fix accesskeys

Author: lisong

app.js

@@ -9,6 +9,7 @@ var helmet = require('helmet');
 var routes = require('./routes/index');
 var auth = require('./routes/auth');
 var accessKeys = require('./routes/accessKeys');
+var sessions = require('./routes/sessions');
 var account = require('./routes/account');
 var apps = require('./routes/apps');
 var app = express();
@@ -35,6 +36,7 @@ app.use(express.static(path.join(__dirname, 'public')));
 app.use('/', routes);
 app.use('/auth', auth);
 app.use('/accessKeys', accessKeys);
+app.use('/sessions', sessions);
 app.use('/account', account);
 app.use('/apps', apps);
 

core/middleware.js

@@ -3,6 +3,7 @@ var _ = require('lodash');
 var Promise = require('bluebird');
 var security = require('../core/utils/security');
 var models = require('../models');
+var moment = require('moment');
 
 var middleware = module.exports
 
@@ -15,7 +16,7 @@ var checkAuthToken = function (authToken) {
       throw new Error('401 Unauthorized');
     }
     return models.UserTokens.findOne({
-      where: {tokens: authToken, uid: users.id}
+      where: {tokens: authToken, uid: users.id, expires_at: { gt: moment().utc().format('YYYY-MM-DD hh:mm:ss') }}
     })
     .then(function(tokenInfo){
       if (_.isEmpty(tokenInfo)){
@@ -78,6 +79,6 @@ middleware.checkToken = function(req, res, next) {
       res.status(401).send(e.message);
     });
   } else {
-    res.status(401).send(e.message);
+    res.status(401).send('401 Unauthorized');
   }
 };

core/services/account-manager.js

@@ -4,6 +4,7 @@ var models = require('../../models');
 var _ = require('lodash');
 var validator = require('validator');
 var security = require('../utils/security');
+var moment = require('moment');
 
 var proto = module.exports = function (){
   function AccountManager() {
@@ -50,24 +51,38 @@ proto.findUserByEmail = function (email) {
 
 proto.getAllAccessKeyByUid = function (uid) {
   return models.UserTokens.findAll({where: {uid: uid}})
-  .then(function (token) {
-    return _.map(token, function(v){
+  .then(function (tokens) {
+    return _.map(tokens, function(v){
       return {
-        name: v.tokens,
-        createdTime: v.created_at,
+        id: v.id + "",
+        name: '(hidden)',
+        createdTime: parseInt(moment(v.created_at).format('x')),
         createdBy: v.created_by,
+        expires: parseInt(moment(v.expires_at).format('x')),
+        friendlyName: v.name,
+        isSession: v.is_session == 0 ? false : true,
         description: v.description,
       };
     });
   });
 };
 
-proto.createAccessKey = function (uid, newAccessKey,  createdBy, description) {
+proto.isExsitAccessKeyName = function (uid, friendlyName) {
+  return models.UserTokens.findOne({
+    where: {uid: uid, name: friendlyName}
+  });
+};
+
+proto.createAccessKey = function (uid, newAccessKey, isSession, ttl, friendlyName, createdBy, description) {
   return models.UserTokens.create({
     uid: uid,
+    name: friendlyName,
     tokens: newAccessKey,
     description: description,
-    created_by: createdBy
+    is_session: isSession ? true : false,
+    created_by: createdBy,
+    expires_at: moment().utc().add(ttl/1000, 'seconds').format('YYYY-MM-DD hh:mm:ss'),
+    created_at: moment().utc().format('YYYY-MM-DD hh:mm:ss'),
   });
 };
 

models/user_tokens.js

@@ -9,10 +9,12 @@ module.exports = function(sequelize, DataTypes) {
       primaryKey: true
     },
     uid: DataTypes.BIGINT(20),
+    name: DataTypes.STRING,
     tokens: DataTypes.STRING,
     description: DataTypes.STRING,
-    created_by:DataTypes.STRING,
-    created_at:DataTypes.TIME,
+    is_session: DataTypes.INTEGER(3),
+    created_by: DataTypes.STRING,
+    created_at: DataTypes.TIME,
     expires_at : DataTypes.TIME
   }, {
     updatedAt: false,

package.json

@@ -28,6 +28,7 @@
     "jade": "~1.11.0",
     "jsonwebtoken": "^7.1.7",
     "lodash": "^4.5.1",
+    "moment": "^2.14.1",
     "morgan": "~1.6.1",
     "mysql": "^2.10.2",
     "ncp": "^2.0.0",

