59 crypto

fkkmemi · Nov 6, 2018 · 541904e · 541904e
1 parent e8dc229
commit 541904e
Show file tree

Hide file tree

Showing 10 changed files with 29 additions and 40 deletions.
diff --git a/be/app.js b/be/app.js
@@ -216,3 +216,8 @@ const verifyToken = (t, k) => {
 // getToken('aaa')
 //   .then(v => console.log(v))
 //   .catch(err => console.error(err.message))
+
+// const crypto = require('crypto');
+// const bf = Buffer.alloc(64)
+// const s = crypto.randomFillSync(bf)
+// console.log(s.toString('hex'))
diff --git a/be/models/users.js b/be/models/users.js
@@ -1,4 +1,5 @@
 const mongoose = require('mongoose')
+const crypto = require('crypto')
 const cfg = require('../../config')
 
 mongoose.set('useCreateIndex', true)
@@ -20,27 +21,19 @@ User.findOne({ id: cfg.admin.id })
     // console.log(r)
     if (!r) return User.create({ id: cfg.admin.id, pwd: cfg.admin.pwd, name: cfg.admin.name, lv: 0 })
     // if (r.lv === undefined) return User.updateOne({ _id: r._id }, { $set: { lv: 0, inCnt: 0 } }) // 임시.. 관리자 계정 레벨 0으로..
-    return Promise.resolve(null)
+    return Promise.resolve(r)
   })
   .then((r) => {
-    if (r) console.log(`admin:${r.id} created!`)
+    if (r.pwd !== cfg.admin.pwd) return Promise.resolve(null)
+    console.log(`admin:${r.id} created!`)
+    const pwd = crypto.scryptSync(r.pwd, r._id.toString(), 64, { N: 1024 }).toString('hex')
+    return User.updateOne({ _id: r._id }, { $set: { pwd } })
+  })
+  .then(r => {
+    if (r) console.log('pwd changed!')
   })
   .catch((e) => {
     console.error(e.message)
   })
 
-  User.findOne({ id: 'lv2' })
-    .then((r) => {
-      // console.log(r)
-      if (!r) return User.create({ id: 'lv2', pwd: '1234', name: 'lv2', lv: 2 })
-      // if (r.lv === undefined) return User.updateOne({ _id: r._id }, { $set: { lv: 0, inCnt: 0 } }) // 임시.. 관리자 계정 레벨 0으로..
-      return Promise.resolve(null)
-    })
-    .then((r) => {
-      if (r) console.log(`admin:${r.id} created!`)
-    })
-    .catch((e) => {
-      console.error(e.message)
-    })
-
 module.exports = User
diff --git a/be/routes/api/index.js b/be/routes/api/index.js
@@ -24,7 +24,7 @@ router.all('*', function(req, res, next) {
   const token = req.headers.authorization
   verifyToken(token)
     .then(v => {
-      console.log(v)
+      // console.log(v)
       req.user = v
       next()
     })

diff --git a/be/routes/api/manage/user/index.js b/be/routes/api/manage/user/index.js
@@ -4,7 +4,8 @@ var router = express.Router();
 const User = require('../../../../models/users')
 
 router.get('/', function(req, res, next) {
-  User.find()
+  // User.find().select('-pwd')
+  User.find({}, { name: 1, age: 1, lv: 1, inCnt: 1 })
     .then(r => {
       res.send({ success: true, users: r })
     })

diff --git a/be/routes/api/register/index.js b/be/routes/api/register/index.js
@@ -1,6 +1,7 @@
 var express = require('express');
 var createError = require('http-errors');
 var router = express.Router();
+const crypto = require('crypto')
 const User = require('../../../models/users')
 
 router.post('/', (req, res) => {
@@ -14,6 +15,10 @@ router.post('/', (req, res) => {
       if (r) throw new Error('이미 등록되어 있는 아이디입니다.')
       return User.create(u)
     })
+    .then((r) => {
+      const pwd = crypto.scryptSync(r.pwd, r._id.toString(), 64, { N: 1024 }).toString('hex')
+      return User.updateOne({ _id: r._id }, { $set: { pwd } })
+    })
     .then((r) => {
       res.send({ success: true })
     })

diff --git a/be/routes/api/sign/index.js b/be/routes/api/sign/index.js
@@ -2,6 +2,7 @@ var express = require('express');
 var createError = require('http-errors');
 var router = express.Router();
 const jwt = require('jsonwebtoken')
+const crypto = require('crypto')
 const cfg = require('../../../../config')
 const User = require('../../../models/users')
 
@@ -27,7 +28,8 @@ router.post('/in', (req, res) => {
   User.findOne({ id })
     .then((r) => {
       if (!r) throw new Error('존재하지 않는 아이디입니다.')
-      if (r.pwd !== pwd) throw new Error('비밀번호가 틀립니다.')
+      const p = crypto.scryptSync(pwd, r._id.toString(), 64, { N: 1024 }).toString('hex')
+      if (r.pwd !== p) throw new Error('비밀번호가 틀립니다.')
       return signToken(r.id, r.lv, r.name)
     })
     .then((r) => {

diff --git a/be/routes/api/user/index.js b/be/routes/api/user/index.js
@@ -4,7 +4,7 @@ var router = express.Router();
 const User = require('../../../models/users')
 
 router.get('/', function(req, res, next) {
-  User.find()
+  User.find().select('-pwd')
     .then(r => {
       res.send({ success: true, users: r })
     })

diff --git a/fe/src/router.js b/fe/src/router.js
@@ -89,25 +89,6 @@ export default new Router({
       component: () => import('./views/site'),
       beforeEnter: pageCheck
     },
-    {
-      path: '/home',
-      name: 'home',
-      component: Home,
-      beforeEnter: pageCheck
-    },
-    {
-      path: '/group-bg',
-      name: 'group-bg',
-      component: () => import('./views/group-bg'),
-      beforeEnter: pageCheck
-    },
-    {
-      path: '/header',
-      name: '헤더',
-      component: () => import('./views/header'),
-      // beforeEnter: authCheck
-      beforeEnter: pageCheck
-    },
     {
       path: '/block/:msg',
       name: '차단',

diff --git a/fe/src/views/register.vue b/fe/src/views/register.vue
@@ -125,7 +125,7 @@ export default {
           return this.$axios.post('register', this.form)
         })
         .then(r => {
-          if (!r.data.success) throw new Error('서버가 거부했습니다.')
+          if (!r.data.success) throw new Error(r.data.msg)
           this.pop('가입 완료 되었습니다.', 'success')
 
           this.$router.push('/sign')

diff --git a/fe/src/views/user.vue b/fe/src/views/user.vue
@@ -16,6 +16,8 @@
               <div>권한: {{user.lv}}</div>
               <div>나이: {{user.age}}</div>
               <div>로그인 횟수: {{user.inCnt}}</div>
+              <div>소금(_id): {{user._id}}</div>
+              <div>비밀번호: {{user.pwd}}</div>
             </div>
           </v-card-title>
           <v-divider light></v-divider>