Commit c726d602398b69062b954e1884f829e4adb98fab
1 parent
8ed4d659
Utilisation d'un vrai système de sessions
Showing
5 changed files
with
63 additions
and
167 deletions
Show diff stats
app/models/SessionModl.js deleted
app/routes/ApiRtes.js
| 1 | var MembresServ = require('../services/MembresServ'); | 1 | var MembresServ = require('../services/MembresServ'); |
| 2 | -var SessionsServ = require('../services/SessionsServ'); | 2 | +var PolyUserServ = require('../services/PolyUserServ'); |
| 3 | var DecryptServ = require('../services/DecryptServ'); | 3 | var DecryptServ = require('../services/DecryptServ'); |
| 4 | var ConvsServ = require('../services/ConvsServ'); | 4 | var ConvsServ = require('../services/ConvsServ'); |
| 5 | var MessServ = require('../services/MessServ'); | 5 | var MessServ = require('../services/MessServ'); |
| 6 | var express = require('express'); | 6 | var express = require('express'); |
| 7 | +session = require('express-session'); | ||
| 7 | 8 | ||
| 8 | var api = express(); | 9 | var api = express(); |
| 9 | 10 | ||
| 10 | // Authentication | 11 | // Authentication |
| 11 | reqAuth = function () { | 12 | reqAuth = function () { |
| 12 | return function (req, res, next) { | 13 | return function (req, res, next) { |
| 13 | - if (!req.cookies) { | 14 | + if (req.session.data && req.session.data.login) { |
| 15 | + next(); | ||
| 16 | + } else { | ||
| 14 | res.status(401).end(); | 17 | res.status(401).end(); |
| 15 | } | 18 | } |
| 16 | - SessionsServ.use(req.cookies.session, function (err, session) { | ||
| 17 | - if (err) { | ||
| 18 | - res.status(500).send(err); | ||
| 19 | - } else { | ||
| 20 | - if (session) { | ||
| 21 | - req.session = session; | ||
| 22 | - next(); | ||
| 23 | - } else { | ||
| 24 | - res.status(401).end(); | ||
| 25 | - } | ||
| 26 | - } | ||
| 27 | - }); | ||
| 28 | }; | 19 | }; |
| 29 | }; | 20 | }; |
| 30 | 21 | ||
| 31 | -reqVerified = function (verify) { | 22 | +reqVerified = function (verify) { // Assert mais pour les droits (d'où le 403) |
| 32 | return function (req, res, next) { | 23 | return function (req, res, next) { |
| 33 | reqAuth()(req, res, function () { | 24 | reqAuth()(req, res, function () { |
| 34 | verify(req, res, function (err, verified) { | 25 | verify(req, res, function (err, verified) { |
| @@ -48,7 +39,7 @@ reqVerified = function (verify) { | @@ -48,7 +39,7 @@ reqVerified = function (verify) { | ||
| 48 | 39 | ||
| 49 | reqPerm = function (perm) { | 40 | reqPerm = function (perm) { |
| 50 | return reqVerified(function (req, res, cb) { | 41 | return reqVerified(function (req, res, cb) { |
| 51 | - cb(null, req.session[perm]); | 42 | + cb(null, req.session.data[perm]); |
| 52 | }); | 43 | }); |
| 53 | }; | 44 | }; |
| 54 | 45 | ||
| @@ -82,46 +73,74 @@ decrypt = function () { | @@ -82,46 +73,74 @@ decrypt = function () { | ||
| 82 | }; | 73 | }; |
| 83 | 74 | ||
| 84 | // Sessions | 75 | // Sessions |
| 85 | -api.get('/session', function (req, res) { // Informations sur la session | ||
