Removing the admin key, switching to full basic auth

stolksdorf · Dec 6, 2018 · 1184fe8 · 1184fe8
1 parent 7656e53
commit 1184fe8
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 72 deletions.
diff --git a/client/admin/brewCleanup/brewCleanup.jsx b/client/admin/brewCleanup/brewCleanup.jsx
@@ -2,13 +2,43 @@ const React       = require('react');
 const createClass = require('create-react-class');
 const cx          = require('classnames');
 
+const request = require('superagent');
+
 
 const BrewCleanup = createClass({
 	displayName : 'BrewCleanup',
 	getDefaultProps(){
 		return {
+			adminKey : '',
+		};
+	},
+	getInitialState() {
+		return {
+			count : 0,
+
+			pending : false,
+			primed : false
 		};
 	},
+	prime(){
+		if(this.state.primed) return this.cleanup();
+		this.setState({ pending: true });
+
+		request.get('/admin/cleanup')
+			.query({ admin_key: this.props.adminKey })
+			.then((res)=> this.setState({count : res.body.count }))
+			.catch((err)=>this.setState({ error : err }))
+			.finally(()=>this.setState({ pending : false }))
+	},
+	cleanup(){
+		this.setState({ pending: true });
+
+		request.post('/admin/cleanup')
+			.query({ admin_key: this.props.adminKey })
+			.then((res)=> this.setState({count : res.body.count }))
+			.catch((err)=>this.setState({ error : err }))
+			.finally(()=>this.setState({ pending : false, primed : false }))
+	},
 	render(){
 		return <div className='BrewCleanup'>
 			BrewCleanup Component Ready.

diff --git a/client/admin/brewLookup/brewLookup.jsx b/client/admin/brewLookup/brewLookup.jsx
@@ -1,6 +1,5 @@
 const React = require('react');
 const createClass = require('create-react-class');
-const _     = require('lodash');
 const cx    = require('classnames');
 
 const request = require('superagent');
@@ -21,15 +20,14 @@ const BrewLookup = createClass({
 			error      : null
 		};
 	},
-
 	handleChange(e){
 		this.setState({ query : e.target.value });
 	},
 	lookup(){
 		this.setState({ searching: true, error: null });
 
 		request.get(`/admin/lookup/${this.state.query}`)
-			.query({ admin_key: this.props.adminKey })
+			//.query({ admin_key: this.props.adminKey })
 			.then((res)=> this.setState({foundBrew : res.body}))
 			.catch((err)=>this.setState({ error : err }))
 			.finally(()=>this.setState({ searching : false }))
@@ -72,7 +70,7 @@ const BrewLookup = createClass({
 			</button>
 
 			{this.state.error
-				&& <div className='error'>{this.state.error}</div>
+				&& <div className='error'>{this.state.error.toString()}</div>
 			}
 
 			{this.state.foundBrew

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -38,7 +38,6 @@
   "dependencies": {
     "babel-preset-env": "^1.1.8",
     "babel-preset-react": "^6.24.1",
-    "basic-auth": "^2.0.0",
     "body-parser": "^1.14.2",
     "classnames": "^2.2.0",
     "codemirror": "^5.22.0",

diff --git a/server/admin.api.js b/server/admin.api.js
@@ -1,97 +1,88 @@
-const _ = require('lodash');
-const auth = require('basic-auth');
+//const auth = require('basic-auth');
 const HomebrewModel = require('./homebrew.model.js').model;
 const router = require('express').Router();
+const Moment = require('moment');
+const render = require('vitreum/steps/render');
+const templateFn = require('../client/template.js');
+
+
+process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
+process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password3';
+//process.env.ADMIN_KEY  = process.env.ADMIN_KEY  || 'admin_key';
 
+//FIXME: remove this whole 'ADMIN_KEY' buulshit
 
 const mw = {
 	adminOnly : (req, res, next)=>{
-		if(req.query && req.query.admin_key == process.env.ADMIN_KEY) return next();
+		if(!req.get('authorization')){
+			return res
+				.set('WWW-Authenticate', 'Basic realm="Authorization Required"')
+				.status(401)
+				.send('Authorization Required');
+		}
+		const [username, password] = new Buffer(req.get('authorization').split(' ').pop(), 'base64')
+			.toString('ascii')
+			.split(':');
+		if(process.env.ADMIN_USER === username && process.env.ADMIN_PASS === password){
+			return next();
+		}
 		return res.status(401).send('Access denied');
 	}
 };
 
