* Added placeholder text to site when loading JS

* Added hidden text to site for scraping
* Login token will be destroyed if fetch site totals is called and the token is bad
* Moved passwords out of application and into a .env file that is loaded on startup
* Changed prod database password for primary user (which is dev)
* Set up .env for dev and prod
This commit is contained in:
Max G 2020-04-13 07:44:57 +00:00
parent ed4a5e5291
commit 7c15427b3d
8 changed files with 61 additions and 19 deletions

2
.gitignore vendored
View File

@ -6,4 +6,4 @@ pids
*.pid *.pid
*.seed *.seed
*.pid.lock *.pid.lock
.env

View File

@ -15,17 +15,43 @@
<body> <body>
<div id="app"> <div id="app">
<!-- placeholder data for scrapers with no JS --> <!-- placeholder data for scrapers with no JS -->
<h1>You have found a Solid Scribe</h1> <style>
<img src="/api/static/assets/logo.svg" alt="logo">
<h1>Solid Scribe</h1> .centered {
<h2>A note application that respects your privacy.</h2> position: fixed;
<p>Take notes with a clean editor that works on desktop or mobile.</p> top: 50%;
<p>Search notes, links and files to find what you need.</p> left: 50%;
<p>Accessable everywhere.</p> transform: translate(-50%, -50%);
<p>Categorize notes with tags.</p> text-align: center;
<p>Share data with fellow users.</p> font-family: Arial, Helvetica, sans-serif;
<p>Encrypt notes for additional security.</p> }
<b>This site requires Javascipt to run.</b> .logo {
width: 200px;
height: auto;
}
.scrape-info {
opacity: 0;
}
</style>
<div class="centered">
<img class="logo" src="/api/static/assets/logo.svg" alt="logo">
<h1>Solid Scribe</h1>
<h3>Loading...</h3>
</div>
<div class="scrape-info">
<h1>Solid Scribe</h1>
<h2>A note application that respects your privacy.</h2>
<p>Take notes with a clean editor that works on desktop or mobile.</p>
<p>Search notes, links and files to find what you need.</p>
<p>Accessable everywhere.</p>
<p>Categorize notes with tags.</p>
<p>Share data with fellow users.</p>
<p>Encrypt notes for additional security.</p>
<b>This site requires Javascipt to run.</b>
</div>
</div> </div>
<!-- built files will be auto injected --> <!-- built files will be auto injected -->
</body> </body>

View File

@ -133,6 +133,10 @@ export default new Vuex.Store({
.then( ({data}) => { .then( ({data}) => {
commit('setUserTotals', data) commit('setUserTotals', data)
}) })
.catch( error => {
commit('destroyLoginToken')
location.reload()
})
} }
} }
}) })

5
package-lock.json generated
View File

@ -487,6 +487,11 @@
"resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz", "resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz",
"integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug==" "integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug=="
}, },
"dotenv": {
"version": "8.2.0",
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
"integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw=="
},
"ecc-jsbn": { "ecc-jsbn": {
"version": "0.1.2", "version": "0.1.2",
"resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",

View File

@ -11,6 +11,7 @@
"dependencies": { "dependencies": {
"body-parser": "^1.18.3", "body-parser": "^1.18.3",
"cheerio": "^1.0.0-rc.3", "cheerio": "^1.0.0-rc.3",
"dotenv": "^8.2.0",
"express": "^4.16.4", "express": "^4.16.4",
"express-rate-limit": "^5.1.1", "express-rate-limit": "^5.1.1",
"gm": "^1.23.1", "gm": "^1.23.1",

View File

@ -3,9 +3,9 @@ const mysql = require('mysql2');
// Create the connection pool. // Create the connection pool.
const pool = mysql.createPool({ const pool = mysql.createPool({
host: 'localhost', host: process.env.DB_HOST,
user: 'dev', user: process.env.DB_USER,
password: "LazaLinga&33Can't!Do!That34", password: process.env.DB_PASS,
database: 'application', database: 'application',
waitForConnections: true, waitForConnections: true,
connectionLimit: 20, connectionLimit: 20,

View File

@ -2,16 +2,16 @@ var jwt = require('jsonwebtoken');
let Auth = {} let Auth = {}
const secretKey = '@TODO define secret constant its important!!!' const tokenSecretKey = process.env.JSON_KEY
Auth.createToken = (userId) => { Auth.createToken = (userId) => {
const signedData = {'id': userId, 'date':Date.now()} const signedData = {'id': userId, 'date':Date.now()}
const token = jwt.sign(signedData, secretKey) const token = jwt.sign(signedData, tokenSecretKey)
return token return token
} }
Auth.decodeToken = (token) => { Auth.decodeToken = (token) => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
jwt.verify(token, secretKey, function(err, decoded){ jwt.verify(token, tokenSecretKey, function(err, decoded){
if(err || decoded.id == undefined){ if(err || decoded.id == undefined){
reject('Bad Token') reject('Bad Token')
return return

View File

@ -1,11 +1,17 @@
//Set up environmental variables, pulled from .env file used as process.env.DB_HOST
const os = require('os') //Used to get path of home directory
const result = require('dotenv').config({ path:(os.homedir()+'/.env') })
//Allow user of @ in in require calls. Config in package.json //Allow user of @ in in require calls. Config in package.json
require('module-alias/register') require('module-alias/register')
//Auth helper, used for decoding users web token
let Auth = require('@helpers/Auth') let Auth = require('@helpers/Auth')
//Helmet adds additional security to express server
const helmet = require('helmet') const helmet = require('helmet')
//Setup express server
const express = require('express') const express = require('express')
const app = express() const app = express()
app.use( helmet() ) app.use( helmet() )