hopfma/om
4
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/developer' into developer

Browse Source
This commit is contained in:
Edwina Barbalan 2019-07-02 14:59:17 +02:00
commit 83d1d4dea8
20 changed files with 989 additions and 287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
message.model.js
View File

@ -1,15 +0,0 @@
const mongoose = require('mongoose');
//const Schema = mongoose.Schema,
//ObjectId = Schema.ObjectId;
const MessageSchema = mongoose.Schema({
subject: { type: String, required: true },
message: { type: String, required: true },
user: { type: String, required: true },
tag: [{type: String }],
//createtime: { type: Date, default: Date.now },
});
MessageSchema.index({tag:'text'});
module.exports = mongoose.model('Message', MessageSchema);

3
mongodb.config.js.example
View File

@ -1,3 +0,0 @@
module.exports = {
url: 'mongodb://localhost:27017/mydb'
}

161
public/index.html
View File

@ -58,8 +58,8 @@
<!-- NOTE: Load JQuery, Vue.js, VueRouter, Vuetify --> <!-- NOTE: Load JQuery, Vue.js, VueRouter, Vuetify -->
<script src="lib/jquery-3.3.1.min.js"></script> <script src="lib/jquery-3.3.1.min.js"></script>
<script src="lib/vue.js"></script> <script src="lib/vue-2.6.10.js"></script>
<script src="lib/vue-router.js"></script> <script src="lib/vue-router-3.0.1.js"></script>
<!-- Buefy/Vuetify --> <!-- Buefy/Vuetify -->
<script src="lib/buefy-0.7.5.js"></script> <script src="lib/buefy-0.7.5.js"></script>
@ -84,6 +84,7 @@
<script src="routes/profil.js"></script> <script src="routes/profil.js"></script>
<script src="routes/msgCard.js"></script> <script src="routes/msgCard.js"></script>
<script src="routes/messageData.js"></script> <script src="routes/messageData.js"></script>
<script src="routes/tagData.js"></script>
<script src="routes/profilCard.js"></script> <script src="routes/profilCard.js"></script>
<script src="routes/profilData.js"></script> <script src="routes/profilData.js"></script>
<script src="routes/login.js"></script> <script src="routes/login.js"></script>
@ -97,12 +98,36 @@
<div class="om-header-container"> <div class="om-header-container">
<div class="om-header"> <div class="om-header">
<a class="logo-img" href="index.html"><img src="img/app_icon.png" width=45px height=45px></a> <a class="logo-img" href="index.html"><img src="img/app_icon.png" width=45px height=45px></a>
<form class="om-searchbar"> <form class="om-searchbar" @submit.prevent="search()">
<b-field> <b-field>
<b-input placeholder="Suche..." <b-autocomplete
rounded
v-model="searchtext"
@keydown.native.enter="search"
:data="filteredDataArray"
placeholder="suche..."
icon="magnify"
@select="option => selected = option">
</b-autocomplete>
<!--<b-input
type="search" type="search"
icon="magnify"> v-model="searchtext"
</b-input> icon="magnify"
placeholder="Suche...">
</b-input>-->
<!--<b-taginput
id="search-text"
type="search"
v-model="selected"
:data=taglist
autocomplete
allow-new:true
icon="magnify"
placeholder="Suche.."
@typing="getFilteredTags"
@input="saveTagsToArray">
</b-taginput>-->
</b-field> </b-field>
</form> </form>
</div> </div>
@ -161,6 +186,12 @@
</div> </div>
<script> <script>
var tagArray = ["lorem"];
const dat=[
'th',
'efi',
'wichtig',
];
const routes = [ const routes = [
{ path: "/", component: HomeRouter }, { path: "/", component: HomeRouter },
@ -179,11 +210,127 @@
var app = new Vue({ var app = new Vue({
router, router,
el: '#api', el: '#api',
data: { data: function() {
return{
searchtext: "",
selected: [],
taglist: dat,
};
},
computed:{
filteredDataArray() {
return this.taglist.filter((option) => {
return option
.toString()
.toLowerCase()
.indexOf(this.searchtext.toLowerCase()) >= 0
})
}
}, },
methods: { methods: {
search: function() {
console.log("Searchtext: " +this.searchtext.replace(/#/g,''));
$.ajax({
url: "api/msg/search/" + this.searchtext.replace(/#/g, ''),
method: "GET"
}).done(jd => {
// NICHT SO wg. Vue: _messagelist = jd;
_messagelist.splice(0, _messagelist.length);
_messagelist.push.apply(_messagelist, jd);
//console.log("jd: "+jd);
for (var e in jd) {
if (!_messages[jd[e]]) {
get_insert_message(jd[e]);
} }
}
}).fail(function(e, f, g) {
console.log("searching: err: " + e + f + g);
})
},
getFilteredTags(text) {
this.taglist = dat.filter((option) => {
return option
.toString()
.toLowerCase()
.indexOf(text.toLowerCase()) >= 0
})
this.search();
},
saveTagsToArray: function() {
tagArray = this.selected;
console.info(tagArray);
},
list_tags: function () {
$.ajax({url: "api/tag/ids",method: "GET"})
.done(jd => {
// NICHT SO wg. Vue: _messagelist = jd;
_taglist.splice(0, _taglist.length);
_taglist.push.apply(_taglist, jd);
console.log("tag: jd: " + jd);
for (var e in jd) {
if (!_tags[jd[e]]) {
get_insert_tag(jd[e]);
}
}
}).fail(function (e, f, g) {
console.log("err: " + e + f + g);
}); });
}
},
mounted: function () {
this.search();
this.list_tags();
},
});
function get_insert_tag(id){
$.ajax({ url: "api/tag/"+id, method: "GET" }).done(function (tag) {
dat.push("#"+tag.name);
console.log("it worked!");
}).fail(function (e, f, g) {
console.log("cannot load " + id + ".json: " + e + f + g);
})
}
const search_data = [];
/*
export.default {
data: function () {
return {
selected: [],
taglist: data,
};
},
computed: {
filteredTagArray() {
this.taglist = data.filter((option) => {
return option
.toString()
.toLowerCase()
.indexOf(this.name.toLowerCase()) >= 0
})
},
},
methods: {
evaluate(text) {
this.taglist = data.filter((option) => {
return option
.toString()
.toLowerCase()
.indexOf(text.toLowerCase()) >= 0
})
},
},
mounted: function () {
if ($(this).bootstrapMaterialDesign)
$(this).bootstrapMaterialDesign();
},
};
*/
</script> </script>
<!-- CDN_Vue.js minified lib --> <!-- CDN_Vue.js minified lib -->

