remove old migrations; restore scan results page

2018-03-29 14:32:49 -05:00 · 2018-03-29 14:32:49 -05:00 · 55545ad846
--- a/db/migrations/20180308192638-create-user.js
+++ b/db/migrations/20180308192638-create-user.js
@ -1,30 +0,0 @@
-'use strict';
-module.exports = {
-  up: (queryInterface, Sequelize) => {
-    return queryInterface.createTable('Users', {
-      id: {
-        allowNull: false,
-        autoIncrement: true,
-        primaryKey: true,
-        type: Sequelize.INTEGER
-      },
-      email: {
-        type: Sequelize.STRING
-      },
-      sha1: {
-        type: Sequelize.STRING
-      },
-      createdAt: {
-        allowNull: false,
-        type: Sequelize.DATE
-      },
-      updatedAt: {
-        allowNull: false,
-        type: Sequelize.DATE
-      }
-    });
-  },
-  down: (queryInterface, Sequelize) => {
-    return queryInterface.dropTable('Users');
-  }
-};
--- a/db/migrations/201803121600-update-user-add-verification-token.js
+++ b/db/migrations/201803121600-update-user-add-verification-token.js
@ -1,12 +0,0 @@
-'use strict';
-
-module.exports = {
-  up: (queryInterface, Sequelize) => {
-    return queryInterface.addColumn('Users', 'verificationToken', {
-      type: Sequelize.STRING,
-    });
-  },
-  down: (queryInterface, Sequelize) => {
-    return queryInterface.removeColumn('Users', 'verificationToken');
-  }
-};
--- a/db/migrations/20180327165814-create-email-hash.js
+++ b/db/migrations/20180327165814-create-email-hash.js
@ -8,6 +8,9 @@ module.exports = {
        primaryKey: true,
        type: Sequelize.INTEGER
      },
+      SubscriberId: {
+        type: Sequelize.INTEGER,
+      },
      sha1: {
        type: Sequelize.STRING
      },
@ -24,4 +27,4 @@ module.exports = {
  down: (queryInterface, Sequelize) => {
    return queryInterface.dropTable('EmailHashes');
  }
-};
+};
--- a/routes/home.js
+++ b/routes/home.js
@ -2,24 +2,32 @@

 const crypto = require("crypto");
 const express = require("express");
-const router = express.Router();
+const bodyParser = require("body-parser");

 const models = require("../db/models");

-router.get("/", (req, res) => {
+const router = express.Router();
+const urlEncodedParser = bodyParser.urlencoded({ extended: false });
+
+router.get("/", urlEncodedParser, (req, res) => {
  res.render("home", {
    title: "Firefox Breach Alerts",
  });
 });

-router.post("/scan", async (req, res) => {
+router.post("/scan", urlEncodedParser, async (req, res) => {
  const email = req.body.email;
-  const emailHash = await models.EmailHash.findOne({ where: { sha1: getSha1(email) }});
-  const foundBreaches = (await emailHash.getBreaches()).map(aBreach => aBreach.dataValues.name);
+  let foundBreaches;
+  if (email) {
+    const emailHash = await models.EmailHash.findOne({ where: { sha1: getSha1(email) }});
+    if (emailHash) {
+      foundBreaches = (await emailHash.getBreaches()).map(aBreach => aBreach.dataValues);
+    }
+  }
  res.render("scan", {
    title: "Firefox Breach Alerts: Scan Results",
    email: email,
-    breaches: foundBreaches,
+    foundBreaches: foundBreaches,
  });
 });

--- a/routes/oauth.js
+++ b/routes/oauth.js
@ -5,8 +5,8 @@ const AppConstants = require("../app-constants");
 const ClientOAuth2 = require("client-oauth2");
 const crypto = require("crypto");
 const express = require("express");
+const bodyParser = require("body-parser");
 const popsicle = require("popsicle");
-const router = express.Router();

 const models = require("../db/models");

