Change to bcryptjs, small refactor

react_convert
Mark Moffat 2018-02-04 13:04:32 +01:00
parent 7695996f4a
commit 2f9911fd1e
7 changed files with 73 additions and 55 deletions

2
app.js
View File

@ -4,7 +4,6 @@ const logger = require('morgan');
const cookieParser = require('cookie-parser'); const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser'); const bodyParser = require('body-parser');
const session = require('express-session'); const session = require('express-session');
const bcrypt = require('bcrypt-nodejs');
const moment = require('moment'); const moment = require('moment');
const MongoStore = require('connect-mongodb-session')(session); const MongoStore = require('connect-mongodb-session')(session);
const MongoClient = require('mongodb').MongoClient; const MongoClient = require('mongodb').MongoClient;
@ -216,7 +215,6 @@ app.use(express.static(path.join(__dirname, 'public')));
// Make stuff accessible to our router // Make stuff accessible to our router
app.use((req, res, next) => { app.use((req, res, next) => {
req.handlebars = handlebars; req.handlebars = handlebars;
req.bcrypt = bcrypt;
next(); next();
}); });

23
package-lock.json generated
View File

@ -1,6 +1,6 @@
{ {
"name": "express-cart", "name": "express-cart",
"version": "1.1.0", "version": "1.1.2",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {
@ -281,6 +281,11 @@
"resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz", "resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz",
"integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs=" "integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs="
}, },
"bcryptjs": {
"version": "2.4.3",
"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz",
"integrity": "sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms="
},
"beeper": { "beeper": {
"version": "1.1.1", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/beeper/-/beeper-1.1.1.tgz", "resolved": "https://registry.npmjs.org/beeper/-/beeper-1.1.1.tgz",
@ -4287,6 +4292,11 @@
"resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz", "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
"integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A==" "integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A=="
}, },
"rand-token": {
"version": "0.4.0",
"resolved": "https://registry.npmjs.org/rand-token/-/rand-token-0.4.0.tgz",
"integrity": "sha512-FLNNsir2R+XY8LKsZ+8u/w0qZ4sGit7cpNdznsI77cAVob6UlVPueDKRyjJ3W1Q6FJLgAVH98JvlqqpSaL7NEQ=="
},
"random-bytes": { "random-bytes": {
"version": "1.0.0", "version": "1.0.0",
"resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
@ -4517,6 +4527,17 @@
"once": "1.4.0" "once": "1.4.0"
} }
}, },
"run-sequence": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/run-sequence/-/run-sequence-2.2.1.tgz",
"integrity": "sha512-qkzZnQWMZjcKbh3CNly2srtrkaO/2H/SI5f2eliMCapdRD3UhMrwjfOAZJAnZ2H8Ju4aBzFZkBGXUqFs9V0yxw==",
"dev": true,
"requires": {
"chalk": "1.1.3",
"fancy-log": "1.3.2",
"plugin-error": "0.1.2"
}
},
"rx-lite": { "rx-lite": {
"version": "3.1.2", "version": "3.1.2",
"resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-3.1.2.tgz", "resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-3.1.2.tgz",

View File

@ -11,6 +11,7 @@
"ajv": "^6.0.0", "ajv": "^6.0.0",
"async": "^2.6.0", "async": "^2.6.0",
"bcrypt-nodejs": "0.0.3", "bcrypt-nodejs": "0.0.3",
"bcryptjs": "^2.4.3",
"body-parser": "^1.17.2", "body-parser": "^1.17.2",
"cheerio": "^0.22.0", "cheerio": "^0.22.0",
"colors": "^1.1.2", "colors": "^1.1.2",

View File

@ -1,3 +1,4 @@
/* eslint-disable prefer-arrow-callback, no-var, no-tabs */
$(document).ready(function (){ $(document).ready(function (){
if($(window).width() < 768){ if($(window).width() < 768){
$('.menu-side').on('click', function(e){ $('.menu-side').on('click', function(e){
@ -110,7 +111,7 @@ $(document).ready(function (){
}); });
// Call to API for a change to the published state of a product // Call to API for a change to the published state of a product
$("input[class='published_state']").change(function(){ $('input[class="published_state"]').change(function(){
$.ajax({ $.ajax({
method: 'POST', method: 'POST',
url: '/admin/product/published_state', url: '/admin/product/published_state',
@ -732,7 +733,3 @@ function showNotification(msg, type, reloadPage){
} }
}); });
} }
function searchForm(id){
$('form#' + id).submit();
}

