diff --git a/config.js b/config.js index 5f9c851..03f3f5e 100644 --- a/config.js +++ b/config.js @@ -17,12 +17,16 @@ config.mail.pass = "password"; config.mail.from = "name"; /* - * Session purge settings + * Session settings */ // Maximum session length in days config.maxSessionLength = 1; config.maxRefreshLength = 360; +// Session string character length +config.sessionCharacterLength = 25; +config.refreshChracterLength = 60; + /* * SSL settings */ @@ -49,5 +53,4 @@ config.http.port = 8080; config.db = {} config.db.connection = 'mongodb://localhost:27017/kno-logic'; - module.exports = config; diff --git a/index.js b/index.js index 8aae405..5e70e9a 100644 --- a/index.js +++ b/index.js @@ -13,7 +13,6 @@ const postRoutes = require('./routes/post.route'); const categoryRoutes = require('./routes/category.route'); const mongoSanitize = require('express-mongo-sanitize'); const fs = require("fs"); -const { Http2ServerRequest } = require('http2'); const https = require('https'); console.log("Starting Kno-Logic Backend Server"); @@ -46,10 +45,11 @@ app.use(function(req, res, next) { app.use(mongoSanitize()); // Express routes -app.use('/admin', adminRoutes); -app.use('/user', userRoutes); -app.use('/post', postRoutes); -app.use('/category', categoryRoutes); +app.use('/v1/admin', adminRoutes); +app.use('/v1/user', userRoutes); +app.use('/v1/post', postRoutes); +app.use('/v1/category', categoryRoutes); +app.use('/manage', express.static('public')); app.listen(config.http.port, () => { console.log('Express server running on port:', PORT); @@ -63,7 +63,6 @@ if (config.ssl.use) { https.createServer(options, app).listen(config.ssl.port); } - // Cron jobs var purge = new CronJob('*/5 * * * *', utils.cron.purgeSessions); purge.start(); diff --git a/routes/admin.route.js b/routes/admin.route.js index ee77783..47bafdd 100644 --- a/routes/admin.route.js +++ b/routes/admin.route.js @@ -15,7 +15,7 @@ let User = require('../schema/user.model'); */ adminRoutes.route('/stats').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } utils.account.checkSession(req.body.userId, req.body.sessionId, (isValidId) => { @@ -31,13 +31,13 @@ adminRoutes.route('/stats').post((req, res) => { User.count({}, (err, userCount) => { stats.userCount = userCount; stats.date = Date(); - res.json(stats); + res.status(200).json({ success: true, response: stats }); }); }); }); }); } else { - res.status(401).send("Invalid permissions to view stats."); + res.status(401).json({ success: false, response: "Invalid permissions to view stats" }); return; } }) diff --git a/routes/category.route.js b/routes/category.route.js index 56074b2..9264924 100644 --- a/routes/category.route.js +++ b/routes/category.route.js @@ -15,7 +15,7 @@ let User = require('../schema/user.model'); */ categoryRoutes.route('/create').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } utils.account.checkSession(req.body.userId, req.body.sessionId, (isValidId) => { @@ -24,14 +24,14 @@ categoryRoutes.route('/create').post((req, res) => { let c = new Category(req.body); c.save() .then(() => { - res.json(c); + res.status(200).json({ success: true, response: c }); }) .catch((e) => { console.error(e); - res.status(500).send("Error creating category"); + res.status(500).json({ success: false, response: "Error creating category" }); }); } else { - res.status(401).send("Invalid permissions to create category."); + res.status(401).json({ success: false, response: "Invalid permissions to create category" }); return; } }) @@ -47,10 +47,10 @@ categoryRoutes.route('/all').get((req, res) => { Category.find({}, (err, cArr) => { if (err) { console.error(err); - res.status(500).send("Error getting categories"); + res.status(500).json({ success: false, response: "Error getting categories" }); return; } - res.status(200).send(cArr); + res.status(200).json({ success: true, response: cArr }); }); }); @@ -63,11 +63,11 @@ categoryRoutes.route('/posts').get((req, res) => { Post.find({}, (err, postArr) => { if (err) { console.error(err); - res.status(500).send("Error getting posts"); + res.status(500).json({ success: false, response: "Error getting posts" }); return; } postArr = postArr.filter(post => post.category.includes(req.body._id)); - res.status(200).send(postArr); + res.status(200).json({ success: true, response: postArr }); }); }); diff --git a/routes/post.route.js b/routes/post.route.js index f9a3f45..2c8f19d 100644 --- a/routes/post.route.js +++ b/routes/post.route.js @@ -15,7 +15,7 @@ let User = require('../schema/user.model'); */ postRoutes.route('/create').