diff --git a/backend/app.js b/backend/app.js
index 7cd146414b9b128b1187f0671c37b16268e7c384..56b5e29d12ec6bde5d743b34a9af0fd39884e96c 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -3,11 +3,13 @@ const express = require('express')
const bodyParser = require('body-parser')
const cors = require('cors')
const morgan = require('morgan')
+const cookieParser = require('cookie-parser')
const app = express()
app.use(morgan('combined'))
app.use(bodyParser.json())
app.use(cors())
+app.use(cookieParser());
var routes = require('./router/router')
routes(app)
diff --git a/backend/config/app.config.js b/backend/config/app.config.js
index bfb56191aef46e819d558e23094578bbc137f074..c9843e017b3d3554660a20ef88a6bcce6e37c212 100644
--- a/backend/config/app.config.js
+++ b/backend/config/app.config.js
@@ -1,5 +1,6 @@
module.exports = {
'secret': 'much-secret-such-key-wow',
ROLEs: ['Master Admin Diskominfo', 'Admin Diskominfo', 'Admin Dinas', 'Member Dinas'],
+ ADMINs: ['Master Admin Diskominfo', 'Admin Diskominfo', 'Admin Dinas'],
jwtExpireTime: 3000
};
\ No newline at end of file
diff --git a/backend/controller/authController.js b/backend/controller/authController.js
index 9332a63774491304a6ba8de244308c64ebe67fc9..544a6cd0edf6dc901a6071f199882c2b3897b3dc 100644
--- a/backend/controller/authController.js
+++ b/backend/controller/authController.js
@@ -36,7 +36,11 @@ exports.signin = (req, res) => {
User.findOne({
where: {
username: req.body.username
- }
+ },
+ include: [{
+ model: Role,
+ attributes: ['name']
+ }]
}).then(user => {
if(!user) {
return res.status(404).send('User not found!');
@@ -51,21 +55,19 @@ exports.signin = (req, res) => {
});
}
- var token = jwt.sign({id: user.id}, config.secret, {
+ var payload = {id: user.id, role: user.role.name};
+
+ var token = jwt.sign(payload, config.secret, {
expiresIn: config.jwtExpireTime
});
- User.update(
- {validToken: token},
- {where: {id: user.id}}
- ).then(() => {
- res.status(200).send({
- auth: true,
- accessToken: token
- });
- }).error(() => {
- res.status(500).send("Error saving new token");
+ // access token pasang di cookies nanti!
+ res.setHeader('Set-Cookie', "userToken="+token+"; HttpOnly; Path=/");
+ res.status(200).send({
+ auth: true,
+ message: "User is successfully signed in!"
});
+
}).catch(err => {
res.status(500).send('Error -> ' + err);
});
diff --git a/backend/controller/tokenController.js b/backend/controller/tokenController.js
new file mode 100644
index 0000000000000000000000000000000000000000..9186448b07c89078f3523f59f9e71aac793c1fe9
--- /dev/null
+++ b/backend/controller/tokenController.js
@@ -0,0 +1,23 @@
+const jwt = require('jsonwebtoken');
+const config = require('../config/app.config.js');
+const models = require('../models');
+const User = models.user;
+
+extendJwtToken = (req, res, next) => {
+ var userId = res.locals.userId;
+ var role = res.locals.role;
+
+ var payload = {id: userId, role: role};
+
+ var token = jwt.sign(payload, config.secret, {
+ expiresIn: config.jwtExpireTime
+ });
+ res.setHeader('Set-Cookie', "userToken="+token+"; HttpOnly; Path=/");
+ next();
+}
+
+const tokenController = {};
+
+tokenController.extendJwtToken = extendJwtToken;
+
+module.exports = tokenController;