public/stylesheets/index.css

@@ -0,0 +1,5 @@
+.site-notice {
+  padding: 5px 0;
+  text-align: center;
+  background-color: #fff;
+}

public/stylesheets/tokens.css

@@ -0,0 +1,5 @@
+.site-notice {
+  padding: 5px 0;
+  text-align: center;
+  background-color: #fff;
+}

routes/accessKeys.js

@@ -20,26 +20,35 @@ router.post('/', middleware.checkToken, function(req, res, next) {
   var uid = req.users.id;
   var identical = req.users.identical;
   var createdBy = _.trim(req.body.createdBy);
+  var friendlyName = _.trim(req.body.friendlyName);
+  var isSession = req.body.isSession;
+  var ttl = parseInt(req.body.ttl);
   var description = _.trim(req.body.description);
   var newAccessKey = security.randToken(28).concat(identical);
-  accountManager.createAccessKey(uid, newAccessKey, createdBy, description)
+  accountManager.isExsitAccessKeyName(uid, friendlyName).then(function (data) {
+    if (!_.isEmpty(data)) {
+      throw Error(`The access key ${friendlyName}  already exists.`);
+    }
+    return accountManager.createAccessKey(uid, newAccessKey, isSession, ttl, friendlyName, createdBy, description);
+  })
   .then(function(newToken){
     var info = {
       name : newToken.tokens,
       createdTime : newToken.created_at,
       createdBy : newToken.created_by,
       description : newToken.description,
+      friendlyName: newToken.name,
     };
     res.send({accessKey:info});
   }).catch(function (e) {
     res.status(406).send(e.message);
   });
 });
 
-router.delete('/:accessKey', middleware.checkToken, function(req, res, next){
-  var accessKey = _.trim(decodeURI(req.params.accessKey));
+router.delete('/:name', middleware.checkToken, function(req, res, next){
+  var name = _.trim(decodeURI(req.params.name));
   var uid = req.users.id;
-  models.UserTokens.destroy({where: {tokens:accessKey, uid: uid}})
+  models.UserTokens.destroy({where: {name:name, uid: uid}})
   .then(function(rowNum){
     res.send("");
   }).catch(function (e) {

routes/index.js

@@ -9,6 +9,10 @@ router.get('/', function(req, res, next) {
   res.render('index', { title: 'CodePushServer' });
 });
 
+router.get('/tokens', function(req, res, next) {
+  res.render('tokens', { title: '获取token' });
+});
+
 router.get('/updateCheck', function(req, res, next){
   var deploymentKey = _.get(req, "query.deploymentKey");
   var appVersion = _.get(req, "query.appVersion");

routes/sessions.js

@@ -0,0 +1,20 @@
+var express = require('express');
+var router = express.Router();
+var _ = require('lodash');
+var security = require('../core/utils/security');
+var models = require('../models');
+var middleware = require('../core/middleware');
+var accountManager = require('../core/services/account-manager')();
+
+router.delete('/:machineName', middleware.checkToken, function(req, res, next){
+  var machineName = _.trim(decodeURI(req.params.machineName));
+  var uid = req.users.id;
+  models.UserTokens.destroy({where: {created_by:machineName, uid: uid}})
+  .then(function(rowNum){
+    res.send("");
+  }).catch(function (e) {
+    res.status(406).send(e.message);
+  });
+});
+
+module.exports = router;

views/auth/login.jade

@@ -5,54 +5,39 @@ block css
 block content
   .container
     form#form.form-signin(method="post")
-      h2.form-signin-heading Please sign in
-      label.sr-only(for="inputEmail") Email address
-      input#inputEmail.form-control(type="text" name="account" placeholder="Email address" required autofocus)
-      label.sr-only(for="inputPassword") Password
-      input#inputPassword.form-control(type="password" name="password" placeholder="Password" required)
+      h2.form-signin-heading 请登录
+      label.sr-only(for="inputEmail") 邮箱地址／用户名
+      input#inputEmail.form-control(type="text" name="account" placeholder="邮箱地址／用户名" required autofocus)
+      label.sr-only(for="inputPassword") 密码
+      input#inputPassword.form-control(type="password" name="password" placeholder="密码" required)
       .checkbox
         label
           input(type="checkbox" value="remember-me")
-          span Remember me
-      a#submitBtn.btn.btn-lg.btn-primary.btn-block Sign in
+          span 记住我
+      a#submitBtn.btn.btn-lg.btn-primary.btn-block 登录
 
