diff options
| -rw-r--r-- | src/api/database/seeds/initial.js | 2 | ||||
| -rw-r--r-- | src/api/routes/auth/registerPOST.js | 3 | ||||
| -rw-r--r-- | src/api/routes/user/apiKey.js | 29 | ||||
| -rw-r--r-- | src/api/routes/user/userGET.js | 3 | ||||
| -rw-r--r-- | src/api/routes/verifyGET.js | 1 | ||||
| -rw-r--r-- | src/api/structures/Route.js | 1 | ||||
| -rw-r--r-- | src/site/layouts/default.vue | 2 | ||||
| -rw-r--r-- | src/site/pages/dashboard/account.vue | 7 | ||||
| -rw-r--r-- | src/site/pages/login.vue | 1 | ||||
| -rw-r--r-- | src/site/store/index.js | 9 |
10 files changed, 35 insertions, 23 deletions
diff --git a/src/api/database/seeds/initial.js b/src/api/database/seeds/initial.js index 0ea7bb4..bb8b915 100644 --- a/src/api/database/seeds/initial.js +++ b/src/api/database/seeds/initial.js @@ -11,9 +11,7 @@ exports.seed = async db => { await db.table('users').insert({ username: process.env.ADMIN_ACCOUNT, password: hash, - apiKey: randomstring.generate(64), passwordEditedAt: now, - apiKeyEditedAt: now, createdAt: now, editedAt: now, enabled: true, diff --git a/src/api/routes/auth/registerPOST.js b/src/api/routes/auth/registerPOST.js index 0bd8cfd..feeb360 100644 --- a/src/api/routes/auth/registerPOST.js +++ b/src/api/routes/auth/registerPOST.js @@ -1,7 +1,6 @@ const Route = require('../../structures/Route'); const log = require('../../utils/Log'); const bcrypt = require('bcrypt'); -const randomstring = require('randomstring'); const moment = require('moment'); class registerPOST extends Route { @@ -48,8 +47,6 @@ class registerPOST extends Route { username, password: hash, passwordEditedAt: now, - apiKey: randomstring.generate(64), - apiKeyEditedAt: now, createdAt: now, editedAt: now, enabled: true, diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js index 820e28c..7de6cb8 100644 --- a/src/api/routes/user/apiKey.js +++ b/src/api/routes/user/apiKey.js @@ -1,6 +1,7 @@ const Route = require('../../structures/Route'); const randomstring = require('randomstring'); const moment = require('moment'); +const bcrypt = require('bcrypt'); class apiKeyPOST extends Route { constructor() { @@ -10,17 +11,27 @@ class apiKeyPOST extends Route { async run(req, res, db, user) { const now = moment.utc().toDate(); const apiKey = randomstring.generate(64); - await db.table('users') - .where({ id: user.id }) - .update({ - apiKey, - apiKeyEditedAt: now + + try { + const hash = await bcrypt.hash(apiKey, 10); + + await db.table('users') + .where({ id: user.id }) + .update({ + apiKey: hash, + apiKeyEditedAt: now + }); + + return res.json({ + message: 'Successfully created new api key', + apiKey }); - return res.json({ - message: 'Successfully created new api key', - apiKey - }); + } catch (error) { + return super.error(res, error); + } + + } } diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js index 7929aac..fe46fd4 100644 --- a/src/api/routes/user/userGET.js +++ b/src/api/routes/user/userGET.js @@ -11,8 +11,7 @@ class usersGET extends Route { user: { id: user.id, username: user.username, - isAdmin: user.isAdmin, - apiKey: user.apiKey + isAdmin: user.isAdmin } }); } diff --git a/src/api/routes/verifyGET.js b/src/api/routes/verifyGET.js index e588c22..5875dbb 100644 --- a/src/api/routes/verifyGET.js +++ b/src/api/routes/verifyGET.js @@ -9,7 +9,6 @@ class verifyGET extends Route { const returnUser = { id: user.id, username: user.username, - apiKey: user.apiKey, isAdmin: user.isAdmin }; diff --git a/src/api/structures/Route.js b/src/api/structures/Route.js index a359488..19d33f9 100644 --- a/src/api/structures/Route.js +++ b/src/api/structures/Route.js @@ -26,6 +26,7 @@ class Route { authorize(req, res) { if (this.options.bypassAuth) return this.run(req, res, db); + console.log(req.headers); if (!req.headers.authorization) return res.status(401).json({ message: 'No authorization header provided' }); const token = req.headers.authorization.split(' ')[1]; if (!token) return res.status(401).json({ message: 'No authorization header provided' }); diff --git a/src/site/layouts/default.vue b/src/site/layouts/default.vue index 41c3ebd..7a5d4cc 100644 --- a/src/site/layouts/default.vue +++ b/src/site/layouts/default.vue @@ -41,12 +41,14 @@ export default { processCatch(error, logout) { if (error.response && error.response.data && error.response.data.message) { this.showToast(error.response.data.message, true, 5000); + /* if (error.response.status === 429) return; if (error.response.status === 502) return; if (error.response.data.message === 'Token expired') { this.$logOut(); setTimeout(() => this.$router.push('/'), 3000); } + */ } else { console.error(error); this.showToast('Something went wrong, please check the console :(', true, 5000); diff --git a/src/site/pages/dashboard/account.vue b/src/site/pages/dashboard/account.vue index 3ff6c70..b0b90a3 100644 --- a/src/site/pages/dashboard/account.vue +++ b/src/site/pages/dashboard/account.vue @@ -67,7 +67,8 @@ message="This API key lets you use the service from other apps" horizontal> <b-input v-model="user.apiKey" - expanded /> + expanded + disabled /> </b-field> <div class="mb2 mt2 text-center"> @@ -130,7 +131,8 @@ export default { }, promptNewAPIKey() { this.$dialog.confirm({ - message: 'Are you sure you want to regenerate your API key?', + type: 'is-danger', + message: 'Are you sure you want to regenerate your API key? If you had a previous API key generated it will stop working. Make sure to write it down as this is the only time its gonna be displayed to you.', onConfirm: () => this.requestNewAPIKey() }); }, @@ -139,6 +141,7 @@ export default { const response = await this.axios.post(`${this.config.baseURL}/user/apikey/change`); this.user.apiKey = response.data.apiKey; this.$toast.open(response.data.message); + this.$forceUpdate(); } catch (error) { this.$onPromiseError(error); } diff --git a/src/site/pages/login.vue b/src/site/pages/login.vue index fe7d64a..5af3371 100644 --- a/src/site/pages/login.vue +++ b/src/site/pages/login.vue @@ -116,6 +116,7 @@ export default { this.getUserData(); } */ + document.cookie = `token=${encodeURIComponent(res.data.token)}`; this.redirect(); }).catch(err => { this.isLoading = false; diff --git a/src/site/store/index.js b/src/site/store/index.js index 3c43f53..2f83f63 100644 --- a/src/site/store/index.js +++ b/src/site/store/index.js @@ -53,12 +53,13 @@ export const actions = { if (req.headers.cookie) { try { token = cookieparser.parse(req.headers.cookie).token; + console.log(token); commit('loggedIn', true); commit('token', token); - - const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`); - if (!res || !res.data.user); - commit('user', res.data.user); + const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`, { + headers: { authorization: `Bearer ${token}` } + }); + if (res && res.data.user) commit('user', res.data.user); } catch (error) { // TODO: Deactivate this on production console.error(error); |