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } utils.account.checkSession(req.body.userId, req.body.sessionId, (isValidId) => { @@ -25,14 +25,14 @@ postRoutes.route('/create').post((req, res) => { p.date = utils.date.dateToEpoch(p.date); p.save() .then(() => { - res.json(p); + res.status(200).json({ success: true, response: p }); }) .catch((e) => { console.error(e); - res.status(500).send("Error creating post"); + res.status(500).json({ success: false, response: "Error creating post" }); }); } else { - res.status(401).send("Invalid permissions to create post."); + res.status(401).json({ success: false, response: "Invalid permissions to create post" }); return; } }) @@ -47,7 +47,7 @@ postRoutes.route('/create').post((req, res) => { */ postRoutes.route('/delete').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } utils.account.checkSession(req.body.userId, req.body.sessionId, (isValidId) => { @@ -55,13 +55,13 @@ postRoutes.route('/delete').post((req, res) => { if (isValidId && isAdmin) { Post.findByIdAndDelete(req.body._id, (err, r) => { if (err) { - res.status(500).send("Error deleting post"); + res.status(500).json({ success: false, response: "Error deleting post" }); return; } - res.status(200).send("Deleted post"); + res.status(200).json({ success: true, response: "Deleted post" }); }); } else { - res.status(401).send("Invalid permissions to delete post."); + res.status(401).json({ success: false, response: "Invalid permissions to delete post." }); return; } }) @@ -76,7 +76,7 @@ postRoutes.route('/delete').post((req, res) => { */ postRoutes.route('/edit').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } utils.account.checkSession(req.body.userId, req.body.sessionId, (isValidId) => { @@ -84,7 +84,7 @@ postRoutes.route('/edit').post((req, res) => { if (isValidId && isAdmin) { Post.findById(req.body._id, (err, r) => { if (err) { - res.status(500).send("Error editing post"); + res.status(500).json({ success: false, response: "Error editing post" }); return; } r.save() @@ -93,12 +93,12 @@ postRoutes.route('/edit').post((req, res) => { }) .catch((e) => { console.error(e); - res.status(500).send("Error creating post"); + res.status(500).json({ success: false, response: "Error creating post" }); }); - res.status(200).send("Edited post"); + res.status(200).json({ success: true, response: "Edited post" }); }); } else { - res.status(401).send("Invalid permissions to delete post."); + res.status(401).json({ success: false, response: "Invalid permissions to delete post." }); return; } }) @@ -115,10 +115,10 @@ postRoutes.route('/id').post((req, res) => { Post.findById(req.body._id, (err, post) => { if (err) { console.error(err); - res.status(500).send("Error getting posts"); + res.status(500).json({ success: false, response: "Error getting posts" }); return; } - res.status(200).send(post); + res.status(200).json({ success: true, response: post }); }); }); @@ -133,10 +133,10 @@ postRoutes.route('/date').post((req, res) => { Post.find({ date: d}, (err, post) => { if (err) { console.error(err); - res.status(500).send("Error getting posts"); + res.status(500).json({ success: false, response: "Error getting posts" }); return; } - res.status(200).send(post); + res.status(200).json({ success: true, response: post }); }); }); @@ -150,10 +150,10 @@ postRoutes.route('/all').get((req, res) => { Post.find({}, (err, postArr) => { if (err) { console.error(err); - res.status(500).send("Error getting posts"); + res.status(500).json({ success: false, response: "Error getting posts" }); return; } - res.status(200).send(postArr); + res.status(200).json({ success: true, response: postArr }); }); }); @@ -169,13 +169,11 @@ postRoutes.route('/today').get((req, res) => { Post.find({ date: date }, (err, postArr) => { if (err) { console.error(err); - res.status(500).send("Error getting posts"); + res.status(500).json({ success: false, response: "Error getting posts" }); return; } - res.status(200).send(postArr); + res.status(200).json({ success: true, response: postArr }); }); }); - - module.exports = postRoutes; diff --git a/routes/user.route.js b/routes/user.route.js index eea525d..8a353fa 100644 --- a/routes/user.route.js +++ b/routes/user.route.js @@ -2,9 +2,9 @@ const utils = require('../utils/utils'); const express = require('express'); const bcrypt = require('bcrypt'); const userRoutes = express.Router(); +const config = require('../config.js'); const saltRounds = 10; -const sessionLength = 25; let Session = require('../schema/session.model'); let User = require('../schema/user.model'); @@ -19,44 +19,44 @@ let Reset = require('../schema/reset.model'); */ userRoutes.route('/create').