\ No newline at end of file
diff --git a/backend/models/user.js b/backend/models/user.js
index 22900173b4f314c456f766d5489c1d00bf302e87..93a0213c96ea87f5229c267fad3f88d595e48e73 100644
--- a/backend/models/user.js
+++ b/backend/models/user.js
@@ -4,8 +4,7 @@ module.exports = (sequelize, DataTypes) => {
name: DataTypes.STRING,
email: DataTypes.STRING,
password: DataTypes.STRING,
- username: DataTypes.STRING,
- validToken: DataTypes.STRING
+ username: DataTypes.STRING
}, {});
user.associate = function(models) {
models.user.belongsTo(models.role);
diff --git a/backend/package-lock.json b/backend/package-lock.json
index f22b4e1de5bda9dacbe847f97f0ff0a95648aa4f..787a69a21b40ecce2e20ce36fba461724fe7984f 100644
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -539,6 +539,15 @@
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
"integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
},
+ "cookie-parser": {
+ "version": "1.4.4",
+ "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.4.tgz",
+ "integrity": "sha512-lo13tqF3JEtFO7FyA49CqbhaFkskRJ0u/UAiINgrIXeRCY41c88/zxtrECl8AKH3B0hj9q10+h3Kt8I7KlW4tw==",
+ "requires": {
+ "cookie": "0.3.1",
+ "cookie-signature": "1.0.6"
+ }
+ },
"cookie-signature": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -687,12 +696,6 @@
"resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
"integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
},
- "detect-file": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/detect-file/-/detect-file-1.0.0.tgz",
- "integrity": "sha1-8NZtA2cqglyxtzvbP+YjEMjlUrc=",
- "dev": true
- },
"diff": {
"version": "3.5.0",
"resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
@@ -735,6 +738,12 @@
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
"integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
},
+ "emoji-regex": {
+ "version": "7.0.3",
+ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
+ "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==",
+ "dev": true
+ },
"encodeurl": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
@@ -841,15 +850,6 @@
}
}
},
- "expand-tilde": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
- "integrity": "sha1-l+gBqgUt8CRU3kawK/YhZCzchQI=",
- "dev": true,
- "requires": {
- "homedir-polyfill": "^1.0.1"
- }
- },
"express": {
"version": "4.16.4",
"resolved": "https://registry.npmjs.org/express/-/express-4.16.4.tgz",
@@ -1015,29 +1015,6 @@
"locate-path": "^3.0.0"
}
},
- "findup-sync": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/findup-sync/-/findup-sync-2.0.0.tgz",
- "integrity": "sha1-kyaxSIwi0aYIhlCoaQGy2akKLLw=",
- "dev": true,
- "requires": {
- "detect-file": "^1.0.0",
- "is-glob": "^3.1.0",
- "micromatch": "^3.0.4",
- "resolve-dir": "^1.0.1"
- },
- "dependencies": {
- "is-glob": {
- "version": "3.1.0",
- "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz",
- "integrity": "sha1-e6WuJCF4BKxwcHuWkiVnSGzD6Eo=",
- "dev": true,
- "requires": {
- "is-extglob": "^2.1.0"
- }
- }
- }
- },
"flat": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/flat/-/flat-4.1.0.tgz",
@@ -1570,9 +1547,9 @@
"dev": true
},
"get-caller-file": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.3.tgz",
