* Added placeholder text to site when loading JS

* Added hidden text to site for scraping
* Login token will be destroyed if fetch site totals is called and the token is bad
* Moved passwords out of application and into a .env file that is loaded on startup
* Changed prod database password for primary user (which is dev)
* Set up .env for dev and prod
This commit is contained in:
Max G 2020-04-13 07:44:57 +00:00
parent ed4a5e5291
commit 7c15427b3d
8 changed files with 61 additions and 19 deletions

2
.gitignore vendored
View File

@ -6,4 +6,4 @@ pids
*.pid
*.seed
*.pid.lock
.env

View File

@ -15,8 +15,32 @@
<body>
<div id="app">
<!-- placeholder data for scrapers with no JS -->
<h1>You have found a Solid Scribe</h1>
<img src="/api/static/assets/logo.svg" alt="logo">
<style>
.centered {
position: fixed;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
text-align: center;
font-family: Arial, Helvetica, sans-serif;
}
.logo {
width: 200px;
height: auto;
}
.scrape-info {
opacity: 0;
}
</style>
<div class="centered">
<img class="logo" src="/api/static/assets/logo.svg" alt="logo">
<h1>Solid Scribe</h1>
<h3>Loading...</h3>
</div>
<div class="scrape-info">
<h1>Solid Scribe</h1>
<h2>A note application that respects your privacy.</h2>
<p>Take notes with a clean editor that works on desktop or mobile.</p>
@ -27,6 +51,8 @@
<p>Encrypt notes for additional security.</p>
<b>This site requires Javascipt to run.</b>
</div>
</div>
<!-- built files will be auto injected -->
</body>
</html>

View File

@ -133,6 +133,10 @@ export default new Vuex.Store({
.then( ({data}) => {
commit('setUserTotals', data)
})
.catch( error => {
commit('destroyLoginToken')
location.reload()
})
}
}
})

5
package-lock.json generated
View File

@ -487,6 +487,11 @@
"resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz",
"integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug=="
},
"dotenv": {
"version": "8.2.0",
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
"integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw=="
},
"ecc-jsbn": {
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",

View File

@ -11,6 +11,7 @@
"dependencies": {
"body-parser": "^1.18.3",
"cheerio": "^1.0.0-rc.3",
"dotenv": "^8.2.0",
"express": "^4.16.4",
"express-rate-limit": "^5.1.1",
"gm": "^1.23.1",

View File

@ -3,9 +3,9 @@ const mysql = require('mysql2');
// Create the connection pool.
const pool = mysql.createPool({
host: 'localhost',
user: 'dev',
password: "LazaLinga&33Can't!Do!That34",
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASS,
database: 'application',
waitForConnections: true,
connectionLimit: 20,

View File

@ -2,16 +2,16 @@ var jwt = require('jsonwebtoken');
let Auth = {}
const secretKey = '@TODO define secret constant its important!!!'
const tokenSecretKey = process.env.JSON_KEY
Auth.createToken = (userId) => {
const signedData = {'id': userId, 'date':Date.now()}
const token = jwt.sign(signedData, secretKey)
const token = jwt.sign(signedData, tokenSecretKey)
return token
}
Auth.decodeToken = (token) => {
return new Promise((resolve, reject) => {
jwt.verify(token, secretKey, function(err, decoded){
jwt.verify(token, tokenSecretKey, function(err, decoded){
if(err || decoded.id == undefined){
reject('Bad Token')
return

View File

@ -1,11 +1,17 @@
//Set up environmental variables, pulled from .env file used as process.env.DB_HOST
const os = require('os') //Used to get path of home directory
const result = require('dotenv').config({ path:(os.homedir()+'/.env') })
//Allow user of @ in in require calls. Config in package.json
require('module-alias/register')
//Auth helper, used for decoding users web token
let Auth = require('@helpers/Auth')
//Helmet adds additional security to express server
const helmet = require('helmet')
//Setup express server
const express = require('express')
const app = express()
app.use( helmet() )