File diff suppressed because one or more lines are too long

View File

@ -2,6 +2,13 @@ const express = require('express');
const common = require('./common'); const common = require('./common');
const escape = require('html-entities').AllHtmlEntities; const escape = require('html-entities').AllHtmlEntities;
const colors = require('colors'); const colors = require('colors');
const bcrypt = require('bcryptjs');
const rimraf = require('rimraf');
const url = require('url');
const fs = require('fs');
const path = require('path');
const multer = require('multer');
const glob = require('glob');
const router = express.Router(); const router = express.Router();
// Admin section // Admin section
@ -211,7 +218,6 @@ router.get('/login', (req, res) => {
// login the user and check the password // login the user and check the password
router.post('/login_action', (req, res) => { router.post('/login_action', (req, res) => {
let db = req.app.db; let db = req.app.db;
let bcrypt = req.bcrypt;
db.users.findOne({userEmail: req.body.email}, (err, user) => { db.users.findOne({userEmail: req.body.email}, (err, user) => {
if(err){ if(err){
@ -228,7 +234,9 @@ router.post('/login_action', (req, res) => {
res.redirect('/admin/login'); res.redirect('/admin/login');
}else{ }else{
// we have a user under that email so we compare the password // we have a user under that email so we compare the password
if(bcrypt.compareSync(req.body.password, user.userPassword) === true){ bcrypt.compare(req.body.password, user.userPassword)
.then((result) => {
if(result){
req.session.user = req.body.email; req.session.user = req.body.email;
req.session.usersName = user.usersName; req.session.usersName = user.usersName;
req.session.userId = user._id.toString(); req.session.userId = user._id.toString();
@ -240,6 +248,7 @@ router.post('/login_action', (req, res) => {
req.session.messageType = 'danger'; req.session.messageType = 'danger';
res.redirect('/admin/login'); res.redirect('/admin/login');
} }
});
} }
}); });
}); });
@ -504,7 +513,6 @@ router.post('/product/update', common.restrict, (req, res) => {
// delete product // delete product
router.get('/product/delete/:id', common.restrict, (req, res) => { router.get('/product/delete/:id', common.restrict, (req, res) => {
const db = req.app.db; const db = req.app.db;
let rimraf = require('rimraf');
// remove the article // remove the article
db.products.remove({_id: common.getId(req.params.id)}, {}, (err, numRemoved) => { db.products.remove({_id: common.getId(req.params.id)}, {}, (err, numRemoved) => {
@ -582,7 +590,6 @@ router.get('/user/edit/:id', common.restrict, (req, res) => {
// update a user // update a user
router.post('/user/update', common.restrict, (req, res) => { router.post('/user/update', common.restrict, (req, res) => {
const db = req.app.db; const db = req.app.db;
let bcrypt = req.bcrypt;
let isAdmin = req.body.user_admin === 'on' ? 'true' : 'false'; let isAdmin = req.body.user_admin === 'on' ? 'true' : 'false';
@ -630,12 +637,11 @@ router.post('/user/update', common.restrict, (req, res) => {
// insert a user // insert a user
router.post('/setup_action', (req, res) => { router.post('/setup_action', (req, res) => {
const db = req.app.db; const db = req.app.db;
let bcrypt = req.bcrypt;
let doc = { let doc = {
usersName: req.body.usersName, usersName: req.body.usersName,
userEmail: req.body.userEmail, userEmail: req.body.userEmail,
userPassword: bcrypt.hashSync(req.body.userPassword), userPassword: bcrypt.hashSync(req.body.userPassword, 10),
isAdmin: true isAdmin: true
}; };
@ -668,8 +674,6 @@ router.post('/setup_action', (req, res) => {
// insert a user // insert a user
router.post('/user/insert', common.restrict, (req, res) => { router.post('/user/insert', common.restrict, (req, res) => {
const db = req.app.db; const db = req.app.db;
let bcrypt = req.bcrypt;
let url = require('url');
// set the account to admin if using the setup form. Eg: First user account // set the account to admin if using the setup form. Eg: First user account
let urlParts = url.parse(req.header('Referer')); let urlParts = url.parse(req.header('Referer'));
@ -682,7 +686,7 @@ router.post('/user/insert', common.restrict, (req, res) => {
let doc = { let doc = {
usersName: req.body.usersName, usersName: req.body.usersName,
userEmail: req.body.userEmail, userEmail: req.body.userEmail,
userPassword: bcrypt.hashSync(req.body.userPassword), userPassword: bcrypt.hashSync(req.body.userPassword, 10),
isAdmin: isAdmin isAdmin: isAdmin
}; };
@ -1132,8 +1136,6 @@ router.post('/product/setasmainimage', common.restrict, (req, res) => {
// deletes a product image // deletes a product image
router.post('/product/deleteimage', common.restrict, (req, res) => { router.post('/product/deleteimage', common.restrict, (req, res) => {
const db = req.app.db; const db = req.app.db;
let fs = require('fs');
let path = require('path');
// get the productImage from the db // get the productImage from the db
db.products.findOne({_id: common.getId(req.body.product_id)}, (err, product) => { db.products.findOne({_id: common.getId(req.body.product_id)}, (err, product) => {
@ -1169,12 +1171,10 @@ router.post('/product/deleteimage', common.restrict, (req, res) => {
}); });
// upload the file // upload the file
let multer = require('multer');
let upload = multer({dest: 'public/uploads/'}); let upload = multer({dest: 'public/uploads/'});
router.post('/file/upload', common.restrict, upload.single('upload_file'), (req, res, next) => { router.post('/file/upload', common.restrict, upload.single('upload_file'), (req, res, next) => {
const db = req.app.db; const db = req.app.db;
let fs = require('fs');
let path = require('path');
if(req.file){ if(req.file){
// check for upload select // check for upload select
@ -1238,8 +1238,6 @@ router.post('/testEmail', common.restrict, (req, res) => {
// delete a file via ajax request // delete a file via ajax request
router.post('/file/delete', common.restrict, (req, res) => { router.post('/file/delete', common.restrict, (req, res) => {
let fs = require('fs');
req.session.message = null; req.session.message = null;
req.session.messageType = null; req.session.messageType = null;
@ -1256,9 +1254,6 @@ router.post('/file/delete', common.restrict, (req, res) => {
}); });
router.get('/files', common.restrict, (req, res) => { router.get('/files', common.restrict, (req, res) => {
let glob = require('glob');
let fs = require('fs');
// loop files in /public/uploads/ // loop files in /public/uploads/
glob('public/uploads/**', {nosort: true}, (er, files) => { glob('public/uploads/**', {nosort: true}, (er, files) => {
// sort array // sort array

