From d05292b365dc59ae4115b0c02f75c67423b71a07 Mon Sep 17 00:00:00 2001 From: Rene Vergara Date: Tue, 9 Nov 2021 12:39:16 -0600 Subject: [PATCH] Add API authentication --- backend/app.js | 13 ++++++++++++- src/app/fullnode.service.ts | 11 +++++++---- src/app/items/items.service.ts | 11 +++++++---- src/app/order/order.service.ts | 17 ++++++++++------- src/app/user.service.ts | 14 +++++++++----- 5 files changed, 45 insertions(+), 21 deletions(-) diff --git a/backend/app.js b/backend/app.js index 53f8325..ea5046d 100644 --- a/backend/app.js +++ b/backend/app.js @@ -1,6 +1,7 @@ const express = require('express'); const app = express(); const bodyparser = require('body-parser'); +const cors = require('cors'); const postmodel = require('./models/post'); const usermodel = require('./models/user'); const ownermodel = require('./models/owner'); @@ -147,16 +148,26 @@ var blockInterval = setInterval( function() { }); }, 90000); +app.use(cors()); +app.options('*', cors()); + app.use(bodyparser.json()); app.use((req, res, next) => { res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); res.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS"); - //req.ip = RequestIP.getClientIp(req); next(); }); +app.use((req, res, next) => { + if (req.headers.authorization !== 'Le2adeic8Thah4Aeng4daem6i' ) { + return res.status(401).send('Authorization required.'); + } else { + next(); + } +}); + app.get('/api/users', (req, res, next) => { diff --git a/src/app/fullnode.service.ts b/src/app/fullnode.service.ts index 36fd127..950a0d9 100644 --- a/src/app/fullnode.service.ts +++ b/src/app/fullnode.service.ts @@ -1,6 +1,6 @@ import {Injectable} from '@angular/core'; import {Subject, Subscription, BehaviorSubject, Observable} from 'rxjs'; -import {HttpClient, HttpParams} from '@angular/common/http'; +import {HttpClient, HttpParams, HttpHeaders} from '@angular/common/http'; import {UserService} from './user.service'; //import {User} from './user.model'; @@ -18,15 +18,18 @@ export class FullnodeService{ public readonly memoUpdate: Observable = this._memoUpdated.asObservable(); public readonly priceUpdate: Observable = this._priceUpdated.asObservable(); private UserSub: Subscription = new Subscription(); + private apiKey = 'Le2adeic8Thah4Aeng4daem6i'; + private reqHeaders: HttpHeaders; constructor(private http: HttpClient, public userService: UserService){ + this.reqHeaders = new HttpHeaders().set('Authorization', this.apiKey); this.getAddr(); this.getHeight(); this.getPrice(); } getHeight(){ - let obs = this.http.get<{message: string, height: number}>(this.beUrl+'api/blockheight'); + let obs = this.http.get<{message: string, height: number}>(this.beUrl+'api/blockheight', { headers: this.reqHeaders }); obs.subscribe((BlockData) => { this.dataStore.height = BlockData.height; this._heightUpdated.next(Object.assign({}, this.dataStore).height); @@ -38,7 +41,7 @@ export class FullnodeService{ getPrice(){ var currency = 'usd'; const params = new HttpParams().append('currency', currency); - let obs = this.http.get<{message: string, price: any}>(this.beUrl+'api/price', { headers:{}, params: params, observe: 'response'}); + let obs = this.http.get<{message: string, price: any}>(this.beUrl+'api/price', { headers:this.reqHeaders, params: params, observe: 'response'}); obs.subscribe((PriceData) => { if (PriceData.status == 200) { this.dataStore.price = PriceData.body!.price.price; @@ -63,7 +66,7 @@ export class FullnodeService{ getAddr() { - let obs = this.http.get<{message: string, addr: string}>(this.beUrl+'api/getaddr'); + let obs = this.http.get<{message: string, addr: string}>(this.beUrl+'api/getaddr', { headers: this.reqHeaders }); obs.subscribe((AddrData) => { this.dataStore.addr = AddrData.addr; diff --git a/src/app/items/items.service.ts b/src/app/items/items.service.ts index 75d8a65..f18e8a7 100644 --- a/src/app/items/items.service.ts +++ b/src/app/items/items.service.ts @@ -1,7 +1,7 @@ import { Item } from './item.model'; import { Injectable } from '@angular/core'; import { Subject, BehaviorSubject, Observable } from 'rxjs'; -import { HttpClient, HttpParams } from '@angular/common/http'; +import { HttpClient, HttpParams, HttpHeaders } from '@angular/common/http'; @Injectable({providedIn: 'root'}) @@ -11,14 +11,17 @@ export class ItemService{ private _itemsUpdated: BehaviorSubject = new BehaviorSubject(this.dataStore.items); public readonly itemsUpdated: Observable = this._itemsUpdated.asObservable(); private address:string = ''; + private apiKey = 'Le2adeic8Thah4Aeng4daem6i'; + private reqHeaders: HttpHeaders; constructor(private http: HttpClient){ + this.reqHeaders = new HttpHeaders().set('Authorization', this.apiKey); } getItems(addr: string){ this.address = addr; const params = new HttpParams().append('address', addr); - let obs = this.http.get<{message: string, items: any}>(this.beUrl+'api/getitems', { headers:{}, params: params, observe: 'response'}); + let obs = this.http.get<{message: string, items: any}>(this.beUrl+'api/getitems', { headers:this.reqHeaders, params: params, observe: 'response'}); obs.subscribe((ItemDataResponse) => { if (ItemDataResponse.status == 200 ) { @@ -34,7 +37,7 @@ export class ItemService{ addItem(item: Item) { //const params = new HttpParams().append('item', JSON.stringify(item)); - let obs = this.http.post<{message: string}>(this.beUrl+'api/item', { item: item }); + let obs = this.http.post<{message: string}>(this.beUrl+'api/item', { item: item }, { headers: this.reqHeaders }); obs.subscribe((ItemResponse) => { console.log('Item added'); @@ -45,7 +48,7 @@ export class ItemService{ } deleteItem(id: string) { - let obs = this.http.delete<{message: string}>(this.beUrl+'api/item/'+id); + let obs = this.http.delete<{message: string}>(this.beUrl+'api/item/'+id, { headers: this.reqHeaders }); obs.subscribe((ItemResponse) => { console.log('Item deleted'); diff --git a/src/app/order/order.service.ts b/src/app/order/order.service.ts index d3e0af8..69334b6 100644 --- a/src/app/order/order.service.ts +++ b/src/app/order/order.service.ts @@ -1,6 +1,6 @@ import { Injectable } from '@angular/core'; import { Subject, BehaviorSubject, Observable } from 'rxjs'; -import { HttpClient, HttpParams } from '@angular/common/http'; +import { HttpClient, HttpParams, HttpHeaders } from '@angular/common/http'; import { Order } from './order.model'; import { UserService } from '../user.service'; import { FullnodeService } from '../fullnode.service'; @@ -42,12 +42,15 @@ export class OrderService { private _allOrdersUpdated: BehaviorSubject = new BehaviorSubject(this.dataStore.allOrders); public readonly allOrdersUpdate: Observable = this._allOrdersUpdated.asObservable(); public userUpdate: Observable; + private apiKey = 'Le2adeic8Thah4Aeng4daem6i'; + private reqHeaders: HttpHeaders; constructor( private http: HttpClient, public fullnodeService: FullnodeService, public userService: UserService ) { + this.reqHeaders = new HttpHeaders().set('Authorization', this.apiKey); this.userUpdate = userService.userUpdate; this.userUpdate.subscribe((user) => { this.dataStore.user = user; @@ -59,7 +62,7 @@ export class OrderService { getOrder() { var session = this.dataStore.user.session; const params = new HttpParams().append('session', session); - let obs = this.http.get<{message: string, order: any}>(this.beUrl+'api/order', { headers:{}, params:params, observe: 'response'}); + let obs = this.http.get<{message: string, order: any}>(this.beUrl+'api/order', { headers:this.reqHeaders, params:params, observe: 'response'}); obs.subscribe((OrderDataResponse) => { if (OrderDataResponse.status == 200) { @@ -81,7 +84,7 @@ export class OrderService { getAllOrders(){ var address = this.dataStore.user.address; const params = new HttpParams().append('address', address); - let obs = this.http.get<{message: string, orders: any}>(this.beUrl+'api/allorders', { headers:{}, params:params, observe: 'response'}); + let obs = this.http.get<{message: string, orders: any}>(this.beUrl+'api/allorders', { headers:this.reqHeaders, params:params, observe: 'response'}); obs.subscribe((OrdersData) => { if (OrdersData.status == 200 ){ console.log('getAllOrder:', OrdersData.body); @@ -97,7 +100,7 @@ export class OrderService { addToOrder(lineItem: LineItem) { if(this.dataStore.order._id != null) { - let obs = this.http.post<{message: string}>(this.beUrl+'api/lineitem', { order_id: this.dataStore.order._id, line: lineItem }); + let obs = this.http.post<{message: string}>(this.beUrl+'api/lineitem', { order_id: this.dataStore.order._id, line: lineItem }, { headers: this.reqHeaders }); obs.subscribe((orderData) => { this.getOrder(); }); @@ -116,7 +119,7 @@ export class OrderService { total: 0, lines: [] }; - let obs = this.http.post<{message: string, order: Order}>(this.beUrl+'api/order', {order: order}); + let obs = this.http.post<{message: string, order: Order}>(this.beUrl+'api/order', {order: order}, { headers: this.reqHeaders }); obs.subscribe((orderData) => { console.log('Create order', orderData); this.dataStore.order = orderData.order; @@ -128,7 +131,7 @@ export class OrderService { } cancelOrder(id: string) { - let obs = this.http.delete<{message: string}>(this.beUrl+'api/order/'+id); + let obs = this.http.delete<{message: string}>(this.beUrl+'api/order/'+id, { headers: this.reqHeaders }); obs.subscribe((OrderResponse) => { console.log('Order deleted'); @@ -160,7 +163,7 @@ export class OrderService { console.log('Price:', price); this.dataStore.order.closed = true; this.dataStore.order.price = price; - let obs = this.http.post<{message: string, order: Order}>(this.beUrl+'api/order', {order: this.dataStore.order}); + let obs = this.http.post<{message: string, order: Order}>(this.beUrl+'api/order', {order: this.dataStore.order}, { headers: this.reqHeaders }); obs.subscribe((orderData) => { console.log('Closed order', orderData); this.dataStore.order = { diff --git a/src/app/user.service.ts b/src/app/user.service.ts index b5db044..b0bac46 100644 --- a/src/app/user.service.ts +++ b/src/app/user.service.ts @@ -1,6 +1,6 @@ import {Injectable} from '@angular/core'; import {Subject, BehaviorSubject, Observable} from 'rxjs'; -import {HttpClient, HttpParams} from '@angular/common/http'; +import {HttpClient, HttpParams, HttpHeaders} from '@angular/common/http'; import {User} from './user.model'; import {Owner} from './owner.model'; @@ -30,8 +30,12 @@ export class UserService{ public readonly uZaddrUpdate: Observable = this._uZaddrUpdated.asObservable(); public readonly ownerUpdate: Observable = this._ownerUpdated.asObservable(); public readonly userUpdate: Observable = this._userUpdated.asObservable(); + private reqHeaders: HttpHeaders; + private apiKey = 'Le2adeic8Thah4Aeng4daem6i'; constructor(private http: HttpClient){ + this.reqHeaders = new HttpHeaders().set('Authorization', this.apiKey); + console.log('US:', this.reqHeaders); this.session = localStorage.getItem('s4z_token'); if (this.session != null) { this.findUser(); @@ -42,7 +46,7 @@ export class UserService{ this.session = localStorage.getItem('s4z_token'); if (this.session != null) { const params = new HttpParams().append('session', this.session!); - let obs = this.http.get<{message: string, user: any}>(this.beUrl+'api/getuser', { headers:{}, params: params, observe: 'response'}); + let obs = this.http.get<{message: string, user: any}>(this.beUrl+'api/getuser', { headers: this.reqHeaders, params: params, observe: 'response'}); obs.subscribe((UserDataResponse) => { console.log(UserDataResponse.status); @@ -67,7 +71,7 @@ export class UserService{ addOwner(address: string) { const owner: Owner={_id: '', address: address, name: 'Zgo-'.concat(address.substring(0,5))}; - let obs = this.http.post<{message: string}>(this.beUrl+'api/addowner', {address: owner.address, name: owner.name}); + let obs = this.http.post<{message: string}>(this.beUrl+'api/addowner', {address: owner.address, name: owner.name}, {headers: this.reqHeaders}); obs.subscribe((responseData) => { console.log(responseData.message); @@ -77,7 +81,7 @@ export class UserService{ } updateOwner(owner: Owner) { - this.http.post<{message: string, owner: Owner}>(this.beUrl+'api/updateowner', {owner: owner}). + this.http.post<{message: string, owner: Owner}>(this.beUrl+'api/updateowner', {owner: owner}, {headers: this.reqHeaders}). subscribe((responseData) => { console.log(responseData.message); //this.dataStore.owner = responseData.owner; @@ -89,7 +93,7 @@ export class UserService{ getOwner(address: string) { console.log('getOwner', address); const ownParams = new HttpParams().append('address', address); - let obs = this.http.get<{message:string, owner: any}>(this.beUrl+'api/getowner', {params: ownParams, observe: 'response'}); + let obs = this.http.get<{message:string, owner: any}>(this.beUrl+'api/getowner', { headers: this.reqHeaders, params: ownParams, observe: 'response'}); obs.subscribe((OwnerDataResponse) => { console.log('api/getowner', OwnerDataResponse.status);