Change to bcryptjs, small refactor
parent
7695996f4a
commit
2f9911fd1e
2
app.js
2
app.js
|
@ -4,7 +4,6 @@ const logger = require('morgan');
|
||||||
const cookieParser = require('cookie-parser');
|
const cookieParser = require('cookie-parser');
|
||||||
const bodyParser = require('body-parser');
|
const bodyParser = require('body-parser');
|
||||||
const session = require('express-session');
|
const session = require('express-session');
|
||||||
const bcrypt = require('bcrypt-nodejs');
|
|
||||||
const moment = require('moment');
|
const moment = require('moment');
|
||||||
const MongoStore = require('connect-mongodb-session')(session);
|
const MongoStore = require('connect-mongodb-session')(session);
|
||||||
const MongoClient = require('mongodb').MongoClient;
|
const MongoClient = require('mongodb').MongoClient;
|
||||||
|
@ -216,7 +215,6 @@ app.use(express.static(path.join(__dirname, 'public')));
|
||||||
// Make stuff accessible to our router
|
// Make stuff accessible to our router
|
||||||
app.use((req, res, next) => {
|
app.use((req, res, next) => {
|
||||||
req.handlebars = handlebars;
|
req.handlebars = handlebars;
|
||||||
req.bcrypt = bcrypt;
|
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "express-cart",
|
"name": "express-cart",
|
||||||
"version": "1.1.0",
|
"version": "1.1.2",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
@ -281,6 +281,11 @@
|
||||||
"resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz",
|
"resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz",
|
||||||
"integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs="
|
"integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs="
|
||||||
},
|
},
|
||||||
|
"bcryptjs": {
|
||||||
|
"version": "2.4.3",
|
||||||
|
"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz",
|
||||||
|
"integrity": "sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms="
|
||||||
|
},
|
||||||
"beeper": {
|
"beeper": {
|
||||||
"version": "1.1.1",
|
"version": "1.1.1",
|
||||||
"resolved": "https://registry.npmjs.org/beeper/-/beeper-1.1.1.tgz",
|
"resolved": "https://registry.npmjs.org/beeper/-/beeper-1.1.1.tgz",
|
||||||
|
@ -4287,6 +4292,11 @@
|
||||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
|
"resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
|
||||||
"integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A=="
|
"integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A=="
|
||||||
},
|
},
|
||||||
|
"rand-token": {
|
||||||
|
"version": "0.4.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/rand-token/-/rand-token-0.4.0.tgz",
|
||||||
|
"integrity": "sha512-FLNNsir2R+XY8LKsZ+8u/w0qZ4sGit7cpNdznsI77cAVob6UlVPueDKRyjJ3W1Q6FJLgAVH98JvlqqpSaL7NEQ=="
|
||||||
|
},
|
||||||
"random-bytes": {
|
"random-bytes": {
|
||||||
"version": "1.0.0",
|
"version": "1.0.0",
|
||||||
"resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
|
||||||
|
@ -4517,6 +4527,17 @@
|
||||||
"once": "1.4.0"
|
"once": "1.4.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"run-sequence": {
|
||||||
|
"version": "2.2.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/run-sequence/-/run-sequence-2.2.1.tgz",
|
||||||
|
"integrity": "sha512-qkzZnQWMZjcKbh3CNly2srtrkaO/2H/SI5f2eliMCapdRD3UhMrwjfOAZJAnZ2H8Ju4aBzFZkBGXUqFs9V0yxw==",
|
||||||
|
"dev": true,
|
||||||
|
"requires": {
|
||||||
|
"chalk": "1.1.3",
|
||||||
|
"fancy-log": "1.3.2",
|
||||||
|
"plugin-error": "0.1.2"
|
||||||
|
}
|
||||||
|
},
|
||||||
"rx-lite": {
|
"rx-lite": {
|
||||||
"version": "3.1.2",
|
"version": "3.1.2",
|
||||||
"resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-3.1.2.tgz",
|
"resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-3.1.2.tgz",
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
"ajv": "^6.0.0",
|
"ajv": "^6.0.0",
|
||||||
"async": "^2.6.0",
|
"async": "^2.6.0",
|
||||||
"bcrypt-nodejs": "0.0.3",
|
"bcrypt-nodejs": "0.0.3",
|
||||||
|
"bcryptjs": "^2.4.3",
|
||||||
"body-parser": "^1.17.2",
|
"body-parser": "^1.17.2",
|
||||||
"cheerio": "^0.22.0",
|
"cheerio": "^0.22.0",
|
||||||
"colors": "^1.1.2",
|
"colors": "^1.1.2",
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
/* eslint-disable prefer-arrow-callback, no-var, no-tabs */
|
||||||
$(document).ready(function (){
|
$(document).ready(function (){
|
||||||
if($(window).width() < 768){
|
if($(window).width() < 768){
|
||||||
$('.menu-side').on('click', function(e){