0
public/lib/vue.js → public/lib/vue-2.6.10.js
View File

0
public/lib/vue-router.js → public/lib/vue-router-3.0.1.js
View File

4
public/main.js
View File

@ -4,7 +4,7 @@
// Wait until page loaded // Wait until page loaded
window.addEventListener('load', () => { window.addEventListener('load', () => {
if ('serviceWorker' in navigator) { /*if ('serviceWorker' in navigator) {
// NOTE: ServiceWorker Registration // NOTE: ServiceWorker Registration
return navigator.serviceWorker.register('serviceWorker.js', { return navigator.serviceWorker.register('serviceWorker.js', {
scope: '/' scope: '/'
@ -16,7 +16,7 @@ window.addEventListener('load', () => {
} else { } else {
console.log('[ServiceWorker] are not supported.'); console.log('[ServiceWorker] are not supported.');
return; return;
} }*/
}); });
// NOTE: Set Bootstrap materialdesign // NOTE: Set Bootstrap materialdesign

74
public/routes/createMessage.js
View File

@ -1,7 +1,8 @@
var tagArray = [];
const data=[ const data=[
'#th', 'th',
'#efi', 'efi',
'#wichtig', 'wichtig',
]; ];
const CreateMsgRouter = { const CreateMsgRouter = {
template: ` template: `
@ -18,13 +19,15 @@ const CreateMsgRouter = {
<b-field label="Tags"> <b-field label="Tags">
<b-taginput <b-taginput
id="tag"
v-model="selected" v-model="selected"
:data=items :data=taglist
autocomplete autocomplete
allow-new:false allow-new:false
icon="label" icon="label"
placeholder="#" placeholder="#"
@typing="getFilteredTags" id="tag"> @typing="getFilteredTags"
@input="saveTagsToArray">
</b-taginput> </b-taginput>
</b-field> </b-field>
@ -33,38 +36,41 @@ const CreateMsgRouter = {
</b-field> </b-field>
<b-button @click="$router.go(-1)">ABBRECHEN</b-button> <b-button @click="$router.go(-1)">ABBRECHEN</b-button>
<b-button type="is-primary" @click="$router.push('/home')">SENDEN</b-button> <b-button type="is-primary" @click="createMsg">SENDEN</b-button>
</div> </div>
`, `,
data: function () { data: function () {
return { return {
selected: [], selected: [],
items: data taglist: data,
}; };
}, },
methods: { methods: {
saveTagsToArray: function() {
tagArray = this.selected;
console.info(tagArray);
},
createMsg: function () { createMsg: function () {
var subject = $("#subject").val(); var _subject = $("#subject").val();
var message = $("#message").val(); var _message = $("#message").val();
var tag = $("#tag").val(); var _tag = tagArray;
var user = $("#user").val(); var _user = $("#user").val();
console.log("Message Created: " + tag + " " + message + " " + user); //console.log("Message Created: " + _tag + " " + _message + " " + _user);
$.ajax({ $.ajax({
url: "api/createMsg", url: "api/msg",
data: { data: {
sub: subject, subject: _subject,
mess: message, message: _message,
use: user, user: _user,
ta: tag tag: _tag
}, },
method: "POST" method: "POST"
}).done(have_result).fail(have_error); }).done(have_result).fail(have_error);
function have_result(res) { function have_result(res) {
console.log(res); //console.log(res);
router.push('/home')
} }
function have_error(err) { function have_error(err) {
@ -73,16 +79,42 @@ const CreateMsgRouter = {
} }
}, },
getFilteredTags(text) { getFilteredTags(text) {
this.items = data.filter((option) => { this.taglist = data.filter((option) => {
return option return option
.toString() .toString()
.toLowerCase() .toLowerCase()
.indexOf(text.toLowerCase()) >= 0 .indexOf(text.toLowerCase()) >= 0
}) })
}, },
list_tags: function () {
$.ajax({url: "api/tag/ids",method: "GET"})
.done(jd => {
// NICHT SO wg. Vue: _messagelist = jd;
_taglist.splice(0, _taglist.length);
_taglist.push.apply(_taglist, jd);
console.log("tag: jd: " + jd);
for (var e in jd) {
if (!_tags[jd[e]]) {
get_insert_tag(jd[e]);
}
}
}).fail(function (e, f, g) {
console.log("err: " + e + f + g);
});
}
}, },
mounted: function () { mounted: function () {
this.list_tags();
if ($(this).bootstrapMaterialDesign) if ($(this).bootstrapMaterialDesign)
$(this).bootstrapMaterialDesign(); $(this).bootstrapMaterialDesign();
}, },
}; };
function get_insert_tag(id){
$.ajax({ url: "api/tag/"+id, method: "GET" }).done(function (tag) {
data.push("#" + tag.name);
console.log("Array:"+this.data);
}).fail(function (e, f, g) {
console.log("cannot load " + id + ".json: " + e + f + g);
})
}

