LeClubInfo / ci-site2016

Commit c726d602398b69062b954e1884f829e4adb98fab

Authored by Geoffrey PREUD'HOMME
1 parent 8ed4d659

Utilisation d'un vrai système de sessions

Showing 5 changed files with 63 additions and 167 deletions   Show diff stats
Inline Side-by-side
app/models/SessionModl.js deleted
View file @8ed4d65
... ... @@ -1,12 +0,0 @@
1   -var mongoose = require('mongoose');
2   -
3   -module.exports = mongoose.model('Session', {
4   - login: { // On récupèrera le nom via les passwd
5   - type: String,
6   - default: 'login'
7   - },
8   - started: {
9   - type: Date,
10   - default: Date.now
11   - }
12   -});
app/routes/ApiRtes.js
  Show/Hide comments   View file @c726d60
1 1 var MembresServ = require('../services/MembresServ');
2   -var SessionsServ = require('../services/SessionsServ');
  2 +var PolyUserServ = require('../services/PolyUserServ');
3 3 var DecryptServ = require('../services/DecryptServ');
4 4 var ConvsServ = require('../services/ConvsServ');
5 5 var MessServ = require('../services/MessServ');
6 6 var express = require('express');
  7 +session = require('express-session');
7 8  
8 9 var api = express();
9 10  
10 11 // Authentication
11 12 reqAuth = function () {
12 13 return function (req, res, next) {
13   - if (!req.cookies) {
  14 + if (req.session.data && req.session.data.login) {
  15 + next();
  16 + } else {
14 17 res.status(401).end();
15 18 }
16   - SessionsServ.use(req.cookies.session, function (err, session) {
17   - if (err) {
18   - res.status(500).send(err);
19   - } else {
20   - if (session) {
21   - req.session = session;
22   - next();
23   - } else {
24   - res.status(401).end();
25   - }
26   - }
27   - });
28 19 };
29 20 };
30 21  
31   -reqVerified = function (verify) {
  22 +reqVerified = function (verify) { // Assert mais pour les droits (d'où le 403)
32 23 return function (req, res, next) {
33 24 reqAuth()(req, res, function () {
34 25 verify(req, res, function (err, verified) {
... ... @@ -48,7 +39,7 @@ reqVerified = function (verify) {
48 39  
49 40 reqPerm = function (perm) {
50 41 return reqVerified(function (req, res, cb) {
51   - cb(null, req.session[perm]);
  42 + cb(null, req.session.data[perm]);
52 43 });
53 44 };
54 45  
... ... @@ -82,46 +73,74 @@ decrypt = function () {
82 73 };
83 74  
84 75 // Sessions
85   -api.get('/session', function (req, res) { // Informations sur la session
86   - if (req.cookies && req.cookies.session) {
87   - SessionsServ.use(req.cookies.session, function (err, session) {
88   - if (err) {
89   - res.clearCookie('session');
90   - // TODO Pas vraiment un 500
91   - // TODO Gérer ça mieux coté client
92   - res.status(500).send(err);
93   - } else {
94   - res.send(session);
95   - }
  76 +
  77 +sessionData = function (session, cb) {
  78 + PolyUserServ.get(session.login, function (err, nom) {
  79 + // Nom
  80 + session.nom = nom.nom;
  81 + session.section = nom.section;
  82 + MembresServ.estBureau(session.login, function (bureau) {
  83 + session.bureau = bureau;
  84 + // Permissions
  85 + session.canAddMembre = session.bureau;
  86 + session.canDelMembre = session.bureau;
  87 + session.canAddConv = true;
  88 + session.canDelConv = session.bureau;
  89 + session.canAddMess = true;
  90 + session.canDelMess = session.bureau;
  91 + cb(session);
96 92 });
97   - } else {
98   - res.clearCookie('session');
99   - res.send('missing');
100   - }
  93 + });
  94 +};
  95 +
  96 +api.use(session({
  97 + // TODO Session store https://github.com/expressjs/session#compatible-session-stores
  98 + name: 'membreCool',
  99 + resave: false,
  100 + saveUninitialized: true,
  101 + secret: "Le Club Info c'est cool" // TODO Vrai secret https://gist.github.com/earthgecko/3089509
  102 +}));
  103 +
  104 +api.get('/session', function (req, res) { // Informations sur la session
  105 + res.send(req.session.data);
101 106 });
102 107  
103 108 api.post('/session', decrypt(), assert(function (req, res, cb) {
104 109 cb(null, req.body && typeof req.body.login == 'string' && req.body.login !== '' && typeof req.body.pass == 'string' && req.body.pass !== '');
105 110 }), function (req, res) { // Se connecter
106   - SessionsServ.open(req.body, function (err, session) {
  111 + PolyUserServ.verify(req.body.login, req.body.pass, function (err, verified) {
107 112 if (err) {
108 113 res.status(500).send(err);
109 114 } else {
110   - res.cookie('session', session._id);
111   - res.send(session);
  115 + if (verified) {
  116 + sessionData({
  117 + login: req.body.login
  118 + }, function (session) {