|
$('.menu-side').on('click', function(e){
|
||||||
|
@ -110,7 +111,7 @@ $(document).ready(function (){
|
||||||
});
|
});
|
||||||
|
|
||||||
// Call to API for a change to the published state of a product
|
// Call to API for a change to the published state of a product
|
||||||
$("input[class='published_state']").change(function(){
|
$('input[class="published_state"]').change(function(){
|
||||||
$.ajax({
|
$.ajax({
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
url: '/admin/product/published_state',
|
url: '/admin/product/published_state',
|
||||||
|
@ -732,7 +733,3 @@ function showNotification(msg, type, reloadPage){
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function searchForm(id){
|
|
||||||
$('form#' + id).submit();
|
|
||||||
}
|
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -2,6 +2,13 @@ const express = require('express');
|
||||||
const common = require('./common');
|
const common = require('./common');
|
||||||
const escape = require('html-entities').AllHtmlEntities;
|
const escape = require('html-entities').AllHtmlEntities;
|
||||||
const colors = require('colors');
|
const colors = require('colors');
|
||||||
|
const bcrypt = require('bcryptjs');
|
||||||
|
const rimraf = require('rimraf');
|
||||||
|
const url = require('url');
|
||||||
|
const fs = require('fs');
|
||||||
|
const path = require('path');
|
||||||
|
const multer = require('multer');
|
||||||
|
const glob = require('glob');
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
|
|
||||||
// Admin section
|
// Admin section
|
||||||
|
@ -211,7 +218,6 @@ router.get('/login', (req, res) => {
|
||||||
// login the user and check the password
|
// login the user and check the password
|
||||||
router.post('/login_action', (req, res) => {
|
router.post('/login_action', (req, res) => {
|
||||||
let db = req.app.db;
|
let db = req.app.db;
|
||||||
let bcrypt = req.bcrypt;
|
|
||||||
|
|
||||||
db.users.findOne({userEmail: req.body.email}, (err, user) => {
|
db.users.findOne({userEmail: req.body.email}, (err, user) => {
|
||||||
if(err){
|
if(err){
|
||||||
|
@ -228,7 +234,9 @@ router.post('/login_action', (req, res) => {
|
||||||
res.redirect('/admin/login');
|
res.redirect('/admin/login');
|
||||||
}else{
|
}else{
|
||||||
// we have a user under that email so we compare the password
|
// we have a user under that email so we compare the password
|
||||||
if(bcrypt.compareSync(req.body.password, user.userPassword) === true){
|
bcrypt.compare(req.body.password, user.userPassword)
|
||||||
|
.then((result) => {
|
||||||
|
if(result){
|
||||||
req.session.user = req.body.email;
|
req.session.user = req.body.email;
|
||||||
req.session.usersName = user.usersName;
|
req.session.usersName = user.usersName;
|
||||||
req.session.userId = user._id.toString();
|
req.session.userId = user._id.toString();
|
||||||
|
@ -240,6 +248,7 @@ router.post('/login_action', (req, res) => {
|
||||||
req.session.messageType = 'danger';
|
req.session.messageType = 'danger';
|
||||||
res.redirect('/admin/login');
|
res.redirect('/admin/login');
|
||||||
}
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -504,7 +513,6 @@ router.post('/product/update', common.restrict, (req, res) => {
|
||||||
// delete product
|
// delete product
|
||||||
router.get('/product/delete/:id', common.restrict, (req, res) => {
|
router.get('/product/delete/:id', common.restrict, (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let rimraf = require('rimraf');
|
|
||||||
|
|
||||||
// remove the article
|
// remove the article
|
||||||
db.products.remove({_id: common.getId(req.params.id)}, {}, (err, numRemoved) => {
|
db.products.remove({_id: common.getId(req.params.id)}, {}, (err, numRemoved) => {
|
||||||
|
@ -582,7 +590,6 @@ router.get('/user/edit/:id', common.restrict, (req, res) => {
|
||||||
// update a user
|
// update a user
|
||||||
router.post('/user/update', common.restrict, (req, res) => {
|
router.post('/user/update', common.restrict, (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let bcrypt = req.bcrypt;
|
|
||||||
|
|
||||||
let isAdmin = req.body.user_admin === 'on' ? 'true' : 'false';
|
let isAdmin = req.body.user_admin === 'on' ? 'true' : 'false';
|
||||||
|
|
||||||
|
@ -630,12 +637,11 @@ router.post('/user/update', common.restrict, (req, res) => {
|
||||||
// insert a user
|
// insert a user
|
||||||
