aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMark Powers <markppowers0@gmail.com>2020-10-20 13:12:43 -0500
committerMark Powers <markppowers0@gmail.com>2020-10-20 13:12:43 -0500
commit9ea4b4d3287d0253deb45a4404702009e38ace5c (patch)
treec6d24e3e94ae3e1548069410462df59ebbf64c70 /src
parent20deceae4de9779b3bfafa9c8b8811c403bfbc6e (diff)
Add me, login, sign up messages
Diffstat (limited to 'src')
-rw-r--r--src/server.js60
-rw-r--r--src/templates/login.html2
-rw-r--r--src/templates/me.html1
-rw-r--r--src/templates/sign-up.html2
4 files changed, 47 insertions, 18 deletions
diff --git a/src/server.js b/src/server.js
index e0214ba..025c087 100644
--- a/src/server.js
+++ b/src/server.js
@@ -3,6 +3,7 @@ const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
//const request = require('request');
const crypto = require('crypto');
+const uuidv4 = require('uuid/v4');
const path = require('path');
const fs = require('fs');
@@ -25,20 +26,32 @@ function hashWithSalt(password, salt) {
let messages = {}
function putMessage(message, res){
- message[res.locals.username] = message;
+ console.debug("message put", res.locals.id, message)
+ messages[res.locals.id] = message;
}
function consumeMessage(res){
- if(messages[res.locals.username]){
- let t = messages[res.locals.username]
- delete messages[res.locals.username]
+ let id = res.locals.id
+ if(messages[id]){
+ let t = messages[id]
+ console.debug("message consume", id, t)
+ delete messages[id]
return t
+ } else {
+ console.debug("message consume", id, undefined)
+ return undefined
}
- return undefined
}
function setUpRoutes(models, jwtFunctions, database, templates) {
// Authentication routine
server.use(async function (req, res, next) {
+ let session_cookie = req.cookies.session;
+ if (!session_cookie) {
+ session_cookie = uuidv4();
+ res.cookie('session', session_cookie, { expires: new Date(Date.now() + (1000 * 60 * 60 * 30)) });
+ }
+ res.locals.id = session_cookie;
+
let path = req.path.toLowerCase();
if (!path.startsWith("/login")) {
let cookie = req.cookies.authorization
@@ -83,15 +96,16 @@ function setUpRoutes(models, jwtFunctions, database, templates) {
res.status(200).send(body)
})
server.get('/login', (req, res) => {
- let body = templates["login"]({});
+ let body = templates["login"]({message: consumeMessage(res)});
res.status(200).send(body)
})
server.get('/logout', (req, res) => {
+ putMessage("Logged out", res)
res.clearCookie('authorization');
res.redirect("/login");
});
server.get('/login/signup', async (req, res) => {
- let body = templates["signup"]({});
+ let body = templates["signup"]({message: consumeMessage(res)});
res.status(200).send(body)
})
server.get('/ledger', async (req, res) => {
@@ -150,31 +164,43 @@ function setUpRoutes(models, jwtFunctions, database, templates) {
res.status(400).send(e.message);
}
})
-
-
+ server.post('/password', async (req, res, next) => {
+ const user = await models.users.findOne({ where: { username: res.locals.user.username } })
+ const hash = hashWithSalt(req.body.old, user.salt)
+ if(hash != user.password){
+ putMessage("Old password incorrect", res)
+ res.redirect("/me");
+ } else if( req.body.new1 != req.body.new2){
+ putMessage("New passwords do not match", res)
+ res.redirect("/me");
+ } else {
+ await user.update({password: hash});
+ putMessage("Password updated", res);
+ res.redirect("/me");
+ }
+ })
server.post('/login', async (req, res, next) => {
const user = await models.users.findOne({ where: { username: req.body.username } })
const hash = hashWithSalt(req.body.password, user.salt)
- if (user.password == hash) {
+ if (!user || user.password != hash) {
+ putMessage("Username or password incorrect", res)
+ res.redirect('/login');
+ } else if (user.password == hash) {
const token = jwtFunctions.sign(user.username);
res.cookie('authorization', token, { expires: new Date(Date.now() + (1000 * 60 * 60 * 24 * 30)) });
- console.debug("Redirecting to page - logged in")
res.redirect('/ledger');
- } else {
- console.debug("Redirecting to login - invalid login")
- res.redirect('/login');
}
})
server.post('/login/signup', async (req, res) => {
if(req.body.code != config.signup_code){
- console.debug("Redirecting to signup - bad code")
+ putMessage("Bad code", res)
res.redirect('/login/signup');
return;
}
const user = await models.users.findOne({ where: { username: req.body.username } })
if(user){
- console.debug("Redirecting to signup - user already exists")
+ putMessage("Username already exists", res)
res.redirect('/login/signup');
return;
}
@@ -187,7 +213,7 @@ function setUpRoutes(models, jwtFunctions, database, templates) {
salt: salt
}
await models.users.create(new_user);
- console.debug("Created account - log in")
+ putMessage("Account created, please log in")
res.redirect("/login")
})
server.post(`/transaction`, async (req, res, next) => {
diff --git a/src/templates/login.html b/src/templates/login.html
index a8cc98c..8557b72 100644
--- a/src/templates/login.html
+++ b/src/templates/login.html
@@ -11,12 +11,14 @@
<body>
<div>
<h1>Login</h1>
+ {{> message}}
<form method="post" action="/login">
<input name="username" type="text" placeholder="Enter Username" required>
<input type="password" placeholder="Enter Password" name="password" required>
<input type="submit" value="Log in">
</div>
</div>
+ <a href="/login/signup">or sign up</a>
</body>
</html> \ No newline at end of file
diff --git a/src/templates/me.html b/src/templates/me.html
index 77b5ed4..4b96661 100644
--- a/src/templates/me.html
+++ b/src/templates/me.html
@@ -11,7 +11,6 @@
<body>
<div class="main">
<h1>{{name}}</h1>
-
{{message}}
<h2>Reset Password</h2>
<form method="post" action="/password">
diff --git a/src/templates/sign-up.html b/src/templates/sign-up.html
index 81789bf..3f19ed3 100644
--- a/src/templates/sign-up.html
+++ b/src/templates/sign-up.html
@@ -11,6 +11,7 @@
<body>
<div>
<h1>Sign up!</h1>
+ {{>message}}
<form method="post" action="/login/signup">
<input name="username" type="text" placeholder="Enter Username" required>
<input type="password" placeholder="Enter Password" name="password" required>
@@ -18,6 +19,7 @@
<input type="submit" vallue="Log in">
</div>
</div>
+ <a href="/login">or login</a>
</body>
</html> \ No newline at end of file