From b6ed80db681c54b7e2120f72bd5b262ab61e28df Mon Sep 17 00:00:00 2001 From: CookieDasora Date: Sun, 3 Sep 2023 16:54:55 -0300 Subject: [PATCH] Rollback to the good ol' header auth. --- package-lock.json | 56 -------------------------------- package.json | 2 -- src/app.ts | 10 +++--- src/controllers/users-router.ts | 1 - src/controllers/users/auth.ts | 14 ++------ src/controllers/users/index.ts | 2 -- src/controllers/users/logout.ts | 14 -------- src/middlewares/authenticated.ts | 10 +++++- 8 files changed, 16 insertions(+), 93 deletions(-) delete mode 100644 src/controllers/users/logout.ts diff --git a/package-lock.json b/package-lock.json index fdf397e..0365ed7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,6 @@ "aws-sdk": "^2.1414.0", "bcrypt": "^5.1.0", "compression": "^1.7.4", - "cookie-parser": "^1.4.6", "cors": "^2.8.5", "dotenv": "^16.3.1", "express": "^4.18.2", @@ -36,7 +35,6 @@ "@swc/core": "^1.3.66", "@types/bcrypt": "^5.0.0", "@types/compression": "^1.7.2", - "@types/cookie-parser": "^1.4.3", "@types/cors": "^2.8.13", "@types/dotenv": "^8.2.0", "@types/express": "^4.17.17", @@ -2660,15 +2658,6 @@ "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz", "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==" }, - "node_modules/@types/cookie-parser": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/@types/cookie-parser/-/cookie-parser-1.4.3.tgz", - "integrity": "sha512-CqSKwFwefj4PzZ5n/iwad/bow2hTCh0FlNAeWLtQM3JA/NX/iYagIpWG2cf1bQKQ2c9gU2log5VUCrn7LDOs0w==", - "dev": true, - "dependencies": { - "@types/express": "*" - } - }, "node_modules/@types/cookiejar": { "version": "2.1.2", "dev": true, @@ -4289,26 +4278,6 @@ "node": ">= 0.6" } }, - "node_modules/cookie-parser": { - "version": "1.4.6", - "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz", - "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==", - "dependencies": { - "cookie": "0.4.1", - "cookie-signature": "1.0.6" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/cookie-parser/node_modules/cookie": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", - "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/cookie-signature": { "version": "1.0.6", "license": "MIT" @@ -12625,15 +12594,6 @@ "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz", "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==" }, - "@types/cookie-parser": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/@types/cookie-parser/-/cookie-parser-1.4.3.tgz", - "integrity": "sha512-CqSKwFwefj4PzZ5n/iwad/bow2hTCh0FlNAeWLtQM3JA/NX/iYagIpWG2cf1bQKQ2c9gU2log5VUCrn7LDOs0w==", - "dev": true, - "requires": { - "@types/express": "*" - } - }, "@types/cookiejar": { "version": "2.1.2", "dev": true @@ -13780,22 +13740,6 @@ "cookie": { "version": "0.5.0" }, - "cookie-parser": { - "version": "1.4.6", - "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz", - "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==", - "requires": { - "cookie": "0.4.1", - "cookie-signature": "1.0.6" - }, - "dependencies": { - "cookie": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", - "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" - } - } - }, "cookie-signature": { "version": "1.0.6" }, diff --git a/package.json b/package.json index 83d5df3..965f38e 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,6 @@ "@swc/core": "^1.3.66", "@types/bcrypt": "^5.0.0", "@types/compression": "^1.7.2", - "@types/cookie-parser": "^1.4.3", "@types/cors": "^2.8.13", "@types/dotenv": "^8.2.0", "@types/express": "^4.17.17", @@ -66,7 +65,6 @@ "aws-sdk": "^2.1414.0", "bcrypt": "^5.1.0", "compression": "^1.7.4", - "cookie-parser": "^1.4.6", "cors": "^2.8.5", "dotenv": "^16.3.1", "express": "^4.18.2", diff --git a/src/app.ts b/src/app.ts index 5f590a3..04c0b92 100644 --- a/src/app.ts +++ b/src/app.ts @@ -6,7 +6,6 @@ import express from 'express' import limiter from 'middlewares/rate-limit' import morganMiddleware from 'middlewares/morgan' import router