From 107d1f4750e8f82a628b528c4ec200e918be271d Mon Sep 17 00:00:00 2001 From: Pitu Date: Tue, 19 Mar 2019 07:58:36 +0000 Subject: API key WIP --- src/api/database/seeds/initial.js | 2 -- src/api/routes/auth/registerPOST.js | 3 --- src/api/routes/user/apiKey.js | 29 ++++++++++++++++++++--------- src/api/routes/user/userGET.js | 3 +-- src/api/routes/verifyGET.js | 1 - src/api/structures/Route.js | 1 + 6 files changed, 22 insertions(+), 17 deletions(-) (limited to 'src/api') diff --git a/src/api/database/seeds/initial.js b/src/api/database/seeds/initial.js index 0ea7bb4..bb8b915 100644 --- a/src/api/database/seeds/initial.js +++ b/src/api/database/seeds/initial.js @@ -11,9 +11,7 @@ exports.seed = async db => { await db.table('users').insert({ username: process.env.ADMIN_ACCOUNT, password: hash, - apiKey: randomstring.generate(64), passwordEditedAt: now, - apiKeyEditedAt: now, createdAt: now, editedAt: now, enabled: true, diff --git a/src/api/routes/auth/registerPOST.js b/src/api/routes/auth/registerPOST.js index 0bd8cfd..feeb360 100644 --- a/src/api/routes/auth/registerPOST.js +++ b/src/api/routes/auth/registerPOST.js @@ -1,7 +1,6 @@ const Route = require('../../structures/Route'); const log = require('../../utils/Log'); const bcrypt = require('bcrypt'); -const randomstring = require('randomstring'); const moment = require('moment'); class registerPOST extends Route { @@ -48,8 +47,6 @@ class registerPOST extends Route { username, password: hash, passwordEditedAt: now, - apiKey: randomstring.generate(64), - apiKeyEditedAt: now, createdAt: now, editedAt: now, enabled: true, diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js index 820e28c..7de6cb8 100644 --- a/src/api/routes/user/apiKey.js +++ b/src/api/routes/user/apiKey.js @@ -1,6 +1,7 @@ const Route = require('../../structures/Route'); const randomstring = require('randomstring'); const moment = require('moment'); +const bcrypt = require('bcrypt'); class apiKeyPOST extends Route { constructor() { @@ -10,17 +11,27 @@ class apiKeyPOST extends Route { async run(req, res, db, user) { const now = moment.utc().toDate(); const apiKey = randomstring.generate(64); - await db.table('users') - .where({ id: user.id }) - .update({ - apiKey, - apiKeyEditedAt: now + + try { + const hash = await bcrypt.hash(apiKey, 10); + + await db.table('users') + .where({ id: user.id }) + .update({ + apiKey: hash, + apiKeyEditedAt: now + }); + + return res.json({ + message: 'Successfully created new api key', + apiKey }); - return res.json({ - message: 'Successfully created new api key', - apiKey - }); + } catch (error) { + return super.error(res, error); + } + + } } diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js index 7929aac..fe46fd4 100644 --- a/src/api/routes/user/userGET.js +++ b/src/api/routes/user/userGET.js @@ -11,8 +11,7 @@ class usersGET extends Route { user: { id: user.id, username: user.username, - isAdmin: user.isAdmin, - apiKey: user.apiKey + isAdmin: user.isAdmin } }); } diff --git a/src/api/routes/verifyGET.js b/src/api/routes/verifyGET.js index e588c22..5875dbb 100644 --- a/src/api/routes/verifyGET.js +++ b/src/api/routes/verifyGET.js @@ -9,7 +9,6 @@ class verifyGET extends Route { const returnUser = { id: user.id, username: user.username, - apiKey: user.apiKey, isAdmin: user.isAdmin }; diff --git a/src/api/structures/Route.js b/src/api/structures/Route.js index a359488..19d33f9 100644 --- a/src/api/structures/Route.js +++ b/src/api/structures/Route.js @@ -26,6 +26,7 @@ class Route { authorize(req, res) { if (this.options.bypassAuth) return this.run(req, res, db); + console.log(req.headers); if (!req.headers.authorization) return res.status(401).json({ message: 'No authorization header provided' }); const token = req.headers.authorization.split(' ')[1]; if (!token) return res.status(401).json({ message: 'No authorization header provided' }); -- cgit v1.2.3