8
public/routes/home.js
View File

@ -24,12 +24,12 @@ const HomeRouter = {
}); });
},*/ },*/
list_messages: function () { list_messages: function () {
$.ajax({url: "api/ids", method: "GET"}) $.ajax({url: "api/msg/ids", method: "GET"})
.done(jd => { .done(jd => {
// NICHT SO wg. Vue: _messagelist = jd; // NICHT SO wg. Vue: _messagelist = jd;
_messagelist.splice(0, _messagelist.length); _messagelist.splice(0, _messagelist.length);
_messagelist.push.apply(_messagelist, jd); _messagelist.push.apply(_messagelist, jd);
console.log("jd: "+jd); //console.log("jd: "+jd);
for (var e in jd) { for (var e in jd) {
if (!_messages[jd[e]]) { if (!_messages[jd[e]]) {
get_insert_message(jd[e]); get_insert_message(jd[e]);
@ -49,7 +49,7 @@ const HomeRouter = {
} }
}*/ }*/
}).fail(function (e, f, g) { }).fail(function (e, f, g) {
console.log("err: " + e + f + g); console.log("list_msg: err: " + e + f + g);
}); });
} }
}, },
@ -61,7 +61,7 @@ const HomeRouter = {
}; };
function get_insert_message(id) { function get_insert_message(id) {
$.ajax({ url: "api/msg/"+id, method: "GET" }).done(function (msg) { $.ajax({ url: "api/msg/id/"+id, method: "GET" }).done(function (msg) {
Vue.set(_messages, id, msg); Vue.set(_messages, id, msg);
}).fail(function (e, f, g) { }).fail(function (e, f, g) {
console.log("cannot load " + id + ".json: " + e + f + g); console.log("cannot load " + id + ".json: " + e + f + g);

3
public/routes/msgCard.js
View File

@ -5,7 +5,8 @@ Vue.component('MsgCard', {
<img src="favicon.ico" width=20px height=20px> <img src="favicon.ico" width=20px height=20px>
</h6> </h6>
{{ msg.message }}<br><br> {{ msg.message }}<br><br>
<a href="#">{{ msg.tag }}</a></p> <a v-for="tag in msg.tag" href="#">#{{ tag }} </a>
</p>
<div class="om-card-footer"> <div class="om-user-line"> <div class="om-card-footer"> <div class="om-user-line">
<i class="material-icons">account_circle</i> <i class="material-icons">account_circle</i>
Erstellt von {{ msg.user }}</div> Erstellt von {{ msg.user }}</div>

2
public/routes/tagData.js Normal file
View File

@ -0,0 +1,2 @@
_taglist = [];
_tags = [];

