From 19e79365adf33d5031a68f85933051fc4fea046d Mon Sep 17 00:00:00 2001
From: Pitu <heyitspitu@gmail.com>
Date: Fri, 15 Mar 2019 07:52:33 +0000
Subject: proper baseurl

---
 src/site/store/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/site/store/index.js b/src/site/store/index.js
index 6a05622..3c43f53 100644
--- a/src/site/store/index.js
+++ b/src/site/store/index.js
@@ -56,7 +56,7 @@ export const actions = {
 				commit('loggedIn', true);
 				commit('token', token);
 
-				const res = await axios.get(`${this.config.baseURL}/verify`);
+				const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`);
 				if (!res || !res.data.user);
 				commit('user', res.data.user);
 			} catch (error) {
-- 
cgit v1.2.3


From 107d1f4750e8f82a628b528c4ec200e918be271d Mon Sep 17 00:00:00 2001
From: Pitu <heyitspitu@gmail.com>
Date: Tue, 19 Mar 2019 07:58:36 +0000
Subject: API key WIP

---
 src/api/database/seeds/initial.js    |  2 --
 src/api/routes/auth/registerPOST.js  |  3 ---
 src/api/routes/user/apiKey.js        | 29 ++++++++++++++++++++---------
 src/api/routes/user/userGET.js       |  3 +--
 src/api/routes/verifyGET.js          |  1 -
 src/api/structures/Route.js          |  1 +
 src/site/layouts/default.vue         |  2 ++
 src/site/pages/dashboard/account.vue |  7 +++++--
 src/site/pages/login.vue             |  1 +
 src/site/store/index.js              |  9 +++++----
 10 files changed, 35 insertions(+), 23 deletions(-)

(limited to 'src')

diff --git a/src/api/database/seeds/initial.js b/src/api/database/seeds/initial.js
index 0ea7bb4..bb8b915 100644
--- a/src/api/database/seeds/initial.js
+++ b/src/api/database/seeds/initial.js
@@ -11,9 +11,7 @@ exports.seed = async db => {
 		await db.table('users').insert({
 			username: process.env.ADMIN_ACCOUNT,
 			password: hash,
-			apiKey: randomstring.generate(64),
 			passwordEditedAt: now,
-			apiKeyEditedAt: now,
 			createdAt: now,
 			editedAt: now,
 			enabled: true,
diff --git a/src/api/routes/auth/registerPOST.js b/src/api/routes/auth/registerPOST.js
index 0bd8cfd..feeb360 100644
--- a/src/api/routes/auth/registerPOST.js
+++ b/src/api/routes/auth/registerPOST.js
@@ -1,7 +1,6 @@
 const Route = require('../../structures/Route');
 const log = require('../../utils/Log');
 const bcrypt = require('bcrypt');
-const randomstring = require('randomstring');
 const moment = require('moment');
 
 class registerPOST extends Route {
@@ -48,8 +47,6 @@ class registerPOST extends Route {
 			username,
 			password: hash,
 			passwordEditedAt: now,
-			apiKey: randomstring.generate(64),
-			apiKeyEditedAt: now,
 			createdAt: now,
 			editedAt: now,
 			enabled: true,
diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js
index 820e28c..7de6cb8 100644
--- a/src/api/routes/user/apiKey.js
+++ b/src/api/routes/user/apiKey.js
@@ -1,6 +1,7 @@
 const Route = require('../../structures/Route');
 const randomstring = require('randomstring');
 const moment = require('moment');
+const bcrypt = require('bcrypt');
 
 class apiKeyPOST extends Route {
 	constructor() {
@@ -10,17 +11,27 @@ class apiKeyPOST extends Route {
 	async run(req, res, db, user) {
 		const now = moment.utc().toDate();
 		const apiKey = randomstring.generate(64);
-		await db.table('users')
-			.where({ id: user.id })
-			.update({
-				apiKey,
-				apiKeyEditedAt: now
+
+		try {
+			const hash = await bcrypt.hash(apiKey, 10);
+
+			await db.table('users')
+				.where({ id: user.id })
+				.update({
+					apiKey: hash,
+					apiKeyEditedAt: now
+				});
+
+			return res.json({
+				message: 'Successfully created new api key',
+				apiKey
 			});
 
-		return res.json({
-			message: 'Successfully created new api key',
-			apiKey
-		});
+		} catch (error) {
+			return super.error(res, error);
+		}
+
+
 	}
 }
 
diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js
index 7929aac..fe46fd4 100644
--- a/src/api/routes/user/userGET.js
+++ b/src/api/routes/user/userGET.js
@@ -11,8 +11,7 @@ class usersGET extends Route {
 			user: {
 				id: user.id,
 				username: user.username,
-				isAdmin: user.isAdmin,
-				apiKey: user.apiKey
+				isAdmin: user.isAdmin
 			}
 		});
 	}
diff --git a/src/api/routes/verifyGET.js b/src/api/routes/verifyGET.js
index e588c22..5875dbb 100644
--- a/src/api/routes/verifyGET.js
+++ b/src/api/routes/verifyGET.js
@@ -9,7 +9,6 @@ class verifyGET extends Route {
 		const returnUser = {
 			id:	user.id,
 			username: user.username,
-			apiKey: user.apiKey,
 			isAdmin: user.isAdmin
 		};
 
