API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 8th, 2018
109
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.17 KB | None | 0 0
raw download clone embed print report
  1. const express = require('express');
  2. const app = express();
  3. const bodyParser = require('body-parser');
  4.  
  5. var fs = require('fs');
  6. var mysql = require('mysql');
  7. var axios = require('axios');
  8. var crypto = require('crypto');
  9.  
  10. var con = mysql.createConnection({
  11. host: "localhost",
  12. user: "root",
  13. password: "projetoDM2018;",
  14. database: "whatdidihaveDB"
  15. });
  16.  
  17. app.use(bodyParser.urlencoded({
  18. extended: false
  19. }));
  20. app.use(bodyParser.json());
  21.  
  22. // Cliente conecta-se
  23. app.get('/publickey', (request, response) => {
  24. console.log("Cliente pediu a chave pública.")
  25. // Recebe a chave pública (pubPem)
  26. response.json({
  27. public_key: pubPem
  28. })
  29. })
  30.  
  31. app.get('/oauth2token', (request, response) => {
  32. // Website you wish to allow to connect
  33. response.setHeader('Access-Control-Allow-Origin', '*');
  34.  
  35. // Request methods you wish to allow
  36. response.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
  37.  
  38. // Request headers you wish to allow
  39. response.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
  40.  
  41. // Set to true if you need the website to include cookies in the requests sent
  42. // to the API (e.g. in case you use sessions)
  43. response.setHeader('Access-Control-Allow-Credentials', true);
  44.  
  45. console.log("oauth2token, recebido access_token de um cliente");
  46. var access_token = request.query.access_token;
  47. var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
  48. var xhr = new XMLHttpRequest();
  49. xhr.open('GET', 'https://graph.microsoft.com/v1.0/me', true);
  50. xhr.setRequestHeader('Authorization', 'Bearer ' + access_token);
  51. var trigger = false;
  52. xhr.onreadystatechange = function() {
  53. if (xhr.readyState === 4 && xhr.status === 200 && trigger == false) {
  54. trigger = true;
  55. // Do something with the response
  56. var loginData = JSON.parse(JSON.stringify(JSON.parse(xhr.responseText), null, ' '));
  57.  
  58. //*************************************
  59. //User está autenticado pela microsoft.
  60. var access_token_hashed = crypto.createHash('md5').update(access_token).digest('hex');
  61. console.log("Utilizador pediu access_token: " + access_token_hashed);
  62. //// TODO:
  63. //Talvez ver se é @my.ipleiria.com... (pode não ser preciso, o servidor da microsoft pode so deixar @my.ipleiria.com)
  64.  
  65. //Inserir access_token_hashed na base de dados, naquele utilizador
  66. con.connect(function(err) {
  67. if (err) throw err;
  68. con.query("SELECT * FROM users WHERE email = ?", [loginData.mail], function(err, result, fields) {
  69. if (err) throw err;
  70. console.log(result);
  71.  
  72. var professor = false;
  73. if (loginData.jobTitle.trim().toLowerCase() == "professor") {
  74. professor = true;
  75. }
  76.  
  77. //Data em que o token expira...
  78. var date = new Date();
  79. var dataValidade = (new Date(date.setTime(date.getTime() + 86400000))).toISOString().substring(0, 19).replace('T', ' ');
  80. if (result != null && result.length > 0) {
  81. //Utilizador já existe
  82. con.query('UPDATE users SET access_token = ?, access_token_expires = ? WHERE email = ?', [access_token_hashed, dataValidade, loginData.mail], function(err, result) {
  83. if (err) throw err;
  84. console.log("Foi efetuado um login existente...");
  85. con.end();
  86. response.json({
  87. access_token: access_token_hashed,
  88. email: loginData.mail,
  89. professor: professor,
  90. coordenador: result[0].RawDataPacket.coordenador
  91. });
  92. });
  93. } else {
  94. //Utilizador ainda não existe
  95. con.query('INSERT INTO users (email, access_token, access_token_expires, public_key, professor, coordenador) VALUES(?, ?, ?, "",?,false)', [loginData.mail, access_token_hashed, dataValidade, professor], function(err, result) {
  96. if (err) throw err;
  97. console.log("Foi efetuado um login novo...");
  98. con.end();
  99. response.json({
  100. access_token: access_token_hashed,
  101. email: loginData.mail,
  102. professor: professor,
  103. coordenador: false //Utilizador novo, não pode ser coordenador
  104. });
  105. });
  106. }
  107. });
  108. });
  109.  
  110. //*************************************
  111. } else {
  112. // TODO: Do something with the error (or non-200 responses)
  113. // TODO: Disabled because it was replying multiple times in one go...
  114. /*response.json({
  115. data: 'ERROR:\n\n' + xhr.responseText
  116. });*/
  117. }
  118. };
  119. xhr.send();
  120. });
  121.  
  122. app.get('/logout', (request, response) => {
  123. // Website you wish to allow to connect
  124. response.setHeader('Access-Control-Allow-Origin', '*');
  125.  
  126. // Request methods you wish to allow
  127. response.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
  128.  
  129. // Request headers you wish to allow
  130. response.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
  131.  
  132. // Set to true if you need the website to include cookies in the requests sent
  133. // to the API (e.g. in case you use sessions)
  134. response.setHeader('Access-Control-Allow-Credentials', true);
  135.  
  136. console.log("logout, recebido access_token de um cliente");
  137.  
  138. var access_token = request.query.access_token;
  139.  
  140. //Inserir access_token_hashed na base de dados, naquele utilizador
  141. con.connect(function(err) {
  142. if (err) throw err;
  143. con.query("SELECT * FROM users WHERE access_token = ?", [loginData.mail], function(err, result, fields) {
  144. if (err) throw err;
  145. console.log(result);
  146. if (result != null && result.length > 0) {
  147. //Utilizador já existe
  148. con.query('UPDATE users SET access_token = "", access_token_expires = NULL WHERE access_token = ?', [access_token], function(err, result) {
  149. if (err) throw err;
  150. console.log("Foi efetuado um logout.");
  151. con.end();
  152. response.json({
  153. logout: "success"
  154. });
  155. });
  156. }
  157. });
  158. });
  159. });
  160.  
  161. //TODO função que verifica se o token é válido
  162.  
  163. //MUDAR NO SERVIDOR PARA app.listen(80, "0.0.0.0", (err) => {
  164. app.listen(80, "0.0.0.0", (err) => {
  165. if (err) {
  166. return console.log('Erro: ', err)
  167. }
  168.  
  169. console.log(`Servidor está à escuta na porta 80`)
  170. })
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!