diff options
-rw-r--r-- | src/server.js | 60 | ||||
-rw-r--r-- | src/templates/login.html | 2 | ||||
-rw-r--r-- | src/templates/me.html | 1 | ||||
-rw-r--r-- | src/templates/sign-up.html | 2 |
4 files changed, 47 insertions, 18 deletions
diff --git a/src/server.js b/src/server.js index e0214ba..025c087 100644 --- a/src/server.js +++ b/src/server.js @@ -3,6 +3,7 @@ const bodyParser = require('body-parser'); const cookieParser = require('cookie-parser'); //const request = require('request'); const crypto = require('crypto'); +const uuidv4 = require('uuid/v4'); const path = require('path'); const fs = require('fs'); @@ -25,20 +26,32 @@ function hashWithSalt(password, salt) { let messages = {} function putMessage(message, res){ - message[res.locals.username] = message; + console.debug("message put", res.locals.id, message) + messages[res.locals.id] = message; } function consumeMessage(res){ - if(messages[res.locals.username]){ - let t = messages[res.locals.username] - delete messages[res.locals.username] + let id = res.locals.id + if(messages[id]){ + let t = messages[id] + console.debug("message consume", id, t) + delete messages[id] return t + } else { + console.debug("message consume", id, undefined) + return undefined } - return undefined } function setUpRoutes(models, jwtFunctions, database, templates) { // Authentication routine server.use(async function (req, res, next) { + let session_cookie = req.cookies.session; + if (!session_cookie) { + session_cookie = uuidv4(); + res.cookie('session', session_cookie, { expires: new Date(Date.now() + (1000 * 60 * 60 * 30)) }); + } + res.locals.id = session_cookie; + let path = req.path.toLowerCase(); if (!path.startsWith("/login")) { let cookie = req.cookies.authorization @@ -83,15 +96,16 @@ function setUpRoutes(models, jwtFunctions, database, templates) { res.status(200).send(body) }) server.get('/login', (req, res) => { - let body = templates["login"]({}); + let body = templates["login"]({message: consumeMessage(res)}); res.status(200).send(body) }) server.get('/logout', (req, res) => { + putMessage("Logged out", res) res.clearCookie('authorization'); res.redirect("/login"); }); server.get('/login/signup', async (req, res) => { - let body = templates["signup"]({}); + let body = templates["signup"]({message: consumeMessage(res)}); res.status(200).send(body) }) server.get('/ledger', async (req, res) => { @@ -150,31 +164,43 @@ function setUpRoutes(models, jwtFunctions, database, templates) { res.status(400).send(e.message); } }) - - + server.post('/password', async (req, res, next) => { + const user = await models.users.findOne({ where: { username: res.locals.user.username } }) + const hash = hashWithSalt(req.body.old, user.salt) + if(hash != user.password){ + putMessage("Old password incorrect", res) + res.redirect("/me"); + } else if( req.body.new1 != req.body.new2){ + putMessage("New passwords do not match", res) + res.redirect("/me"); + } else { + await user.update({password: hash}); + putMessage("Password updated", res); + res.redirect("/me"); + } + }) server.post('/login', async (req, res, next) => { const user = await models.users.findOne({ where: { username: req.body.username } }) const hash = hashWithSalt(req.body.password, user.salt) - if (user.password == hash) { + if (!user || user.password != hash) { + putMessage("Username or password incorrect", res) + res.redirect('/login'); + } else if (user.password == hash) { const token = jwtFunctions.sign(user.username); res.cookie('authorization', token, { expires: new Date(Date.now() + (1000 * 60 * 60 * 24 * 30)) }); - console.debug("Redirecting to page - logged in") res.redirect('/ledger'); - } else { - console.debug("Redirecting to login - invalid login") - res.redirect('/login'); } }) server.post('/login/signup', async (req, res) => { if(req.body.code != config.signup_code){ - console.debug("Redirecting to signup - bad code") + putMessage("Bad code", res) res.redirect('/login/signup'); return; } const user = await models.users.findOne({ where: { username: req.body.username } }) if(user){ - console.debug("Redirecting to signup - user already exists") + putMessage("Username already exists", res) res.redirect('/login/signup'); return; } @@ -187,7 +213,7 @@ function setUpRoutes(models, jwtFunctions, database, templates) { salt: salt } await models.users.create(new_user); - console.debug("Created account - log in") + putMessage("Account created, please log in") res.redirect("/login") }) server.post(`/transaction`, async (req, res, next) => { diff --git a/src/templates/login.html b/src/templates/login.html index a8cc98c..8557b72 100644 --- a/src/templates/login.html +++ b/src/templates/login.html @@ -11,12 +11,14 @@ <body> <div> <h1>Login</h1> + {{> message}} <form method="post" action="/login"> <input name="username" type="text" placeholder="Enter Username" required> <input type="password" placeholder="Enter Password" name="password" required> <input type="submit" value="Log in"> </div> </div> + <a href="/login/signup">or sign up</a> </body> </html>
\ No newline at end of file diff --git a/src/templates/me.html b/src/templates/me.html index 77b5ed4..4b96661 100644 --- a/src/templates/me.html +++ b/src/templates/me.html @@ -11,7 +11,6 @@ <body> <div class="main"> <h1>{{name}}</h1> - {{message}} <h2>Reset Password</h2> <form method="post" action="/password"> diff --git a/src/templates/sign-up.html b/src/templates/sign-up.html index 81789bf..3f19ed3 100644 --- a/src/templates/sign-up.html +++ b/src/templates/sign-up.html @@ -11,6 +11,7 @@ <body> <div> <h1>Sign up!</h1> + {{>message}} <form method="post" action="/login/signup"> <input name="username" type="text" placeholder="Enter Username" required> <input type="password" placeholder="Enter Password" name="password" required> @@ -18,6 +19,7 @@ <input type="submit" vallue="Log in"> </div> </div> + <a href="/login">or login</a> </body> </html>
\ No newline at end of file |