secure 수정

7e4791f2 · 옥정우 · 828e23d3 · 7e4791f2 · 7e4791f2 · 7e4791f2
Commit 7e4791f2 authored Jun 23, 2018 by 옥정우
--- a/.gitignore
+++ b/.gitignore
 node_modules/
 .idea
+db-config
\ No newline at end of file
--- a/adapters/allcalorie-db-adapter.js
+++ b/adapters/allcalorie-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);

--- a/adapters/appdaily-db-adapter.js
+++ b/adapters/appdaily-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/appuser-db-adapter.js
+++ b/adapters/appuser-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/appuserjson-db-adapter.js
+++ b/adapters/appuserjson-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/calorie-db-adapter.js
+++ b/adapters/calorie-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);

--- a/adapters/foodlist-db-adapter.js
+++ b/adapters/foodlist-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/login-db-adapter.js
+++ b/adapters/login-db-adapter.js
+var bcrypt = require('bcrypt-nodejs');
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);
 var adapter = {};
-var loginSearchQuery = 'SELECT * FROM appuser WHERE id=? AND password=?'; // id/pw를 이용하여 유저 정보 search
+var loginSearchQuery = 'SELECT * FROM appuser WHERE id=?'; // id를 이용하여 유저 정보 search
 adapter.loginSearch = function(id, password, cb) {
    var resultCode = dbResult.Fail;
@@ -24,16 +26,25 @@ adapter.loginSearch = function(id, password, cb) {
            connection.release();
            cb(resultCode, []);
        } else { // db연결성공
-            connection.query(loginSearchQuery, [id, password], function(err, rows) {
+            connection.query(loginSearchQuery, [id], function(err, rows) {
                if (err) { // 로그인 실패
                    console.log(err);
                    resultCode = dbResult.Fail;
                    connection.release();
                    cb(resultCode, []);
                } else { // 로그인 성공
+                    bcrypt.compare(password, rows[0].password, function(err, res) {
+                        if (res) {
+                            console.log(res);
                            resultCode = dbResult.OK;
                            connection.release();
                            cb(resultCode, rows);
+                        } else {
+                            resultCode = dbResult.Fail;
+                            connection.release();
+                            cb(resultCode, []);
+                        }
+                    });
                }
            });
        }

--- a/adapters/signup-db-adapter.js
+++ b/adapters/signup-db-adapter.js
+var bcrypt = require('bcrypt-nodejs');
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);
@@ -16,7 +18,8 @@ var userWriteQuery = 'INSERT INTO appuser(id, password, name, email) VALUE (?,?,
 adapter.signupWrite = function(user, cb) {
    var resultCode = dbResult.Fail;
+    var password = user.password;
+    console.log(user);
    pool.getConnection(function(err, connection) {
        if (err) {
            console.log(err)
@@ -33,8 +36,9 @@ adapter.signupWrite = function(user, cb) {
                        connection.release();
                        cb(resultCode);
                    } else {
-                        connection.query(userWriteQuery, [user.id, user.password, user.name, user.email],
+                        bcrypt.hash(password, null, null, function(err, hash) {
-                            function(err) {
+                            password = hash;
+                            connection.query(userWriteQuery, [user.id, password, user.name, user.email], function(err) {
                                if (err) {
                                    console.log(err)
                                    resultCode = dbResult.Fail;
@@ -47,6 +51,7 @@ adapter.signupWrite = function(user, cb) {
                                    cb(resultCode);
                                }
                            });
+                        });
                    }
                } else { // query가 오지 않는 경우
                    console.log(err);

--- a/adapters/trainer-db-adapter.js
+++ b/adapters/trainer-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/trainer-login-db-adapter.js
+++ b/adapters/trainer-login-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/userinput-db-adapter.js
+++ b/adapters/userinput-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/userupdate-db-adapter.js
+++ b/adapters/userupdate-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/webdaily-db-adapter.js
+++ b/adapters/webdaily-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/webfood-db-adapter.js
+++ b/adapters/webfood-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/webqa-db-adapter.js
+++ b/adapters/webqa-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/adapters/webworkout-db-adapter.js
+++ b/adapters/webworkout-db-adapter.js
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
+    host: db_config.host,
-    port: '3306',
+    port: db_config.port,
-    user: 'root', // mysql user
+    user: db_config.user,
-    password: '5907', // mysql password
+    password: db_config.password,
-    database: 'capstone',
+    database: db_config.database,
-    connectionLimit: 10
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');

--- a/package-lock.json
+++ b/package-lock.json
@@ -31,6 +31,11 @@
        "safe-buffer": "5.1.1"
      }
    },
+    "bcrypt-nodejs": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz",
+      "integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs="
+    },
    "bignumber.js": {
      "version": "4.0.4",
      "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-4.0.4.tgz",

--- a/package.json
+++ b/package.json
@@ -10,6 +10,7 @@
    "url": "http://git.ajou.ac.kr/JINSUYUN/Capstone_Link.git"
  },
  "dependencies": {
+    "bcrypt-nodejs": "0.0.3",
    "body-parser": "^1.18.3",
    "cookie-parser": "^1.4.3",
    "debug": "~2.6.9",

--- a/routes/login-router.js
+++ b/routes/login-router.js
@@ -22,7 +22,6 @@ router.post('/', function(req, res) {
    loginAdapter.loginSearch(userId, userPassword, function(resultCode,rows){
        if(resultCode == dbConnection.OK){
            if(rows.length > 0){
-                if(rows[0].password == obj.password){
                if (resultCode == dbConnection.OK) {
                    var response;
                    console.log("login success");
@@ -41,11 +40,6 @@ router.post('/', function(req, res) {
                    res.json({"success": false});
                }
            }
-                else {
-                    console.log("false reason: wrong pw");
-                    res.json({"success":false});
-                }
-            }
            else {
                console.log("false reason: wrong id");
                res.json({"success":false});