066,14 +1066,6 @@
|
|||||||
"resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.2.3.tgz",
|
"resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.2.3.tgz",
|
||||||
"integrity": "sha512-MsAhsUW1GxCdgYSO6tAfZrNapmUKk7mWx/k5mFY/A1gBtkaCaNapTg+FExCw1r9yeaZhqx/xPg43xgTFH6KL5w=="
|
"integrity": "sha512-MsAhsUW1GxCdgYSO6tAfZrNapmUKk7mWx/k5mFY/A1gBtkaCaNapTg+FExCw1r9yeaZhqx/xPg43xgTFH6KL5w=="
|
||||||
},
|
},
|
||||||
"basic-auth": {
|
|
||||||
"version": "2.0.0",
|
|
||||||
"resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.0.tgz",
|
|
||||||
"integrity": "sha1-AV2z81PgLlY3d1X5YnQuiYHnu7o=",
|
|
||||||
"requires": {
|
|
||||||
"safe-buffer": "5.1.1"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"bcrypt-pbkdf": {
|
"bcrypt-pbkdf": {
|
||||||
"version": "1.0.1",
|
"version": "1.0.1",
|
||||||
"resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz",
|
"resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz",
|
||||||
|
|||||||
@@ -38,7 +38,6 @@
|
|||||||
"dependencies": {
|
"dependencies": {
|
||||||
"babel-preset-env": "^1.1.8",
|
"babel-preset-env": "^1.1.8",
|
||||||
"babel-preset-react": "^6.24.1",
|
"babel-preset-react": "^6.24.1",
|
||||||
"basic-auth": "^2.0.0",
|
|
||||||
"body-parser": "^1.14.2",
|
"body-parser": "^1.14.2",
|
||||||
"classnames": "^2.2.0",
|
"classnames": "^2.2.0",
|
||||||
"codemirror": "^5.22.0",
|
"codemirror": "^5.22.0",
|
||||||
|
|||||||
@@ -1,97 +1,88 @@
|
|||||||
const _ = require('lodash');
|
//const auth = require('basic-auth');
|
||||||
const auth = require('basic-auth');
|
|
||||||
const HomebrewModel = require('./homebrew.model.js').model;
|
const HomebrewModel = require('./homebrew.model.js').model;
|
||||||
const router = require('express').Router();
|
const router = require('express').Router();
|
||||||
|
const Moment = require('moment');
|
||||||
|
const render = require('vitreum/steps/render');
|
||||||
|
const templateFn = require('../client/template.js');
|
||||||
|
|
||||||
|
|
||||||
|
process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
|
||||||
|
process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password3';
|
||||||
|
//process.env.ADMIN_KEY = process.env.ADMIN_KEY || 'admin_key';
|
||||||
|
|
||||||
|
//FIXME: remove this whole 'ADMIN_KEY' buulshit
|
||||||
|
|
||||||
const mw = {
|
const mw = {
|
||||||
adminOnly : (req, res, next)=>{
|
adminOnly : (req, res, next)=>{
|
||||||
if(req.query && req.query.admin_key == process.env.ADMIN_KEY) return next();
|
if(!req.get('authorization')){
|
||||||
|
return res
|
||||||
|
.set('WWW-Authenticate', 'Basic realm="Authorization Required"')
|
||||||
|
.status(401)
|
||||||
|
.send('Authorization Required');
|
||||||
|
}
|
||||||
|
const [username, password] = new Buffer(req.get('authorization').split(' ').pop(), 'base64')
|
||||||
|
.toString('ascii')
|
||||||
|
.split(':');
|
||||||
|
if(process.env.ADMIN_USER === username && process.env.ADMIN_PASS === password){
|
||||||
|
return next();
|
||||||
|
}
|
||||||
return res.status(401).send('Access denied');
|
return res.status(401).send('Access denied');
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
|
|
||||||
process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password';
|
|
||||||
process.env.ADMIN_KEY = process.env.ADMIN_KEY || 'admin_key';
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Removes all empty brews that are older than 3 days and that are shorter than a tweet */
|
/* Removes all empty brews that are older than 3 days and that are shorter than a tweet */
|
||||||
router.get('/admin/clear_invalid', mw.adminOnly, (req, res)=>{
|
const junkBrewQuery = HomebrewModel.find({
|
||||||
const invalidBrewQuery = HomebrewModel.find({
|
'$where' : 'this.text.length < 140',
|
||||||
'$where' : 'this.text.length < 140',
|
createdAt : {
|
||||||
createdAt : {
|
