From c726d602398b69062b954e1884f829e4adb98fab Mon Sep 17 00:00:00 2001 From: Geoffrey Frogeye Date: Mon, 13 Apr 2015 01:25:53 +0200 Subject: [PATCH] Utilisation d'un vrai système de sessions --- app/models/SessionModl.js | 12 ------------ app/routes/ApiRtes.js | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------ app/services/SessionsServ.js | 113 ----------------------------------------------------------------------------------------------------------------- package.json | 1 + public/js/controllers/ConnectCtrl.js | 1 + 5 files changed, 63 insertions(+), 167 deletions(-) delete mode 100644 app/models/SessionModl.js delete mode 100644 app/services/SessionsServ.js diff --git a/app/models/SessionModl.js b/app/models/SessionModl.js deleted file mode 100644 index 465dce2..0000000 --- a/app/models/SessionModl.js +++ /dev/null @@ -1,12 +0,0 @@ -var mongoose = require('mongoose'); - -module.exports = mongoose.model('Session', { - login: { // On récupèrera le nom via les passwd - type: String, - default: 'login' - }, - started: { - type: Date, - default: Date.now - } -}); diff --git a/app/routes/ApiRtes.js b/app/routes/ApiRtes.js index b2003d5..59bb055 100644 --- a/app/routes/ApiRtes.js +++ b/app/routes/ApiRtes.js @@ -1,34 +1,25 @@ var MembresServ = require('../services/MembresServ'); -var SessionsServ = require('../services/SessionsServ'); +var PolyUserServ = require('../services/PolyUserServ'); var DecryptServ = require('../services/DecryptServ'); var ConvsServ = require('../services/ConvsServ'); var MessServ = require('../services/MessServ'); var express = require('express'); +session = require('express-session'); var api = express(); // Authentication reqAuth = function () { return function (req, res, next) { - if (!req.cookies) { + if (req.session.data && req.session.data.login) { + next(); + } else { res.status(401).end(); } - SessionsServ.use(req.cookies.session, function (err, session) { - if (err) { - res.status(500).send(err); - } else { - if (session) { - req.session = session; - next(); - } else { - res.status(401).end(); - } - } - }); }; }; -reqVerified = function (verify) { +reqVerified = function (verify) { // Assert mais pour les droits (d'où le 403) return function (req, res, next) { reqAuth()(req, res, function () { verify(req, res, function (err, verified) { @@ -48,7 +39,7 @@ reqVerified = function (verify) { reqPerm = function (perm) { return reqVerified(function (req, res, cb) { - cb(null, req.session[perm]); + cb(null, req.session.data[perm]); }); }; @@ -82,46 +73,74 @@ decrypt = function () { }; // Sessions -api.get('/session', function (req, res) { // Informations sur la session - if (req.cookies && req.cookies.session) { - SessionsServ.use(req.cookies.session, function (err, session) { - if (err) { - res.clearCookie('session'); - // TODO Pas vraiment un 500 - // TODO Gérer ça mieux coté client - res.status(500).send(err); - } else { - res.send(session); - } + +sessionData = function (session, cb) { + PolyUserServ.get(session.login, function (err, nom) { + // Nom + session.nom = nom.nom; + session.section = nom.section; + MembresServ.estBureau(session.login, function (bureau) { + session.bureau = bureau; + // Permissions + session.canAddMembre = session.bureau; + session.canDelMembre = session.bureau; + session.canAddConv = true; + session.canDelConv = session.bureau; + session.canAddMess = true; + session.canDelMess = session.bureau; + cb(session); }); - } else { - res.clearCookie('session'); - res.send('missing'); - } + }); +}; + +api.use(session({ + // TODO Session store https://github.com/expressjs/session#compatible-session-stores + name: 'membreCool', + resave: false, + saveUninitialized: true, + secret: "Le Club Info c'est cool" // TODO Vrai secret https://gist.github.com/earthgecko/3089509 +})); + +api.get('/session', function (req, res) { // Informations sur la session + res.send(req.session.data); }); api.post('/session', decrypt(), assert(function (req, res, cb) { cb(null, req.body && typeof req.body.login == 'string' && req.body.login !== '' && typeof req.body.pass == 'string' && req.body.pass !