328
server.js
View File

@ -1,230 +1,176 @@
// Original file created by Prof.Dr. Matthias Hopf
/** /**
* Express based http & https server * Express based http & https server
* *
* Requires express >= 4 * Requires express >= 4
*/ */
var common = require('./server/common'),
authorize = require('./server/authorization'),
dbs = require('./server/dbs');
/* /*
var common = require ('./server/common'),
authorize = require ('./server/authorization'),
dbs = require ('./server/dbs'), dbs = require ('./server/dbs'),
files = require ('./server/files'); files = require ('./server/files');
*/ */
var fs = require ('fs'), const fs = common.fs, // file sync, read certificates
http = require ('http'), http = common.http, // http handler
https = require ('https'), https = require('https'), // https handler
express = require ('express'), express = require('express'), // node server framework
session = require ('express-session'), // session management session = require('express-session'), // session management (security)
morgan = require ('morgan'), // logger morgan = require('morgan'), // logger
//serveFavicon = require ('serve-favicon'), mong = common.mongoose, // mongoose
bodyParser = require ('body-parser'); // serveFavicon = require('serve-favicon'), // provide favicon
//MongoStore = require ('connect-mongo')(session); // uss mongodb as session storage bodyParser = require('body-parser'), // post request bodyparser
var Message = require('./message.model.js'); MongoStore = require('connect-mongo')(session); // use mongodb as session storage
var app = express(); var app = express();
var http_port=8013;
https_port=8889;
/* /*
* Init * Init
*/ */
/*ll common .init();
common .init (); authorize .init(common);
authorize.init (common);
dbs .init (common); dbs .init (common);
files .init (common); //files .init (common);
*/ mong.Promise = global.Promise;
// Security /*
app.disable ('x-powered-by'); // TODO: Disable Header information: Powerd by Express -> Information disclosure * Security
*
* TODO: Install helmet
* https://expressjs.com/de/advanced/best-practice-security.html
*
* (Disable Header information: Powerd by Express)
* -> Information disclosure
*/
app.disable('x-powered-by');
/* /*
* Route Control * Route Control
*/ */
// Logger
app.use (morgan ('dev'));
//app.use(express.logger ( { format: 'default', stream: output_stream } ));
// Fastpaths
//app.use (serveFavicon (__dirname + '/public/favicon.ico'));
// Session Management // Session Management
app.use (session({ app.set('trust proxy', 1) // trust first proxy, neccessary for cookie secure: true flag
secret: 'adluhohks', app.use(session({
secret: 'ahhgylhuvh', // caesar(3) 2 letter surname
resave: false, resave: false,
saveUninitialized: false, saveUninitialized: false,
cookie: { cookie: {
maxAge: 30*24*3600*1000, // TODO: ttl for session as well (Store) maxAge: 30 * 24 * 3600 * 1000, // TODO: ttl for session as well (Store)
secure: false, // true for https only secure: true, // true for https only (since our app works only with https)
}, },
name: 'om.sid', name: 'om.sid',
//store: new MongoStore ({mongooseConnection: dbs.mongoose.connection, ttl: 30*24*3600}), // mongoose + connect-mongo store: new MongoStore({
mongooseConnection: mong.connection,
ttl: 30 * 24 * 3600
}), // mongoose + connect-mongo
//store: new MemoryStore ({checkPeriod: 24*3600*1000}), // memorystore //store: new MemoryStore ({checkPeriod: 24*3600*1000}), // memorystore
})); }));
// Args // TODO Favicon for Desktop
app.use (bodyParser.json()); //app.use (serveFavicon (__dirname + '/public/favicon.ico'));
app.use (bodyParser.urlencoded({extended: true}));
// Minimal Logging
//app.use (morgan ('dev'));
// Advanced Logging
morgan.token('user', function (req, res) {
return (req.session && req.session.user) || '-';
});
morgan.token('userColored', function (req, res) {
var color = 0;
if (req.session && req.session.roles)
color = req.session.roles.admin ? 31 // red
: req.session.roles.user ? 34 // blue
: 0; // no color
return '\x1b[' + color + 'm' + ((req.session && req.session.user) || '-') + '\x1b[0m';
});
morgan.token('statusColored', function (req, res) {
var color = res.statusCode >= 500 ? 31 // red
: res.statusCode >= 400 ? 33 // yellow
: res.statusCode >= 300 ? 36 // cyan
: res.statusCode >= 200 ? 32 // green
: 0; // no color
return '\x1b[' + color + 'm' + (res.headersSent ? res.statusCode : '-') + '\x1b[0m';
});
app.use(morgan(':date[iso] :statusColored :method :url :userColored :response-time ms :res[content-length]'));
// BodyParser
// Returns middleware that only parses json bodies.
// (https://www.npmjs.com/package/body-parser#bodyparserjsonoptions)
app.use(bodyParser.json());
// Returns middleware that only parses urlencoded bodies
// with qs library (https://www.npmjs.com/package/qs#readme)
app.use(bodyParser.urlencoded({
extended: true
}));
// API // API
//var api_routes = express.Router(); // express app-object routing var api_routes = express.Router(); // express app-object routing
//app.use ('/api', api_routes); app.use('/api', api_routes);
app.use (function (req, res, done) { // Static Files - Allow access to 'public' folder
console.log(req.url); app.use(express.static(__dirname + '/public'));
done();
});
//global.__basedir = __dirname;
// Static Files
app.use(express.static(__dirname + '/public')); // Allow server access to 'public' folder
//app.use(express.static('resources'));
// Configuring the database
var dbConfig = require('./mongodb.config.js');
var mongoose = require('mongoose');
mongoose.Promise = global.Promise;
// Connecting to the database
//mongoose.connect(`mongodb://${server}/${dbConfig.url}`)
mongoose.connect(dbConfig.url, {useNewUrlParser: true}).then(() => {
console.log("Successfully connected to MongoDB.");
}).catch(err => {
console.log('Could not connect to MongoDB.');
process.exit();
});
//require('./app/routes/message.route.js')(app);
app.get ('/api/ids', function (req, res) {
Message.find({},{id: true}) .exec () .then(results => {
//selects id from message:
var parsed = [];
for (var i in results) {
parsed.push (results[i].id);
}
//var parsed = results.map (x => x._id);
res.send(parsed);
} )
