leca/minecraft-launcher-registration
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

switch from req.session.jwt to cookies

Browse Source
This commit is contained in:
leca
2025-02-03 04:02:52 +03:00
parent c0ee036530
commit 3a742b1f34
12 changed files with 247 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/controllers/user.js
View File

@@ -31,7 +31,8 @@ class UserController {
utils.removeFromFile('./inviteTokens.txt', req.body.inviteToken);
}
req.session.jwt = jwt.sign({ username }, process.env.SECRET, {expiresIn: "1y"});
const token = jwt.sign({ username }, process.env.SECRET, {expiresIn: "1y"});
res.cookie("jwt", token);
return res.status(200).send("Ok");
}
@@ -43,12 +44,13 @@ class UserController {
if (!bcrypt.compareSync(password, storedPassword)) {
return res.status(403).send("Password is not correct");
}
req.session.jwt = jwt.sign({ username }, process.env.SECRET, {expiresIn: "1y"});
const token = jwt.sign({ username }, process.env.SECRET, {expiresIn: "1y"});
res.cookie("jwt", token);
return res.status(200).send("Ok");
}
async changePassword(req, res) {
const token = req.session.jwt;
const token = req.cookies["jwt"];
const username = jwt.decode(token).username;
const { oldPassword, newPassword } = req.body;
@@ -67,11 +69,12 @@ class UserController {
async logout(req, res) {
req.session.destroy();
res.clearCookie("jwt");
return res.redirect("/login");
}
async uploadSkin(req, res) {
const token = req.session.jwt;
const token = req.cookies["jwt"];
const decoded = jwt.decode(token);
const tempPath = req.file.path;
const targetPath = `/opt/skins/${decoded.username}.png`;
@@ -93,7 +96,7 @@ class UserController {
}
async uploadCape(req, res) {
const token = req.session.jwt;
const token = req.cookies["jwt"];
const decoded = jwt.decode(token);
const tempPath = req.file.path;
const targetPath = `/opt/cloaks/${decoded.username}.png`;
@@ -116,7 +119,7 @@ class UserController {
}
async getUsername(req, res) {
const token = req.session.jwt;
const token = req.cookies["jwt"];
return res.status(200).send(jwt.decode(token).username);
}
}

10
src/index.js
View File

@@ -9,7 +9,7 @@ import UserRouter from './routers/user.js';
const app = express();
dotenv.config({path: ".env"});
dotenv.config({ path: ".env" });
app.use(session({
secret: process.env.SECRET,
@@ -18,7 +18,7 @@ app.use(session({
cookie: { maxAge: 1000 * 60 * 60 * 24 }
}));
app.use(express.static(path.join('./public')));
app.use(express.urlencoded({extended: false}));
app.use(express.urlencoded({ extended: false }));
app.use(express.json());
app.use(cookieParser());
@@ -27,6 +27,8 @@ app.set('view engine', 'pug');
app.use('/api', ApiRouter);
app.use('/', UserRouter);
app.listen(process.env.PORT, () => {
const server = app.listen(process.env.PORT, () => {
console.log("App has been started!");
});
});
export default server;

68
src/messages.js Normal file
View File

@@ -0,0 +1,68 @@
import { Kafka } from "kafkajs";
import ws from 'ws';
import jwt from 'jwt';
import server from './index.js';
const kafka = new Kafka({
clientId: 'backend',
brokers: ['kafka:9092']
});
const wsClients = [];
const producer = kafka.producer();
const consumer = kafka.consumer();
await producer.connect();
await consumer.connect();
await consumer.subscribe({
topic: "chatMessage",
fromBeginning: true
});
const onMessageFromServer = async ({ topic, partition, message }) => {
wsClients.forEach(client => {
client.send({
message
})
})
};
await consumer.run({
eachMessage: onMessageFromServer
});
const wsServer = new ws.Server({ noServer: true });
wsServer.on('connection', socket => {
wsClients.push(socket);
socket.on('message', async (message) => {
const token = message.jwt;
if (!jwt.verify(token, process.env.secret)) {
socket.send("JWT is not valid.")
return;
}
await producer.send({
topic: 'chatMessage',
messages: [{
author: message.author,
content: message.content,
date: message.date
}]
});
});
socket.on('close', async () => {
wsClients = wsClients.filter(s => s !== socket);
await producer.disconnect();
});
});
server.on('upgrade', (request, socket, head) => {
wsServer.handleUpgrade(request, socket, head, socket => {
wsServer.emit('connection', socket, request);
})
})

