From 4f79645191cfbbf34428ff724e5be22fdcb5dc5c Mon Sep 17 00:00:00 2001 From: Henry Whitaker Date: Wed, 8 Apr 2020 19:45:20 +0100 Subject: [PATCH] Removed auth Doesn't really need user account, no sensitive data held in DB, plus routes that do stuff are rate limited anyway. Shouldn't be accessible to untrusted users (i.e. should be behind a RP that handles user auth) --- public/js/app.js | 114 ++---------------- .../js/components/Graphics/HistoryGraph.js | 3 +- .../js/components/Graphics/LatestResults.js | 5 +- resources/js/components/Home/HomePage.js | 13 +- resources/js/index.js | 101 ++-------------- routes/api.php | 35 +----- 6 files changed, 28 insertions(+), 243 deletions(-) diff --git a/public/js/app.js b/public/js/app.js index da9df9d1..6d296d53 100644 --- a/public/js/app.js +++ b/public/js/app.js @@ -126714,7 +126714,7 @@ var HistoryGraph = /*#__PURE__*/function (_Component) { _defineProperty(_assertThisInitialized(_this), "getData", function () { var days = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : _this.state.days; - var url = '/api/speedtest/time/' + days + '?token=' + _this.state.token.access_token; + var url = '/api/speedtest/time/' + days; axios__WEBPACK_IMPORTED_MODULE_2___default.a.get(url).then(function (resp) { var duData = { labels: [], @@ -126836,7 +126836,6 @@ var HistoryGraph = /*#__PURE__*/function (_Component) { _this.state = { days: 30, - token: _this.props.token, duData: {}, duOptions: {}, pingData: {}, @@ -127013,7 +127012,7 @@ var LatestResults = /*#__PURE__*/function (_Component) { }); _defineProperty(_assertThisInitialized(_this), "getData", function () { - var url = '/api/speedtest/latest?token=' + _this.state.token.access_token; + var url = '/api/speedtest/latest'; axios__WEBPACK_IMPORTED_MODULE_2___default.a.get(url).then(function (resp) { _this.setState({ data: resp.data, @@ -127025,7 +127024,7 @@ var LatestResults = /*#__PURE__*/function (_Component) { }); _defineProperty(_assertThisInitialized(_this), "newScan", function () { - var url = '/api/speedtest/run?token=' + _this.state.token.access_token; + var url = '/api/speedtest/run'; axios__WEBPACK_IMPORTED_MODULE_2___default.a.get(url).then(function (resp) { react_toastify__WEBPACK_IMPORTED_MODULE_5__["toast"].info('A scan has been queued. This page will refresh when the scan has finished.'); })["catch"](function (err) { @@ -127042,7 +127041,6 @@ var LatestResults = /*#__PURE__*/function (_Component) { }); _this.state = { - token: _this.props.token, data: {}, interval: null, loading: true @@ -127412,29 +127410,18 @@ var HomePage = /*#__PURE__*/function (_Component) { var _super = _createSuper(HomePage); - function HomePage(props) { - var _this; - + function HomePage() { _classCallCheck(this, HomePage); - _this = _super.call(this, props); - _this.state = { - token: _this.props.token - }; - return _this; + return _super.apply(this, arguments); } _createClass(HomePage, [{ key: "render", value: function render() { - var token = this.state.token; return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", { className: "my-4" - }, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_Graphics_LatestResults__WEBPACK_IMPORTED_MODULE_3__["default"], { - token: token - }), /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_Graphics_HistoryGraph__WEBPACK_IMPORTED_MODULE_2__["default"], { - token: token - })), /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_Footer__WEBPACK_IMPORTED_MODULE_4__["default"], null)); + }, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_Graphics_LatestResults__WEBPACK_IMPORTED_MODULE_3__["default"], null), /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_Graphics_HistoryGraph__WEBPACK_IMPORTED_MODULE_2__["default"], null)), /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_Footer__WEBPACK_IMPORTED_MODULE_4__["default"], null)); } }]); @@ -127741,8 +127728,6 @@ function _inherits(subClass, superClass) { if (typeof superClass !== "function" function _setPrototypeOf(o, p) { _setPrototypeOf = Object.setPrototypeOf || function _setPrototypeOf(o, p) { o.