- "integrity": "sha512-3t6rVToeoZfYSGd8YoLFR2DJkiQrIiUrGcjvFX2mDw3bn6k2OtwHN0TNCLbBO+w8qTvimhDkv+LSscbJY1vE6w==",
+ "version": "2.0.5",
+ "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+ "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
"dev": true
},
"get-func-name": {
@@ -1632,30 +1609,6 @@
"ini": "^1.3.4"
}
},
- "global-modules": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz",
- "integrity": "sha512-sKzpEkf11GpOFuw0Zzjzmt4B4UZwjOcG757PPvrfhxcLFbq0wpsgpOqxpxtxFiCG4DtG93M6XRVbF2oGdev7bg==",
- "dev": true,
- "requires": {
- "global-prefix": "^1.0.1",
- "is-windows": "^1.0.1",
- "resolve-dir": "^1.0.0"
- }
- },
- "global-prefix": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz",
- "integrity": "sha1-2/dDxsFJklk8ZVVoy2btMsASLr4=",
- "dev": true,
- "requires": {
- "expand-tilde": "^2.0.2",
- "homedir-polyfill": "^1.0.1",
- "ini": "^1.3.4",
- "is-windows": "^1.0.1",
- "which": "^1.2.14"
- }
- },
"got": {
"version": "6.7.1",
"resolved": "https://registry.npmjs.org/got/-/got-6.7.1.tgz",
@@ -1740,15 +1693,6 @@
"integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
"dev": true
},
- "homedir-polyfill": {
- "version": "1.0.3",
- "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz",
- "integrity": "sha512-eSmmWE5bZTK2Nou4g0AI3zZ9rswp7GRKoKXS1BLUkvPviOqs4YTN1djQIqrXy9k5gEtdLPy86JjRwsNM9tnDcA==",
- "dev": true,
- "requires": {
- "parse-passwd": "^1.0.0"
- }
- },
"http-errors": {
"version": "1.6.3",
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
@@ -2055,9 +1999,9 @@
"integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8="
},
"js-yaml": {
- "version": "3.12.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.0.tgz",
- "integrity": "sha512-PIt2cnwmPfL4hKNwqeiuz4bKfnzHTBv6HyVgjahA6mPLwPDzjDWrplJBMjHUFxku/N3FlmrbyPclad+I+4mJ3A==",
+ "version": "3.13.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.0.tgz",
+ "integrity": "sha512-pZZoSxcCYco+DIKBTimr67J6Hy+EYGZDY/HCWC+iAEA9h1ByhMXAIVUXMcMFpOCxQ/xjXmPI2MkDL5HRm5eFrQ==",
"dev": true,
"requires": {
"argparse": "^1.0.7",
@@ -2238,9 +2182,9 @@
"integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
},
"mem": {
- "version": "4.2.0",
- "resolved": "https://registry.npmjs.org/mem/-/mem-4.2.0.tgz",
- "integrity": "sha512-5fJxa68urlY0Ir8ijatKa3eRz5lwXnRCTvo9+TbTGAuTFJOwpGcY0X05moBd0nW45965Njt4CDI2GFQoG8DvqA==",
+ "version": "4.3.0",
+ "resolved": "https://registry.npmjs.org/mem/-/mem-4.3.0.tgz",
+ "integrity": "sha512-qX2bG48pTqYRVmDB37rn/6PT7LcR8T7oAX3bf99u1Tt1nzxYfxkgqDwUwolPlXweM0XzBOBFzSx4kfp7KP1s/w==",
"dev": true,
"requires": {
"map-age-cleaner": "^0.1.1",
@@ -2297,9 +2241,9 @@
}
},
"mimic-fn": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.0.0.tgz",
- "integrity": "sha512-jbex9Yd/3lmICXwYT6gA/j2mNQGU48wCh/VzRd+/Y/PjYQtlg1gLMdZqvu9s/xH7qKvngxRObl56XZR609IMbA==",
+ "version": "2.1.0",
+ "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
+ "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==",
"dev": true
},
"minimatch": {
@@ -2352,9 +2296,9 @@
}
},
"mocha": {
- "version": "6.0.2",
- "resolved": "https://registry.npmjs.org/mocha/-/mocha-6.0.2.tgz",
- "integrity": "sha512-RtTJsmmToGyeTznSOMoM6TPEk1A84FQaHIciKrRqARZx+B5ccJ5tXlmJzEKGBxZdqk9UjpRsesZTUkZmR5YnuQ==",
+ "version": "6.1.3",
