snsd0805/NCNU-Scholarship
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: use JWT to verify is_assistant

Browse Source
This commit is contained in:
Ting-Jun Wang 2024-07-26 21:27:27 +08:00
parent a43ad92442
commit f9a6956283
Signed by: snsd0805
GPG Key ID: D175E969960C4B16
3 changed files with 60 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
api/audit.js
View File

@ -44,7 +44,7 @@ router.get("/", async function(req, res) {
router.post("/", async function(req, res) { router.post("/", async function(req, res) {
try { try {
if (req.body.assistant_s_num.length >= 9) { if (!util.is_assistant(req.cookies.token)) {
return res.json({suc : false, msg : "invalid credentials"}) return res.json({suc : false, msg : "invalid credentials"})
} }
let conn; let conn;
@ -64,7 +64,6 @@ router.post("/", async function(req, res) {
res.json({suc : true}); res.json({suc : true});
} }
catch(e) { catch(e) {
console.error(e);
await conn.rollback(); await conn.rollback();
res.json({suc : false}); res.json({suc : false});
} }
@ -77,4 +76,43 @@ router.post("/", async function(req, res) {
} }
}) })
router.get("/log", async function (req, res) {
try {
let conn;
try {
conn = await util.getDBConnection(); // get connection from db
const query =
`
SELECT item_form.application_id, item_form.item_info_id, item_info.item_content,
item_form.application_unit,
item_form.subsidy,
scholarship_application.application_date,
scholarship_application.student_id,
student.student_name
FROM
item_form
RIGHT JOIN
scholarship_application ON item_form.application_id = scholarship_application.application_id
LEFT JOIN
student ON scholarship_application.student_id = student.student_id
LEFT JOIN
item_info ON item_form.item_info_id = item_info.item_info_id
;
`;
const result = await conn.query(query);
res.json({ success: true, data: result });
}
catch(e) {
console.error(e);
res.json({suc : false});
}
finally {
util.closeDBConnection(conn); // close db connection
}
}
catch(e) {
console.log(e);
}
})
module.exports = router; module.exports = router;

2
api/login.js
View File

@ -15,7 +15,7 @@ router.post("/", async function(req, res) {
if (result.length == 1) { if (result.length == 1) {
// valid user, create a token // valid user, create a token
let is_assistant = result[0]['is_assistant'] == 1 let is_assistant = result[0]['is_assistant'] == 1
const data = {uid : account, is_assistent: is_assistant}; const data = {uid : account, is_assistant: is_assistant};
const token = util.signJwtToken(data); const token = util.signJwtToken(data);
if (!is_assistant){ if (!is_assistant){
var result = await conn.query("SELECT student_name FROM student WHERE student_id = ? ;", [account]); var result = await conn.query("SELECT student_name FROM student WHERE student_id = ? ;", [account]);

18
utilities/utilities_main.js
View File

@ -34,6 +34,24 @@ module.exports = {
} }
}); });
}, },
is_assistant: function(token) {
try {
const result = jwt.verify(token, jwt_key).data;
console.log(result);
if (result.is_assistant == true) {
console.log("return true");
return true;
} else {
console.log("return false");
return false;
}
} catch (error) {
console.log(error);
return false;
}
},
loginAuthentication: function(account, password) { loginAuthentication: function(account, password) {
return new Promise((resolve, reject) => { // 包裝成 Promise return new Promise((resolve, reject) => { // 包裝成 Promise