update routes and emailer

pendo324 · pendo324 · commit 3474c20f7bf9 · 2019-04-15T17:43:40.000-04:00
diff --git a/api/activate.js b/api/activate.js
@@ -5,11 +5,11 @@ const app = express.Router();
 
 app.get('/activate/:code([a-zA-Z0-9]{64})', async (req, res) => {
   await db.query(
-    'update users set activated=$1, activation_code=$2, where activation_code=$3',
+    'update users set activated=$1, activation_code=$2 where activation_code=$3',
     [true, null, req.params.code]
   );
 
-  res.send(200);
+  res.sendStatus(200);
 });
 
 module.exports = app;
diff --git a/api/createAccount.js b/api/createAccount.js
@@ -29,6 +29,15 @@ const makeActivationCode = (username) => {
 };
 
 app.post('/create', async (req, res) => {
+  const requiredFields = ['username', 'password', 'email'];
+  if (
+    !requiredFields.every((rf) => Object.keys(req.body).find((k) => k === rf))
+  ) {
+    return res.status(403).json({
+      error: 'Missing required field(s)'
+    });
+  }
+
   try {
     await checkAccountExists(req.body.username, req.body.email);
     const activationCode = makeActivationCode(req.body.username);
diff --git a/api/emailer.js b/api/emailer.js
@@ -2,12 +2,15 @@ const nodemailer = require('nodemailer');
 // const sendmailTransport = require('nodemailer-sendmail-transport');
 
 const transporter = nodemailer.createTransport({
-  host: 'mail.topkek.us',
-  port: 465,
-  secure: true,
+  host: 'topkek.us',
+  port: 587,
+  secure: false,
   auth: {
     user: process.env.MAIL_USER,
     pass: process.env.MAIL_PASS
+  },
+  tls: {
+    rejectUnauthorized: false
   }
 });
 
diff --git a/api/isLoggedIn.js b/api/isLoggedIn.js
@@ -6,17 +6,20 @@ const app = express.Router();
 
 const cert = fs.readFileSync('./keys/cert.pem');
 
-app.all('/logged', (req, res) => {
-  jwt.verify(
-    req.header('Authorization').split('Bearer ')[1],
-    cert,
-    (err, decoded) => {
-      if (err) {
-        return res.sendStatus(401);
-      }
-      res.send(decoded);
+app.get('/logged', (req, res) => {
+  if (typeof req.header('Authorization') === 'undefined') {
+    return res.sendStatus(401);
+  }
+  const token = req.header('Authorization').split('Bearer ')[1];
+  if (typeof token === 'undefined') {
+    return res.sendStatus(401);
+  }
+  jwt.verify(token, cert, (err, decoded) => {
+    if (err) {
+      return res.sendStatus(401);
     }
-  );
+    res.send(decoded);
+  });
 });
 
 module.exports = app;
diff --git a/api/login.js b/api/login.js
@@ -8,17 +8,26 @@ const app = express.Router();
 const privateKey = readFileSync('./keys/privkey.pem');
 
 app.post('/login', async (req, res) => {
+  const requiredFields = ['username', 'password'];
+  if (
+    !requiredFields.every((rf) => Object.keys(req.body).find((k) => k === rf))
+  ) {
+    return res.status(403).json({
+      error: 'Missing required field(s)'
+    });
+  }
+
   try {
     const result = await db.query(
-      'select username, account_id, password_hash from users where username=$1',
+      'select username, id, password_hash from users where username=$1',
       [req.body.username]
     );
 
     if (bcrypt.compareSync(req.body.password, result.rows[0].password_hash)) {
       const token = jwt.sign(
         {
           username: req.body.username,
-          id: result.rows[0].account_id
+          id: result.rows[0].id
         },
         privateKey,
         {
diff --git a/api/unauthorized.js b/api/unauthorized.js
@@ -7,19 +7,22 @@ const app = express.Router();
 const cert = fs.readFileSync('./keys/cert.pem');
 
 app.all('*', (req, res, next) => {
-  jwt.verify(
-    req.header('Authorization').split('Bearer ')[1],
-    cert,
-    (err, decoded) => {
-      if (err) {
-        return res.sendStatus(401);
-      }
+  if (typeof req.header('Authorization') === 'undefined') {
+    return res.sendStatus(401);
+  }
+  const token = req.header('Authorization').split('Bearer ')[1];
+  if (typeof token === 'undefined') {
+    return res.sendStatus(401);
+  }
+  jwt.verify(token, cert, (err, decoded) => {
+    if (err) {
+      return res.sendStatus(401);
+    }
 
-      req.decodedToken = decoded;
+    req.decodedToken = decoded;
 
-      next();
-    }
-  );
+    next();
+  });
 });
 
 module.exports = app;
diff --git a/app.js b/app.js
@@ -30,13 +30,10 @@ app.listen(process.env.HTTP_PORT, '0.0.0.0');
 
 // set headers for all routes
 app.all('/*', (req, res, next) => {
-  res.header('Access-Control-Allow-Origin', 'http://topkek.us:3000');
+  res.header('Access-Control-Allow-Origin', '*');
   res.header('Access-Control-Allow-Credentials', 'true');
   res.header('Access-Control-Allow-Methods', 'GET,HEAD,OPTIONS,POST,PUT');
-  res.header(
-    'Access-Control-Allow-Headers',
-    'Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers'
-  );
+  res.header('Access-Control-Allow-Headers', '*');
 
   next();
 });
diff --git a/db/index.js b/db/index.js
@@ -11,7 +11,7 @@ const config = {
 
 const pool = new Pool(config);
 
-pool.query('truncate users');
+// pool.query('truncate users');
 
 module.exports.query = (text, values) => {
   return pool.query(text, values);
