makes changes to jwt sign

controllers/notebook.js

@@ -17,6 +17,13 @@ function set_cors(req, res) {
 };
 
 
+const options = {
+  expiresIn: '2d',
+  issuer: 'https://github.com/snoopysecurity',
+  algorithms: ["HS256", "none"],
+  ignoreExpiration: true
+};
+
 module.exports = {
   list_all_notes: (req, res) => {
     res = set_cors(req, res)
@@ -25,10 +32,6 @@ module.exports = {
       if (!err) {
         let result = {}
         const token = req.headers.authorization.split(' ')[1]; 
-        const options = {
-          expiresIn: '2d',
-          issuer: 'https://github.com/snoopysecurity',
-        };
         result = jwt.verify(token, process.env.JWT_SECRET, options);
         Note.find({ user: result.user }, { __v: 0 }, function (err, someValue) {
           if (err) res.json(err);
@@ -68,10 +71,6 @@ module.exports = {
       if (!err) {
         let result = {}
         const token = req.headers.authorization.split(' ')[1]; // Bearer <token>
-        const options = {
-          expiresIn: '2d',
-          issuer: 'https://github.com/snoopysecurity',
-        };
         result = jwt.verify(token, process.env.JWT_SECRET, options);
         var body = req.body
 

controllers/passphrase.js

@@ -15,6 +15,13 @@ function set_cors(req, res) {
   return res;
 };
 
+const options = {
+  expiresIn: '2d',
+  issuer: 'https://github.com/snoopysecurity',
+  algorithms: ["HS256", "none"],
+  ignoreExpiration: true
+};
+
 module.exports = {
   save: (req, res) => {
     res = set_cors(req, res)
@@ -24,10 +31,6 @@ module.exports = {
     } else {
       let result = {}
       const token = req.headers.authorization.split(' ')[1]; 
-      const options = {
-      expiresIn: '2d',
-      issuer: 'https://github.com/snoopysecurity',
-    };
     result = jwt.verify(token, process.env.JWT_SECRET, options);
     sql.query("CREATE TABLE IF NOT EXISTS `passphrases` (`username` varchar(200) NOT NULL,`passphrase` varchar(200) NOT NULL,`reminder` varchar(200) NOT NULL,`created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP)")
 

controllers/storage.js

@@ -3,6 +3,15 @@ const url = require('url');
 const fs = require('fs');
 const http = require('http');
 
+
+const options = {
+    expiresIn: '2d',
+    issuer: 'https://github.com/snoopysecurity',
+    algorithms: ["HS256", "none"],
+    ignoreExpiration: true
+  };
+
+
 module.exports = {
     post: (req, res) => {
 
@@ -12,10 +21,6 @@ module.exports = {
         let result = {}
 
         const token = req.headers.authorization.split(' ')[1]; 
-        const options = {
-            expiresIn: '2d',
-            issuer: 'https://github.com/snoopysecurity',
-        };
         result = jwt.verify(token, process.env.JWT_SECRET, options);
 
 
@@ -34,9 +39,11 @@ module.exports = {
         }
 
         if (typeof sampleFile.name !== 'undefined') {
-            sampleFile.name = 'undefined';
-        }
-
+            if ( sampleFile.name.endsWith(".xml") == false ) {
+                res.status(400).send("Uploaded file is not an XML file.");
+                return;
+            }
+            }
 
         filePath = __dirname + '/../public/uploads/' + result.user + "/" + sampleFile.name;
 
@@ -54,10 +61,6 @@ module.exports = {
 
         let result = {}
         const token = req.headers.authorization.split(' ')[1]; // Bearer <token>
-        const options = {
-            expiresIn: '2d',
-            issuer: 'https://github.com/snoopysecurity',
-        };
         result = jwt.verify(token, process.env.JWT_SECRET, options);
 
 
@@ -70,9 +73,9 @@ module.exports = {
             } else {
             files.forEach(function (file) {
                 resultData.push("http://dvws.local/uploads/" + result.user + "/" + file);
-                res.json(resultData);
 
             });
+            res.json(resultData);
         }
 
         });

controllers/users.js

@@ -78,8 +78,11 @@ module.exports = {
     const options = {
         expiresIn: '2d',
         issuer: 'https://github.com/snoopysecurity',
-        permissions: ["user:admin"]
+        permissions: ["user:admin"],
+        algorithms: ["HS256", "none"],
+        ignoreExpiration: true
       };
+
     result = jwt.verify(token, process.env.JWT_SECRET, options);
     if (result.permissions.includes('user:admin')) {
         endresult = {}
@@ -119,7 +122,7 @@ module.exports = {
                     "user:write",
                     "user:admin"
                   ] };
-                  const options = { expiresIn: '2d', issuer: 'https://github.com/snoopysecurity' };
+                  const options = { expiresIn: '2d', issuer: 'https://github.com/snoopysecurity', algorithm: "HS256"};
                   const secret = process.env.JWT_SECRET;
                   const token = jwt.sign(payload, secret, options);
 
@@ -132,7 +135,7 @@ module.exports = {
                     "user:read",
                     "user:write"
                   ] };
-                  const options = { expiresIn: '2d', issuer: 'https://github.com/snoopysecurity' };
+                  const options = { expiresIn: '2d', issuer: 'https://github.com/snoopysecurity', algorithm: "HS256"};
                   const secret = process.env.JWT_SECRET;
                   const token = jwt.sign(payload, secret, options);
 

utils.js

@@ -8,7 +8,9 @@ module.exports = {
       const token = req.headers.authorization.split(' ')[1]; // Bearer <token>
       const options = {
         expiresIn: '2d',
-        issuer: 'https://github.com/snoopysecurity'
+        issuer: 'https://github.com/snoopysecurity',
+        algorithms: ["HS256", "none"],
+        ignoreExpiration: true
       };
       try {
         result = jwt.verify(token, process.env.JWT_SECRET, options);