$lt : Moment().subtract(3, 'days').toDate()
|
||||||
$lt : Moment().subtract(3, 'days').toDate()
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
if(req.query.do_it){
|
|
||||||
invalidBrewQuery.remove().exec((err, objs)=>{
|
|
||||||
if(err) return res.status(500).send(err);
|
|
||||||
return res.send(200);
|
|
||||||
});
|
|
||||||
} else {
|
|
||||||
invalidBrewQuery.exec((err, objs)=>{
|
|
||||||
if(err) return res.status(500).send(err);
|
|
||||||
return res.json({
|
|
||||||
count : objs.length
|
|
||||||
});
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
router.get('/admin/cleanup', mw.adminOnly, (req, res)=>{
|
||||||
|
junkBrewQuery.exec((err, objs)=>{
|
||||||
|
if(err) return res.status(500).send(err);
|
||||||
|
return res.json({ count : objs.length });
|
||||||
|
});
|
||||||
|
});
|
||||||
|
/* Removes all empty brews that are older than 3 days and that are shorter than a tweet */
|
||||||
|
router.post('/admin/cleanup', mw.adminOnly, (req, res)=>{
|
||||||
|
junkBrewQuery.remove().exec((err, objs)=>{
|
||||||
|
if(err) return res.status(500).send(err);
|
||||||
|
return res.json({ count : objs.length });
|
||||||
|
});
|
||||||
|
})
|
||||||
|
|
||||||
/* Searches for matching edit or share id, also attempts to partial match */
|
/* Searches for matching edit or share id, also attempts to partial match */
|
||||||
router.get('/admin/lookup/:id', mw.adminOnly, (req, res, next)=>{
|
router.get('/admin/lookup/:id', mw.adminOnly, (req, res, next)=>{
|
||||||
|
|
||||||
console.log('lookup');
|
|
||||||
|
|
||||||
|
|
||||||
HomebrewModel.findOne({ $or : [
|
HomebrewModel.findOne({ $or : [
|
||||||
{ editId: { '$regex': req.params.id, '$options': 'i' } },
|
{ editId: { '$regex': req.params.id, '$options': 'i' } },
|
||||||
{ shareId: { '$regex': req.params.id, '$options': 'i' } },
|
{ shareId: { '$regex': req.params.id, '$options': 'i' } },
|
||||||
] }).exec((err, brew)=>{
|
]}).exec((err, brew)=>{
|
||||||
return res.json(brew);
|
return res.json(brew);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
router.get('/admin/stats', mw.adminOnly, (req, res)=>{
|
|
||||||
console.log('hittting stats');
|
|
||||||
|
|
||||||
|
router.get('/admin/stats', mw.adminOnly, (req, res)=>{
|
||||||
HomebrewModel.count({}, (err, count)=>{
|
HomebrewModel.count({}, (err, count)=>{
|
||||||
return res.json({
|
return res.json({
|
||||||
totalBrews : count
|
totalBrews : count
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
|
router.get('/admin', mw.adminOnly, (req, res)=>{
|
||||||
|
// const credentials = auth(req);
|
||||||
//Admin route
|
// if(!credentials || credentials.name !== process.env.ADMIN_USER || credentials.pass !== process.env.ADMIN_PASS) {
|
||||||
|
// res.setHeader('WWW-Authenticate', 'Basic realm="example"');
|
||||||
const render = require('vitreum/steps/render');
|
// return res.status(401).send('Access denied');
|
||||||
const templateFn = require('../client/template.js');
|
// }
|
||||||
router.get('/admin', function(req, res){
|
|
||||||
const credentials = auth(req);
|
|
||||||
if(!credentials || credentials.name !== process.env.ADMIN_USER || credentials.pass !== process.env.ADMIN_PASS) {
|
|
||||||
res.setHeader('WWW-Authenticate', 'Basic realm="example"');
|
|
||||||
return res.status(401).send('Access denied');
|
|
||||||
}
|
|
||||||
render('admin', templateFn, {
|
render('admin', templateFn, {
|
||||||
url : req.originalUrl,
|
url : req.originalUrl,
|
||||||
adminKey : process.env.ADMIN_KEY
|
adminKey : process.env.ADMIN_KEY
|
||||||
})
|
})
|
||||||
.then((page)=>{
|
.then((page)=>res.send(page))
|
||||||
return res.send(page);
|
.catch((err)=>res.sendStatus(500))
|
||||||
})
|
|
||||||
.catch((err)=>{
|
|
||||||
console.log(err);
|
|
||||||
return res.sendStatus(500);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
Reference in New Issue
Block a user