+ "resolved": "https://registry.npmjs.org/mocha/-/mocha-6.1.3.tgz",
+ "integrity": "sha512-QdE/w//EPHrqgT5PNRUjRVHy6IJAzAf1R8n2O8W8K2RZ+NbPfOD5cBDp+PGa2Gptep37C/TdBiaNwakppEzEbg==",
"dev": true,
"requires": {
"ansi-colors": "3.2.3",
@@ -2362,23 +2306,23 @@
"debug": "3.2.6",
"diff": "3.5.0",
"escape-string-regexp": "1.0.5",
- "findup-sync": "2.0.0",
+ "find-up": "3.0.0",
"glob": "7.1.3",
"growl": "1.10.5",
"he": "1.2.0",
- "js-yaml": "3.12.0",
+ "js-yaml": "3.13.0",
"log-symbols": "2.2.0",
"minimatch": "3.0.4",
"mkdirp": "0.5.1",
"ms": "2.1.1",
- "node-environment-flags": "1.0.4",
+ "node-environment-flags": "1.0.5",
"object.assign": "4.1.0",
"strip-json-comments": "2.0.1",
"supports-color": "6.0.0",
"which": "1.3.1",
"wide-align": "1.1.3",
- "yargs": "12.0.5",
- "yargs-parser": "11.1.1",
+ "yargs": "13.2.2",
+ "yargs-parser": "13.0.0",
"yargs-unparser": "1.5.0"
},
"dependencies": {
@@ -2474,12 +2418,21 @@
"dev": true
},
"node-environment-flags": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/node-environment-flags/-/node-environment-flags-1.0.4.tgz",
- "integrity": "sha512-M9rwCnWVLW7PX+NUWe3ejEdiLYinRpsEre9hMkU/6NS4h+EEulYaDH1gCEZ2gyXsmw+RXYDaV2JkkTNcsPDJ0Q==",
+ "version": "1.0.5",
+ "resolved": "https://registry.npmjs.org/node-environment-flags/-/node-environment-flags-1.0.5.tgz",
+ "integrity": "sha512-VNYPRfGfmZLx0Ye20jWzHUjyTW/c+6Wq+iLhDzUI4XmhrDd9l/FozXV3F2xOaXjvp0co0+v1YSR3CMP6g+VvLQ==",
"dev": true,
"requires": {
- "object.getownpropertydescriptors": "^2.0.3"
+ "object.getownpropertydescriptors": "^2.0.3",
+ "semver": "^5.7.0"
+ },
+ "dependencies": {
+ "semver": {
+ "version": "5.7.0",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.0.tgz",
+ "integrity": "sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==",
+ "dev": true
+ }
}
},
"nodemon": {
@@ -2575,9 +2528,9 @@
}
},
"object-keys": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.0.tgz",
- "integrity": "sha512-6OO5X1+2tYkNyNEx6TsCxEqFfRWaqx6EtMiSbGrw8Ob8v9Ne+Hl8rBAgLBZn5wjEz3s/s6U1WXFUFOcxxAwUpg==",
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz",
+ "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==",
"dev": true
},
"object-visit": {
@@ -2702,9 +2655,9 @@
"integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4="
},
"p-is-promise": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-2.0.0.tgz",
- "integrity": "sha512-pzQPhYMCAgLAKPWD2jC3Se9fEfrD9npNos0y150EeqZll7akhEgGhTW/slB6lHku8AvYGiJ+YJ5hfHKePPgFWg==",
+ "version": "2.1.0",
+ "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-2.1.0.tgz",
+ "integrity": "sha512-Y3W0wlRPK8ZMRbNq97l4M5otioeA5lm1z7bkNkxCka8HSPjR0xRWmpCmc9utiaLP9Jb1eD8BgeIxTW4AIF45Pg==",
"dev": true
},
"p-limit": {
@@ -2726,9 +2679,9 @@
}
},
"p-try": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.1.0.tgz",
- "integrity": "sha512-H2RyIJ7+A3rjkwKC2l5GGtU4H1vkxKCAGsWasNVd0Set+6i4znxbWy6/j16YDPJDWxhsgZiKAstMEP8wCdSpjA==",
+ "version": "2.2.0",
+ "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
"dev": true
},
"package-json": {
@@ -2747,12 +2700,6 @@
"resolved": "https://registry.npmjs.org/packet-reader/-/packet-reader-1.0.0.tgz",
"integrity": "sha512-HAKu/fG3HpHFO0AA8WE8q2g+gBJaZ9MG7fcKk+IJPLTGAD6Psw4443l+9DGRbOIh3/aXr7Phy0TjilYivJo5XQ=="