diff --git a/src/api/structures/Route.js b/src/api/structures/Route.js
index a359488..19d33f9 100644
--- a/src/api/structures/Route.js
+++ b/src/api/structures/Route.js
@@ -26,6 +26,7 @@ class Route {
 
 	authorize(req, res) {
 		if (this.options.bypassAuth) return this.run(req, res, db);
+		console.log(req.headers);
 		if (!req.headers.authorization) return res.status(401).json({ message: 'No authorization header provided' });
 		const token = req.headers.authorization.split(' ')[1];
 		if (!token) return res.status(401).json({ message: 'No authorization header provided' });
diff --git a/src/site/layouts/default.vue b/src/site/layouts/default.vue
index 41c3ebd..7a5d4cc 100644
--- a/src/site/layouts/default.vue
+++ b/src/site/layouts/default.vue
@@ -41,12 +41,14 @@ export default {
 		processCatch(error, logout) {
 			if (error.response && error.response.data && error.response.data.message) {
 				this.showToast(error.response.data.message, true, 5000);
+				/*
 				if (error.response.status === 429) return;
 				if (error.response.status === 502) return;
 				if (error.response.data.message === 'Token expired') {
 					this.$logOut();
 					setTimeout(() => this.$router.push('/'), 3000);
 				}
+				*/
 			} else {
 				console.error(error);
 				this.showToast('Something went wrong, please check the console :(', true, 5000);
diff --git a/src/site/pages/dashboard/account.vue b/src/site/pages/dashboard/account.vue
index 3ff6c70..b0b90a3 100644
--- a/src/site/pages/dashboard/account.vue
+++ b/src/site/pages/dashboard/account.vue
@@ -67,7 +67,8 @@
 							message="This API key lets you use the service from other apps"
 							horizontal>
 							<b-input v-model="user.apiKey"
-								expanded />
+								expanded
+								disabled />
 						</b-field>
 
 						<div class="mb2 mt2 text-center">
@@ -130,7 +131,8 @@ export default {
 		},
 		promptNewAPIKey() {
 			this.$dialog.confirm({
-				message: 'Are you sure you want to regenerate your API key?',
+				type: 'is-danger',
+				message: 'Are you sure you want to regenerate your API key? If you had a previous API key generated it will stop working. Make sure to write it down as this is the only time its gonna be displayed to you.',
 				onConfirm: () => this.requestNewAPIKey()
 			});
 		},
@@ -139,6 +141,7 @@ export default {
 				const response = await this.axios.post(`${this.config.baseURL}/user/apikey/change`);
 				this.user.apiKey = response.data.apiKey;
 				this.$toast.open(response.data.message);
+				this.$forceUpdate();
 			} catch (error) {
 				this.$onPromiseError(error);
 			}
diff --git a/src/site/pages/login.vue b/src/site/pages/login.vue
index fe7d64a..5af3371 100644
--- a/src/site/pages/login.vue
+++ b/src/site/pages/login.vue
@@ -116,6 +116,7 @@ export default {
 					this.getUserData();
 				}
 				*/
+				document.cookie = `token=${encodeURIComponent(res.data.token)}`;
 				this.redirect();
 			}).catch(err => {
 				this.isLoading = false;
diff --git a/src/site/store/index.js b/src/site/store/index.js
index 3c43f53..2f83f63 100644
--- a/src/site/store/index.js
+++ b/src/site/store/index.js
@@ -53,12 +53,13 @@ export const actions = {
 		if (req.headers.cookie) {
 			try {
 				token = cookieparser.parse(req.headers.cookie).token;
+				console.log(token);
 				commit('loggedIn', true);
 				commit('token', token);
-
-				const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`);
-				if (!res || !res.data.user);
-				commit('user', res.data.user);
+				const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`, {
+					headers: { authorization: `Bearer ${token}` }
+				});
+				if (res && res.data.user) commit('user', res.data.user);
 			} catch (error) {
 				// TODO: Deactivate this on production
 				console.error(error);
-- 
cgit v1.2.3


From cff0ab7ccb5066915f0e76f28ab404cfa2b5414b Mon Sep 17 00:00:00 2001
From: Robin B <contact@robflop.me>
Date: Thu, 21 Mar 2019 17:47:14 +0100
Subject: Update account.vue

As discussed before, an adjustment for the wording alongside a grammatical fix.

PR as suggested by you.
---
 src/site/pages/dashboard/account.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/site/pages/dashboard/account.vue b/src/site/pages/dashboard/account.vue
index b0b90a3..50bc7fd 100644
--- a/src/site/pages/dashboard/account.vue
+++ b/src/site/pages/dashboard/account.vue
@@ -132,7 +132,7 @@ export default {
 		promptNewAPIKey() {
 			this.$dialog.confirm({
 				type: 'is-danger',
-				message: 'Are you sure you want to regenerate your API key? If you had a previous API key generated it will stop working. Make sure to write it down as this is the only time its gonna be displayed to you.',
+				message: 'Are you sure you want to regenerate your API key? Previously generated API keys will stop working. Make sure to write the new key down as this is the only time it will be displayed to you.',
 				onConfirm: () => this.requestNewAPIKey()
 			});
 		},
-- 
cgit v1.2.3