From 43a0e72c9955fd2900492530ab283d083b617ba8 Mon Sep 17 00:00:00 2001 From: Mark Powers Date: Mon, 19 Oct 2020 17:58:08 -0500 Subject: Add about and signup --- src/server.js | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) (limited to 'src/server.js') diff --git a/src/server.js b/src/server.js index 5d6cf9f..541f467 100644 --- a/src/server.js +++ b/src/server.js @@ -26,7 +26,8 @@ function hashWithSalt(password, salt) { function setUpRoutes(models, jwtFunctions, database, templates) { // Authentication routine server.use(async function (req, res, next) { - if (!req.path.toLowerCase().startsWith("/login")) { + let path = req.path.toLowerCase(); + if (!path.startsWith("/login")) { let cookie = req.cookies.authorization if (!cookie) { console.debug("Redirecting to login - no cookie") @@ -58,10 +59,18 @@ function setUpRoutes(models, jwtFunctions, database, templates) { server.use('/static', express.static(path.join(__dirname, '/static'))) server.get('/', (req, res) => res.redirect("/ledger")) + server.get('/about', (req, res) => { + let body = templates["about"]({}); + res.status(200).send(body) + }) server.get('/login', (req, res) => { let body = templates["login"]({}); res.status(200).send(body) }) + server.get('/login/signup', async (req, res) => { + let body = templates["signup"]({}); + res.status(200).send(body) + }) server.get('/ledger', async (req, res) => { var ledger = await database.query(`SELECT * FROM transactions WHERE username = '${res.locals.user.username}' ORDER BY \`when\` DESC`, { type: database.QueryTypes.SELECT }) ledger.forEach((element, i) => { @@ -134,6 +143,30 @@ function setUpRoutes(models, jwtFunctions, database, templates) { res.redirect('/login'); } }) + server.post('/login/signup', async (req, res) => { + if(req.body.code != config.signup_code){ + console.debug("Redirecting to signup - bad code") + res.redirect('/login/signup'); + return; + } + const user = await models.users.findOne({ where: { username: req.body.username } }) + if(user){ + console.debug("Redirecting to signup - user already exists") + res.redirect('/login/signup'); + return; + } + let salt = crypto.randomBytes(32).toString("Base64"); + let password = req.body.password + const hash = hashWithSalt(password, salt) + let new_user = { + username: req.body.username, + password: hash, + salt: salt + } + await models.users.create(new_user); + console.debug("Created account - log in") + res.redirect("/login") + }) server.post(`/transaction`, async (req, res, next) => { try { let item = req.body; -- cgit v1.2.3