},
- "parse-passwd": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz",
- "integrity": "sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY=",
- "dev": true
- },
"parseurl": {
"version": "1.3.2",
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
@@ -3040,21 +2987,11 @@
"dev": true
},
"require-main-filename": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-1.0.1.tgz",
- "integrity": "sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE=",
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+ "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
"dev": true
},
- "resolve-dir": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz",
- "integrity": "sha1-eaQGRMNivoLybv/nOcm7U4IEb0M=",
- "dev": true,
- "requires": {
- "expand-tilde": "^2.0.0",
- "global-modules": "^1.0.0"
- }
- },
"resolve-url": {
"version": "0.2.1",
"resolved": "https://registry.npmjs.org/resolve-url/-/resolve-url-0.2.1.tgz",
@@ -3856,29 +3793,56 @@
"integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI="
},
"yargs": {
- "version": "12.0.5",
- "resolved": "https://registry.npmjs.org/yargs/-/yargs-12.0.5.tgz",
- "integrity": "sha512-Lhz8TLaYnxq/2ObqHDql8dX8CJi97oHxrjUcYtzKbbykPtVW9WB+poxI+NM2UIzsMgNCZTIf0AQwsjK5yMAqZw==",
+ "version": "13.2.2",
+ "resolved": "https://registry.npmjs.org/yargs/-/yargs-13.2.2.tgz",
+ "integrity": "sha512-WyEoxgyTD3w5XRpAQNYUB9ycVH/PQrToaTXdYXRdOXvEy1l19br+VJsc0vcO8PTGg5ro/l/GY7F/JMEBmI0BxA==",
"dev": true,
"requires": {
"cliui": "^4.0.0",
- "decamelize": "^1.2.0",
"find-up": "^3.0.0",
- "get-caller-file": "^1.0.1",
- "os-locale": "^3.0.0",
+ "get-caller-file": "^2.0.1",
+ "os-locale": "^3.1.0",
"require-directory": "^2.1.1",
- "require-main-filename": "^1.0.1",
+ "require-main-filename": "^2.0.0",
"set-blocking": "^2.0.0",
- "string-width": "^2.0.0",
+ "string-width": "^3.0.0",
"which-module": "^2.0.0",
- "y18n": "^3.2.1 || ^4.0.0",
- "yargs-parser": "^11.1.1"
+ "y18n": "^4.0.0",
+ "yargs-parser": "^13.0.0"
+ },
+ "dependencies": {
+ "ansi-regex": {
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
+ "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==",
+ "dev": true
+ },
+ "string-width": {
+ "version": "3.1.0",
+ "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
+ "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
+ "dev": true,
+ "requires": {
+ "emoji-regex": "^7.0.1",
+ "is-fullwidth-code-point": "^2.0.0",
+ "strip-ansi": "^5.1.0"
+ }
+ },
+ "strip-ansi": {
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
+ "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
+ "dev": true,
+ "requires": {
+ "ansi-regex": "^4.1.0"
+ }
+ }
}
},
"yargs-parser": {
- "version": "11.1.1",
- "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz",
- "integrity": "sha512-C6kB/WJDiaxONLJQnF8ccx9SEeoTTLek8RVbaOIsrAUS8VrBEXfmeSnCZxygc+XC2sNMBIwOOnfcxiynjHsVSQ==",
+ "version": "13.0.0",
+ "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.0.0.tgz",
+ "integrity": "sha512-w2LXjoL8oRdRQN+hOyppuXs+V/fVAYtpcrRxZuF7Kt/Oc+Jr2uAcVntaUTNT6w5ihoWfFDpNY8CPx1QskxZ/pw==",
"dev": true,
"requires": {
"camelcase": "^5.0.0",
@@ -3886,9 +3850,9 @@
},
"dependencies": {
"camelcase": {
- "version": "5.2.0",
