diff --git a/projet/db/data.sql b/projet/db/data.sql index 072a7938fc9f9de27f2352648757c4ba3ccb5e3b..6ed4bbf3aef5c0b1eda5d7ea9275580b1c3e3790 100644 --- a/projet/db/data.sql +++ b/projet/db/data.sql @@ -6,7 +6,7 @@ VALUES ("b", "test"), ("c", "test"), ("d", "test"), - ("e", "test"); + ("e", "test"); INSERT INTO Paths VALUES diff --git a/projet/db/hyperdrive.sql b/projet/db/hyperdrive.sql index f1fbc9e2ac7221308b784ba09f5f8b06e7c562a0..e9cb9e17eb5a2fedaf2ec3e321e2f60594274120 100644 --- a/projet/db/hyperdrive.sql +++ b/projet/db/hyperdrive.sql @@ -47,7 +47,8 @@ VALUES ("b", "test"), ("c", "test"), ("d", "test"), - ("e", "test"); + ("e", "test"), + ("noe", "prov"); INSERT INTO Paths VALUES @@ -57,7 +58,8 @@ VALUES ("/c", "c", NULL), ("/c/test", "c", "/c"), ("/d", "d", NULL), - ("/e", "e", NULL); + ("/e", "e", NULL), + ("/n", "noe", NULL); INSERT INTO Files VALUES @@ -66,7 +68,8 @@ VALUES ("@dfsg", "trois", "/c/test", 46.2054, 6.1459), ("gbvaf", "quatre", "/b", 46.2054, 6.1459), ("dsfgh", "cinq", "/d", 46.2054, 6.1459), - ("sdfa", "six", "/e", 46.2054, 6.1459); + ("sdfa", "six", "/e", 46.2054, 6.1459), + ("liblb", "myfile", "/n", 46.2054, 6.1459); INSERT INTO Shares VALUES diff --git a/projet/hyperdrive-rest.js b/projet/hyperdrive-rest.js index 45b747e165c853cfffc39860b8bd4ba8e8d87116..23e3d54b4f93e1479f4d84c8b15f1715af2561c6 100644 --- a/projet/hyperdrive-rest.js +++ b/projet/hyperdrive-rest.js @@ -37,10 +37,11 @@ function Payload(user, pass_enc){ this.pass_enc = pass_enc; this.toString = function(){ return "{" + this.user + "," + this.pass_enc + "}"}; + } function Signature(token){ - const secret = "our super hyperdrive secret"; + const secret = "our super hyperdrive secret" + new Date(); return CryptoJS.HmacSHA512(token, secret); } @@ -53,31 +54,47 @@ function JWT(pl_user, pl_pass){ } -function add_token(token) { +function add_token(token, user) { - if (valid_tokens.indexOf(token) === -1) { - valid_tokens.push(token.toString()); - } - else { - console.log("Unable to add token to valid_tokens. (token already present)"); + for (let i = 0; i < valid_tokens.length; i++) { + if(Object.keys(valid_tokens[i])[0] == token){ + valid_tokens.splice(i, 1); + console.log("Unable to add token. (token already present)"); + break; + } } + obj = {}; obj[token.toString()] = user; + valid_tokens.push(obj); + console.log(valid_tokens) + + console.log("Successfully added token."); + } function remove_token(token) { - if (valid_tokens.indexOf(token) != -1) { - var index = valid_tokens.indexOf(token); - valid_tokens.splice(index, 1); - } - else { - console.log("Unable to remove token from valid_tokens. (Token not present)"); + for (let i = 0; i < valid_tokens.length; i++) { + if(Object.keys(valid_tokens[i])[0] == token){ + valid_tokens.splice(i, 1); + console.log("Successfully removed token from valid_tokens."); + return true; + } } + console.log("Unable to remove token from valid_tokens. (Token not present)"); + + } +// verify the token +// return : user if exist function verify_token(token) { - return (valid_tokens.indexOf(token) !== -1); + for (let i = 0; i < valid_tokens.length; i++) { + if(Object.keys(valid_tokens[i])[0] == token) + return valid_tokens[i][token]; + } + return false; } @@ -97,7 +114,7 @@ app.get('/login', (req, res) => { const user = req.query['user']; const pass = req.query['pass']; - userObject = sql.userExist(user, pass); + // userObject = sql.userExist(user, pass); if (!user || !pass) { res.send({ @@ -133,7 +150,7 @@ app.get('/login', (req, res) => { "comment": `Password for user '${ user }' true.