🛂 Добавил авторизацию

2026-03-26 12:54:25 +00:00 · 2021-03-28 00:32:14 +03:00
parent 9835949e9b
commit 8a48043960
9 changed files with 193 additions and 39 deletions
--- a/backend/index.js
+++ b/backend/index.js
@@ -6,9 +6,14 @@ const MongoStore = require('connect-mongo')
 const cors = require('cors')
 require('dotenv').config()

-const {verifyCaptcha} = require('./verify-captcha')
-
-app.use(cors())
+app.use(cors({
+  origin: [
+    'http://localhost:8080',
+    'https://localhost:8080'
+  ],
+  credentials: true,
+  exposedHeaders: ['set-cookie']
+}))
 app.use(express.json())
 app.use(express.urlencoded({ extended: true }))

@@ -23,13 +28,18 @@ app.use(session({
    client,
    dbName: process.env.DB_NAME
  }),
-  cookie: { maxAge: 1000 * 60 * 60 * 24 }
+  cookie: { 
+    secure: false,
+    maxAge: 1000 * 60 * 60 * 24
+  }
 }))

 client.connect()

 app.post('/auth', async (req, res) => {
-  verifyCaptcha(req, res, async () => {
+  if (req.session.loggedIn) {
+    res.status(200).send("Logged in")
+  } else {
    try {
      const pass = req.body.pass
      if (pass.toLowerCase() === process.env.PASSWORD) {
@@ -42,7 +52,7 @@ app.post('/auth', async (req, res) => {
      console.log("Error: " + e)
      res.status(500).send()
    }
-  })
+  }
 })

 app.get('/card', async (req, res) => {
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -11,6 +11,7 @@
      "dependencies": {
        "axios": "^0.21.1",
        "connect-mongo": "^4.4.1",
+        "cookie-parser": "^1.4.5",
        "cors": "^2.8.5",
        "dotenv": "^8.2.0",
        "express": "^4.17.1",
@@ -537,6 +538,18 @@
        "node": ">= 0.6"
      }
    },
+    "node_modules/cookie-parser": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz",
+      "integrity": "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==",
+      "dependencies": {
+        "cookie": "0.4.0",
+        "cookie-signature": "1.0.6"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
    "node_modules/cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -2562,6 +2575,15 @@
      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
      "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
    },
+    "cookie-parser": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz",
+      "integrity": "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==",
+      "requires": {
+        "cookie": "0.4.0",
+        "cookie-signature": "1.0.6"
+      }
+    },
    "cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@@ -14,6 +14,7 @@
  "dependencies": {
    "axios": "^0.21.1",
    "connect-mongo": "^4.4.1",
+    "cookie-parser": "^1.4.5",
    "cors": "^2.8.5",
    "dotenv": "^8.2.0",
    "express": "^4.17.1",
--- a/backend/verify-captcha.js
+++ b/backend/verify-captcha.js
@@ -1,22 +0,0 @@
-const axios = require('axios')
-
-module.exports = {
-  verifyCaptcha: function (req, res, cb) {
-    if (!req.body['g-recaptcha-response']) {
-      return res.status(400).send("No captcha")
-    }
-
-    const URL = "https://www.google.com/recaptcha/api/siteverify?secret=" + process.env.SECRET_KEY + "&response=" + req.body['g-recaptcha-response'] + "&remoteip=" + req.socket.remoteAddress
-
-    axios.get(URL).then(function (response) {
-      if (response.data.success !== undefined && !response.data.success) {
-        return res.status(429).send("Invalid captcha")
-      }
-
-      cb()
-    })
-    .catch(function (error) {
-      console.log(error);
-    })
-  }
-}