public/homebrewery
1
0
Fork 0
mirror of https://github.com/stolksdorf/homebrewery.git synced 2025-12-20 22:41:29 +00:00
Code Issues Releases Wiki Activity

Cleaned up the admin routes

Browse Source
This commit is contained in:
Scott Tolksdorf
2017-01-06 19:21:18 -05:00
parent ca40ec5a2d
commit a26c4e2092
9 changed files with 99 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
config/default.json
View File

@@ -1,7 +1,10 @@
{ {
"host" : "localhost:8000", "log_level" : "info",
"login_path" : "localhost:8000/dev_login", "login_path" : "/dev/login",
"secret" : "secretsecret", "jwt_secret" : "secretsecret",
"admin_key" : "adminadmin", "admin" : {
"log_level" : "info" "user" : "admin",
"pass" : "password",
"key" : "adminadminadmin"
}
} }

95
server/admin.api.js
View File

@@ -1,85 +1,32 @@
const _ = require('lodash'); const _ = require('lodash');
const auth = require('basic-auth');
const HomebrewModel = require('./homebrew.model.js').model;
const router = require('express').Router(); const router = require('express').Router();
const vitreumRender = require('vitreum/steps/render');
const mw = {
adminOnly : (req, res, next)=>{
if(req.query && req.query.admin_key == process.env.ADMIN_KEY) return next();
return res.status(401).send('Access denied');
}
};
process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password';
process.env.ADMIN_KEY = process.env.ADMIN_KEY || 'admin_key';
//Removes all empty brews that are older than 3 days and that are shorter than a tweet
router.get('/api/invalid', mw.adminOnly, (req, res)=>{
const invalidBrewQuery = HomebrewModel.find({
'$where' : "this.text.length < 140",
createdAt: {
$lt: Moment().subtract(3, 'days').toDate()
}
});
if(req.query.do_it){
invalidBrewQuery.remove().exec((err, objs)=>{
refreshCount();
return res.send(200);
})
}else{
invalidBrewQuery.exec((err, objs)=>{
if(err) console.log(err);
return res.json({
count : objs.length
})
})
}
});
router.get('/admin/lookup/:id', mw.adminOnly, (req, res, next) => {
//search for mathcing edit id
//search for matching share id
// search for partial match
HomebrewModel.findOne({ $or:[
{editId : { "$regex": req.params.id, "$options": "i" }},
{shareId : { "$regex": req.params.id, "$options": "i" }},
]}).exec((err, brew) => {
return res.json(brew);
});
});
//Admin route
const render = require('vitreum/steps/render');
const templateFn = require('../client/template.js'); const templateFn = require('../client/template.js');
router.get('/admin', function(req, res){ const config = require('nconf');
const credentials = auth(req)
if (!credentials || credentials.name !== process.env.ADMIN_USER || credentials.pass !== process.env.ADMIN_PASS) { const mw = require('./middleware.js');
res.setHeader('WWW-Authenticate', 'Basic realm="example"') const BrewData = require('./brew.data.js');
return res.status(401).send('Access denied')
} router.get('/admin', mw.adminLogin, (req, res) => {
render('admin', templateFn, { return vitreumRender('admin', templateFn, {
url: req.originalUrl, url : req.originalUrl,
admin_key : process.env.ADMIN_KEY, admin_key : config.get('admin"key')
}) })
.then((page) => { .then((page) => {
return res.send(page) return res.send(page)
}) })
.catch((err) => { .catch(next);
console.log(err);
return res.sendStatus(500);
});
}); });
//Removes all empty brews that are older than 3 days and that are shorter than a tweet
router.del('/admin/invalid', mw.adminOnly, (req, res)=>{
BrewData.removeInvalid(!!req.query.do_it)
.then((removedCount) => {
return res.join({
count : removedCount
});
})
.catch(next);
});
module.exports = router; module.exports = router;

6
server/app.js
View File

@@ -1,3 +1,4 @@
const config = require('nconf');
const express = require("express"); const express = require("express");
const app = express(); const app = express();
@@ -13,10 +14,13 @@ app.use(mw.admin);
//Routes //Routes
app.use(require('./brew.api.js'));
app.use(require('./interface.routes.js')); app.use(require('./interface.routes.js'));
app.use(require('./brew.api.js'));
//app.use(require('./admin.api.js')); //app.use(require('./admin.api.js'));
if(config.get('NODE_ENV') !== 'staging' && config.get('NODE_ENV') !== 'production'){
app.use(require('./dev.routes.js'));
}
//Error Handler //Error Handler
app.use(require('./error.js').expressHandler); app.use(require('./error.js').expressHandler);

15
server/brew.data.js
View File

@@ -90,6 +90,21 @@ const BrewData = {
return BrewData.get({ editId }); return BrewData.get({ editId });
}, },
//Removes all empty brews that are older than 3 days and that are shorter than a tweet
removeInvalid : (force = false) => {
const invalidBrewQuery = Brew.find({
'$where' : "this.text.length < 140",
createdAt: {
$lt: Moment().subtract(3, 'days').toDate()
}
});
if(force) return invalidBrewQuery.remove().exec();
return invalidBrewQuery.exec()
.then((objs) => {
return objs.length;
});
},
search : (query, req={}) => { search : (query, req={}) => {
//defaults with page and count //defaults with page and count
//returns a non-text version of brews //returns a non-text version of brews