__proto__ = p; return o; }; return _setPrototypeOf(o, p); } -function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; } - @@ -127765,81 +127750,17 @@ var Index = /*#__PURE__*/function (_Component) { _classCallCheck(this, Index); _this = _super.call(this, props); - - _defineProperty(_assertThisInitialized(_this), "lookForToken", function () { - var token = JSON.parse(localStorage.getItem('token')); - - if (token == null) { - _this.setState({ - loading: false - }); - } else { - _this.tryToken(token); - } - }); - - _defineProperty(_assertThisInitialized(_this), "setToken", function (token) { - localStorage.setItem('token', JSON.stringify(token)); - - _this.setState({ - loading: true, - token: token - }); - - _this.tryToken(token); - }); - - _defineProperty(_assertThisInitialized(_this), "tryToken", function (token) { - var reload = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true; - axios__WEBPACK_IMPORTED_MODULE_3___default.a.get('/api/auth/me?token=' + token.access_token).then(function (resp) { - _this.setState({ - user: resp.data, - loading: false, - redirectLogin: false, - token: token - }); - - if (reload) { - _this.setState({ - redirectHome: true - }); - } - })["catch"](function (err) { - console.log('Invalid token'); - console.log(err); - - _this.setState({ - redirectLogin: true - }); - }); - }); - _this.state = { - loading: true, - redirectLogin: true, - redirectHome: false, - token: null, - user: null + loading: true }; return _this; } _createClass(Index, [{ - key: "componentDidMount", - value: function componentDidMount() { - this.lookForToken(); - } - }, { key: "render", value: function render() { - var _this2 = this; - var loading = this.state.loading; - var redirectLogin = this.state.redirectLogin; - var redirectHome = this.state.redirectHome; - var user = this.state.user; - var token = this.state.token; - return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, loading ? /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_components_Loader__WEBPACK_IMPORTED_MODULE_5__["default"], null)) : /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["BrowserRouter"], null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["Route"], { + return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["BrowserRouter"], null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["Route"], { render: function render(props) { return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_toastify__WEBPACK_IMPORTED_MODULE_7__["ToastContainer"], null); } @@ -127847,18 +127768,7 @@ var Index = /*#__PURE__*/function (_Component) { exact: true, path: "/", render: function render(props) { - return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_components_Home_HomePage__WEBPACK_IMPORTED_MODULE_9__["default"], { - user: user, - token: token - })); - } - }), /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["Route"], { - exact: true, - path: "/login", - render: function render(props) { - return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_components_Login__WEBPACK_IMPORTED_MODULE_6__["default"], { - setToken: _this2.setToken - })); + return /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement("div", null, /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(_components_Home_HomePage__WEBPACK_IMPORTED_MODULE_9__["default"], null)); } }), /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["Route"], { exact: true, @@ -127874,11 +127784,7 @@ var Index = /*#__PURE__*/function (_Component) { code: "404" }); } - })), redirectLogin && /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["Redirect"], { - to: "/login" - }), redirectHome && /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement(react_router_dom__WEBPACK_IMPORTED_MODULE_2__["Redirect"], { - to: "/" - })))); + }))); } }]); diff --git a/resources/js/components/Graphics/HistoryGraph.js b/resources/js/components/Graphics/HistoryGraph.js index d522e59c..8078e98c 100644 --- a/resources/js/components/Graphics/HistoryGraph.js +++ b/resources/js/components/Graphics/HistoryGraph.js @@ -12,7 +12,6 @@ export default class HistoryGraph extends Component { this.state = { days: 30, - token: this.props.token, duData: {}, duOptions: {}, pingData: {}, @@ -31,7 +30,7 @@ export default class HistoryGraph extends Component { } getData = (days = this.state.days) => { - var url = '/api/speedtest/time/' + days + '?token=' + this.state.token.access_token; + var url = '/api/speedtest/time/' + days; Axios.get(url) .then((resp) => { diff --git a/resources/js/components/Graphics/LatestResults.js b/resources/js/components/Graphics/LatestResults.js