.catch(err => {
console.log (err);
res .status(500) .json (err);
});
});
app.get ("/api/msg/:id", function (req, res) {
Message.findOne ({_id: req.params.id}) .exec (function (err, results){
if (err) {
console.log (err);
res .status(404) .json (err);
} else {
console.log(JSON.stringify(results));
res.json(results);
}
});
});
/*app.get ("/api/msg/search/:phrase", function (req, res) {
Message.find ({$text: {$search: req.params.phrase}) .then (function (err, results){
if (err) {
console.log (err);
res .status(404) .json (err);
} else {
console.log(JSON.stringify(results));
res.json(results);
}
});
});
*/
/*function makeid() {
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < 5; i++)
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}*/
app.post("/api/createMsg", function(req, res){
//x = mongoose.Types.ObjectId();
//y = x.toString();
//var z = makeid();
console.log("SUbject: "+JSON.stringify(req.body));
var message = new Message( {subject: req.body.sub, message: req.body.mess, user: req.body.use, tag: req.body.ta } );
message.save(function(err,result){
if(err){
return res .status(401) .send(err.message);
}else{
res.json({message: "Message created!!"});
}
});
});
// Other stuff is NOT authorized unless logged in // Other stuff is NOT authorized unless logged in
//app.use (authorize.genCheckAuthorized ('user')); //app.use (authorize.genCheckAuthorized ('user'));
// Uploaded files
//app.use ('/uploads', expr ess.static(__dirname + '/uploads'));
// Other stuff is NOT authorized unless logged in
//app.use (authorize.genCheckAuthorized ('user'));
// Uploaded files
//app.use ('/uploads', express.static(__dirname + '/uploads'));
// Errors
// No error so far? Then it's a 404! // No error so far? Then it's a 404!
//app.use (function (req, res, next) { next (common.genError (404, req.url)); }); app.use(function (req, res, next) {
//app.use (routes.errorHandler (true)); /* true: show stack traces */ // TODO: Error Handler next(common.genError(404, req.url));
});
//app.use (routes.errorHandler (true)); /* true: show stack traces */
/* /*
* API * API
*/ */
/*
// API allowed for all // API allowed for all
api_routes.post ('/login', authorize.login); // /api/login api_routes.post('/login', authorize.login);
// Validate all other API calls // Validate all other API calls
api_routes.use (authorize.genCheckAuthorized ('user')); //api_routes.use(authorize.genCheckAuthorized('user'));
api_routes.post ('/logout', authorize.logout); api_routes.post('/logout', authorize.logout);
function addRoutes (r) { // Add API routes
function addRoutes(r) {
for (var e in r.routes) { for (var e in r.routes) {
var params = r.routes[e].params ? "/" + r.routes[e].params : ""; var route = '/' + e + (r.routes[e].params ? "/" + r.routes[e].params : "");
console.log ("Adding routes for /" + e + params + ":" + var log = "Adding routes for " + route + ":";
(r.routes[e].get ? " get":" ") + (r.routes[e].post ? " post":" ") + /*
(r.routes[e].put ? " put":" ") + (r.routes[e].delete ? " delete":" ")); var auth = r.routes[e].auth || r.auth;
if (r.routes[e].get) if (auth) {
api_routes.get ('/' + e + params, r.routes[e].get); log += " [auth]";
if (r.routes[e].post) api_routes.use (route, function (req, res, next) {
api_routes.post ('/' + e + params, r.routes[e].post); if (! auth(req))
if (r.routes[e].put) return next (common.genError (403, "Unauthorized"));
api_routes.put ('/' + e + params, r.routes[e].put); next ();
if (r.routes[e].delete) });
api_routes.delete ('/' + e + params, r.routes[e].delete); }
*/
/*
var role = r.routes[e].role || r.role;
if (role) {
log += " [role:"+role+"]";
api_routes.use (route, authorize.genCheckAuthorized (role));
}
*/
const methods = ["get", "post", "put", "delete"];
for (var m in methods) {
if (r.routes[e][methods[m]]) {
log += " " + methods[m];
api_routes[methods[m]](route, r.routes[e][methods[m]]);
}
}
console.log(log);
} }
} }
addRoutes (dbs); addRoutes(dbs);
addRoutes (files);
*/
/* /*
* Servers * Servers
*/ */
http.createServer(app).listen(common.config.httpPort, function () {
http.createServer (app) .listen (http_port, function () { console.log("Express http server listening on port " + common.config.httpPort);
console.log ("Express http server listening on port " + http_port);
}); });
/* /*
@ -238,39 +184,37 @@ http.createServer (app) .listen (http_port, function () {
* openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem * openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
* rm certrequest.csr * rm certrequest.csr
*/ */
if (common.config.httpsPort) {
var options; var options;
try { try {
try { try {
// In case it's a real certificate: add CA chain cersts (TODO: use array if required) // In case it's a real certificate: add CA chain cersts (TODO: use array if required)
var ca = fs.readFileSync ('keys/ca_cert.pem'); var ca = fs.readFileSync('keys/ca_cert.pem');
} catch (e) { } catch (e) {
ca = undefined; ca = undefined;
console.log ("Note: Can't read CA bundle: "+e); console.log("Note: Can't read CA bundle: " + e);
} }
if (ca != null) { if (ca != undefined) {
options = { options = {
key: fs.readFileSync ('keys/omkey.pem'), key: fs.readFileSync('keys/omkey.pem'),
cert: fs.readFileSync ('keys/certificate.pem'), cert: fs.readFileSync('keys/certificate.pem'),
ca: ca ca: ca
}; };
https.createServer (options, app) .listen (https_port, function () { https.createServer(options, app).listen(common.config.httpsPort, function () {
console.log ("Express https server listening on port " + https_port); console.log("Express https server listening on port " + common.config.httpsPort);
}); });
} }
} catch (e) { } catch (e) {
console.log ("Note: Can't read SSL keys/certs: "+e+"\nDisabling https server"); console.log("Note: Can't read SSL keys/certs: " + e + "\nDisabling https server");
}
} else {
console.log("Note: https server disabled by config");
} }
/* /*
* Uncaught Exceptions * Uncaught Exceptions
*/ */
process.on("uncaughtException", function (err) {
process.on ("uncaughtException", function (err) { console.error("*** Uncaught Exception:");
console.error ("*** Uncaught Exception:"); console.error(err.stack);
console.error (err.stack);
}); });