` }) - add_token(jwt.signedToken); + add_token(jwt.signedToken, user); } else { @@ -233,8 +250,27 @@ app.get('/register/', (req, res) => { * param : user2 * user1 share a file_id with user2 */ -app.get('/share/:file_id', (req, res) => { - res.send(`Request for a file sharing (id: ${req.params['file_id']})`) +app.get('/share/:file_id/:to_user', (req, res) => { + + token = req.query["token"] + user = verify_token(token); + console.log("user : " + user) + + if (req.params['to_user'] && req.params['file_id']){ + + to_user = req.params['to_user']; + file_id = req.params['file_id']; + sql.addSharing(user, to_user, file_id).then(function (r) { + res.send(r); + }) + + } + + else{ + res.send("Unable to share. Please provide a user to share with and a file_id."); + } + + }) /** diff --git a/projet/node_modules/crypto-js/package.json b/projet/node_modules/crypto-js/package.json index fc50e6d5b823a91385321715a78ecd7608e4810c..960cebe46bb1f0be79a912f104aa1bb08d529224 100644 --- a/projet/node_modules/crypto-js/package.json +++ b/projet/node_modules/crypto-js/package.json @@ -3,7 +3,6 @@ [ "crypto-js@3.1.9-1", "/Users/nono/Documents/HEPIA/3ème année/WEB avancé/git/2019_tp2/projet" - // "/Users/klaus/Documents/Web/Back/2019_tp2/projet" ] ], "_from": "crypto-js@3.1.9-1", @@ -28,7 +27,6 @@ "_resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.1.9-1.tgz", "_spec": "3.1.9-1", "_where": "/Users/nono/Documents/HEPIA/3ème année/WEB avancé/git/2019_tp2/projet", - // "_where": "/Users/klaus/Documents/Web/Back/2019_tp2/projet", "author": { "name": "Evan Vosberg", "url": "http://github.com/evanvosberg" diff --git a/projet/sql-request.js b/projet/sql-request.js index ebcabf28eb775b12624396310a0df7952580e130..c2d295f92c945d2b484d10f8ee8dc659815d0b48 100644 --- a/projet/sql-request.js +++ b/projet/sql-request.js @@ -123,6 +123,54 @@ async function changeDirectory(login, path, callback){ }); } +// verify if a file_id is at a user +function verify_user_file_id(file_id, login){ + + return new Promise(resolve => { + let q = `SELECT (login) FROM Files as F LEFT JOIN Paths as P ON F.paths = P.paths WHERE F.file_id = '${file_id}';` + con.query(q, function(err, res) { + if (err) { + console.log("Error while veryfing file_id for user"); + console.log(err); + resolve(false); + } + console.log(res.length) + // return new Promise(resolve => resolve("resolved")); + if (res.length > 0){ + if (res[0].login == login) + resolve(true); + resolve(false); + } + resolve(false); + }); + }); +} + +async function addSharing(login, to_user, file_id){ + + verif = await verify_user_file_id(file_id, login); + + if (verif){ + let q = `INSERT INTO Shares VALUES ('${login}', '${to_user}', '${file_id}');`; + con.query(q, function(err, res) { + if (err) { + console.log("Error while adding a share path"); + console.log(err); + return "Error sharing - (DB error)"; + } + }); + // return "New sharing (", login, " --> " + to_user + "( - file_id : " + file_id + ")) added succesfully !"; + return "Sharing ok." + } + else{ + return "Unable to share, this is not your file."; + } + + +} + +exports.userExist = userExist; exports.addUser = addUser; exports.addPath = addPath; -exports.changeDirectory = changeDirectory; \ No newline at end of file +exports.addSharing = addSharing; +exports.changeDirectory = changeDirectory;