index 0e5d5846..433745a0 100644 --- a/resources/js/components/Graphics/LatestResults.js +++ b/resources/js/components/Graphics/LatestResults.js @@ -12,7 +12,6 @@ export default class LatestResults extends Component { super(props) this.state = { - token: this.props.token, data: {}, interval: null, loading: true, @@ -28,7 +27,7 @@ export default class LatestResults extends Component { } getData = () => { - var url = '/api/speedtest/latest?token=' + this.state.token.access_token; + var url = '/api/speedtest/latest'; Axios.get(url) .then((resp) => { @@ -43,7 +42,7 @@ export default class LatestResults extends Component { } newScan = () => { - var url = '/api/speedtest/run?token=' + this.state.token.access_token; + var url = '/api/speedtest/run'; Axios.get(url) .then((resp) => { diff --git a/resources/js/components/Home/HomePage.js b/resources/js/components/Home/HomePage.js index cdd9582f..5af993e8 100644 --- a/resources/js/components/Home/HomePage.js +++ b/resources/js/components/Home/HomePage.js @@ -5,22 +5,13 @@ import LatestResults from '../Graphics/LatestResults'; import Footer from './Footer'; export default class HomePage extends Component { - constructor(props) { - super(props) - - this.state = { - token: this.props.token, - } - } render() { - var token = this.state.token; - return (
- - + +
diff --git a/resources/js/index.js b/resources/js/index.js index 2434f070..c645e339 100644 --- a/resources/js/index.js +++ b/resources/js/index.js @@ -15,102 +15,25 @@ export default class Index extends Component { this.state = { loading: true, - redirectLogin: true, - redirectHome: false, - token: null, - user: null, } } - componentDidMount() { - this.lookForToken(); - } - - lookForToken = () => { - var token = JSON.parse(localStorage.getItem('token')); - if(token == null) { - this.setState({ - loading: false, - }); - } else { - this.tryToken(token) - } - } - - setToken = (token) => { - localStorage.setItem('token', JSON.stringify(token)); - this.setState({ - loading: true, - token: token, - }); - this.tryToken(token); - } - - tryToken = (token, reload = true) => { - Axios.get('/api/auth/me?token=' + token.access_token) - .then((resp) => { - this.setState({ - user: resp.data, - loading: false, - redirectLogin: false, - token: token - }); - if(reload) { - this.setState({ - redirectHome: true - }); - } - }) - .catch((err) => { - console.log('Invalid token'); - console.log(err); - this.setState({ - redirectLogin: true - }); - }) - } - render() { var loading = this.state.loading; - var redirectLogin = this.state.redirectLogin; - var redirectHome = this.state.redirectHome; - var user = this.state.user; - var token = this.state.token; return ( -
- {loading ? -
- -
- : -
- - ()} /> - - ( -
- -
- )} /> - ( -
- -
- )} /> - ( )} /> - ()} /> - - {redirectLogin && - - } - {redirectHome && - - } - -
- } -
+ + ()} /> + + ( +
+ +
+ )} /> + ( )} /> + ()} /> + + ); } } diff --git a/routes/api.php b/routes/api.php index ac9af5bd..b53ff112 100644 --- a/routes/api.php +++ b/routes/api.php @@ -15,41 +15,8 @@ use Illuminate\Support\Facades\Route; | */ -Route::group( - [ - 'middleware' => 'api', - 'prefix' => 'auth' - ], - function ($router) { - Route::post('register', 'AuthController@register')->name('auth.register'); - - Route::get('verify-email', 'AuthController@verifyEmail')->middleware('throttle:5,1')->name('auth.verify_email'); - - Route::post('login', 'AuthController@login')->middleware('throttle:10,1')->name('auth.login'); - - Route::get('logout', 'AuthController@logout')->name('auth.logout'); - - Route::get('refresh', 'AuthController@refresh')->middleware(['throttle:5,1' ])->name('auth.refresh'); - - Route::get('me', 'AuthController@me')->middleware(['session_active' ])->name('auth.me'); - - Route::put('details', 'UserController@update')->name('auth.user.update_details'); - - Route::group( - [ - 'middleware' => ['api', 'session_active' ], - 'prefix' => 'sessions' - ], - function($router) { - Route::get('/', 'AuthController@getSessions')->name('auth.sessions.all'); - Route::delete('/{id}', 'AuthController@deleteSession')->name('auth.sessions.delete'); - } - ); - } -); - Route::group([ - 'middleware' => [ 'api', 'session_active' ], + 'middleware' => [ 'api' ], 'prefix' => 'speedtest' ], function($router) { Route::get('/', 'SpeedtestController@index')