surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gestione Refresh Token Completata !

Browse Source
This commit is contained in:
Surya Paolo
2024-04-11 11:43:19 +02:00
parent 07c210c59e
commit c2d76ff10a
12 changed files with 51 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env.dev.pcb
View File

@@ -33,7 +33,7 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
REFRESH_TOKEN_LIFE=7d
FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_

2
.env.dev.riso
View File

@@ -33,7 +33,7 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
REFRESH_TOKEN_LIFE=7d
FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_

8
.env.development
View File

@@ -1,11 +1,11 @@
DATABASE=test_PiuCheBuono
DATABASE=test_FreePlanet
UDB=paofreeplanet
PDB=mypassword@1A
SEND_EMAIL=0
SEND_EMAIL_ORDERS=1
PORT=3000
appTelegram_TEST=["1","17"]
appTelegram=["1","17"]
appTelegram_TEST=["1","13"]
appTelegram=["1","13"]
DOMAIN=mongodb://localhost:27017/
AUTH_MONGODB=true
MONGODB_USER=admin
@@ -33,7 +33,7 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
REFRESH_TOKEN_LIFE=7d
FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_

2
.env.prod.pcb
View File

@@ -31,5 +31,5 @@ PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
SECRTK=jAxKm02emx5SeJvz2IGmtRf6YqCgope
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
REFRESH_TOKEN_LIFE=7d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNVZZ

2
.env.test.pcb
View File

@@ -30,5 +30,5 @@ PROD=0
PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
REFRESH_TOKEN_LIFE=7d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV

2
.env.test.risosrv
View File

@@ -27,5 +27,5 @@ PROD=0
PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
REFRESH_TOKEN_LIFE=7d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV

5
emails/ecommerce/makeorder/it/html.pug
View File

@@ -75,6 +75,11 @@ html
- var qty = rec.order.quantity
- var qtypreordered = rec.order.quantitypreordered
if (rec.order.product.productInfo.sfuso && rec.order.product.productInfo.weight)
qtypreordered = (qtypreordered * rec.order.product.productInfo.weight);
else
qtypreordered = qtypreordered + ' x ' + rec.order.product.productInfo.weight;
- var unit = rec.order.product.productInfo.unitstr
- index = index + 1

10
src/server/middleware/authenticate.js
View File

@@ -13,7 +13,7 @@ const auth_default = (req, res, next) => {
const authenticate = (req, res, next) => {
const token = req.header('x-auth');
//const refreshToken = req.header('x-refrTok');
//const refreshToken = req.header('x-refrtok');
// console.log('authenticate... ');
@@ -55,7 +55,7 @@ const authenticate = (req, res, next) => {
req.token = token;
// req.refreshToken = refreshToken;
req.access = access;
next();
next(); // Esegui il codice successivo
});
}
// tools.mylog('userid', user._id);
@@ -72,7 +72,7 @@ const authenticate = (req, res, next) => {
const authenticate_noerror = (req, res, next) => {
try {
const token = req.header('x-auth');
const refreshToken = req.header('x-refrTok');
const refreshToken = req.header('x-refrtok');
const access = 'auth';
@@ -81,17 +81,21 @@ const authenticate_noerror = (req, res, next) => {
req.user = null;
req.token = null;
req.access = null;
req.code = ris.code;
} else {
req.user = ris.user;
req.token = token;
req.refreshToken = refreshToken;
req.access = access;
req.code = ris.code;
}
// Vai avanti ad eseguire il codice, in ogni modo !
next();
}).catch((e) => {
req.user = null;
req.token = null;
req.access = null;
req.code = 0;
});
} catch (e) {
console.error('Err', e);

12
src/server/models/user.js
View File

@@ -63,6 +63,7 @@ const UserSchema = new mongoose.Schema({
type: String,
required: true,
},
group: {
type: Number,
},
@@ -538,9 +539,11 @@ UserSchema.methods.generateAuthToken = function (req) {
let token = null;
let numsec = process.env.TOKEN_LIFE;
if (attiva_scadenza)
token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SIGNCODE, { expiresIn: process.env.TOKEN_LIFE }).toString();
process.env.SIGNCODE, { expiresIn: numsec }).toString();
else
token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SIGNCODE).toString();
@@ -560,6 +563,7 @@ UserSchema.methods.generateAuthToken = function (req) {
user.lasttimeonline = new Date();
return user.save().then(() => {
console.log('Salvato refreshToken su DB', refreshToken);
// console.log("TOKEN CREATO IN LOGIN : " + token);
return { token, refreshToken };
}).catch(err => {
@@ -721,10 +725,9 @@ UserSchema.statics.findByToken = async function (token, typeaccess, con_auth) {
if (e.expiredAt) {
code = server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED;
if (con_auth) {
return { user: null, code: server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED };
} else {
return { user: null, code };
}
} else {
console.error('Err findByToken:', e);
@@ -765,6 +768,7 @@ UserSchema.statics.findByTokenAnyAccess = function (token) {
try {
decoded = jwt.verify(token, process.env.SIGNCODE);
} catch (e) {
console.error('Err findByTokenAnyAccess:', e);
return Promise.resolve(null);
}