| 86 | - if (req.cookies && req.cookies.session) { | ||
| 87 | - SessionsServ.use(req.cookies.session, function (err, session) { | ||
| 88 | - if (err) { | ||
| 89 | - res.clearCookie('session'); | ||
| 90 | - // TODO Pas vraiment un 500 | ||
| 91 | - // TODO Gérer ça mieux coté client | ||
| 92 | - res.status(500).send(err); | ||
| 93 | - } else { | ||
| 94 | - res.send(session); | ||
| 95 | - } | 76 | + |
| 77 | +sessionData = function (session, cb) { | ||
| 78 | + PolyUserServ.get(session.login, function (err, nom) { | ||
| 79 | + // Nom | ||
| 80 | + session.nom = nom.nom; | ||
| 81 | + session.section = nom.section; | ||
| 82 | + MembresServ.estBureau(session.login, function (bureau) { | ||
| 83 | + session.bureau = bureau; | ||
| 84 | + // Permissions | ||
| 85 | + session.canAddMembre = session.bureau; | ||
| 86 | + session.canDelMembre = session.bureau; | ||
| 87 | + session.canAddConv = true; | ||
| 88 | + session.canDelConv = session.bureau; | ||
| 89 | + session.canAddMess = true; | ||
| 90 | + session.canDelMess = session.bureau; | ||
| 91 | + cb(session); | ||
| 96 | }); | 92 | }); |
| 97 | - } else { | ||
| 98 | - res.clearCookie('session'); | ||
| 99 | - res.send('missing'); | ||
| 100 | - } | 93 | + }); |
| 94 | +}; | ||
| 95 | + | ||
| 96 | +api.use(session({ | ||
| 97 | + // TODO Session store https://github.com/expressjs/session#compatible-session-stores | ||
| 98 | + name: 'membreCool', | ||
| 99 | + resave: false, | ||
| 100 | + saveUninitialized: true, | ||
| 101 | + secret: "Le Club Info c'est cool" // TODO Vrai secret https://gist.github.com/earthgecko/3089509 | ||
| 102 | +})); | ||
| 103 | + | ||
| 104 | +api.get('/session', function (req, res) { // Informations sur la session | ||
| 105 | + res.send(req.session.data); | ||
| 101 | }); | 106 | }); |
| 102 | 107 | ||
| 103 | api.post('/session', decrypt(), assert(function (req, res, cb) { | 108 | api.post('/session', decrypt(), assert(function (req, res, cb) { |
| 104 | cb(null, req.body && typeof req.body.login == 'string' && req.body.login !== '' && typeof req.body.pass == 'string' && req.body.pass !== ''); | 109 | cb(null, req.body && typeof req.body.login == 'string' && req.body.login !== '' && typeof req.body.pass == 'string' && req.body.pass !== ''); |
| 105 | }), function (req, res) { // Se connecter | 110 | }), function (req, res) { // Se connecter |
| 106 | - SessionsServ.open(req.body, function (err, session) { | 111 | + PolyUserServ.verify(req.body.login, req.body.pass, function (err, verified) { |
| 107 | if (err) { | 112 | if (err) { |
| 108 | res.status(500).send(err); | 113 | res.status(500).send(err); |
| 109 | } else { | 114 | } else { |
| 110 | - res.cookie('session', session._id); | ||
| 111 | - res.send(session); | 115 | + if (verified) { |
| 116 | + sessionData({ | ||
| 117 | + login: req.body.login | ||
| 118 | + }, function (session) { | ||
| 119 | + req.session.data = session; | ||
| 120 | + req.session.save(function (err) { | ||
| 121 | + if (err) { | ||
