Added the jsonwebtoken package. Implemented a web jwt verify flow. Added missing JSON responses for api auth flows. Added jwt module. Moved bytes.js, logo.js, time.js and types.js to utils folder. Updated README.md. Implemented HA config check to allow API service configuration. Implemented JWT initialization. Replaced authorization cookie contents with JWT token. Implemented /api/vouchers endpoint. Updated /api endpoints list.

2026-03-31 06:24:00 -04:00 · 2024-04-12 18:01:42 +02:00
parent 78c891cdbd
commit 30d66b9dfc
10 changed files with 343 additions and 22 deletions
--- a/middlewares/authorization.js
+++ b/middlewares/authorization.js
@@ -1,3 +1,8 @@
+/**
+ * Import own modules
+ */
+const jwt = require('../modules/jwt');
+
 /**
 * Global variables
 */
@@ -26,10 +31,15 @@ module.exports = {
                return;
            }

-            // Check if password is correct
-            const passwordCheck = req.cookies.authorization === (process.env.SECURITY_CODE || "0000");
-            if (!passwordCheck) {
-                res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Password Invalid!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, '/login');
+            // Check if token is correct and valid
+            try {
+                const check = jwt.verify(req.cookies.authorization);
+
+                if(!check) {
+                    res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Invalid or expired login!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, '/login');
+                }
+            } catch (e) {
+                res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Invalid or expired login!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, '/login');
                return;
            }
        }
@@ -50,14 +60,20 @@ module.exports = {
        if(!authDisabled) {
            // Check if user has sent the authorization header
            if (!req.headers.authorization) {
-                res.status(401).send();
+                res.status(401).json({
+                    error: 'Unauthorized',
+                    data: {}
+                });
                return;
            }

            // Check if password is correct
            const passwordCheck = req.headers.authorization === `Bearer ${(process.env.SECURITY_CODE || "0000")}`;
            if (!passwordCheck) {
-                res.status(403).send();
+                res.status(403).json({
+                    error: 'Forbidden',
+                    data: {}
+                });
                return;
            }
        }