router.post('/setup_action', (req, res) => {
|
router.post('/setup_action', (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let bcrypt = req.bcrypt;
|
|
||||||
|
|
||||||
let doc = {
|
let doc = {
|
||||||
usersName: req.body.usersName,
|
usersName: req.body.usersName,
|
||||||
userEmail: req.body.userEmail,
|
userEmail: req.body.userEmail,
|
||||||
userPassword: bcrypt.hashSync(req.body.userPassword),
|
userPassword: bcrypt.hashSync(req.body.userPassword, 10),
|
||||||
isAdmin: true
|
isAdmin: true
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -668,8 +674,6 @@ router.post('/setup_action', (req, res) => {
|
||||||
// insert a user
|
// insert a user
|
||||||
router.post('/user/insert', common.restrict, (req, res) => {
|
router.post('/user/insert', common.restrict, (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let bcrypt = req.bcrypt;
|
|
||||||
let url = require('url');
|
|
||||||
|
|
||||||
// set the account to admin if using the setup form. Eg: First user account
|
// set the account to admin if using the setup form. Eg: First user account
|
||||||
let urlParts = url.parse(req.header('Referer'));
|
let urlParts = url.parse(req.header('Referer'));
|
||||||
|
@ -682,7 +686,7 @@ router.post('/user/insert', common.restrict, (req, res) => {
|
||||||
let doc = {
|
let doc = {
|
||||||
usersName: req.body.usersName,
|
usersName: req.body.usersName,
|
||||||
userEmail: req.body.userEmail,
|
userEmail: req.body.userEmail,
|
||||||
userPassword: bcrypt.hashSync(req.body.userPassword),
|
userPassword: bcrypt.hashSync(req.body.userPassword, 10),
|
||||||
isAdmin: isAdmin
|
isAdmin: isAdmin
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1132,8 +1136,6 @@ router.post('/product/setasmainimage', common.restrict, (req, res) => {
|
||||||
// deletes a product image
|
// deletes a product image
|
||||||
router.post('/product/deleteimage', common.restrict, (req, res) => {
|
router.post('/product/deleteimage', common.restrict, (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let fs = require('fs');
|
|
||||||
let path = require('path');
|
|
||||||
|
|
||||||
// get the productImage from the db
|
// get the productImage from the db
|
||||||
db.products.findOne({_id: common.getId(req.body.product_id)}, (err, product) => {
|
db.products.findOne({_id: common.getId(req.body.product_id)}, (err, product) => {
|
||||||
|
@ -1169,12 +1171,10 @@ router.post('/product/deleteimage', common.restrict, (req, res) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
// upload the file
|
// upload the file
|
||||||
let multer = require('multer');
|
|
||||||
let upload = multer({dest: 'public/uploads/'});
|
let upload = multer({dest: 'public/uploads/'});
|
||||||
router.post('/file/upload', common.restrict, upload.single('upload_file'), (req, res, next) => {
|
router.post('/file/upload', common.restrict, upload.single('upload_file'), (req, res, next) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let fs = require('fs');
|
|
||||||
let path = require('path');
|
|
||||||
|
|
||||||
if(req.file){
|
if(req.file){
|
||||||
// check for upload select
|
// check for upload select
|
||||||
|
@ -1238,8 +1238,6 @@ router.post('/testEmail', common.restrict, (req, res) => {
|
||||||
|
|
||||||
// delete a file via ajax request
|
// delete a file via ajax request
|
||||||
router.post('/file/delete', common.restrict, (req, res) => {
|
router.post('/file/delete', common.restrict, (req, res) => {
|
||||||
let fs = require('fs');
|
|
||||||
|
|
||||||
req.session.message = null;
|
req.session.message = null;
|
||||||
req.session.messageType = null;
|
req.session.messageType = null;
|
||||||
|
|
||||||
|
@ -1256,9 +1254,6 @@ router.post('/file/delete', common.restrict, (req, res) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
router.get('/files', common.restrict, (req, res) => {
|
router.get('/files', common.restrict, (req, res) => {
|
||||||
let glob = require('glob');
|
|
||||||
let fs = require('fs');
|
|
||||||
|
|
||||||
// loop files in /public/uploads/
|
// loop files in /public/uploads/
|
||||||
glob('public/uploads/**', {nosort: true}, (er, files) => {
|
glob('public/uploads/**', {nosort: true}, (er, files) => {
|
||||||
// sort array
|
// sort array
|
||||||
|
|
|
@ -2,12 +2,12 @@ const express = require('express');
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
const colors = require('colors');
|