| 122 | + res.status(500).end("Sauvegarde session"); | ||
| 123 | + } else { | ||
| 124 | + res.status(201).send(session); | ||
| 125 | + } | ||
| 126 | + }); | ||
| 127 | + }); | ||
| 128 | + } else { | ||
| 129 | + req.session.destroy(function (err) { | ||
| 130 | + if (err) { | ||
| 131 | + res.status(500).end("Suppression de la session"); | ||
| 132 | + } else { | ||
| 133 | + res.status(401).end(); | ||
| 134 | + } | ||
| 135 | + }); | ||
| 136 | + } | ||
| 112 | } | 137 | } |
| 113 | }); | 138 | }); |
| 114 | }); | 139 | }); |
| 115 | 140 | ||
| 116 | api.delete('/session', function (req, res) { // Se déconnecter | 141 | api.delete('/session', function (req, res) { // Se déconnecter |
| 117 | - if (req.cookies.session) { | ||
| 118 | - SessionsServ.delete(req.cookies.session, function () { | ||
| 119 | - res.clearCookie('session'); | ||
| 120 | - res.end(); | ||
| 121 | - }); | ||
| 122 | - } else { | ||
| 123 | - res.send('missing'); | ||
| 124 | - } | 142 | + req.session.destroy(); |
| 143 | + res.status(200).end(); | ||
| 125 | }); | 144 | }); |
| 126 | 145 | ||
| 127 | 146 |
app/services/SessionsServ.js deleted
| @@ -1,113 +0,0 @@ | @@ -1,113 +0,0 @@ | ||
| 1 | -var SessionModl = require('../models/SessionModl'); | ||
| 2 | -var PolyUserServ = require('../services/PolyUserServ'); | ||
| 3 | -var MembresServ = require('../services/MembresServ'); | ||
| 4 | - | ||
| 5 | -var sessions = {}; | ||
| 6 | - | ||
| 7 | -sessions.cur = false; | ||
| 8 | - | ||
| 9 | -sessions.addData = function (session, cb) { | ||
| 10 | - PolyUserServ.get(session.login, function (err, nom) { | ||
| 11 | - // Nom | ||
| 12 | - session.nom = nom.nom; | ||
| 13 | - session.section = nom.section; | ||
| 14 | - MembresServ.estBureau(session.login, function (bureau) { | ||
| 15 | - session.bureau = bureau; | ||
| 16 | - // Permissions | ||
| 17 | - session.canAddMembre = session.bureau; | ||
| 18 | - session.canDelMembre = session.bureau; | ||
| 19 | - session.canAddConv = true; | ||
| 20 | - session.canDelConv = session.bureau; | ||
| 21 | - session.canAddMess = true; | ||
| 22 | - session.canDelMess = session.bureau; | ||
| 23 | - cb(session); | ||
| 24 | - }); | ||
| 25 | - }); | ||
| 26 | -}; | ||
| 27 | - | ||
| 28 | -sessions.find = function (id, cb) { | ||
| 29 | - _this = this; | ||
| 30 | - SessionModl.findById(id).lean().exec(function (err, session) { | ||
| 31 | - if (typeof session == 'object') { | ||
| 32 | - _this.addData(session, function (session) { | ||
| 33 | - cb(err, session); | ||
| 34 | - }); | ||
| 35 | - } else { | ||
| 36 | - cb(err, null); | ||
| 37 | - } | ||
| 38 | - }); | ||
| 39 | -}; | ||
| 40 | - | ||
| 41 | -sessions.valid = function (session) { | ||
| 42 | - return session.started.setSeconds(session.started.getSeconds() + 3600) > new Date(); | ||
| 43 | -}; | ||
| 44 | - | ||
| 45 | -sessions.delete = function (id, cb) { | ||
| 46 | - SessionModl.remove({ | ||
| 47 | - _id: id | ||
| 48 | - }, cb); | ||
| 49 | -}; | ||
| 50 | - | ||
| 51 | -sessions.verify = function (id, cb) { | ||
