API key WIP

src/api/database/seeds/initial.js

@@ -11,9 +11,7 @@ exports.seed = async db => {
 		await db.table('users').insert({
 			username: process.env.ADMIN_ACCOUNT,
 			password: hash,
-			apiKey: randomstring.generate(64),
 			passwordEditedAt: now,
-			apiKeyEditedAt: now,
 			createdAt: now,
 			editedAt: now,
 			enabled: true,

src/api/routes/auth/registerPOST.js

@@ -1,7 +1,6 @@
 const Route = require('../../structures/Route');
 const log = require('../../utils/Log');
 const bcrypt = require('bcrypt');
-const randomstring = require('randomstring');
 const moment = require('moment');
 
 class registerPOST extends Route {
@@ -48,8 +47,6 @@ class registerPOST extends Route {
 			username,
 			password: hash,
 			passwordEditedAt: now,
-			apiKey: randomstring.generate(64),
-			apiKeyEditedAt: now,
 			createdAt: now,
 			editedAt: now,
 			enabled: true,

src/api/routes/user/apiKey.js

@@ -1,6 +1,7 @@
 const Route = require('../../structures/Route');
 const randomstring = require('randomstring');
 const moment = require('moment');
+const bcrypt = require('bcrypt');
 
 class apiKeyPOST extends Route {
 	constructor() {
@@ -10,17 +11,27 @@ class apiKeyPOST extends Route {
 	async run(req, res, db, user) {
 		const now = moment.utc().toDate();
 		const apiKey = randomstring.generate(64);
-		await db.table('users')
-			.where({ id: user.id })
-			.update({
-				apiKey,
-				apiKeyEditedAt: now
+
+		try {
+			const hash = await bcrypt.hash(apiKey, 10);
+
+			await db.table('users')
+				.where({ id: user.id })
+				.update({
+					apiKey: hash,
+					apiKeyEditedAt: now
+				});
+
+			return res.json({
+				message: 'Successfully created new api key',
+				apiKey
 			});
 
-		return res.json({
-			message: 'Successfully created new api key',
-			apiKey
-		});
+		} catch (error) {
+			return super.error(res, error);
+		}
+
+
 	}
 }
 

src/api/routes/user/userGET.js

@@ -11,8 +11,7 @@ class usersGET extends Route {
 			user: {
 				id: user.id,
 				username: user.username,
-				isAdmin: user.isAdmin,
-				apiKey: user.apiKey
+				isAdmin: user.isAdmin
 			}
 		});
 	}

src/api/routes/verifyGET.js

@@ -9,7 +9,6 @@ class verifyGET extends Route {
 		const returnUser = {
 			id:	user.id,
 			username: user.username,
-			apiKey: user.apiKey,
 			isAdmin: user.isAdmin
 		};
 

src/api/structures/Route.js

@@ -26,6 +26,7 @@ class Route {
 
 	authorize(req, res) {
 		if (this.options.bypassAuth) return this.run(req, res, db);
+		console.log(req.headers);
 		if (!req.headers.authorization) return res.status(401).json({ message: 'No authorization header provided' });
 		const token = req.headers.authorization.split(' ')[1];
 		if (!token) return res.status(401).json({ message: 'No authorization header provided' });

src/site/layouts/default.vue

@@ -41,12 +41,14 @@ export default {
 		processCatch(error, logout) {
 			if (error.response && error.response.data && error.response.data.message) {
 				this.showToast(error.response.data.message, true, 5000);
+				/*
 				if (error.response.status === 429) return;
 				if (error.response.status === 502) return;
 				if (error.response.data.message === 'Token expired') {
 					this.$logOut();
 					setTimeout(() => this.$router.push('/'), 3000);
 				}
+				*/
 			} else {
 				console.error(error);
 				this.showToast('Something went wrong, please check the console :(', true, 5000);

src/site/pages/dashboard/account.vue

@@ -67,7 +67,8 @@
 							message="This API key lets you use the service from other apps"
 							horizontal>
 							<b-input v-model="user.apiKey"
-								expanded />
+								expanded
+								disabled />
 						</b-field>
 
 						<div class="mb2 mt2 text-center">
@@ -130,7 +131,8 @@ export default {
 		},
 		promptNewAPIKey() {
 			this.$dialog.confirm({
-				message: 'Are you sure you want to regenerate your API key?',
+				type: 'is-danger',
+				message: 'Are you sure you want to regenerate your API key? If you had a previous API key generated it will stop working. Make sure to write it down as this is the only time its gonna be displayed to you.',
 				onConfirm: () => this.requestNewAPIKey()
 			});
 		},
@@ -139,6 +141,7 @@ export default {
 				const response = await this.axios.post(`${this.config.baseURL}/user/apikey/change`);
 				this.user.apiKey = response.data.apiKey;
 				this.$toast.open(response.data.message);
+				this.$forceUpdate();
 			} catch (error) {
 				this.$onPromiseError(error);
 			}

src/site/pages/login.vue

@@ -116,6 +116,7 @@ export default {
 					this.getUserData();
 				}
 				*/
+				document.cookie = `token=${encodeURIComponent(res.data.token)}`;
 				this.redirect();
 			}).catch(err => {
 				this.isLoading = false;

src/site/store/index.js

@@ -53,12 +53,13 @@ export const actions = {
 		if (req.headers.cookie) {
 			try {
 				token = cookieparser.parse(req.headers.cookie).token;
+				console.log(token);
 				commit('loggedIn', true);
 				commit('token', token);
-
-				const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`);
-				if (!res || !res.data.user);
-				commit('user', res.data.user);
+				const res = await axios.get(`${process.env.DOMAIN}${process.env.ROUTE_PREFIX}/verify`, {
+					headers: { authorization: `Bearer ${token}` }
+				});
+				if (res && res.data.user) commit('user', res.data.user);
 			} catch (error) {
 				// TODO: Deactivate this on production
 				console.error(error);