@ -28,7 +28,10 @@ const FxAOAuth = new ClientOAuth2({
  scopes: ["profile:email"],
 });

-router.get("/init", (req, res) => {
+const router = express.Router();
+const jsonParser = bodyParser.json();
+
+router.get("/init", jsonParser, (req, res) => {
  // Set a random state string in a cookie so that we can verify
  // the user when they're redirected back to us after auth.
  const state = crypto.randomBytes(40).toString("hex");
@ -37,7 +40,7 @@ router.get("/init", (req, res) => {
  res.redirect(uri);
 });

-router.get("/redirect", async (req, res) => {
+router.get("/redirect", jsonParser, async (req, res) => {
  if (!req.session.state) {
    // TODO: Needs better error message
    res.send("Who are you?");
--- a/routes/user.js
+++ b/routes/user.js
@ -3,7 +3,7 @@
 const AppConstants = require("../app-constants");

 const express = require("express");
-const router = express.Router();
+const bodyParser = require("body-parser");

 const models = require("../db/models");
 const EmailUtils = require("../email-utils");
@ -15,7 +15,10 @@ const ResponseCodes = Object.freeze({
  TokenMismatch: 102,
 });

-router.post("/add", async (req, res) => {
+const router = express.Router();
+const jsonParser = bodyParser.json();
+
+router.post("/add", jsonParser, async (req, res) => {
  const user = await models.Subscriber.create({ email: req.body.email });
  const url = `${AppConstants.SERVER_URL}/user/verify?state=${encodeURIComponent(user.verificationToken)}&email=${encodeURIComponent(user.email)}`;

@ -38,7 +41,7 @@ router.post("/add", async (req, res) => {
  }
 });

-router.get("/verify", async (req, res) => {
+router.get("/verify", jsonParser, async (req, res) => {
  const user = await models.Subscriber.findOne({ where: { email: req.query.email, verificationToken: req.query.state } });
  if (user === null) {
    res.status(400).json({
@ -55,7 +58,7 @@ router.get("/verify", async (req, res) => {
  });
 });

-router.post("/remove", async (req, res) => {
+router.post("/remove", jsonParser, async (req, res) => {
  models.Subscriber.destroy({ where: { email: req.query.email } });
  res.status(200).json({
    info: "Deleted user.",
--- a/server.js
+++ b/server.js
@ -2,7 +2,6 @@

 const AppConstants = require("./app-constants");

-const bodyParser = require("body-parser");
 const express = require("express");
 const hbs = require("express-hbs");
 const sessions = require("client-sessions");
@ -13,7 +12,6 @@ const OAuthRoutes = require("./routes/oauth");
 const UserRoutes = require("./routes/user");

 const app = express();
-app.use(bodyParser.json());
 app.use(express.static("public"));

 app.engine("hbs", hbs.express4({
--- a/views/scan.hbs
+++ b/views/scan.hbs
@ -16,11 +16,16 @@
    <div class="grid-x grid-margin-x grid-padding-x grid-margin-y grid-padding-y">

      <div class="cell small-8">
-        <h2>Uh oh! Here are your results</h2>
+        {{#if foundBreaches }}
+          <h2>Uh oh! Here are your results</h2>
+        {{ else }}
+          <h2>No breaches found.</h2>
+        {{/if}}
+
        <h3>{{ email }} <a href="">Subscribe</a></h3>
-        <div class="callout alert"><img src="http://via.placeholder.com/100x100">Really bad breach</div>
-        <div class="callout warning"><img src="http://via.placeholder.com/100x100">Bad breach</div>
-        <div class="callout secondary"><img src="http://via.placeholder.com/100x100">Regular breach</div>
+        {{#each foundBreaches }}
+          <div class="callout alert"><img src="http://via.placeholder.com/100x100">{{ name }}</div>
+        {{/each}}
      </div>

      <div class="cell small-4">