== ''); }), function (req, res) { // Se connecter - SessionsServ.open(req.body, function (err, session) { + PolyUserServ.verify(req.body.login, req.body.pass, function (err, verified) { if (err) { res.status(500).send(err); } else { - res.cookie('session', session._id); - res.send(session); + if (verified) { + sessionData({ + login: req.body.login + }, function (session) { + req.session.data = session; + req.session.save(function (err) { + if (err) { + res.status(500).end("Sauvegarde session"); + } else { + res.status(201).send(session); + } + }); + }); + } else { + req.session.destroy(function (err) { + if (err) { + res.status(500).end("Suppression de la session"); + } else { + res.status(401).end(); + } + }); + } } }); }); api.delete('/session', function (req, res) { // Se déconnecter - if (req.cookies.session) { - SessionsServ.delete(req.cookies.session, function () { - res.clearCookie('session'); - res.end(); - }); - } else { - res.send('missing'); - } + req.session.destroy(); + res.status(200).end(); }); diff --git a/app/services/SessionsServ.js b/app/services/SessionsServ.js deleted file mode 100644 index 2763422..0000000 --- a/app/services/SessionsServ.js +++ /dev/null @@ -1,113 +0,0 @@ -var SessionModl = require('../models/SessionModl'); -var PolyUserServ = require('../services/PolyUserServ'); -var MembresServ = require('../services/MembresServ'); - -var sessions = {}; - -sessions.cur = false; - -sessions.addData = function (session, cb) { - PolyUserServ.get(session.login, function (err, nom) { - // Nom - session.nom = nom.nom; - session.section = nom.section; - MembresServ.estBureau(session.login, function (bureau) { - session.bureau = bureau; - // Permissions - session.canAddMembre = session.bureau; - session.canDelMembre = session.bureau; - session.canAddConv = true; - session.canDelConv = session.bureau; - session.canAddMess = true; - session.canDelMess = session.bureau; - cb(session); - }); - }); -}; - -sessions.find = function (id, cb) { - _this = this; - SessionModl.findById(id).lean().exec(function (err, session) { - if (typeof session == 'object') { - _this.addData(session, function (session) { - cb(err, session); - }); - } else { - cb(err, null); - } - }); -}; - -sessions.valid = function (session) { - return session.started.setSeconds(session.started.getSeconds() + 3600) > new Date(); -}; - -sessions.delete = function (id, cb) { - SessionModl.remove({ - _id: id - }, cb); -}; - -sessions.verify = function (id, cb) { - _this = this; - _this.find(id, function (err, session) { - if (err) { - cb('error'); - } else { - if (session) { - if (sessions.valid(session)) { - cb(null, session); - } else { - cb('expired'); - _this.delete(id); - } - } else { - cb('unknown'); - } - } - }); -}; - -sessions.use = function (id, cb) { - _this = this; - _this.verify(id, function (err, session) { - if (err) { - cb(err); - } else { - cb(null, session); - } - }); -}; - -sessions.create = function (login, cb) { - SessionModl.create({ - login: login - }, cb); -}; - -sessions.login = function (data, cb) { - PolyUserServ.verify(data.login, data.pass, cb); -}; - -sessions.open = function (data, cb) { - _this = this; - _this.login(data, function (err, res) { - if (err) { - cb(err); - } else { - if (res) { - _this.create(data.login, function (err, session) { - if (err) { - cb(err); - } else { - _this.use(session._id, cb); - } - }); - } else { - cb('invalid'); - } - } - }); -}; - -module.exports = sessions; diff --git a/package.json b/package.json index c6e35fc..04557b2 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "cookie-parser": "^1.3.4", "express": "^4.12.3", "express-http-proxy": "^0.5.0", + "express-session": "^1.11.1", "mongoose": "^4.0.1", "node-cache": "^1.1.0", "node-line-reader": "0.0.2", diff --git a/public/js/controllers/ConnectCtrl.js b/public/js/controllers/ConnectCtrl.js index 89b6366..7e8f30e 100644 --- a/public/js/controllers/ConnectCtrl.js +++ b/public/js/controllers/ConnectCtrl.js @@ -6,6 +6,7 @@ angular.module('ConnectCtrl', ['SessionsServ', 'EncryptServ', 'angular-ladda']) $scope.connecting = false; $scope.connect = { connect: function () { + // TODO Mieux gérer les mauvais auth $scope.connecting = true; SessionServ.connect($scope.connect.login, $scope.connect.pass, function (err) { $scope.connecting = false; -- libgit2 0.21.2