Add admin auth

meghprkh · meghprkh · commit ae7eb4b4b0aa · 2016-04-03T23:46:36.000+05:30
diff --git a/admin.html b/admin.html
@@ -4,20 +4,50 @@
     <title>Admin page</title>
   </head>
   <body>
-    <ul id='queueContainer'>
-    </ul>
-    Mark current team's response as : <br/>
-    <button onclick="correctAnswer()">Correct</button>
-    <button onclick="incorrectAnswer()">Incorrect</button>
+
+    <div id="login">
+      Please enter the administrator password:<br />
+      <form id="loginForm">
+        <input id="loginPassword" type="password">
+        <input type="submit">
+      </form>
+    </div>
+
+    <div id="authenticated">
+      <ul id='queueContainer'>
+      </ul>
+      Mark current team's response as : <br/>
+      <button onclick="correctAnswer()">Correct</button>
+      <button onclick="incorrectAnswer()">Incorrect</button>
+    </div>
+
+
     <script src="/socket.io/socket.io.js"></script>
     <script src="http://code.jquery.com/jquery-1.11.1.js"></script>
     <script>
-      var socket = io('/admin');
-      socket.on('queue', function (queue) {
-        var html = queue.map(function (team) {
-          return '<li>Team ' + team + '</li>';
-        }).join('');
-        $('#queueContainer').html(html)
+      var socket, token;
+      $('#authenticated').hide();
+      $('#loginForm').submit(function() {
+        $.post('/adminAuth', {
+          password: $('#loginPassword').val()
+        }, function(tk) {
+          token = tk;
+          socket = io('/admin', {
+            query: "token=" + token
+          });
+
+          socket.on('connect', function() {
+            $('#login').hide();
+            $('#authenticated').show();
+            socket.on('queue', function (queue) {
+              var html = queue.map(function (team) {
+                return '<li>Team ' + team + '</li>';
+              }).join('');
+              $('#queueContainer').html(html)
+            })
+          });
+        })
+        return false;
       })
       function correctAnswer() {
         socket.emit('correctAnswer')
diff --git a/config.js b/config.js
@@ -0,0 +1,5 @@
+module.exports = {
+  'ADMIN_PASSWORD' : 'admin123',
+  'BUZZER_PASSWORD': 'password',
+  'PRIVATE_KEY'    : 'THIS_IS_MY_UNCRACKABLE_PRIVATE_KEY'
+}
diff --git a/index.js b/index.js
@@ -1,6 +1,9 @@
 var app = require('express')();
-var http = require('http').Server(app);
+var bodyParser = require('body-parser');
+var http = require('http').createServer(app);
 var io = require('socket.io')(http);
+var jwt = require('jsonwebtoken');
+const config = require('./config')
 
 var queue = [];
 var incorrectTeams = [];
@@ -10,14 +13,39 @@ function getTeamById(id) {
   return teams.indexOf(id) + 1;
 }
 
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({ extended: true }))
+
 app.get('/', function(req, res){
   res.sendFile(__dirname + '/index.html');
 });
 
+app.get('/queue', function(req, res){
+  res.send(queue)
+});
+
 app.get('/admin', function(req, res){
   res.sendFile(__dirname + '/admin.html');
 });
 
+app.post('/adminAuth', function (req, res) {
+  var password = req.body.password;
+  if (password == config.ADMIN_PASSWORD) {
+    var token = jwt.sign({}, config.PRIVATE_KEY, {
+      expiresIn: '5h',
+      subject: 'admin'
+    });
+    res.send(token)
+  } else res.status(401).send()
+})
+
+io.of('/admin').use(function(socket, next) {
+  var token = socket.request._query.token;
+  if (jwt.verify(token, config.PRIVATE_KEY, {subject: 'admin'}))
+    next();
+  else next(new Error("not authorized"))
+});
+
 io.of('/admin').on('connection', function(socket) {
   socket.emit('queue', queue)
   socket.on('correctAnswer', function () {
diff --git a/package.json b/package.json
@@ -9,7 +9,9 @@
   "author": "Megh Parikh <meghprkh@gmail.com> (http://meghprkh.github.io)",
   "license": "ISC",
   "dependencies": {
+    "body-parser": "^1.15.0",
     "express": "^4.13.4",
+    "jsonwebtoken": "^5.7.0",
     "socket.io": "^1.4.5"
   },
   "devDependencies": {},