19
src/server/router/index_router.js
View File

@@ -260,7 +260,7 @@ router.post(process.env.LINK_UPDATE_PWD, async (req, res) => {
// Salva lo User
user.save().then(() => {
res.header('x-auth', ris.token)
.header('x-refrTok', ris.refreshToken)
.header('x-refrtok', ris.refreshToken)
.send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno
});
});
@@ -1384,12 +1384,12 @@ router.get('/loadsite/:userId/:idapp', authenticate_noerror, (req, res) => {
});
router.get('/loadsite/:userId/:idapp/:vers', authenticate_noerror,
(req, res) => {
async (req, res) => {
let versionstr = req.params.vers;
let version = tools.getVersionint(versionstr);
load(req, res, version);
return await load(req, res, version);
});
@@ -1397,6 +1397,12 @@ function load(req, res, version) {
const userId = req.params.userId;
const idapp = req.params.idapp;
let status = 200
if (req.code === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
status = server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED
}
if (!version) {
version = '0';
}
@@ -1585,7 +1591,7 @@ function load(req, res, version) {
} catch (e) { }
}
if (version < 91) {
res.send({
res.status(status).send({
bookedevent: arrdata[0],
eventlist: arrdata[1],
operators: arrdata[2],
@@ -1612,7 +1618,7 @@ function load(req, res, version) {
internalpages: arrdata[23],
});
} else {
res.send({
res.status(status).send({
bookedevent: arrdata[0],
eventlist: arrdata[1],
operators: arrdata[2],
@@ -1663,6 +1669,7 @@ function load(req, res, version) {
subcatprods: arrdata[46],
catprods_gas: arrdata[47],
catAI: arrdata[48],
code: req.code,
});
const prova = 1;
@@ -1680,7 +1687,7 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate_noerror, async (req, res
// console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId);
if (!req.user) {
return res.status(404).send();
return res.status(200).send();
}
await CfgServer.find({ idapp }).then((arrcfgrec) => {

12
src/server/router/users_router.js
View File

@@ -301,7 +301,7 @@ router.post('/', async (req, res) => {
const { token, refreshToken } = await myuser.generateAuthToken(req);
res
.header('x-auth', token)
.header('x-refrTok', refreshToken)
.header('x-refrtok', refreshToken)
.send(myuser);
return true;
}
@@ -363,7 +363,7 @@ router.post('/', async (req, res) => {
// }
res
.header('x-auth', ris.token)
.header('x-refrTok', ris.refreshToken)
.header('x-refrtok', ris.refreshToken)
.send(user);
return true;
});
@@ -619,11 +619,13 @@ router.post('/newtok', async (req, res) => {
// Ottieni l'utente in base al refreshtoken
const recFound = await User.findOne({ 'tokens.refreshToken': refreshToken });
console.log('recFound', recFound ? recFound.name : 'NOTFOUND', 'Token=', refreshToken);
if (recFound) {
return recFound.generateAuthToken(req)
.then((ris) => {
return res.status(200).send({
usertosend,
usertosend: recFound,
token: ris.token,
refreshToken: ris.refreshToken
});
@@ -634,7 +636,7 @@ router.post('/newtok', async (req, res) => {
console.error('Err', e);
}
res.status(404).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
res.status(404).send({ code: server_constants.RIS_CODE_HTTP_INVALID_TOKEN });
});
@@ -722,7 +724,7 @@ router.post('/login', (req, res) => {
// SEND TOKEN AND CODE RESULT
return res
.header('x-auth', myris.token)
.header('x-refrTok', myris.refreshToken)
.header('x-refrtok', myris.refreshToken)
.send({
usertosend: myris.usertosend,
code: server_constants.RIS_CODE_OK,

2
src/server/server.js
View File

@@ -157,7 +157,7 @@ myLoad().then(ris => {
});
app.use(cors({
exposedHeaders: ['x-auth', 'x-refrTok'],
exposedHeaders: ['x-auth', 'x-refrtok'],
}));
app.use(bodyParser.json());