from './routes' -import cookieParser from 'cookie-parser' const app = express() @@ -15,18 +14,19 @@ const app = express() app.use(express.json()) app.use(express.urlencoded({ extended: true })) -app.use(cookieParser()) app.use(morganMiddleware) -app.use(limiter) -app.use(router) -app.use(compression({ level: 9 })) +app.options('*', cors()) app.use( cors({ credentials: true, origin: process.env.CLIENT_URL, + methods: ['GET', 'POST', 'PUT'], optionsSuccessStatus: 200, }), ) +app.use(limiter) +app.use(router) +app.use(compression({ level: 9 })) app.use((_req, res) => { res.status(404).json({ diff --git a/src/controllers/users-router.ts b/src/controllers/users-router.ts index ed1d71d..ad33c01 100644 --- a/src/controllers/users-router.ts +++ b/src/controllers/users-router.ts @@ -13,7 +13,6 @@ const usersRouter = Router() usersRouter.get('/fetch-posts', user.fetchPosts) usersRouter.get('/info', user.fetchInfo) usersRouter.get('/search', user.searchUser) -usersRouter.get('/logout', authenticated, user.logout) // POST usersRouter.post('/auth', user.auth) diff --git a/src/controllers/users/auth.ts b/src/controllers/users/auth.ts index 418cdb0..68d57b0 100644 --- a/src/controllers/users/auth.ts +++ b/src/controllers/users/auth.ts @@ -1,23 +1,13 @@ import user from 'services/users' import type { Request, Response } from 'express' -import { badRequest } from 'helpers/http-errors' +import handleResponse from 'helpers/handle-response' async function userAuthController(req: Request, res: Response): Promise { const { email, password } = req.body const result = await user.auth({ email, password }) - if (result instanceof Error) { - badRequest(res, result.message) - } else { - res - .cookie('knedita_token', result.token, { - httpOnly: true, - secure: process.env.NODE_ENV === 'production', - }) - .status(200) - .json({ message: 'Logged in successfully' }) - } + handleResponse(res, result) } export default userAuthController diff --git a/src/controllers/users/index.ts b/src/controllers/users/index.ts index dea265b..5caf538 100644 --- a/src/controllers/users/index.ts +++ b/src/controllers/users/index.ts @@ -5,7 +5,6 @@ import userFetchInfoController from './fetch-info' import userFetchPostsController from './fetch-posts' import userLikeCommentController from './like-comment' import userLikePostController from './like-post' -import userLogoutController from './logout' import userSearchController from './search-user' import userSignupController from './signup' import userUpdateEmailController from './update-email' @@ -21,7 +20,6 @@ const user = { follow: userFollowController, likeComment: userLikeCommentController, likePost: userLikePostController, - logout: userLogoutController, searchUser: userSearchController, signup: userSignupController, updateEmail: userUpdateEmailController, diff --git a/src/controllers/users/logout.ts b/src/controllers/users/logout.ts deleted file mode 100644 index d63849a..0000000 --- a/src/controllers/users/logout.ts +++ /dev/null @@ -1,14 +0,0 @@ -import type { Request, Response } from 'express' - -async function userLogoutController( - req: Request, - res: Response, -): Promise { - // @ts-expect-error clearCookie interface does not exists in Response. - return res - .clearCookie('knedita_token') - .status(200) - .json({ message: 'Successfully logged out' }) -} - -export default userLogoutController diff --git a/src/middlewares/authenticated.ts b/src/middlewares/authenticated.ts index ef90e8a..671d702 100644 --- a/src/middlewares/authenticated.ts +++ b/src/middlewares/authenticated.ts @@ -10,7 +10,15 @@ async function authenticated( next: NextFunction, ): Promise { try { - const token = req.cookies.knedita_token + if ( + req.headers.authorization === undefined || + req.headers.authorization.length === 0 + ) { + unauthorized(res, 'Missing token') + return + } + + const token = req.headers.authorization.split(' ')[1] if (token === undefined) { unauthorized(res, 'Missing token')