const colors = require('colors');
|
||||||
const randtoken = require('rand-token');
|
const randtoken = require('rand-token');
|
||||||
|
const bcrypt = require('bcryptjs');
|
||||||
const common = require('./common');
|
const common = require('./common');
|
||||||
|
|
||||||
// insert a customer
|
// insert a customer
|
||||||
router.post('/customer/create', (req, res) => {
|
router.post('/customer/create', (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
const bcrypt = req.bcrypt;
|
|
||||||
|
|
||||||
let doc = {
|
let doc = {
|
||||||
email: req.body.email,
|
email: req.body.email,
|
||||||
|
@ -19,7 +19,7 @@ router.post('/customer/create', (req, res) => {
|
||||||
state: req.body.state,
|
state: req.body.state,
|
||||||
postcode: req.body.postcode,
|
postcode: req.body.postcode,
|
||||||
phone: req.body.phone,
|
phone: req.body.phone,
|
||||||
password: bcrypt.hashSync(req.body.password),
|
password: bcrypt.hashSync(req.body.password, 10),
|
||||||
created: new Date()
|
created: new Date()
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -61,9 +61,8 @@ router.post('/customer/create', (req, res) => {
|
||||||
// login the customer and check the password
|
// login the customer and check the password
|
||||||
router.post('/customer/login_action', (req, res) => {
|
router.post('/customer/login_action', (req, res) => {
|
||||||
let db = req.app.db;
|
let db = req.app.db;
|
||||||
let bcrypt = req.bcrypt;
|
|
||||||
|
|
||||||
db.customers.findOne({email: req.body.loginEmail}, (err, customer) => {
|
db.customers.findOne({email: req.body.loginEmail}, (err, customer) => { // eslint-disable-line
|
||||||
if(err){
|
if(err){
|
||||||
// An error accurred
|
// An error accurred
|
||||||
return res.status(400).json({
|
return res.status(400).json({
|
||||||
|
@ -78,7 +77,9 @@ router.post('/customer/login_action', (req, res) => {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
// we have a customer under that email so we compare the password
|
// we have a customer under that email so we compare the password
|
||||||
if(bcrypt.compareSync(req.body.loginPassword, customer.password) === false){
|
bcrypt.compare(req.body.loginPassword, customer.password)
|
||||||
|
.then((result) => {
|
||||||
|
if(!result){
|
||||||
// password is not correct
|
// password is not correct
|
||||||
return res.status(400).json({
|
return res.status(400).json({
|
||||||
err: 'Access denied. Check password and try again.'
|
err: 'Access denied. Check password and try again.'
|
||||||
|
@ -91,6 +92,12 @@ router.post('/customer/login_action', (req, res) => {
|
||||||
message: 'Successfully logged in',
|
message: 'Successfully logged in',
|
||||||
customer: customer
|
customer: customer
|
||||||
});
|
});
|
||||||
|
})
|
||||||
|
.catch((err) => {
|
||||||
|
return res.status(400).json({
|
||||||
|
err: 'Access denied. Check password and try again.'
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -174,7 +181,6 @@ router.get('/customer/reset/:token', (req, res) => {
|
||||||
// reset password action
|
// reset password action
|
||||||
router.post('/customer/reset/:token', (req, res) => {
|
router.post('/customer/reset/:token', (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
let bcrypt = req.bcrypt;
|
|
||||||
|
|
||||||
// get the customer
|
// get the customer
|
||||||
db.customers.findOne({resetToken: req.params.token, resetTokenExpiry: {$gt: Date.now()}}, (err, customer) => {
|
db.customers.findOne({resetToken: req.params.token, resetTokenExpiry: {$gt: Date.now()}}, (err, customer) => {
|
||||||
|
@ -185,7 +191,7 @@ router.post('/customer/reset/:token', (req, res) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
// update the password and remove the token
|
// update the password and remove the token
|
||||||
let newPassword = bcrypt.hashSync(req.body.password);
|
let newPassword = bcrypt.hashSync(req.body.password, 10);
|
||||||
db.customers.update({email: customer.email}, {$set: {password: newPassword, resetToken: undefined, resetTokenExpiry: undefined}}, {multi: false}, (err, numReplaced) => {
|
db.customers.update({email: customer.email}, {$set: {password: newPassword, resetToken: undefined, resetTokenExpiry: undefined}}, {multi: false}, (err, numReplaced) => {
|
||||||
let mailOpts = {
|
let mailOpts = {
|
||||||
to: customer.email,
|
to: customer.email,
|
||||||
|
|
Loading…
Reference in New Issue