endpoints secured, afterdeployment and frontend endpoints both

Scytalelabs-official · May 19, 2022 · e79c299 · e79c299
1 parent 0343ce1
commit e79c299
Show file tree

Hide file tree

Showing 15 changed files with 1,502 additions and 420 deletions.
diff --git a/.env b/.env
@@ -4,6 +4,8 @@ DATABASE_URL_ONLINE_BACKUP=mongodb+srv://admin:[email protected]
 DATABASE_URL_ONLINE=mongodb+srv://admin:[email protected]/V2-graphQL-backend-forinterfacelatest?retryWrites=true&w=majority
 COIN_MARKET_CAP_API_KEY=35a7ebf7-894d-4b67-8d57-36a2b050cbc8
 AWS=http://casperswaplistenerbackend-env.eba-rbumbt2m.us-east-1.elasticbeanstalk.com
+TOKEN_EXPIRY_TIME=6000
+TOKEN_KEY=123456789987654321
 
 FACTORY_CONTRACT=a0f8026f753c60e540ba08f02621fb9027582285d871dde0f3daa5e84462f9b9
 FACTORY_CONTRACT_PACKAGE=f329330b99110d9f8589b8a94f0e5b3c4cd5e1710fb443d04472682ae9b212d0

diff --git a/app.js b/app.js
@@ -9,6 +9,11 @@ const mongoose = require("mongoose");
 require("dotenv").config();
 const { graphqlHTTP } = require("express-graphql");
 const schema = require("./graphql/schema");
+
+//routers
+var indexRouter = require('./routes/index');
+var adminRouter = require("./routes/adminroutes");
+var afterDeploymentRouter = require("./routes/afterDeploymentroutes");
 var listenerRouter = require("./routes/listenerroutes");
 var tokensListRouter = require("./routes/tokenslist");
 var pairsListRouter = require("./routes/pairslist");
@@ -57,23 +62,18 @@ connect.then(
   }
 );
 
-app.use((req, res, next) => {
-  res.setHeader("Access-Control-Allow-Origin", "*");
-  res.setHeader(
-    "Access-Control-Allow-Methods",
-    "OPTIONS, GET, POST, PUT, PATCH, DELETE"
-  );
-  res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
-
-  if (req.method === "OPTIONS") {
-    return res.sendStatus(200);
-  }
-  next();
-});
-
-app.get("/", (req, res) => {
-  res.json({ msg: "Uniswap V2 GraphQL Server" });
-});
+app.use('/', indexRouter);
+app.use("/", adminRouter);
+app.use("/", afterDeploymentRouter);
+app.use(
+  "/graphql",
+  graphqlHTTP({
+    schema: schema,
+    graphiql: true,
+  })
+);
+const headerMiddleware = require("./middlewares/HeaderMiddleware");
+app.use(headerMiddleware);
 app.use("/", listenerRouter);
 app.use("/", tokensListRouter);
 app.use("/", deploypairRouter);
@@ -86,14 +86,6 @@ app.use("/", pathRouter);
 app.use("/", readWasmRouter);
 app.use("/", setUserForRemoveLiquidityCSPRRouter);
 
-app.use(
-  "/graphql",
-  graphqlHTTP({
-    schema: schema,
-    graphiql: true,
-  })
-);
-
 // catch 404 and forward to error handler
 app.use(function (req, res, next) {
   next(createError(404));

diff --git a/config/bcrypt.js b/config/bcrypt.js
@@ -0,0 +1,3 @@
+const BCRYPT_SALT_ROUNDS = 12;
+
+module.exports.BCRYPT_SALT_ROUNDS = BCRYPT_SALT_ROUNDS;
diff --git a/middlewares/HeaderMiddleware.js b/middlewares/HeaderMiddleware.js
@@ -0,0 +1,40 @@
+module.exports = function (req, res, next) {
+  var allowedOrigins = [
+    "https://casper-swap.herokuapp.com/",
+    "http://casper-swap.herokuapp.com/",
+    "https://main.d2nr1bes87n0gc.amplifyapp.com/",
+    "http://main.d2nr1bes87n0gc.amplifyapp.com/",
+  ];
+  var origin = req.headers.origin;
+
+  if (allowedOrigins.indexOf(origin) > -1) {
+    res.setHeader("Access-Control-Allow-Origin", origin);
+    console.log("host matched");
+
+    res.setHeader("Cache-Control", "no-cache");
+    // res.setHeader("Access-Control-Allow-Origin", process.env.FRONTEND_URL);
+    res.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE");
+    res.setHeader("Access-Control-Allow-Credentials", "true");
+    res.setHeader("Access-Control-Expose-Header", "DAV, content-length, Allow");
+    res.setHeader(
+      "Access-Control-Allow-Headers",
+      "Content-Type, Authorization, X-Requested-With, Cookies, Set-Cookie"
+    );
+
+    // console.log("req.method : " + req.method);
+
+    // res.setHeader("Access-Control-Request-Headers", "*");
+    if (req.method == "OPTIONS") {
+      return res.status(200).json({});
+    }
+
+    next();
+  } else {
+    //res.setHeader("Access-Control-Allow-Origin", "*");
+    console.log("host not matched");
+    return res.status(400).json({
+      success: false,
+      message: "host not matched!",
+    });
+  }
+};
diff --git a/middlewares/auth.js b/middlewares/auth.js
@@ -0,0 +1,50 @@
+const jwt = require("../utils/jwt");
+const passport = require("passport");
+
+require("dotenv").config();
+
+var JwtStrategy = require("passport-jwt").Strategy,
+  ExtractJwt = require("passport-jwt").ExtractJwt;
+
+module.exports.verifyToken = async function (req, res, next) {
+
+  let token = req.get("Authorization");
+
+  if (!token) {
+    return res.status(401).send("You are not logged-in (token not found) !!");
+  }
+
+  if (token.includes("Bearer")) token = token.slice(7);
+
+  let result = await jwt.verify(token);
+
+  if (!result) {
+    return res.status(401).send("Unauthorized access (invalid token) !!");
+  }
+
+  next();
+};
+
+var cookieExtractor = function (req) {
+  var token = req.get("Authorization");
+  if (token.includes("Bearer")) token = token.slice(7);
+  return token;
+
+};
+
+var opts = {};
+opts.jwtFromRequest = cookieExtractor;
+opts.secretOrKey = process.env.TOKEN_KEY;
+opts.ignoreExpiration = true;
+opts.ignoreNotBefore = true;
+
+passport.use(
+  new JwtStrategy(opts, function (jwt_payload, done) {
+
+    var user = {
+      username: jwt_payload.username
+    };
+    return done(null, user);
+
+  })
+);
diff --git a/models/adminModel.js b/models/adminModel.js
@@ -0,0 +1,18 @@
+const mongoose = require("mongoose");
+const Schema = mongoose.Schema;
+
+const adminSchema = new Schema({
+
+  username: {
+    type: String,
+    required: true,
+  },
+  password: {
+    type: String,
+    required: true,
+  }
+
+});
+
+var admin = mongoose.model("admin", adminSchema);
+module.exports = admin;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		const BCRYPT_SALT_ROUNDS = 12;

		module.exports.BCRYPT_SALT_ROUNDS = BCRYPT_SALT_ROUNDS;