118
server/authorization.js Normal file
View File

@ -0,0 +1,118 @@
// Original file created by Prof.Dr. Matthias Hopf
/*
* Authorization
*/
var common, User;
const ldap = require ('./ldap_ohm'),
crypto = require ("../server/crypto");
// deactivated is not used yet
const serverVisibleSession = { user: true, name: true, type: true, mail: true, roles: true, deactivated: true, host: true };
const clientVisibleSession = { user: true, name: true, type: true, mail: true, roles: true };
// Fill in session object
function fillSession (req, user, roles, cb) {
if (req.session === undefined)
next (common.genError (500, "Error"));
req.session.regenerate (function (err) {
if (user !== undefined && ! err) {
common.shallowCopy (user, serverVisibleSession, {roles: true}, req.session);
if (user._id) {
req.session.user = user._id;
}
req.session.roles = roles;
}
return cb (err);
});
}
const authorization = {
// Generate Error object suitible for throwing or next()ing
genCheckAuthorized: function (group) {
return function (req, res, next) {
if (req.session === undefined || req.session.user === undefined ||
req.session.roles === undefined)
return next (common.genError (403, "Unauthorized"));
if (req.session.roles[group] === undefined)
return next (common.genError (403, "Unauthorized"));
next ();
}
},
// Login route: requires .user and .pwd params
login: function (req, res, next) {
var user = req.body.user || '';
var pwd = req.body.pwd || '';
// Helper: Return valid session Object
function returnSession () {
// Only export client visible parts of session object
var copy = common.shallowCopy (req.session, clientVisibleSession);
return res.json (copy);
}
// Helper: Return error
function returnError () {
fillSession (req, undefined, undefined, function (err) {
next (common.genError (401, "Unauthorized"));
});
}
// TODO Auth: validate session ID
// Check whether to just validate current session ID
if (user === '' && pwd === '') {
console.log ("auth revalidate: " + req.session.user);
if (req.session.user === undefined)
return returnError();
return returnSession ();
}
/*
// check local database, then ldap
User.findById (req.body.user) .exec (function (err, entry) {
// If there is a local user AND it has a password associated, test against this, and only this
if (entry != null && entry.pwd) {
if (crypto.checkLocalAuth (entry, req.body.pwd)) {
return fillSession (req, entry, common.arrayToHash(entry.roles), returnSession);
}
return returnError ();
}
// check ldap
ldap.authorize (user.toLowerCase(), pwd, function (found) {
console.log ("ldap authorize " + user + " returns " + JSON.stringify (found));
// No ldap entry either -> unauthorized
if (found == null) {
return returnError ();
}
// If there is an entry w/o password, use it for roles etc.
if (entry) {
if (! entry.name || entry.name === "")
entry.name = found.name;
if (! entry.mail || entry.mail === "")
entry.mail = found.mail;
if (! entry.type || entry.type === "")
entry.type = found.type;
if (! entry.orclgender || entry.orclgender === "")
entry.orclgender = found.orclgender;
return fillSession (req, entry, entry.roles.length > 0 ? common.arrayToHash(entry.roles) : {user:true}, returnSession);
}
// Otherwise create standard user entry
return fillSession (req, found, {user:true}, returnSession);
});
});*/
},
logout: function (req, res, next) {
fillSession (req, undefined, undefined, function (err) {
return res.json ({});
});
},
init: function (_common) {
common = _common;
ldap.init (_common);
//User = require('../database/user.model.js');;
},
};
module.exports = authorization;

80
server/common.js Normal file
View File

@ -0,0 +1,80 @@
// Original file created by Prof.Dr. Matthias Hopf
/*
* Common functions and imports
*/
var common = {
fs: require('fs'), // file sync
http: require('http'),
mongoose: require('mongoose'), // Needed for db connection.
//util: require('util'), // Why is it needed here?
//fork: require('child_process') .fork, // What does that?
// Generate Error object suitible for throwing or next()ing
// For a better exception handling
genError: function (code, message) {
var err = new Error (common.http.STATUS_CODES[code] + (message != undefined && message != "" ? ": "+message : ""));
err.status = code;
// to generally disable stack traces for these manually created error Objects:
delete err.stack;
return err;
},
// Generate deep copy
// Only include properties incl (all if undefined), strip properties excl (associative arrays)
deepCopy: function (inp, incl, excl) {
// For now, JSON is considered fastest / easiest
var obj = JSON.parse (JSON.stringify (inp));
if (incl) {
for (var k in obj) {
if (incl[k] === undefined)
delete obj[k];
}
}
if (excl) {
for (var k in excl) {
delete obj[k];
}
}
return obj;
},
// Create shallow (1 level) copy of object, use obj if already present (merge)
// Only include properties incl (all if undefined), strip properties excl (associative arrays)
shallowCopy: function (inp, incl, excl, obj) {
var keys = inp;
if (obj === undefined)
obj = {};
if (typeof inp == "array")
obj = [];
if (incl !== undefined)
keys = incl;
for (var k in keys) {
if (inp[k] !== undefined && (excl === undefined || ! excl[k]))
obj[k] = inp[k];
}
return obj;
},
// Create hash of 'true' entries for array/mongoose object
arrayToHash: function (array) {
var hash = {};
for (var e=0; e < array.length; e++) {
hash[array[e]] = true;
}
return hash;
},
// Log output session cookie
debug: function (req) {
console.log ("- " + req.headers.cookie + "\n+ " + req.session.id + "\n " + JSON.stringify (req.session));
},
// Init config data
init: function () {
this.config = JSON.parse (this.fs.readFileSync ("server_config.json"));
},
};
module.exports = common;