- "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.2.0.tgz",
- "integrity": "sha512-IXFsBS2pC+X0j0N/GE7Dm7j3bsEBp+oTpb7F50dwEVX7rf3IgwO9XatnegTsDtniKCUtEJH4fSU6Asw7uoVLfQ==",
+ "version": "5.3.1",
+ "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+ "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
"dev": true
}
}
@@ -3902,6 +3866,56 @@
"flat": "^4.1.0",
"lodash": "^4.17.11",
"yargs": "^12.0.5"
+ },
+ "dependencies": {
+ "camelcase": {
+ "version": "5.3.1",
+ "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+ "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+ "dev": true
+ },
+ "get-caller-file": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.3.tgz",
+ "integrity": "sha512-3t6rVToeoZfYSGd8YoLFR2DJkiQrIiUrGcjvFX2mDw3bn6k2OtwHN0TNCLbBO+w8qTvimhDkv+LSscbJY1vE6w==",
+ "dev": true
+ },
+ "require-main-filename": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-1.0.1.tgz",
+ "integrity": "sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE=",
+ "dev": true
+ },
+ "yargs": {
+ "version": "12.0.5",
+ "resolved": "https://registry.npmjs.org/yargs/-/yargs-12.0.5.tgz",
+ "integrity": "sha512-Lhz8TLaYnxq/2ObqHDql8dX8CJi97oHxrjUcYtzKbbykPtVW9WB+poxI+NM2UIzsMgNCZTIf0AQwsjK5yMAqZw==",
+ "dev": true,
+ "requires": {
+ "cliui": "^4.0.0",
+ "decamelize": "^1.2.0",
+ "find-up": "^3.0.0",
+ "get-caller-file": "^1.0.1",
+ "os-locale": "^3.0.0",
+ "require-directory": "^2.1.1",
+ "require-main-filename": "^1.0.1",
+ "set-blocking": "^2.0.0",
+ "string-width": "^2.0.0",
+ "which-module": "^2.0.0",
+ "y18n": "^3.2.1 || ^4.0.0",
+ "yargs-parser": "^11.1.1"
+ }
+ },
+ "yargs-parser": {
+ "version": "11.1.1",
+ "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz",
+ "integrity": "sha512-C6kB/WJDiaxONLJQnF8ccx9SEeoTTLek8RVbaOIsrAUS8VrBEXfmeSnCZxygc+XC2sNMBIwOOnfcxiynjHsVSQ==",
+ "dev": true,
+ "requires": {
+ "camelcase": "^5.0.0",
+ "decamelize": "^1.2.0"
+ }
+ }
}
}
}
diff --git a/backend/package.json b/backend/package.json
index 3102b5c4f3ddc96a0a976a25bb2704e398cd23bb..afb69adbc0cfc7004c98b176064d2db385cf3ea5 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -13,6 +13,7 @@
"dependencies": {
"bcryptjs": "^2.4.3",
"body-parser": "^1.18.3",
+ "cookie-parser": "^1.4.4",
"cors": "^2.8.5",
"dotenv": "^6.2.0",
"express": "^4.16.4",
@@ -26,6 +27,6 @@
"devDependencies": {
"chai": "^4.2.0",
"chai-http": "^4.2.1",
- "mocha": "^6.0.2"
+ "mocha": "^6.1.3"
}
}
diff --git a/backend/router/jwtTokenHandler.js b/backend/router/jwtTokenHandler.js
deleted file mode 100644
index 036793205e8998bc2e2274d4dde7153d37839f83..0000000000000000000000000000000000000000
--- a/backend/router/jwtTokenHandler.js
+++ /dev/null
@@ -1,34 +0,0 @@
-const jwt = require('jsonwebtoken');
-const config = require('../config/app.config.js');
-const models = require('../models');
-const User = models.user;
-
-extendJwtToken = (req, res, next) => {
- var userId = res.locals.userId;
- var token = jwt.sign({id: userId}, config.secret, {
- expiresIn: config.jwtExpireTime
- });
- res.locals.token = token;
- next();
-}
-
-saveTokenToUser = (req, res, next) => {
- token = res.locals.token;
- userId = res.locals.userId;
- User.update({
- validToken: token
- }, {
- where: {
- id: userId
- }
- }).then(() => {
