Last active
November 19, 2020 18:59
-
-
Save YuriFontella/1a3bc5a2da9ee005aa5fc3f44b247af4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict' | |
| const fastify = require('fastify')() | |
| const db = require('./knexfile') | |
| fastify.register(require('fastify-knexjs'), db.development, err => console.error(err)) | |
| fastify.register(require('fastify-jwt'), { | |
| secret: '@xyZ33#a21' | |
| }) | |
| fastify.register(require('fastify-guard'), { | |
| errorHandler: (result, request, reply) => { | |
| return reply.send('Você não tem permissão para acessar essa rota') | |
| } | |
| }) | |
| fastify | |
| .decorate('verifyUser', async (request, reply, done) => { | |
| let user = await fastify.knex('users').where('name', request.body.name).first() | |
| if (user) { | |
| let password = fastify.crypto.decrypt(user.password) | |
| if (password === request.body.password) { | |
| request.user = { id: user.id } | |
| done() | |
| } | |
| } | |
| reply.send('Usuário ou senha incorreto') | |
| }) | |
| .decorate('registerToken', (request, reply, done) => { | |
| if (request.user) | |
| request.token = fastify.jwt.sign(request.user.id) | |
| done() | |
| }) | |
| .register(require('fastify-auth')) | |
| fastify.register(require('./crypto-plugin'), { password: '@xYz331#Yzx9' }) | |
| fastify.addHook('preHandler', async (request, reply) => { | |
| let token = request.headers['x-access-token'] | |
| if (token) { | |
| fastify.jwt.verify(token, (err) => { | |
| if (err) | |
| return reply.send('Token inválido') | |
| }) | |
| let user = await fastify.knex('users').where('id', fastify.jwt.decode(token)).first() | |
| request.user = { role: [user.role] } | |
| } | |
| }) | |
| fastify.after(() => { | |
| fastify.route({ | |
| method: 'POST', | |
| url: '/auth', | |
| preHandler: fastify.auth([ | |
| fastify.verifyUser, | |
| fastify.registerToken | |
| ], { run: 'all' }), | |
| handler: (request, reply) => { | |
| reply.send({ token: request.token }) | |
| } | |
| }) | |
| fastify.route({ | |
| method: 'POST', | |
| url: '/', | |
| preHandler: (request, reply, done) => { | |
| request.body.password = fastify.crypto.encrypt(request.body.password) | |
| done() | |
| }, | |
| handler: async (request, reply) => { | |
| let data = await fastify.knex('users') | |
| .insert(request.body) | |
| reply.send(data) | |
| } | |
| }) | |
| fastify.get('/', async (request, reply) => { | |
| let data = await fastify.knex | |
| .select() | |
| .from('users') | |
| reply.send(data) | |
| }) | |
| fastify.put('/:id/edit', async (request, reply) => { | |
| let data = await fastify.knex('users') | |
| .update(request.body) | |
| .where('id', request.params.id) | |
| reply.send(data) | |
| }) | |
| fastify.delete('/:id/delete', { | |
| preHandler: [fastify.guard.role('admin')] | |
| }, | |
| async (request, reply) => { | |
| let data = await fastify.knex('users') | |
| .where('id', request.params.id) | |
| .delete() | |
| reply.send(data) | |
| }) | |
| }) | |
| fastify.listen(3000) |
Hi there, be aware, these Gists are created public by default. This means that anything you check in here can be read by anybody. It looks like you checked in both a password and a secret, which I was able to enumerate: https://gistsecrets.io/about, https://gistsecrets.io/home
You might want to consider deleting this Gist.
Thanks!
Hi,
No problem, it's just a demo project.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there, be aware, these Gists are created public by default. This means that anything you check in here can be read by anybody. It looks like you checked in both a password and a secret, which I was able to enumerate: https://gistsecrets.io/about, https://gistsecrets.io/home
You might want to consider deleting this Gist.
Thanks!