b34a62e114
* Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated
86 lines
2.0 KiB
JavaScript
86 lines
2.0 KiB
JavaScript
var express = require('express')
|
|
var router = express.Router()
|
|
|
|
const User = require('@models/User')
|
|
const Auth = require('@helpers/Auth')
|
|
const cs = require('@helpers/CryptoString')
|
|
|
|
let userId = null
|
|
let masterKey = null
|
|
|
|
// middleware that is specific to this router
|
|
router.use(function setUserId (req, res, next) {
|
|
|
|
//Session key is required to continue
|
|
if(!req.headers.sessionId){
|
|
next('Unauthorized')
|
|
}
|
|
|
|
if(req.headers.userId){
|
|
userId = req.headers.userId
|
|
masterKey = req.headers.masterKey
|
|
next()
|
|
}
|
|
})
|
|
|
|
// Logout User
|
|
router.post('/logout', function (req, res) {
|
|
|
|
User.logout(req.headers.sessionId)
|
|
.then( returnData => {
|
|
res.send(true)
|
|
})
|
|
})
|
|
|
|
// change password
|
|
router.post('/changepassword', function (req, res) {
|
|
|
|
User.changePassword(req.headers.userId, req.body.currentPass, req.body.newPass)
|
|
.then( returnData => {
|
|
res.send(returnData)
|
|
})
|
|
})
|
|
|
|
//Revoke all active session keys for user
|
|
router.post('/revokesessions', function(req, res) {
|
|
|
|
User.revokeActiveSessions(req.headers.userId, req.headers.sessionId)
|
|
.then( returnData => {
|
|
res.send(returnData)
|
|
})
|
|
|
|
})
|
|
|
|
// fetch counts of users notes
|
|
router.post('/totals', function (req, res) {
|
|
User.getCounts(req.headers.userId)
|
|
.then( countsObject => res.send( countsObject ))
|
|
})
|
|
|
|
//
|
|
// Two Factor Auth Setup
|
|
//
|
|
router.post('/twofactorsetup', function (req, res) {
|
|
|
|
//Send QR code to user for 2FA setup
|
|
Auth.generateTwoFactorSecretKey(req.headers.userId, req.body.password)
|
|
.then( ({ qrCode }) => { res.send( qrCode ) })
|
|
})
|
|
|
|
router.post('/verifytwofactorsetuptoken', function (req, res) {
|
|
|
|
//Verify Users QR code with token
|
|
Auth.setTwoFactorEnabled(req.headers.userId, req.body.password, req.body.token, true)
|
|
.then( ( results ) => { res.send( results ) })
|
|
})
|
|
|
|
router.post('/validatetwofactortoken', function (req, res) {
|
|
|
|
//Verify Users QR code with token
|
|
Auth.validateTwoFactorToken(req.headers.userId, req.body.password, req.body.token)
|
|
.then( ( results ) => { res.send( results ) })
|
|
})
|
|
|
|
|
|
|
|
module.exports = router |