31
server/crypto.js Normal file
View File

@ -0,0 +1,31 @@
// Original file created by Prof.Dr. Matthias Hopf
/*
* Crypto routines for Authorization
*/
const crypto = require ("crypto");
const defaultHash = "sha256";
const defaultSaltLen = 16; // More (e.g. 256) for extra paranoia
const mod = {
encodePwd: function (entry, pwd) {
return crypto.createHash (entry.hash) .update (entry.salt + ":" + pwd, 'utf8') .digest ('base64');
},
checkLocalAuth: function (entry, pwd) {
if (!entry || !entry._id || !entry.hash || !entry.salt || !entry.hash || !entry.pwd ||
!pwd || pwd === '')
return false;
return mod.encodePwd (entry, pwd) === entry.pwd;
},
fillLocalAuth: function (entry, pwd) {
if (!entry.hash)
entry.hash = defaultHash;
entry.salt = crypto.randomBytes (defaultSaltLen) .toString('base64');
entry.pwd = mod.encodePwd (entry, pwd);
},
}
module.exports = mod;

237
server/dbs.js Normal file
View File

@ -0,0 +1,237 @@
/*
* Main database access functions
*/
var common,
model = {};
const dbs = {
/* Method API route
* <- to server
* -> to client
* Description
*/
routes: {
"msg/ids": {
/* GET /api/msg/ids [no args]
* -> Array of message schema object ids
* Get ALL known message ids
*/
get: function(req, res) {
model.Messages.find({},{_id: true}).exec()
.then(results => {
//selects id from message:
var parsed = [];
for (var i in results) {
parsed.push (results[i]._id);
}
res.send(parsed);
} )
.catch(err => {
console.log (err);
res.status(500).json(err);
});
},
},
"msg/id": {
params: ":id",
/* GET /api/msg/id/[massage-id]
* -> Message schema
* Get a particular message
*/
get: function(req, res) {
model.Messages.findById(req.params.id) .exec(function(err, result) {
if (err) {
console.log (err);
res.status(404).json(err);
} else {
//console.log(JSON.stringify(result));
res.json(result);
}
});
},
},
"msg/search": {
params: ":phrase",
/* GET /api/msg/id/[massage-id]
* -> Message schema
* Get a particular message
*/
get: function(req, res) {
model.Messages.find({$text: {$search: req.params.phrase}})
.exec().then(results => {
//selects id from message:
var parsed = [];
for (var i in results) {
parsed.push (results[i]._id);
}
res.send(parsed);
} )
.catch(err => {
console.log (err);
res.status(500).json(err);
});
},
},
"msg": {
/* POST /api/msg
* <- Message schema
* -> Message schema
* Create a new message
*/
post: function(req, res) {
/*
if ( !(req.body.tags instanceof Array) ) {
return res.status(400).json({ error: "bad request" });
}*/
//console.log("Subject: "+JSON.stringify(req.body));
model.Messages.create({
subject: req.body.subject,
message: req.body.message,
user: req.body.user,
tag: req.body.tag
}, function(err, result) {
if (err) {
return res.status(401).json(err.message);
} else {
res.json({message: "Message created!!"});
}
if (result == null) {
return res.status(500).json("Can not create message.")
}
});
},
/* PUT /api/msg
* <-
* ->
* Update a message
*/
//put: function(req, res) {},
},
"tag/ids": {
/* GET /api/tag/ids [no args]
* -> Array of tag schema object ids
* Get ALL known tag ids
*/
get: function(req, res) {
model.Tags.find({},{_id: true}).exec()
.then(results => {
//selects id from tag:
var parsed = [];
for (var i in results) {
parsed.push (results[i]._id);
}
res.send(parsed);
} )
.catch(err => {
console.log (err);
res.status(500).json(err);
});
},
},
"tag": {
params: ":id",
/* GET /api/tag/[tag-id]
* -> Tag schema
* Get a particular tag
*/
get: function(req, res) {
model.Tags.findById(req.params.id) .exec(function(err, result) {
if (err) {
console.log (err);
res.status(404).json(err);
} else {
//console.log(JSON.stringify(result));
res.json(result);
}
});
},
},
},
/* Initialize requirements
* - DB connection
* - DB schemata
*/
init: function (_common) {
common = _common;
/* DB Connection
* Local db: common.config.dbLocalConn
* TH db: common.config.dbConn
*/
common.mongoose.connect (common.config.dbLocalConn, {
useNewUrlParser: true
}).then(() => {
console.log("Database connected successfully.");
}).catch(err => {
console.log('Database connection error.');
process.exit();
});
/* DB Schemata
* Privat fields:
* - per model: _list: Elements that are included in list fetch
* - per entry: _comment: Comment for Admin UI - TODO: not working yet
*/
var messageSchema = common.mongoose.Schema({
subject: { type: String, required: true,
_comment: "" },
message: { type: String, required: true,
_comment: "" },
user: { type: String, required: true,
_comment: "" },
tag: { type: [String],
_comment: "" },
//createtime: { type: Date, default: Date.now },
});
messageSchema.index({ "$**":'text' });
model.Messages = common.mongoose.model('messages', messageSchema);
model.Messages._list = [ "" ];
var tagSchema = common.mongoose.Schema({
name: { type: String, required: true,
_comment: "" }, //unique
});
model.Tags = common.mongoose.model('tags', messageSchema);
model.Tags._list = [ "" ];
var userSchema = common.mongoose.Schema({
//_id: { type: String },
name: { type: String, required: true,
_comment: "" },
pwd: { type: String,
_comment: "" },
//hash: { type: String },
//salt: { type: String },
//type: { type: String },
roles: { type: [String], required: true,
_comment: "" },
tags: { type: [String],
_comment: "" },
//deactivated: { type: Boolean },
//participating: { type: [String] },
//host: { type: Boolean },
bookmarks: { type: [String],
_comment: "" },
});
model.Users = common.mongoose.model('users', userSchema);
model.Users._list = [ "" ];
},
models: model,
};
/*
app.get ("/api/msg/search/:phrase", function (req, res) {
Message.find ({$text: {$search: req.params.phrase}) .then (function (err, results){
if (err) {
console.log (err);
res .status(404) .json (err);
} else {
console.log(JSON.stringify(results));
res.json(results);
}
});
});
*/
module.exports = dbs;

