From 278b204b3b3974e0a48f90c54968af350946b989 Mon Sep 17 00:00:00 2001 From: Max G Date: Mon, 13 Apr 2020 07:44:57 +0000 Subject: [PATCH] * Added placeholder text to site when loading JS * Added hidden text to site for scraping * Login token will be destroyed if fetch site totals is called and the token is bad * Moved passwords out of application and into a .env file that is loaded on startup * Changed prod database password for primary user (which is dev) * Set up .env for dev and prod --- .gitignore | 2 +- client/index.html | 48 ++++++++++++++++++++++++++-------- client/src/stores/mainStore.js | 4 +++ package-lock.json | 5 ++++ package.json | 1 + server/config/database.js | 6 ++--- server/helpers/Auth.js | 6 ++--- server/index.js | 8 +++++- 8 files changed, 61 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index efdbb51..2dba698 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ pids *.pid *.seed *.pid.lock - +.env diff --git a/client/index.html b/client/index.html index b01d7bc..1ef8a5c 100644 --- a/client/index.html +++ b/client/index.html @@ -15,17 +15,43 @@
-

You have found a Solid Scribe

- logo -

Solid Scribe

-

A note application that respects your privacy.

-

Take notes with a clean editor that works on desktop or mobile.

-

Search notes, links and files to find what you need.

-

Accessable everywhere.

-

Categorize notes with tags.

-

Share data with fellow users.

-

Encrypt notes for additional security.

- This site requires Javascipt to run. + + +
+ +

Solid Scribe

+

Loading...

+
+ +
+

Solid Scribe

+

A note application that respects your privacy.

+

Take notes with a clean editor that works on desktop or mobile.

+

Search notes, links and files to find what you need.

+

Accessable everywhere.

+

Categorize notes with tags.

+

Share data with fellow users.

+

Encrypt notes for additional security.

+ This site requires Javascipt to run. +
+
diff --git a/client/src/stores/mainStore.js b/client/src/stores/mainStore.js index a36932a..c92a965 100644 --- a/client/src/stores/mainStore.js +++ b/client/src/stores/mainStore.js @@ -133,6 +133,10 @@ export default new Vuex.Store({ .then( ({data}) => { commit('setUserTotals', data) }) + .catch( error => { + commit('destroyLoginToken') + location.reload() + }) } } }) \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 8fe5e1e..910fbdd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -487,6 +487,11 @@ "resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz", "integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug==" }, + "dotenv": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz", + "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==" + }, "ecc-jsbn": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", diff --git a/package.json b/package.json index 504afa6..0df1be8 100644 --- a/package.json +++ b/package.json @@ -11,6 +11,7 @@ "dependencies": { "body-parser": "^1.18.3", "cheerio": "^1.0.0-rc.3", + "dotenv": "^8.2.0", "express": "^4.16.4", "express-rate-limit": "^5.1.1", "gm": "^1.23.1", diff --git a/server/config/database.js b/server/config/database.js index 8fae1f8..bbbba5c 100644 --- a/server/config/database.js +++ b/server/config/database.js @@ -3,9 +3,9 @@ const mysql = require('mysql2'); // Create the connection pool. const pool = mysql.createPool({ - host: 'localhost', - user: 'dev', - password: "LazaLinga&33Can't!Do!That34", + host: process.env.DB_HOST, + user: process.env.DB_USER, + password: process.env.DB_PASS, database: 'application', waitForConnections: true, connectionLimit: 20, diff --git a/server/helpers/Auth.js b/server/helpers/Auth.js index 8faa7a8..af10fd8 100644 --- a/server/helpers/Auth.js +++ b/server/helpers/Auth.js @@ -2,16 +2,16 @@ var jwt = require('jsonwebtoken'); let Auth = {} -const secretKey = '@TODO define secret constant its important!!!' +const tokenSecretKey = process.env.JSON_KEY Auth.createToken = (userId) => { const signedData = {'id': userId, 'date':Date.now()} - const token = jwt.sign(signedData, secretKey) + const token = jwt.sign(signedData, tokenSecretKey) return token } Auth.decodeToken = (token) => { return new Promise((resolve, reject) => { - jwt.verify(token, secretKey, function(err, decoded){ + jwt.verify(token, tokenSecretKey, function(err, decoded){ if(err || decoded.id == undefined){ reject('Bad Token') return diff --git a/server/index.js b/server/index.js index 9ca8deb..9562143 100644 --- a/server/index.js +++ b/server/index.js @@ -1,11 +1,17 @@ +//Set up environmental variables, pulled from .env file used as process.env.DB_HOST +const os = require('os') //Used to get path of home directory +const result = require('dotenv').config({ path:(os.homedir()+'/.env') }) + //Allow user of @ in in require calls. Config in package.json require('module-alias/register') +//Auth helper, used for decoding users web token let Auth = require('@helpers/Auth') +//Helmet adds additional security to express server const helmet = require('helmet') - +//Setup express server const express = require('express') const app = express() app.use( helmet() )