5
src/middlewares/auth.js
View File

@@ -7,9 +7,10 @@ import UserService from '../services/user.js';
dotenv.config({path: ".env"});
const authenticate = async (req, res, next) => {
const token = req.session.jwt;
const token = req.cookies["jwt"];
if (!token || !jwt.verify(token, process.env.SECRET)) {
req.session.destroy();
res.clearCookie("jwt");
return res.redirect("/login");
}
next();
@@ -33,7 +34,7 @@ const validateInviteToken = async (req, res, next) => {
};
const canHaveCloak = async (req, res, next) => {
const { username } = jwt.decode(req.session.jwt);
const { username } = jwt.decode(req.cookies["jwt"]);
if (!(await UserService.canHaveCloak(username)))
return res.status(403).send("You cannot have cloak");
next();

6
src/middlewares/existance.js
View File

@@ -19,11 +19,11 @@ const userExist = async (req, res, next) => {
let username;
if (req.body.username) {
username = req.body.username;
} else if (req.session.jwt) {
if (!req.session.jwt || !jwt.verify(req.session.jwt, process.env.SECRET)) {
} else if (req.cookies["jwt"]) {
if (!req.cookies["jwt"] || !jwt.verify(req.cookies["jwt"], process.env.SECRET)) {
return res.status(403).send("Unauthorized");
}
username = jwt.decode(req.session.jwt).username;
username = jwt.decode(req.cookies["jwt"]).username;
}
if (!(await UserService.exists(username))) {

12
src/routers/user.js
View File

@@ -10,7 +10,7 @@ dotenv.config({path: ".env"});
const UserRouter = new Router();
UserRouter.get('/register', async (req, res) => {
if (req.session.jwt && jwt.verify(req.session.jwt, process.env.SECRET))
if (req.cookies["jwt"] && jwt.verify(req.cookies["jwt"], process.env.SECRET))
return res.redirect("/index");
return res.render("register.pug", {
@@ -19,7 +19,7 @@ UserRouter.get('/register', async (req, res) => {
});
UserRouter.get(['/', '/login'], async (req, res) => {
if(req.session.jwt && jwt.verify(req.session.jwt, process.env.SECRET)) {
if(req.cookies["jwt"] && jwt.verify(req.cookies["jwt"], process.env.SECRET)) {
return res.redirect("/index");
}
@@ -27,7 +27,7 @@ UserRouter.get(['/', '/login'], async (req, res) => {
});
UserRouter.get(['/index', '/skin'], auth.authenticate, async (req, res) => {
const username = jwt.decode(req.session.jwt).username;
const username = jwt.decode(req.cookies["jwt"]).username;
return res.render('skin.pug', {
username: username,
@@ -36,7 +36,7 @@ UserRouter.get(['/index', '/skin'], auth.authenticate, async (req, res) => {
});
UserRouter.get('/changepassword', auth.authenticate, async (req, res) => {
const username = jwt.decode(req.session.jwt).username;
const username = jwt.decode(req.cookies["jwt"]).username;
return res.render('changepassword.pug', {
can_have_cloak: await UserService.canHaveCloak(username)
@@ -44,7 +44,7 @@ UserRouter.get('/changepassword', auth.authenticate, async (req, res) => {
});
UserRouter.get('/chat', auth.authenticate, async (req, res) => {
const username = jwt.decode(req.session.jwt).username;
const username = jwt.decode(req.cookies["jwt"]).username;
return res.render('chat.pug', {
can_have_cloak: await UserService.canHaveCloak(username)
@@ -52,7 +52,7 @@ UserRouter.get('/chat', auth.authenticate, async (req, res) => {
});
UserRouter.get('/worldmap', auth.authenticate, async (req, res) => {
const username = jwt.decode(req.session.jwt).username;
const username = jwt.decode(req.cookies["jwt"]).username;
return res.render('worldmap.pug', {
can_have_cloak: await UserService.canHaveCloak(username)