106
server/ldap_ohm.js Normal file
View File

@ -0,0 +1,106 @@
// Original file created by Prof.Dr. Matthias Hopf
/*
* Valdiate ohm logins with ldap service
*/
const ldap = require('ldapjs');
const ldap_escape = require('ldap-escape');
// TODO: Where do I get the URL from?? A: Is given.
var ldap_client = ldap.createClient({
//url: 'ldap://gso2.ads1.fh-nuernberg.de/',
url: 'ldap://sso.cs.ohm-hochschule.de:389/',
//url: 'ldaps://sso.cs.ohm-hochschule.de:636/',
reconnect: true,
// timeouts don't work reliably
});
// TODO: Where do I get the 'bindpath' parameters info from? A: Is given.
const ldap_config = {
bindpath: 'cn=Users,dc=ohm-hochschule,dc=de',
timeout: 2000
};
const ldap_ohm = {
init: function () {
},
// Authorize user with password
// Calls callback with null if unauthorized
// Calls callback with object describing user if successful:
authorize: function (user, pwd, cb) {
if (typeof user != 'string' || typeof pwd != 'string')
return cb (null);
// Empty passwords *may* bind successfully anonymously
if (user.length < 1 || pwd.length < 1)
return cb (null);
/* Same function, different writing style */
/* Escape ldap login input */
//escaped = ldap_escape.dn`cn=${user},`+ldap_config.bindpath;
escaped = ldap_escape.dn (['cn=',','+ldap_config.bindpath], user);
// Timeout handler: call callback,
// make sure later ldap returns don't do anything weird
var return_object = {};
var timeoutHandle = setTimeout (function () {
console.log('ldap timeout');
return_object = null;
cb (null);
}, ldap_config.timeout);
// Bind ldap to user (authorize)
ldap_client.bind (escaped, pwd, function (err, res) {
if (return_object === null)
return; // Timeout, cb has already been called
if (err !== null) {
console.log ("ldap bind: failed for user " + user + ": " + err);
clearTimeout (timeoutHandle);
return cb (null);
}
// Search for user entry of just bound user
// There should be only one...
ldap_client.search (escaped, { sizeLimit: 1 }, function (err, res) {
if (return_object === null)
return; // Timeout, cb has already been called
if (err !== null) {
console.log ("ldap search: search after bind didn't work for user "
+ user + ": " + err);
clearTimeout (timeoutHandle);
return cb (null);
}
// Populate return with search results
res.on('searchEntry', function(entry) {
if (return_object === null)
return; // Timeout, cb has already been called
return_object.user = user;
return_object.name = entry.object.displayname;
return_object.type = entry.object.employeetype;
return_object.mail = entry.object.mail;
return_object.gender = entry.object.orclgender;
// Calling cb here, not in 'end', because of potential bugs with
// concurrency failures, and we have our single(!) entry
// https://github.com/joyent/node-ldapjs/pull/424
clearTimeout (timeoutHandle);
if (typeof return_object.mail != 'string' || return_object.mail.length < 1) {
console.log("ldap search error after bind for user " + user);
return cb (null);
}
return cb (return_object);
});
res.on('error', function(err) {
console.log('ldap error: ' + err.message);
});
res.on('end', function(result) {
// TODO: Did we forget something?
// TODO: analyze result.status?
});
});
});
}
};
module.exports = ldap_ohm;

35
server/ldap_test.js Normal file
View File

@ -0,0 +1,35 @@
// Terminal call: node server/ldap_test.js - needs VPN or eduroam
const inquirer = require('inquirer'),
ldap = require('./ldap_ohm.js');
inquirer.prompt([
{
name: 'username',
type: 'input',
message: 'Enter your VirtuOhm username:',
validate: function( value ) {
if (value.length) {
return true;
} else {
return 'Please enter your username.';
}
}
},
{
name: 'password',
type: 'password',
message: 'Enter your password:',
validate: function(value) {
if (value.length) {
return true;
} else {
return 'Please enter your password.';
}
}
}])
.then(answers => {
ldap.init(null);
ldap.authorize(answers.username,answers.password,function(user) {
console.log(JSON.stringify(user));
});
});

9
server_config.json Normal file
View File

@ -0,0 +1,9 @@
{
"dbConn": "mongodb://127.0.0.1:27017/om",
"dbLocalConn": "mongodb://localhost:27017/omdb",
"dbUser": "om",
"dbPwd": "aeg1phuKeDaixese",
"initialReservedTime": 120,
"httpPort": 8013,
"httpsPort": 8889
}

8
tag.model.js
View File

@ -1,8 +0,0 @@
const mongoose = require('mongoose');
const TagSchema = mongoose.Schema({
name: { type: String, required: true }, //unique
});
module.exports = mongoose.model('Tag', TagSchema);

14
user.model.js
View File

@ -1,14 +0,0 @@
const mongoose = require('mongoose');
const UserSchema = mongoose.Schema({
name: { type: String, required: true },
password: {type: String}, password: {type: String},
role: {type: String, required: true},
tags: [{type: String }],
});
//tags as index:
//UserSchema.index({tags:'text'});
module.exports = mongoose.model('User', UserSchema);