  119 + req.session.data = session;
  120 + req.session.save(function (err) {
  121 + if (err) {
  122 + res.status(500).end("Sauvegarde session");
  123 + } else {
  124 + res.status(201).send(session);
  125 + }
  126 + });
  127 + });
  128 + } else {
  129 + req.session.destroy(function (err) {
  130 + if (err) {
  131 + res.status(500).end("Suppression de la session");
  132 + } else {
  133 + res.status(401).end();
  134 + }
  135 + });
  136 + }
112 137 }
113 138 });
114 139 });
115 140  
116 141 api.delete('/session', function (req, res) { // Se déconnecter
117   - if (req.cookies.session) {
118   - SessionsServ.delete(req.cookies.session, function () {
119   - res.clearCookie('session');
120   - res.end();
121   - });
122   - } else {
123   - res.send('missing');
124   - }
  142 + req.session.destroy();
  143 + res.status(200).end();
125 144 });
126 145  
127 146  
... ...
app/services/SessionsServ.js deleted
View file @8ed4d65
... ... @@ -1,113 +0,0 @@
1   -var SessionModl = require('../models/SessionModl');
2   -var PolyUserServ = require('../services/PolyUserServ');
3   -var MembresServ = require('../services/MembresServ');
4   -
5   -var sessions = {};
6   -
7   -sessions.cur = false;
8   -
9   -sessions.addData = function (session, cb) {
10   - PolyUserServ.get(session.login, function (err, nom) {
11   - // Nom
12   - session.nom = nom.nom;
13   - session.section = nom.section;
14   - MembresServ.estBureau(session.login, function (bureau) {
15   - session.bureau = bureau;
16   - // Permissions
17   - session.canAddMembre = session.bureau;
18   - session.canDelMembre = session.bureau;
19   - session.canAddConv = true;
20   - session.canDelConv = session.bureau;
21   - session.canAddMess = true;
22   - session.canDelMess = session.bureau;
23   - cb(session);
24   - });
25   - });
26   -};
27   -
28   -sessions.find = function (id, cb) {
29   - _this = this;
30   - SessionModl.findById(id).lean().exec(function (err, session) {
31   - if (typeof session == 'object') {
32   - _this.addData(session, function (session) {
33   - cb(err, session);
34   - });
35   - } else {
36   - cb(err, null);
37   - }
38   - });
39   -};
40   -
41   -sessions.valid = function (session) {
42   - return session.started.setSeconds(session.started.getSeconds() + 3600) > new Date();
43   -};
44   -
45   -sessions.delete = function (id, cb) {
46   - SessionModl.remove({
47   - _id: id
48   - }, cb);
49   -};
50   -
51   -sessions.verify = function (id, cb) {
52   - _this = this;
53   - _this.find(id, function (err, session) {
54   - if (err) {
55   - cb('error');
56   - } else {
57   - if (session) {
58   - if (sessions.valid(session)) {
59   - cb(null, session);
60   - } else {
61   - cb('expired');
62   - _this.delete(id);
63   - }
64   - } else {
65   - cb('unknown');
66   - }
67   - }
68   - });
69   -};
70   -
71   -sessions.use = function (id, cb) {
72   - _this = this;
73   - _this.verify(id, function (err, session) {
74   - if (err) {
75   - cb(err);
76   - } else {
77   - cb(null, session);
78   - }
79   - });
80   -};
81   -
82   -sessions.create = function (login, cb) {
83   - SessionModl.create({
84   - login: login
85   - }, cb);
86   -};
87   -
88   -sessions.login = function (data, cb) {
89   - PolyUserServ.verify(data.login, data.pass, cb);
90   -};
91   -
92   -sessions.open = function (data, cb) {
93   - _this = this;
94   - _this.login(data, function (err, res) {
95   - if (err) {
96   - cb(err);
97   - } else {
98   - if (res) {
99   - _this.create(data.login, function (err, session) {
100   - if (err) {
101   - cb(err);
102   - } else {
103   - _this.use(session._id, cb);
104   - }
105   - });
106   - } else {
107   - cb('invalid');
108   - }
109   - }
110   - });
111   -};
112   -
113   -module.exports = sessions;
package.json
  Show/Hide comments   View file @c726d60
... ... @@ -8,6 +8,7 @@
8 8 "cookie-parser": "^1.3.4",
9 9 "express": "^4.12.3",
10 10 "express-http-proxy": "^0.5.0",
  11 + "express-session": "^1.11.1",
11 12 "mongoose": "^4.0.1",
12 13 "node-cache": "^1.1.0",
13 14 "node-line-reader": "0.0.2",
... ...
public/js/controllers/ConnectCtrl.js
  Show/Hide comments   View file @c726d60
... ... @@ -6,6 +6,7 @@ angular.module('ConnectCtrl', ['SessionsServ', 'EncryptServ', 'angular-ladda'])
6 6 $scope.connecting = false;
7 7 $scope.connect = {
8 8 connect: function () {
  9 + // TODO Mieux gérer les mauvais auth
9 10 $scope.connecting = true;
10 11 SessionServ.connect($scope.connect.login, $scope.connect.pass, function (err) {
11 12 $scope.connecting = false;
... ...