From 5022bb124efe4a2e3de2d8a94a1cfe911474587d Mon Sep 17 00:00:00 2001
From: ManifoldFR <wilson.jallet@gmail.com>
Date: Fri, 2 Mar 2018 01:34:50 +0100
Subject: [PATCH] =?UTF-8?q?Impl=C3=A9mentation=20session,=20s=C3=A9curit?=
=?UTF-8?q?=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Express-session chargé et (semi-)configuré.
Exemples de récupération des données de session
Empêchement de se connecter à /admin sans être authentifié
---
src/admin_view/admin_router.js | 27 +++++++++++++++++++++++++--
src/graphql/schema.js | 3 +++
src/server.js | 18 +++++++++++++++---
src/views/home.pug | 1 +
4 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/src/admin_view/admin_router.js b/src/admin_view/admin_router.js
index 4a4a663..503d8dd 100644
--- a/src/admin_view/admin_router.js
+++ b/src/admin_view/admin_router.js
@@ -17,11 +17,32 @@ router.get('/', function (req, res) {
errorMessage: req.flash('error') });
});
+/**
+ * @description Le login se fait en POST. Faire un GET à /login renvoie à la racine /
+ */
+router.get('/login', function(req,res) {
+ console.log('Redirecting to home...');
+ res.redirect('/');
+});
+
router.get('/admin',
- // ensureLoggedIn('/'),
+ ensureLoggedIn('/login'),
function (req, res) {
console.log('Connecting to ' + req.url);
- res.render('home', { title: 'Home', port: port });
+ let userName;
+ /*
+ * On ne veut pas déclencer d'erreur 500 si on ne peut pas lire l'utilisateur
+ * La personne n'est peut-être pas connectée, mais cela doit être géré autrement
+ */
+ try {
+ let user = req.session.passport.user;
+ console.log('Welcome,',user.cn);
+ userName = user.cn;
+ } catch (err) {
+ console.log(err.message);
+ userName = "No one";
+ }
+ res.render('home', { title: 'Home', port: port, userName: userName });
});
router.post('/login',
@@ -105,7 +126,9 @@ router.use((req, res, next) => {
* @summary Gère les erreurs 404
*/
router.use((err, req, res, next) => {
+ console.log("Entering error handler");
res.locals.message = err.message;
+ console.log(err.message);
res.status(err.status || 500);
let error_message = res.statusCode == 404 ? 'Not found.' : 'Internal server error.';
diff --git a/src/graphql/schema.js b/src/graphql/schema.js
index ef56500..66854b9 100644
--- a/src/graphql/schema.js
+++ b/src/graphql/schema.js
@@ -165,6 +165,7 @@ const resolvers = {
user: (obj, args, context) => {
const refactorer = (data) => {
return {
+ uid: args.uid,
lastName: data.sn,
givenName: data.givenName,
birthdate: data.brBirthdate,
@@ -172,6 +173,8 @@ const resolvers = {
};
};
+ console.log("Logged in as:",context.user);
+
const result = rens(context.user, args.uid).then(res => {
const output = res.map(entry => refactorer(entry));
return output;
diff --git a/src/server.js b/src/server.js
index c26bebf..99184c8 100644
--- a/src/server.js
+++ b/src/server.js
@@ -2,6 +2,7 @@
* @file Cree le serveur express avec tous les middleware qui vont bien
*/
import express from 'express';
+import session from 'express-session';
import bodyParser from 'body-parser';
import favicon from 'serve-favicon';
import morgan from 'morgan';
@@ -19,6 +20,19 @@ server.use(bodyParser.urlencoded({
extended: true
}));
+/**
+ * @description Cache le fait que l'application tourne sous Express dans le header HTTP.
+ */
+server.disable('x-powered-by');
+
+// Configuration de express-session
+server.use(session({
+ secret: 'race condition',
+ cookie: { maxAge: 60000 },
+ resave: true,
+ saveUninitialized: true
+}));
+
// setting up view engine for pug
let viewpath = path.resolve('./','src','views');
server.set('views', viewpath);
@@ -39,10 +53,8 @@ server.use('/graphql', bodyParser.json(), cors(),
let password;
try {
- uid = "anatole.romon";
+ uid = req.session.passport.user.uid;
password = "mythe";
- //uid = req.session.id;
- //password = req.session.password;
} catch (err) {
uid = "louis.vaneau";
password = "mythe";
diff --git a/src/views/home.pug b/src/views/home.pug
index 5f54ed0..ecf13fe 100644
--- a/src/views/home.pug
+++ b/src/views/home.pug
@@ -20,5 +20,6 @@ block content
| requests to the database.
a(href="/graphiql") Check it out.
|
+ p Currently logged in as: #{userName}.
form(action="/logout", method="post")
button.form-control(type="submit") Déconnexion/<em>Logout</em>
--
GitLab