- next();
- });
-}
-
-const jwtTokenHandler = {};
-
-jwtTokenHandler.extendJwtToken = extendJwtToken;
-jwtTokenHandler.saveTokenToUser = saveTokenToUser;
-
-module.exports = jwtTokenHandler;
\ No newline at end of file
diff --git a/backend/router/router.js b/backend/router/router.js
index a0ea45d9c6e436c809c8039b8f2a797cb806f43f..a6870251092379ec7dc5a45c8f6edbc24ad4a4fc 100644
--- a/backend/router/router.js
+++ b/backend/router/router.js
@@ -1,6 +1,6 @@
const verifySignUp = require('./verifySignUp');
const verifyJwtToken = require('./verifyJwtToken');
-const tokenHandler = require('./jwtTokenHandler');
+const tokenHandler = require('../controller/tokenController');
module.exports = function(app) {
const authController = require('../controller/authController.js');
@@ -9,8 +9,11 @@ module.exports = function(app) {
app.post('/api/auth/signup', [verifySignUp.checkDuplicateUserNameOrEmail, verifySignUp.checkRolesExisted], authController.signup);
app.post('/api/auth/login', authController.signin);
- app.get('/api/test/admin', [verifyJwtToken.verifyToken, verifyJwtToken.isAdmin, tokenHandler.extendJwtToken, tokenHandler.saveTokenToUser], testController.adminContent);
- app.get('/api/test/member', [verifyJwtToken.verifyToken, tokenHandler.extendJwtToken, tokenHandler.saveTokenToUser], testController.memberContent);
+ app.get('/api/test/admin', [verifyJwtToken.verifyToken,
+ verifyJwtToken.isAdmin,
+ tokenHandler.extendJwtToken], testController.adminContent);
+ app.get('/api/test/member', [verifyJwtToken.verifyToken,
+ tokenHandler.extendJwtToken], testController.memberContent);
app.post('/api/user/all', [verifyJwtToken.verifyToken, verifyJwtToken.isAdmin], userController.fetchAll);
app.post('/api/user/create', [verifyJwtToken.verifyToken, verifyJwtToken.isAdmin], userController.createUser);
diff --git a/backend/router/verifyJwtToken.js b/backend/router/verifyJwtToken.js
index 5471b306615f6f0399dee790df0a35b77f3ccd7d..f835a5e2b2a11e1fa25ed2e81ee0e05ae77d0072 100644
--- a/backend/router/verifyJwtToken.js
+++ b/backend/router/verifyJwtToken.js
@@ -4,8 +4,7 @@ const models = require('../models');
const User = models.user;
verifyToken = (req, res, next) => {
- let token = req.headers['x-access-token'];
-
+ let token = req.cookies.userToken;
if (!token) {
res.status(403).send({
message: 'No token provided!',
@@ -22,35 +21,17 @@ verifyToken = (req, res, next) => {
});
}
res.locals.userId = decoded.id;
-
- // check if token is same
- User.findOne({
- where: {
- id: decoded.id
- }
- }).then(user => {
- if (user.validToken === token) {
- next();
- } else {
- res.status(403).send("Cannot match token!");
- }
- });
+ res.locals.role = decoded.role;
+ next();
});
}
isAdmin = (req, res, next) => {
- User.findByPk(res.locals.userId)
- .then(user => {
- user.getRole().then(role => {
- if (role.name === 'Master Admin Diskominfo' || role.name === 'Admin Diskominfo' || role.name === 'Admin Dinas') {
- res.locals.userId = res.locals.userId;
- next();
- return;
- }
- res.status(403).send('Require Admin Role!');
- return;
- })
- })
+ if (config.ADMINs.includes(res.locals.role)) {
+ next();
+ } else {
+ res.status(403).send({message: 'Require admin role!'});
+ }
}
const verifyJwtToken = {};