-process.env.ADMIN_USER = process.env.ADMIN_USER || 'admin';
-process.env.ADMIN_PASS = process.env.ADMIN_PASS || 'password';
-process.env.ADMIN_KEY  = process.env.ADMIN_KEY  || 'admin_key';
-
-
 
 /* Removes all empty brews that are older than 3 days and that are shorter than a tweet */
-router.get('/admin/clear_invalid', mw.adminOnly, (req, res)=>{
-	const invalidBrewQuery = HomebrewModel.find({
-		'$where'  : 'this.text.length < 140',
-		createdAt : {
-			$lt : Moment().subtract(3, 'days').toDate()
-		}
-	});
-
-	if(req.query.do_it){
-		invalidBrewQuery.remove().exec((err, objs)=>{
-			if(err) return res.status(500).send(err);
-			return res.send(200);
-		});
-	} else {
-		invalidBrewQuery.exec((err, objs)=>{
-			if(err) return res.status(500).send(err);
-			return res.json({
-				count : objs.length
-			});
-		});
+const junkBrewQuery = HomebrewModel.find({
+	'$where'  : 'this.text.length < 140',
+	createdAt : {
+		$lt : Moment().subtract(3, 'days').toDate()
 	}
 });
+router.get('/admin/cleanup', mw.adminOnly, (req, res)=>{
+	junkBrewQuery.exec((err, objs)=>{
+		if(err) return res.status(500).send(err);
+		return res.json({ count : objs.length });
+	});
+});
+/* Removes all empty brews that are older than 3 days and that are shorter than a tweet */
+router.post('/admin/cleanup', mw.adminOnly, (req, res)=>{
+	junkBrewQuery.remove().exec((err, objs)=>{
+		if(err) return res.status(500).send(err);
+		return res.json({ count : objs.length });
+	});
+})
 
 /* Searches for matching edit or share id, also attempts to partial match */
 router.get('/admin/lookup/:id', mw.adminOnly, (req, res, next)=>{
-
-	console.log('lookup');
-
-
 	HomebrewModel.findOne({ $or : [
-		{ editId: { '$regex': req.params.id, '$options': 'i' } },
+		{ editId:  { '$regex': req.params.id, '$options': 'i' } },
 		{ shareId: { '$regex': req.params.id, '$options': 'i' } },
-	] }).exec((err, brew)=>{
+	]}).exec((err, brew)=>{
 		return res.json(brew);
 	});
 });
 
-router.get('/admin/stats', mw.adminOnly, (req, res)=>{
-	console.log('hittting stats');
 
+router.get('/admin/stats', mw.adminOnly, (req, res)=>{
 	HomebrewModel.count({}, (err, count)=>{
 		return res.json({
 			totalBrews : count
 		})
 	})
-
 });
 
-
-
-//Admin route
-
-const render = require('vitreum/steps/render');
-const templateFn = require('../client/template.js');
-router.get('/admin', function(req, res){
-	const credentials = auth(req);
-	if(!credentials || credentials.name !== process.env.ADMIN_USER || credentials.pass !== process.env.ADMIN_PASS) {
-		res.setHeader('WWW-Authenticate', 'Basic realm="example"');
-		return res.status(401).send('Access denied');
-	}
+router.get('/admin', mw.adminOnly, (req, res)=>{
+	// const credentials = auth(req);
+	// if(!credentials || credentials.name !== process.env.ADMIN_USER || credentials.pass !== process.env.ADMIN_PASS) {
+	// 	res.setHeader('WWW-Authenticate', 'Basic realm="example"');
+	// 	return res.status(401).send('Access denied');
+	// }
 	render('admin', templateFn, {
 		url       : req.originalUrl,
 		adminKey : process.env.ADMIN_KEY
 	})
-		.then((page)=>{
-			return res.send(page);
-		})
-		.catch((err)=>{
-			console.log(err);
-			return res.sendStatus(500);
-		});
+	.then((page)=>res.send(page))
+	.catch((err)=>res.sendStatus(500))
 });
 
-
-
-
 module.exports = router;