secure 수정

.gitignore

 node_modules/
 .idea
+db-config
\ No newline at end of file

adapters/allcalorie-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);

adapters/appdaily-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/appuser-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/appuserjson-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/calorie-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);

adapters/foodlist-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/login-db-adapter.js

+var bcrypt = require('bcrypt-nodejs');
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);
 var adapter = {};
 
-var loginSearchQuery = 'SELECT * FROM appuser WHERE id=? AND password=?'; // id/pw를 이용하여 유저 정보 search
+var loginSearchQuery = 'SELECT * FROM appuser WHERE id=?'; // id를 이용하여 유저 정보 search
 
 adapter.loginSearch = function(id, password, cb) {
     var resultCode = dbResult.Fail;
@@ -24,16 +26,25 @@ adapter.loginSearch = function(id, password, cb) {
             connection.release();
             cb(resultCode, []);
         } else { // db연결성공
-            connection.query(loginSearchQuery, [id, password], function(err, rows) {
+            connection.query(loginSearchQuery, [id], function(err, rows) {
                 if (err) { // 로그인 실패
                     console.log(err);
                     resultCode = dbResult.Fail;
                     connection.release();
                     cb(resultCode, []);
                 } else { // 로그인 성공
+                    bcrypt.compare(password, rows[0].password, function(err, res) {
+                        if (res) {
+                            console.log(res);
                             resultCode = dbResult.OK;
                             connection.release();
                             cb(resultCode, rows);
+                        } else {
+                            resultCode = dbResult.Fail;
+                            connection.release();
+                            cb(resultCode, []);
+                        }
+                    });
                 }
             });
         }

adapters/signup-db-adapter.js

+var bcrypt = require('bcrypt-nodejs');
 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 var dbResult = require('../routes/result');
 var pool = mysql.createPool(dbConfig);
@@ -16,7 +18,8 @@ var userWriteQuery = 'INSERT INTO appuser(id, password, name, email) VALUE (?,?,
 
 adapter.signupWrite = function(user, cb) {
     var resultCode = dbResult.Fail;
-
+    var password = user.password;
+    console.log(user);
     pool.getConnection(function(err, connection) {
         if (err) {
             console.log(err)
@@ -33,8 +36,9 @@ adapter.signupWrite = function(user, cb) {
                         connection.release();
                         cb(resultCode);
                     } else {
-                        connection.query(userWriteQuery, [user.id, user.password, user.name, user.email],
-                            function(err) {
+                        bcrypt.hash(password, null, null, function(err, hash) {
+                            password = hash;
+                            connection.query(userWriteQuery, [user.id, password, user.name, user.email], function(err) {
                                 if (err) {
                                     console.log(err)
                                     resultCode = dbResult.Fail;
@@ -47,6 +51,7 @@ adapter.signupWrite = function(user, cb) {
                                     cb(resultCode);
                                 }
                             });
+                        });
                     }
                 } else { // query가 오지 않는 경우
                     console.log(err);

adapters/trainer-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/trainer-login-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/userinput-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/userupdate-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/webdaily-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/webfood-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/webqa-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

adapters/webworkout-db-adapter.js

 var mysql = require('mysql');
+var db_config = require('../db-config');
 var dbConfig = {
-    host: '18.221.204.247',
-    port: '3306',
-    user: 'root', // mysql user
-    password: '5907', // mysql password
-    database: 'capstone',
-    connectionLimit: 10
+    host: db_config.host,
+    port: db_config.port,
+    user: db_config.user,
+    password: db_config.password,
+    database: db_config.database,
+    connectionLimit: db_config.connectionLimit
 }
 
 var dbResult = require('../routes/result');

package-lock.json

@@ -31,6 +31,11 @@
         "safe-buffer": "5.1.1"
       }
     },
+    "bcrypt-nodejs": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/bcrypt-nodejs/-/bcrypt-nodejs-0.0.3.tgz",
+      "integrity": "sha1-xgkX8m3CNWYVZsaBBhwwPCsohCs="
+    },
     "bignumber.js": {
       "version": "4.0.4",
       "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-4.0.4.tgz",

package.json

@@ -10,6 +10,7 @@
     "url": "http://git.ajou.ac.kr/JINSUYUN/Capstone_Link.git"
   },
   "dependencies": {
+    "bcrypt-nodejs": "0.0.3",
     "body-parser": "^1.18.3",
     "cookie-parser": "^1.4.3",
     "debug": "~2.6.9",

routes/login-router.js

@@ -22,7 +22,6 @@ router.post('/', function(req, res) {
     loginAdapter.loginSearch(userId, userPassword, function(resultCode,rows){
         if(resultCode == dbConnection.OK){
             if(rows.length > 0){
-                if(rows[0].password == obj.password){
                 if (resultCode == dbConnection.OK) {
                     var response;
                     console.log("login success");
@@ -41,11 +40,6 @@ router.post('/', function(req, res) {
                     res.json({"success": false});
                 }
             }
-                else {
-                    console.log("false reason: wrong pw");
-                    res.json({"success":false});
-                }
-            }
             else {
                 console.log("false reason: wrong id");
                 res.json({"success":false});