From 487ada6612a17cf22bb146264b0a6d67da8421e0 Mon Sep 17 00:00:00 2001 From: Aman Kumar Gupta Date: Thu, 12 Oct 2023 21:45:30 +0530 Subject: [PATCH 1/3] IMPROVED: Authentication flow of resources --- .gitignore | 5 +++- server/.env.sample | 4 +++ server/constants/app-constants.js | 9 ++++++ server/middlewares/checkToken.js | 48 +++++++++++++++++++------------ server/routes/paymentRoutes.js | 2 -- server/routes/shopRoutes.js | 3 -- server/server.js | 7 +++-- 7 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 server/.env.sample create mode 100644 server/constants/app-constants.js diff --git a/.gitignore b/.gitignore index d3ff5fc..3482391 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,7 @@ npm-debug.log* yarn-debug.log* yarn-error.log* -package-lock.json \ No newline at end of file +package-lock.json + +server/.env +.env \ No newline at end of file diff --git a/server/.env.sample b/server/.env.sample new file mode 100644 index 0000000..23c0c46 --- /dev/null +++ b/server/.env.sample @@ -0,0 +1,4 @@ +RAZORPAY_KEY_ID=rzp_XXXXXXXXXXXXXXXXXXXX +RAZORPAY_SECRET=XXXXXXXXXXXXXXXX + +CURRENCY=XXX \ No newline at end of file diff --git a/server/constants/app-constants.js b/server/constants/app-constants.js new file mode 100644 index 0000000..4f83ef0 --- /dev/null +++ b/server/constants/app-constants.js @@ -0,0 +1,9 @@ +module.exports = { + /* Add all your guest route here... */ + guestUrls: [ + '/api/user/signup', + '/api/user/login', + '/api/fetch_products', + '/api/get_product', + ], +}; diff --git a/server/middlewares/checkToken.js b/server/middlewares/checkToken.js index 6225bb3..6e1d6d1 100644 --- a/server/middlewares/checkToken.js +++ b/server/middlewares/checkToken.js @@ -1,21 +1,33 @@ -const jwt = require('jsonwebtoken'); -const HttpResponse = require('../models/http-response'); +const jwt = require("jsonwebtoken"); +const HttpResponse = require("../models/http-response"); +const APP_CONSTANTS = require("../constants/app-constants"); module.exports = (req, res, next) => { - if (req.method === 'OPTIONS') { - return next(); - } - try { - const token = req.headers.authorization.split(' ')[1]; // Authorization: 'Bearer TOKEN' - if (!token) { - throw new Error('Authentication failed!'); - } - const decodedToken = jwt.verify(token, 'this is www.datacode.in private key'); - console.log("SDF", decodedToken) - req.userData = { _id: decodedToken._id, email: decodedToken.email, userType: decodedToken.userType }; - next(); - } catch (err) { - const error = new HttpResponse('Authentication failed!', 403); - return res.json({ response: error }); + if ( + req.method === "OPTIONS" || + APP_CONSTANTS.guestUrls.some((url) => req.url.includes(url)) + ) { + return next(); + } + + try { + const token = req.headers.authorization.split(" ")[1]; // Authorization: 'Bearer TOKEN' + if (!token) { + throw new Error("Authentication failed!"); } -}; \ No newline at end of file + const decodedToken = jwt.verify( + token, + "this is www.datacode.in private key" + ); + console.log("SDF", decodedToken); + req.userData = { + _id: decodedToken._id, + email: decodedToken.email, + userType: decodedToken.userType, + }; + next(); + } catch (err) { + const error = new HttpResponse("Authentication failed!", 403); + return res.json({ response: error }); + } +}; diff --git a/server/routes/paymentRoutes.js b/server/routes/paymentRoutes.js index c159c1a..f1d93ae 100644 --- a/server/routes/paymentRoutes.js +++ b/server/routes/paymentRoutes.js @@ -1,10 +1,8 @@ const express = require("express"); -const checkToken = require("../middlewares/checkToken"); const paymentControllers = require("../controllers/paymentControllers"); const router = express.Router(); -router.use(checkToken); router.post("/cart_order", paymentControllers.createPayments); // router.get("/cart_order", paymentControllers.fetchPayments); diff --git a/server/routes/shopRoutes.js b/server/routes/shopRoutes.js index cb2c499..33954b0 100644 --- a/server/routes/shopRoutes.js +++ b/server/routes/shopRoutes.js @@ -1,13 +1,10 @@ const express = require("express"); const shopController = require("../controllers/shopControllers"); -const checkToken = require("../middlewares/checkToken"); const router = express.Router(); router.get("/fetch_products", shopController.getProducts); router.get("/get_product/:id", shopController.getProduct); -router.use(checkToken); router.post("/add_product", shopController.addProduct); - router.post("/add_order", shopController.addOrder); router.get("/get_orders", shopController.getOrders); diff --git a/server/server.js b/server/server.js index 0c9b3c8..cc80a78 100644 --- a/server/server.js +++ b/server/server.js @@ -9,6 +9,7 @@ const shopRoutes = require("./routes/shopRoutes"); const userRoutes = require("./routes/userRoutes"); const paymentRoutes = require("./routes/paymentRoutes"); const mongo = require("./configs/dbConfig"); +const checkToken = require("./middlewares/checkToken"); const app = express(); const port = 5000; @@ -18,8 +19,6 @@ app.use(bodyParser.json({ limit: '50mb' })); app.use(bodyParser.urlencoded({ limit: '50mb', extended: true })); app.use(express.json()); -app.use("/api/user", userRoutes) - // TOKEN AUTHENTICATION- ALL THE ROUTES WRITTEN BELOW THIS WILL NEED TOKEN TO BE SENT in request headers app.use((req, res, next) => { res.setHeader('Access-Control-Allow-Origin', '*'); @@ -31,6 +30,10 @@ app.use((req, res, next) => { next(); }); +/* Check for authentication on protected resources */ +app.use(checkToken) + +app.use("/api/user", userRoutes) app.use("/api/payment", paymentRoutes) app.use("/api", shopRoutes); From e8df1c2e2efd31925824b8f291504322f070b121 Mon Sep 17 00:00:00 2001 From: Aman Kumar Gupta Date: Thu, 12 Oct 2023 21:47:34 +0530 Subject: [PATCH 2/3] ADDED: .env in gitignore for security purpose --- .env | 3 --- .gitignore | 2 -- server/.env | 4 ---- 3 files changed, 9 deletions(-) delete mode 100644 .env delete mode 100644 server/.env diff --git a/.env b/.env deleted file mode 100644 index 773aee9..0000000 --- a/.env +++ /dev/null @@ -1,3 +0,0 @@ -SKIP_PREFLIGHT_CHECK=true -REACT_APP_DEFAULT_IMAGE=http://res.cloudinary.com/datacode/image/upload/v1666720235/knjnasceld4y0b4y3clc.jpg -# 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 \ No newline at end of file diff --git a/.gitignore b/.gitignore index 3482391..1f945f5 100644 --- a/.gitignore +++ b/.gitignore @@ -22,7 +22,5 @@ npm-debug.log* yarn-debug.log* yarn-error.log* -package-lock.json - server/.env .env \ No newline at end of file diff --git a/server/.env b/server/.env deleted file mode 100644 index f54e45c..0000000 --- a/server/.env +++ /dev/null @@ -1,4 +0,0 @@ -RAZORPAY_KEY_ID=rzp_test_PNolgaEI9aZ95P -RAZORPAY_SECRET=89Roy7jyi4mI5Sv0NVOT2iKt - -CURRENCY=INR \ No newline at end of file From 3ee613af6e8959f63e1710c862aa1098b5a11275 Mon Sep 17 00:00:00 2001 From: Aman Kumar Gupta Date: Thu, 12 Oct 2023 21:52:41 +0530 Subject: [PATCH 3/3] ADDED: .env.sample for react as well --- .env.sample | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .env.sample diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..773aee9 --- /dev/null +++ b/.env.sample @@ -0,0 +1,3 @@ +SKIP_PREFLIGHT_CHECK=true +REACT_APP_DEFAULT_IMAGE=http://res.cloudinary.com/datacode/image/upload/v1666720235/knjnasceld4y0b4y3clc.jpg +# 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 \ No newline at end of file