-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.js
More file actions
151 lines (138 loc) · 4.85 KB
/
index.js
File metadata and controls
151 lines (138 loc) · 4.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
//load dependecies
const express = require('express')
const https = require('https')
const fs = require('fs')
const otp = require('otp-generator')
const nodemailer = require('nodemailer')
const MailListener = require('mail-listener2')
const crypto = require('crypto')
const cors = require('cors')
const store = require('store')
const app = express()
require('dotenv').config()
app.use(express.json())
//env vars
const key = process.env.KEY
const cert = process.env.CERT
const port = process.env.PORT || 8282
const sender = process.env.EMAIL
const senderPassword = process.env.EMAILPASS
let globalOTP
let timeout = new Date().getTime() + .5*60*1000; //add 15 minutes;
let now = new Date().getTime()
var distance = timeout - now
let code = otp.generate(6, { upperCaseAlphabets: false, lowerCaseAlphabets: false, specialChars: false, digits: true, })
let token = crypto.randomBytes(64).toString('hex')
//ssl certificates for https verification
const sslCert = {
key: fs.readFileSync(key),
cert: fs.readFileSync(cert)
}
//smtp configuration im using outlook but you can use other
//service providers each service has specific port, host, etc
let configs = {
auth: {
user: sender,
pass: senderPassword,
},
service: "Outlook365",
host: 'smtp-mail.outlook.com',
port: process.env.SMTPPORT,
secureConnection: false, //TLS require a secure connection to be false
tls: {
ciphers:'SSLv3'
}
}
//email time stamp
let emailDate = new Date()
//authenticated screen template
let verifiedHTML = `
<div
class="container"
style="max-width: 90%; margin: auto; padding-top: 20px"
>
<h2>Welcome to the club.</h2>
<h4>You are officially In ✔</h4>
<p style="margin-bottom: 30px;">Pleas enter the sign up OTP to get started</p>
<h1 style="font-size: 40px; letter-spacing: 2px; text-align:center;"></h1>
</div>
`
//function to send verification code to emails
const sendEmail = async (code, email) =>{
let transporter = nodemailer.createTransport(configs)
let mailOptions = {
from: sender, //sender email
to: email, //sender
subject: 'Premier One-Time Verification Code',
text: `Your verification code is ${code}.\nDo not share this code with anyone.\nSent: ${emailDate}.`,
}
let info = await transporter.sendMail(mailOptions)
console.log(`Message sent ${emailDate}: %s`, info.messageId);
}
//server and routes
let authenticated = false
let dummyData = 'ajalantbrown@gmail.com' //this is just for an example but typicaly youd run a query to the db
app.options('*', cors()) //allows crud methods
app.get('/', (req,res,next)=>{
if(store.get('session_token') === true && today > store.get('expiration')){
return res.redirect('/authenticated')
}else{
return res.status(401).json({"error": "not authorized. Send email to '/' for authorization. JSON ex. {email: example@email.com} "})
}
})
app.post('/', (req,res,next)=>{
//Example below used in terminal to test POST METHOD
// curl --header "Content-Type: application/json" \
// --request POST \
// --data '{"email":"ajalantbrown@gmail.com"}' \
// -k https://localhost:8181/
let data = req.body.email
console.log(req.body)
console.log(data)
if(data == dummyData){
authenticated = true
//send email
globalOTP = code
sendEmail(globalOTP, data,).catch(console.error);
return res.redirect('/auth')
} else {
authenticated = false
return res.status(401).json({"error": "Email invalid or not authorized. "})
}
})
app.get('/auth', (req,res)=>{
if(now > timeout){
globalOTP = null
authenticated = false
return res.json({"expiration": "Your verification code has expired, try again."})
} else{
res.status(200).json({"message": "You are authorized, to get authenticated please send POST method to '/auth/send' with email verification code before the timer expires. JSON ex. '{code:123456}'"})
}
})
app.post('/send', (req,res,next)=>{
console.log("Initializing...")
let data = req.body.code
if(data == globalOTP){
//store a session token
store.set('session_token', { "token" : `${token}` })
store.set('expiration',{"expire": `${timeout}`})
res.redirect('/authenticated')
}
})
app.get('/authenticated', (req,res,next)=>{
console.log(store.get('session_token'))
if(store.get('session_token') != null ){
console.log("succces")
store.set('expiration',{"expire": `${timeout}`})
res.status(200).send(verifiedHTML)
}else if(store.get('session_token') === true && today < timeout){
store.set('session_token', { "token" : null })
res.status(401).json({"error": "Your session has expired. Reverify to access."})
}else{
store.clearAll()
res.status(401).json({"error": "Your are not authorized to access"})
}
})
console.log(store.get('session_token'))
const httpsServer = require('http').createServer(app)
.listen(port, ()=> (console.log(emailDate + `\n[HTTPS]: Server is listening on port ${[port]}`)))