From 9685c7f909e36759fddbd5364d2eac8064b13c1d Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 10:39:21 -0400 Subject: [PATCH 1/7] add guest password config --- config/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/index.js b/config/index.js index 7f3f4e4..7171b4a 100644 --- a/config/index.js +++ b/config/index.js @@ -15,5 +15,6 @@ module.exports = { trustProxy: process.env.TRUST_PROXY === 'true' ? true : process.env.TRUST_PROXY || 'loopback', bulmaswatch: (process.env.BULMASWATCH || 'default').toLowerCase(), pfp: process.env.PFP !== 'false', - language: process.env.LANGUAGE?.toLowerCase() || 'en-us' + language: process.env.LANGUAGE?.toLowerCase() || 'en-us', + guestPassword: process.env.GUEST_PASSWORD } From 0086399678851616cf02d6e9dfd66f2210b03b86 Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 10:40:14 -0400 Subject: [PATCH 2/7] add guest login to login page --- languages/en-us.js | 3 +++ views/login.pug | 14 +++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/languages/en-us.js b/languages/en-us.js index 4e2d180..90893c2 100644 --- a/languages/en-us.js +++ b/languages/en-us.js @@ -66,6 +66,9 @@ module.exports.strings = { CONFIRM_ACCOUNT_SET_PW_TEXT: name => `Hello ${name}! Please set your password here.`, CONFIRM_ACCOUNT_SUCCESS: `Welcome to ${_CC.config.siteTitle}!`, LOGIN_BUTTON: 'Log In', + LOGIN_GUEST_PASSWORD_PLACEHOLDER: 'p4ssw0rd;', + LOGIN_GUEST_PASSWORD: 'Guest Password', + LOGIN_GUEST: 'Log In as a Guest', LOGIN_PASSWORD_PLACEHOLDER: 'pa$$word!', LOGIN_PASSWORD: 'Password', LOGIN_USERNAME_PLACEHOLDER: 'john', diff --git a/views/login.pug b/views/login.pug index 5c3fc5b..53099e4 100644 --- a/views/login.pug +++ b/views/login.pug @@ -17,4 +17,16 @@ block content .field .control input.button.is-primary(type='submit' value=lang('LOGIN_BUTTON')) - + if _CC.config.guestPassword + hr + h3= lang('LOGIN_GUEST') + form(method='POST', action='/login/guest') + .field + label.label= lang('LOGIN_GUEST_PASSWORD') + .control.has-icons-left + input.input(type='password', name='guestpassword', placeholder=lang('LOGIN_GUEST_PASSWORD_PLACEHOLDER')) + span.icon.is-small.is-left + i.fas.fa-lock + .field + .control + input.button.is-primary(type='submit', value=lang('LOGIN_BUTTON')) \ No newline at end of file From 2a9875214736b393e8a076d4efee5cba6a491db2 Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 10:40:37 -0400 Subject: [PATCH 3/7] Revert "add guest login to login page" This reverts commit 0086399678851616cf02d6e9dfd66f2210b03b86. --- languages/en-us.js | 3 --- views/login.pug | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/languages/en-us.js b/languages/en-us.js index 90893c2..4e2d180 100644 --- a/languages/en-us.js +++ b/languages/en-us.js @@ -66,9 +66,6 @@ module.exports.strings = { CONFIRM_ACCOUNT_SET_PW_TEXT: name => `Hello ${name}! Please set your password here.`, CONFIRM_ACCOUNT_SUCCESS: `Welcome to ${_CC.config.siteTitle}!`, LOGIN_BUTTON: 'Log In', - LOGIN_GUEST_PASSWORD_PLACEHOLDER: 'p4ssw0rd;', - LOGIN_GUEST_PASSWORD: 'Guest Password', - LOGIN_GUEST: 'Log In as a Guest', LOGIN_PASSWORD_PLACEHOLDER: 'pa$$word!', LOGIN_PASSWORD: 'Password', LOGIN_USERNAME_PLACEHOLDER: 'john', diff --git a/views/login.pug b/views/login.pug index 53099e4..5c3fc5b 100644 --- a/views/login.pug +++ b/views/login.pug @@ -17,16 +17,4 @@ block content .field .control input.button.is-primary(type='submit' value=lang('LOGIN_BUTTON')) - if _CC.config.guestPassword - hr - h3= lang('LOGIN_GUEST') - form(method='POST', action='/login/guest') - .field - label.label= lang('LOGIN_GUEST_PASSWORD') - .control.has-icons-left - input.input(type='password', name='guestpassword', placeholder=lang('LOGIN_GUEST_PASSWORD_PLACEHOLDER')) - span.icon.is-small.is-left - i.fas.fa-lock - .field - .control - input.button.is-primary(type='submit', value=lang('LOGIN_BUTTON')) \ No newline at end of file + From 1b8d474756f322726461fbe0cae3bf95aac92d3f Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 10:42:29 -0400 Subject: [PATCH 4/7] add guest password querystring --- middlewares/verifyAuth.js | 1 + 1 file changed, 1 insertion(+) diff --git a/middlewares/verifyAuth.js b/middlewares/verifyAuth.js index 50ab33d..bccd43e 100644 --- a/middlewares/verifyAuth.js +++ b/middlewares/verifyAuth.js @@ -9,6 +9,7 @@ module.exports = options => { return res.send('auth fail') } if (authed) return next() + if (_CC.config.guestPassword && req.query.pw === _CC.config.guestPassword) return next() res.redirect(options.failureRedirect || config.defaultFailureRedirect) } } From ad02bc3714b5833dd9d2dd2e71a5e90db8255bd2 Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 10:49:36 -0400 Subject: [PATCH 5/7] add _CCUNKNOWN --- middlewares/publicRoute.js | 2 +- middlewares/verifyAuth.js | 7 ++++++- views/includes/navbar.pug | 2 +- views/wishlists.pug | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/middlewares/publicRoute.js b/middlewares/publicRoute.js index 59b8943..498d449 100644 --- a/middlewares/publicRoute.js +++ b/middlewares/publicRoute.js @@ -2,7 +2,7 @@ const verifyAuth = require('./verifyAuth') const publicMiddleware = () => global._CC.config.wishlist.public ? (req, res, next) => { - if (!req.user) req.user = { _id: 'Unknown' } + if (!req.user) req.user = { _id: '_CCUNKNOWN' } next() } : verifyAuth() diff --git a/middlewares/verifyAuth.js b/middlewares/verifyAuth.js index bccd43e..aa823f3 100644 --- a/middlewares/verifyAuth.js +++ b/middlewares/verifyAuth.js @@ -9,7 +9,12 @@ module.exports = options => { return res.send('auth fail') } if (authed) return next() - if (_CC.config.guestPassword && req.query.pw === _CC.config.guestPassword) return next() + if (_CC.config.guestPassword && req.query.pw === _CC.config.guestPassword) { + req.user = { + _id: '_CCUNKNOWN' + } + return next() + } res.redirect(options.failureRedirect || config.defaultFailureRedirect) } } diff --git a/views/includes/navbar.pug b/views/includes/navbar.pug index 1a9f262..af148d5 100644 --- a/views/includes/navbar.pug +++ b/views/includes/navbar.pug @@ -21,7 +21,7 @@ nav.navbar.is-fixed-top(role='navigation', aria-label='main navigation',style='b .navbar-menu#navBarMenu .navbar-start if req.isAuthenticated() - if req.user._id === 'Unknown' + if req.user._id === '_CCUNKNOWN' .navbar-item a.button.is-primary(href='/login')= lang('NAVBAR_LOGIN') else diff --git a/views/wishlists.pug b/views/wishlists.pug index de246b6..87adb6f 100644 --- a/views/wishlists.pug +++ b/views/wishlists.pug @@ -2,7 +2,7 @@ extends layout.pug block content ul.noStyle.noLeftMargin - if req.user._id !== 'Unknown' + if req.user._id !== '_CCUNKNOWN' li a(href=`${_CC.config.base}wishlist/${req.user._id}`) .box From a99892820264465627d0de662137fd8a3d5a858e Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 11:03:02 -0400 Subject: [PATCH 6/7] add cookie --- middlewares/verifyAuth.js | 9 ++++++--- package.json | 1 + routes/index.js | 1 + yarn.lock | 10 +++++----- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/middlewares/verifyAuth.js b/middlewares/verifyAuth.js index aa823f3..eebeb91 100644 --- a/middlewares/verifyAuth.js +++ b/middlewares/verifyAuth.js @@ -1,4 +1,6 @@ -const config = require('../config') +const ROUGHLY_ONE_YEAR_IN_MILLISECONDS = 1000 * 60 * 60 * 24 * 30 * 12 +const COOKIE_NAME = 'christmas_community.guestpassword' + module.exports = options => { return (req, res, next) => { options = options || {} @@ -9,12 +11,13 @@ module.exports = options => { return res.send('auth fail') } if (authed) return next() - if (_CC.config.guestPassword && req.query.pw === _CC.config.guestPassword) { + if (_CC.config.guestPassword && (req.query.pw === _CC.config.guestPassword || req.cookies[COOKIE_NAME] === _CC.config.guestPassword)) { req.user = { _id: '_CCUNKNOWN' } + res.cookie(COOKIE_NAME, _CC.config.guestPassword, { maxAge: ROUGHLY_ONE_YEAR_IN_MILLISECONDS }) return next() } - res.redirect(options.failureRedirect || config.defaultFailureRedirect) + res.redirect(options.failureRedirect || _CC.config.defaultFailureRedirect) } } diff --git a/package.json b/package.json index 5727a5b..1011176 100644 --- a/package.json +++ b/package.json @@ -22,6 +22,7 @@ "chalk": "^4.1.2", "child-process-promise": "^2.2.1", "connect-flash": "^0.1.1", + "cookie-parser": "^1.4.6", "dompurify": "^2.3.1", "dotenv": "^10.0.0", "express": "4.17.1", diff --git a/routes/index.js b/routes/index.js index 6ef5870..4288c94 100644 --- a/routes/index.js +++ b/routes/index.js @@ -29,6 +29,7 @@ module.exports = ({ db, config }) => { const router = express.Router() router.use('/', express.static(path.join(__dirname, '../static'))) + router.use(require('cookie-parser')()) router.get('/', async (req, res, next) => { diff --git a/yarn.lock b/yarn.lock index 864c3f5..64799b1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -743,12 +743,12 @@ "resolved" "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz" "version" "1.0.4" -"cookie-parser@^1.4.3": - "integrity" "sha512-f13bPUj/gG/5mDr+xLmSxxDsB9DQiTIfhJS/sqjrmfAWiAN+x2O4i/XguTL9yDZ+/IFDanJ+5x7hC4CXT9Tdzw==" - "resolved" "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.5.tgz" - "version" "1.4.5" +"cookie-parser@^1.4.3", "cookie-parser@^1.4.6": + "integrity" "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==" + "resolved" "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz" + "version" "1.4.6" dependencies: - "cookie" "0.4.0" + "cookie" "0.4.1" "cookie-signature" "1.0.6" "cookie-signature@1.0.6": From 48dce2c5c4d8f2d30869db90433b7bcc89628d82 Mon Sep 17 00:00:00 2001 From: Wingy Date: Mon, 3 Oct 2022 11:03:09 -0400 Subject: [PATCH 7/7] add pledge logic --- languages/en-us.js | 1 + views/wishlist.pug | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/languages/en-us.js b/languages/en-us.js index 4e2d180..2449125 100644 --- a/languages/en-us.js +++ b/languages/en-us.js @@ -160,6 +160,7 @@ module.exports.strings = { WISHLIST_PLEDGE_SUCCESS: 'Successfully pledged for item!', WISHLIST_PLEDGE: 'Pledge', WISHLIST_PLEDGED: pledgedBy => `Pledged for by ${pledgedBy}`, + WISHLIST_PLEDGED_GUEST: 'Pledged for by a guest user', WISHLIST_PRICE: 'Price', WISHLIST_REFRESH_GUARD: 'Invalid user', WISHLIST_REFRESH_NO_URL: 'Item has no URL.', diff --git a/views/wishlist.pug b/views/wishlist.pug index 6b2e5c1..1668d42 100644 --- a/views/wishlist.pug +++ b/views/wishlist.pug @@ -113,7 +113,10 @@ block content .control.inline input.inline.button(type='submit' value=lang('WISHLIST_UNPLEDGE')) if item.pledgedBy && item.pledgedBy !== req.user._id - span.ugc=lang('WISHLIST_PLEDGED', item.pledgedBy) + if item.pledgedBy === '_CCUNKNOWN' + span.ugc=lang('WISHLIST_PLEDGED_GUEST') + else + span.ugc=lang('WISHLIST_PLEDGED', item.pledgedBy) td(data-label='Delete Item') form.inline( method='POST',