12
server/dev.routes.js Normal file
View File

@@ -0,0 +1,12 @@
const router = require('express').Router();
module.exports = router;

1
server/error.js
View File

@@ -3,6 +3,7 @@ const Error = require('egads').extend('Server Error', 500, 'Generic Server Error
Error.noBrew = Error.extend('Can not find a brew with that id', 404, 'No Brew Found'); Error.noBrew = Error.extend('Can not find a brew with that id', 404, 'No Brew Found');
Error.noAuth = Error.extend('You can not access this route', 401, 'Unauthorized'); Error.noAuth = Error.extend('You can not access this route', 401, 'Unauthorized');
Error.noAdmin = Error.extend('You need admin credentials to access this route', 401, 'Unauthorized');
Error.expressHandler = (err, req, res, next) => { Error.expressHandler = (err, req, res, next) => {

14
server/middleware.js
View File

@@ -1,5 +1,6 @@
const _ = require('lodash'); const _ = require('lodash');
const jwt = require('jwt-simple'); const jwt = require('jwt-simple');
const auth = require('basic-auth');
const config = require('nconf'); const config = require('nconf');
const Error = require('./error.js'); const Error = require('./error.js');
@@ -9,13 +10,13 @@ const Middleware = {
account : (req, res, next) => { account : (req, res, next) => {
if(req.cookies && req.cookies.nc_session){ if(req.cookies && req.cookies.nc_session){
try{ try{
req.account = jwt.decode(req.cookies.nc_session, config.get('secret')); req.account = jwt.decode(req.cookies.nc_session, config.get('jwt_secret'));
}catch(e){} }catch(e){}
} }
return next(); return next();
}, },
admin : (req, res, next) => { admin : (req, res, next) => {
if(req.query.admin_key === config.get('admin_key')){ if(req.query.admin_key === config.get('admin:key')){
req.admin = true; req.admin = true;
} }
return next(); return next();
@@ -31,6 +32,15 @@ const Middleware = {
if(req.admin) return next(); if(req.admin) return next();
return next(Error.noAuth()); return next(Error.noAuth());
}, },
adminLogin : (req, res, next) => {
const creds = auth(req);
if(!creds
|| creds.name !== config.get('admin:user')
|| creds.pass !== config.get('admin:pass')){
return next(Error.noAdmin());
}
return next();
},
//Loaders //Loaders

2
test/api.test.js
View File

@@ -24,7 +24,7 @@ describe('Brew API', () => {
before('Connect DB', DB.connect); before('Connect DB', DB.connect);
before('Clear DB', BrewData.removeAll); before('Clear DB', BrewData.removeAll);
before('Create session token', () => { before('Create session token', () => {
session_token = jwt.encode(test_user, config.get('secret')); session_token = jwt.encode(test_user, config.get('jwt_secret'));
}); });
before('Create brew', ()=>{ before('Create brew', ()=>{
return BrewData.create(storedBrew) return BrewData.create(storedBrew)

27
test/middleware.test.js
View File

@@ -14,6 +14,9 @@ const requestHandler = (req, res) => {
return res.status(200).json(_.pick(req, ['brew', 'account', 'admin', 'params', 'query', 'body'])); return res.status(200).json(_.pick(req, ['brew', 'account', 'admin', 'params', 'query', 'body']));
}; };
console.log(config.get('admin:key'));
const test_user = { const test_user = {
username : 'cool guy' username : 'cool guy'
}; };
@@ -23,7 +26,7 @@ describe('Middleware', () => {
let session_token = ''; let session_token = '';
before('create session token', () => { before('create session token', () => {
session_token = jwt.encode(test_user, config.get('secret')); session_token = jwt.encode(test_user, config.get('jwt_secret'));
}); });
beforeEach('setup test server', ()=>{ beforeEach('setup test server', ()=>{
app = require('express')(); app = require('express')();
@@ -102,7 +105,7 @@ describe('Middleware', () => {
it('should detect when you use the admin key', () => { it('should detect when you use the admin key', () => {
app.use(mw.admin); app.use(mw.admin);
app.use(requestHandler) app.use(requestHandler)
return request(app).get(`/?admin_key=${config.get('admin_key')}`) return request(app).get(`/?admin_key=${config.get('admin:key')}`)
.send() .send()
.expect(200) .expect(200)
.then((res) => { .then((res) => {
@@ -113,12 +116,30 @@ describe('Middleware', () => {
it('should block you if you are not an admin', ()=>{ it('should block you if you are not an admin', ()=>{
app.use(mw.admin); app.use(mw.admin);
app.use(mw.adminOnly); app.use(mw.adminOnly);
app.get('/', (req, res) => { return res.status(200).send(); }); app.get(requestHandler);
app.use(Error.expressHandler); app.use(Error.expressHandler);
return request(app).get(`/?admin_key=BADKEY`) return request(app).get(`/?admin_key=BADKEY`)
.send() .send()
.expect(401); .expect(401);
}); });
it('should let your through witch basic auth', () => {
app.use(mw.adminLogin);
app.use(requestHandler);
return request(app).get('/')
.auth(config.get('admin:user'), config.get('admin:pass'))
.send()
.expect(200);
});
it('should block you if basic auth is wrong', () => {
app.use(mw.adminAuth);
app.use(requestHandler);
app.use(Error.expressHandler);
return request(app).get('/')
.auth('baduser', 'badpassword')
.send()
.expect(401);
});
}); });
}); });