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } else if (!req.body.email || !req.body.password || !req.body.name) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing fields" }); return; } else if (req.body.email == "" || req.body.password == "" || req.body.name == "") { - res.status(401).send("Empty fields"); + res.status(401).json({ success: false, response: "Empty fields" }); return; } + let u = new User(req.body); bcrypt.hash(u.password, saltRounds, (err, hash) => { if (err) { console.error(err); - res.status(500).send("Error creating user");; + res.status(500).json({ success: false, response: "Error creating user" }); } else { u.password = hash; User.find({ email: u.email }, (err, arr) => { if (err) { console.error(err); - res.status(500).send("Error creating user"); + res.status(500).json({ success: false, response: "Error creating user" }); } // Account already exists if (arr.length != 0) { - res.status(409).send("Account already exists"); + res.status(409).json({ success: false, response: "Account already exists" }); return; } u.permission = 0; u.save() .then(() => { - res.status(201).send("Success creating user"); + res.status(201).json({ success: true, response: "Success creating user" }); }) .catch(() => { - res.status(500).send("Error creating user");; + res.status(500).json({ success: false, response: "Error creating user" }); }); }); } }); - }); /* @@ -67,49 +67,57 @@ userRoutes.route('/create').post((req, res) => { */ userRoutes.route('/login').post((req, res) => { if (!req.body) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } else if (!req.body.email || !req.body.password) { - res.status(401).send("Missing body"); + res.status(401).json({ success: false, response: "Missing body" }); return; } else if (req.body.email == "" || req.body.password == "") { - res.status(401).send("Empty fields"); + res.status(401).json({ success: false, response: "Empty fields" }); return; } User.findOne({ email: req.body.email }, (err, u) => { if (err) { console.error(err); - res.status(500).send("Error logging in user"); + res.status(500).json({ success: false, response: "Error logging in user" }); return; } if (!u) { - res.status(401).send("No user exists with that email"); + res.status(401).json({ success: false, response: "No user exists with that email" }); return; } bcrypt.compare(req.body.password, u.password, (err, result) => { if (err) { console.error(err); - res.status(500).send("Error logging in user"); + res.status(500).json({ success: false, response: "Error logging in user" }); return; } if (result) { + let refresh = new Session(); + refresh.sessionId = generateSession(config.refreshChracterLength); + refresh.userId = u._id; + refresh.date = new Date(); + refresh.type = 1; + let s = new Session(); - s.sessionId = generateSession(); + s.sessionId = generateSession(config.sessionCharacterLength); s.userId = u._id; s.date = new Date(); + s.type = 0; s.save() .then(() => { - res.json(s); + let send = { userId: u._id, sessionId: s.sessionId, refresh: refresh.sessionId} + res.status(200).json({ success: true, response: send}); }) .catch(() => { - res.status(500).send("Error logging in user"); + res.status(500).json({ success: false, response: "Error logging in user"}); }); } else { - res.status(401).send("Incorrect password"); + res.status(401).json({ success: false, response: "Incorrect password"}); } }); @@ -126,24 +134,23 @@ userRoutes.route('/logout').post((req, res) => { Session.findOne({ sessionId: req.body.sessionId }, (err, sess) => { if (err) { console.error(err); - res.status(500).send("Error logging out"); + res.status(500).json({ success: false, response: "Error logging out" }); return; } if (!sess) { - res.status(400).send("No session found"); + res.status(400).json({ success: false, response: "No session found" }); return; } sess.delete() .then(() => { - res.status(201).send("Success deleting session"); + res.status(201).json({ success: true, response: "Success deleting session" }); }) .catch((e) => { console.error(e); - res.status(500).send("Error logging out"); + res.status(500).json({ success: false, response: "Error logging out" }); }); - }); }); @@ -161,21 +168,21 @@ userRoutes.route('/favorite/add').post((req, res) => { User.findById(req.body.userId, (err, user) => { if (err) { console.error(err); - res.status(500).send("Error adding article"); + res.status(500).json({ success: false, response: "Error adding article" }); return; } user.favorites.push(req.body.postId); user.save() .then(() => { - res.status(201).send("Success saving article"); + res.status(201).json({ success: true, response: "Success saving article" }); }) .catch((e) => { console.error(e); - res.status(500).send("Error saving article"); + res.status(500).json({ success: false, response: "Error saving article" }); }); }) } else { - res.status(401).send("Unauthorized"); + res.status(401).json({ success: false, response: "Unauthorized" }); } }) }) @@ -192,21 +199,21 @@ userRoutes.route('/favorite/remove').post((req, res) => { User.findById(req.body.userId, (err, user) => { if (err) { console.error(err); - res.status(500).send("Error removing article"); + res.status(500).json({ success: false, response: "Error removing article" }); return; } user.favorites = utils.array.removeValue(user.favorites, req.body.articleId); user.save() .then(() => { - res.status(201).send("Success