View File

@ -2,12 +2,12 @@ const express = require('express');
const router = express.Router(); const router = express.Router();
const colors = require('colors'); const colors = require('colors');
const randtoken = require('rand-token'); const randtoken = require('rand-token');
const bcrypt = require('bcryptjs');
const common = require('./common'); const common = require('./common');
// insert a customer // insert a customer
router.post('/customer/create', (req, res) => { router.post('/customer/create', (req, res) => {
const db = req.app.db; const db = req.app.db;
const bcrypt = req.bcrypt;
let doc = { let doc = {
email: req.body.email, email: req.body.email,
@ -19,7 +19,7 @@ router.post('/customer/create', (req, res) => {
state: req.body.state, state: req.body.state,
postcode: req.body.postcode, postcode: req.body.postcode,
phone: req.body.phone, phone: req.body.phone,
password: bcrypt.hashSync(req.body.password), password: bcrypt.hashSync(req.body.password, 10),
created: new Date() created: new Date()
}; };
@ -61,9 +61,8 @@ router.post('/customer/create', (req, res) => {
// login the customer and check the password // login the customer and check the password
router.post('/customer/login_action', (req, res) => { router.post('/customer/login_action', (req, res) => {
let db = req.app.db; let db = req.app.db;
let bcrypt = req.bcrypt;
db.customers.findOne({email: req.body.loginEmail}, (err, customer) => { db.customers.findOne({email: req.body.loginEmail}, (err, customer) => { // eslint-disable-line
if(err){ if(err){
// An error accurred // An error accurred
return res.status(400).json({ return res.status(400).json({
@ -78,7 +77,9 @@ router.post('/customer/login_action', (req, res) => {
}); });
} }
// we have a customer under that email so we compare the password // we have a customer under that email so we compare the password
if(bcrypt.compareSync(req.body.loginPassword, customer.password) === false){ bcrypt.compare(req.body.loginPassword, customer.password)
.then((result) => {
if(!result){
// password is not correct // password is not correct
return res.status(400).json({ return res.status(400).json({
err: 'Access denied. Check password and try again.' err: 'Access denied. Check password and try again.'
@ -91,6 +92,12 @@ router.post('/customer/login_action', (req, res) => {
message: 'Successfully logged in', message: 'Successfully logged in',
customer: customer customer: customer
}); });
})
.catch((err) => {
return res.status(400).json({
err: 'Access denied. Check password and try again.'
});
});
}); });
}); });
@ -174,7 +181,6 @@ router.get('/customer/reset/:token', (req, res) => {
// reset password action // reset password action
router.post('/customer/reset/:token', (req, res) => { router.post('/customer/reset/:token', (req, res) => {
const db = req.app.db; const db = req.app.db;
let bcrypt = req.bcrypt;
// get the customer // get the customer
db.customers.findOne({resetToken: req.params.token, resetTokenExpiry: {$gt: Date.now()}}, (err, customer) => { db.customers.findOne({resetToken: req.params.token, resetTokenExpiry: {$gt: Date.now()}}, (err, customer) => {
@ -185,7 +191,7 @@ router.post('/customer/reset/:token', (req, res) => {
} }
// update the password and remove the token // update the password and remove the token
let newPassword = bcrypt.hashSync(req.body.password); let newPassword = bcrypt.hashSync(req.body.password, 10);
db.customers.update({email: customer.email}, {$set: {password: newPassword, resetToken: undefined, resetTokenExpiry: undefined}}, {multi: false}, (err, numReplaced) => { db.customers.update({email: customer.email}, {$set: {password: newPassword, resetToken: undefined, resetTokenExpiry: undefined}}, {multi: false}, (err, numReplaced) => {
let mailOpts = { let mailOpts = {
to: customer.email, to: customer.email,