-    #myModal.modal.fade.bs-example-modal-sm(tabindex="-1" role="dialog" aria-labelledby="mySmallModalLabel")
-      .modal-dialog.modal-md
-        .modal-content
-          .modal-header
-            button.close(data-dismiss="modal" aria-label="Close")
-              span(aria-hidden="true") ×
-            h4#mySmallModalLabel.modal-title login token
-          .modal-body  ...
-          .modal-footer
-            button.btn.btn-default(type="button" data-dismiss="modal") Close
-            button.btn.btn-primary(type="button" data-dismiss="modal") OK
 block js
   script().
     var submit = false;
     $('#submitBtn').on('click', function () {
       if (submit) {
         return ;
       }
-      var myModal = $('#myModal');
-      myModal.on('hidden.bs.modal', function (e) {
-        window.close();
-      });
       submit = true;
       $.ajax({
         type: 'post',
         data: $('#form').serializeArray(),
         url: $('#form').attr('action'),
         dataType: 'json',
         success: function (data) {
-            if (data.status == "OK") {
-              myModal.find(".modal-body").text(data.results.tokens)
-              myModal.modal('show');
-              submit = false;
-            } else {
-              alert(data.errorMessage);
-              submit = false;
-            }
+          if (data.status == "OK") {
+            sessionStorage.setItem('auth', data.results.tokens)
+            submit = false;
+            location.href = '/tokens/' + location.search;
+          } else {
+            alert(data.errorMessage);
+            submit = false;
+          }
         }
       });
     });

views/index.jade

@@ -1,5 +1,10 @@
 extends layout
+block css
+  link(rel='stylesheet', href='/stylesheets/index.css')
 
 block content
-  h1= title
-  p Welcome to #{title}
+  .site-notice react naitve 热更新服务器
+  h1(style="text-align: center;")= title
+  p(style="text-align: center;") Welcome to #{title}
+  .site-notice
+    a.btn.btn-primary(href="/auth/login" type="button") 登录

views/tokens.jade

@@ -0,0 +1,76 @@
+extends layout
+block css
+  link(rel='stylesheet', href='/stylesheets/tokens.css')
+
+block content
+  h1(style="text-align: center;")= title
+  .site-notice
+    a#submitBtn.btn.btn-lg.btn-primary 获取token
+  .form-group
+    #tipsSuccess(style="display:none")
+      h2(style="text-align: center;") Authentication succeeded.
+      h2(style="text-align: center;") Please copy and paste this access key to the command window:
+  .form-group
+    .col-sm-offset-3.col-sm-6
+      input#key.form-control(style="display:none" readonly)
+  br
+  .form-group
+    #tipsClose(style="display:none")
+      h2(style="text-align: center;") After doing so, please close this browser.
+
+block js
+  script().
+    var submit = false;
+    function parseQuery(query) {
+      query = query.substring(1);
+      var vars = query.split('&');
+      var rs = {};
+      for (var i = 0; i < vars.length; i++) {
+        var pair = vars[i].split('=');
+        rs[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]);
+      }
+      return rs;
+    }
+    $('#submitBtn').on('click', function () {
+      if (submit) {
+        return ;
+      }
+      submit = true;
+      var query = parseQuery(location.search);
+      var createdBy = query.hostname;
+      var time = (new Date()).getTime();
+      if (createdBy == null || createdBy == undefined || createdBy=="") {
+        createdBy = 'Login-' + time;
+      }
+      var postParams = {
+        createdBy: createdBy,
+        friendlyName: "Login-" + time,
+        ttl: 60*60*24*30*1000,
+        description: "Login-" + time,
+        isSession: true
+      };
+      var access_token = sessionStorage.getItem('auth');
+      $.ajax({
+        type: 'post',
+        data: postParams,
+        url: '/accessKeys?access_token='+access_token,
+        dataType: 'json',
+        success: function (data) {
+          submit = false;
+          $('#tipsSuccess').show();
+          $('#key').val(data.accessKey.name);
+          $('#key').show();
+          $('#tipsClose').show();
+        },
+        error: function(XMLHttpRequest, textStatus, errorThrown) {
+          submit = false;
+          if (errorThrown == 'Unauthorized') {
+            alert('请重新登录!');
+            location.href = '/auth/login'
+          }else {
+            alert(errorThrown);
+          }
+        }
+      });
+    });
+