| 52 | - _this = this; | ||
| 53 | - _this.find(id, function (err, session) { | ||
| 54 | - if (err) { | ||
| 55 | - cb('error'); | ||
| 56 | - } else { | ||
| 57 | - if (session) { | ||
| 58 | - if (sessions.valid(session)) { | ||
| 59 | - cb(null, session); | ||
| 60 | - } else { | ||
| 61 | - cb('expired'); | ||
| 62 | - _this.delete(id); | ||
| 63 | - } | ||
| 64 | - } else { | ||
| 65 | - cb('unknown'); | ||
| 66 | - } | ||
| 67 | - } | ||
| 68 | - }); | ||
| 69 | -}; | ||
| 70 | - | ||
| 71 | -sessions.use = function (id, cb) { | ||
| 72 | - _this = this; | ||
| 73 | - _this.verify(id, function (err, session) { | ||
| 74 | - if (err) { | ||
| 75 | - cb(err); | ||
| 76 | - } else { | ||
| 77 | - cb(null, session); | ||
| 78 | - } | ||
| 79 | - }); | ||
| 80 | -}; | ||
| 81 | - | ||
| 82 | -sessions.create = function (login, cb) { | ||
| 83 | - SessionModl.create({ | ||
| 84 | - login: login | ||
| 85 | - }, cb); | ||
| 86 | -}; | ||
| 87 | - | ||
| 88 | -sessions.login = function (data, cb) { | ||
| 89 | - PolyUserServ.verify(data.login, data.pass, cb); | ||
| 90 | -}; | ||
| 91 | - | ||
| 92 | -sessions.open = function (data, cb) { | ||
| 93 | - _this = this; | ||
| 94 | - _this.login(data, function (err, res) { | ||
| 95 | - if (err) { | ||
| 96 | - cb(err); | ||
| 97 | - } else { | ||
| 98 | - if (res) { | ||
| 99 | - _this.create(data.login, function (err, session) { | ||
| 100 | - if (err) { | ||
| 101 | - cb(err); | ||
| 102 | - } else { | ||
| 103 | - _this.use(session._id, cb); | ||
| 104 | - } | ||
| 105 | - }); | ||
| 106 | - } else { | ||
| 107 | - cb('invalid'); | ||
| 108 | - } | ||
| 109 | - } | ||
| 110 | - }); | ||
| 111 | -}; | ||
| 112 | - | ||
| 113 | -module.exports = sessions; |
package.json
| @@ -8,6 +8,7 @@ | @@ -8,6 +8,7 @@ | ||
| 8 | "cookie-parser": "^1.3.4", | 8 | "cookie-parser": "^1.3.4", |
| 9 | "express": "^4.12.3", | 9 | "express": "^4.12.3", |
| 10 | "express-http-proxy": "^0.5.0", | 10 | "express-http-proxy": "^0.5.0", |
| 11 | + "express-session": "^1.11.1", | ||
| 11 | "mongoose": "^4.0.1", | 12 | "mongoose": "^4.0.1", |
| 12 | "node-cache": "^1.1.0", | 13 | "node-cache": "^1.1.0", |
| 13 | "node-line-reader": "0.0.2", | 14 | "node-line-reader": "0.0.2", |
public/js/controllers/ConnectCtrl.js
| @@ -6,6 +6,7 @@ angular.module('ConnectCtrl', ['SessionsServ', 'EncryptServ', 'angular-ladda']) | @@ -6,6 +6,7 @@ angular.module('ConnectCtrl', ['SessionsServ', 'EncryptServ', 'angular-ladda']) | ||
| 6 | $scope.connecting = false; | 6 | $scope.connecting = false; |
| 7 | $scope.connect = { | 7 | $scope.connect = { |
| 8 | connect: function () { | 8 | connect: function () { |
| 9 | + // TODO Mieux gérer les mauvais auth | ||
| 9 | $scope.connecting = true; | 10 | $scope.connecting = true; |
| 10 | SessionServ.connect($scope.connect.login, $scope.connect.pass, function (err) { | 11 | SessionServ.connect($scope.connect.login, $scope.connect.pass, function (err) { |
| 11 | $scope.connecting = false; | 12 | $scope.connecting = false; |