removing article"); + res.status(201).json({ success: true, response: "Success removing article" }); }) .catch((e) => { console.error(e); - res.status(500).send("Error removing article"); + res.status(500).json({ success: false, response: "Error removing article" }); }); }) } else { - res.status(401).send("Unauthorized"); + res.status(401).json({ success: false, response: "Unauthorized"}); } }) }) @@ -223,15 +230,15 @@ userRoutes.route('/favorite/get').post((req, res) => { User.findById(req.body.userId, (err, user) => { if (err) { console.error(err); - res.status(500).send("Error removing article"); + res.status(500).json({ success: false, response: "Error removing article" }); return; } Post.find({ '_id': { $in: user.favorites } }, (err, postArray) => { - res.json(postArray); + res.status(200).json({ success: true, response: postArray }); }) }) } else { - res.status(401).send("Unauthorized"); + res.status(401).json({ success: false, response: "Unauthorized" }); } }) }) @@ -246,13 +253,13 @@ userRoutes.route('/refresh').post((req, res) => { s.save() .then(() => { - res.json(s); + res.status(200).json({ success: true, response: s }); }) .catch(() => { - res.status(500).send("Error logging in user"); + res.status(500).json({ success: false, response: "Error logging in user" }); }); } else { - res.status(401).send("Incorrect refresh token"); + res.status(401).json({ success: false, response: "Incorrect refresh token" }); } } ) @@ -265,9 +272,9 @@ userRoutes.route('/check-email').post((req, res) => { } if (arr.length > 0) { - res.status(400).send("Email already in use"); + res.status(400).json({ success: false, response: "Email already in use" }); } else { - res.status(200).send("Email not in use"); + res.status(200).json({ success: true, response: "Email not in use" }); } }) }); @@ -282,13 +289,13 @@ userRoutes.route('/change-name').post((req, res) => { if (user) { user.name = req.body.name; user.save(); - res.status(200).send("Success changing name"); + res.status(200).json({ success: true, response: "Success changing name" }); } else { - res.status(400).send("No user found with that ID"); + res.status(400).json({ success: false, response: "No user found with that ID" }); } }) } else { - res.status(401).send("Unauthorized"); + res.status(401).json({ success: false, response: "Unauthorized" }); } }) }); @@ -303,13 +310,13 @@ userRoutes.route('/change-email').post((req, res) => { if (user) { user.email = req.body.email; user.save(); - res.status(200).send("Success changing email"); + res.status(200).json({ success: true, response: "Success changing email" }); } else { - res.status(400).send("No user found with that ID"); + res.status(400).json({ success: false, response: "No user found with that ID" }); } }) } else { - res.status(401).send("Unauthorized"); + res.status(401).json({ success: false, response: "Unauthorized" }); } }) }); @@ -324,13 +331,13 @@ userRoutes.route('/change-password').post((req, res) => { if (user) { user.password = req.body.password; user.save(); - res.status(200).send("Success changing password"); + res.status(200).json({ success: true, response: "Success changing password" }); } else { - res.status(400).send("No user found with that ID"); + res.status(400).json({ success: false, response: "No user found with that ID" }); } }) } else { - res.status(401).send("Unauthorized"); + res.status(401).json({ success: false, response: "Unauthorized" }); } }) }); @@ -349,9 +356,9 @@ userRoutes.route('/forgot-password').post((req, res) => { r.date = new Date(); r.save(); utils.mail.sendMail(user, "forgotPassword", [{from: "%name%", to: user.name}, {from: "%pin%", to: pin}]); - res.status(200).send("Success sending reset email"); + res.status(200).json({ success: true, response: "Success sending reset email" }); } else { - res.status(400).send("No user found with that email"); + res.status(400).json({ success: false, response: "No user found with that email" }); } } ) @@ -373,13 +380,13 @@ userRoutes.route('/reset-password').post((req, res) => { reset.remove(); user.password = req.body.password; user.save(); - res.status(200).send("Success resetting password"); + res.status(200).json({ success: true, response: "Success resetting password" }); } else { - res.status(400).send("Invalid pin"); + res.status(400).json({ success: false, response: "Invalid pin" }); } }) } else { - res.status(400).send("No user found with that email"); + res.status(400).json({ success: false, response: "No user found with that email" }); } } ) @@ -389,8 +396,7 @@ userRoutes.route('/reset-password').post((req, res) => { module.exports = userRoutes; -function generateSession() { - var length = sessionLength; +function generateSession(length) { var result = []; var characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-+!@#$%^&*()'; var charactersLength = characters.length;