Handling sessions, json response if not logged in

modules/api/api.js

@@ -54,16 +54,18 @@ function CreateDB () {
   // TODO: check if path exists, create it if not
   authDB = dbtools.GetDB(usersDBPath)
 
+  // TODO: foreign key
   Object.keys(dbStruct).forEach((tableName) => {
     const tableData = dbStruct[tableName]
     dbtools.CreateTable(authDB, tableName, tableData.tableStruct)
   })
 
-  // dbtools.Insert(authDB, 'users', {
-  //   pw: 2,
-  //   id: 1,
-  //   notes: 'hemnlo'
-  // })
+  // TODO: fill with data
+  dbtools.Insert(authDB, 'users', {
+    pw: 2,
+    id: 1,
+    notes: 'hemnlo'
+  })
   // console.log(dbtools.TableInfo(authDB, 'users'))
 }
 CreateDB()
@@ -82,12 +84,15 @@ CreateDB()
 //
 // app.use(session(sess))
 
+const cookieSecret = uuidv4()
 app.use(session({
-  secret: uuidv4(),
+  secret: cookieSecret,
   resave: false,
   saveUninitialized: true
 }))
-app.use(cookieParser())
+app.use(cookieParser({
+  secret: cookieSecret
+}))
 app.use(bodyParser.urlencoded({
   limit: '10mb',
   extended: true
@@ -141,7 +146,9 @@ Load()
 // -------------------------------------------------------------
 
 app.post('/login', (req, res) => {
+  // TODO: user.logincount update in db
   logger.LogReq(req)
+  const isScript = req.body.script
   const pw = req.body.pw
   const user = dbtools.Select(authDB, 'users', {
     pw: pw
@@ -149,15 +156,48 @@ app.post('/login', (req, res) => {
 
   if (user) {
     const sessionID = uuidv4()
+
+    // Setting session
     req.session.user = user
+    req.session.sessionID = sessionID
+
+    // FIXME: Users now can only log in in one session, this might be too strict.
+    const existingSessions = dbtools.Select(authDB, 'sessions', {
+      userID: user.id
+    })
+
+    if (existingSessions.length > 0) {
+      logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
+      existingSessions.forEach((sess) => {
+        dbtools.Delete(authDB, 'sessions', {
+          id: sess.id
+        })
+      })
+    }
+
     dbtools.Insert(authDB, 'sessions', {
       id: sessionID,
       ip: req.headers['cf-connecting-ip'] || req.connection.remoteAddress,
-      userID: user.id
+      userID: user.id,
+      createDate: new Date().toString()
     })
-    // FIXME: redirect to original url
-    res.cookie('sessionID', sessionID).redirect('/')
+
+    // TODO: cookie age
+    res.cookie('sessionID', sessionID)
+
+    if (isScript) {
+      res.json({
+        result: 'success',
+        sessionID: sessionID
+      })
+    } else {
+      // FIXME: redirect to original url
+      res.redirect('/')
+    }
+
+    logger.Log(`Successfull login with user ID: #${user.id}`, logger.GetColor('cyan'))
   } else {
+    logger.Log(`Login attempt with invalid pw: ${pw}`, logger.GetColor('cyan'))
     res.json({
       msg: 'invalid pw'
     })
@@ -166,11 +206,20 @@ app.post('/login', (req, res) => {
 
 app.post('/logout', (req, res) => {
   logger.LogReq(req)
-  // FIXME: redirect to original url
+  const sessionID = req.cookies.sessionID
   const userID = req.session.user.id
+
+  // destroying session
   req.session.destroy(function () {
-    logger.Log(`User ${userID} logout`)
+    logger.Log(`User ${userID} logout`, logger.GetColor('cyan'))
   })
+
+  // removing session from db
+  dbtools.Delete(authDB, 'sessions', {
+    id: sessionID
+  })
+  // TODO: remove old sessions every once in a while
+  // FIXME: redirect to original url
   res.clearCookie('sessionID').redirect('/')
 })
 
@@ -402,7 +451,9 @@ app.get('/datacount', function (req, res) {
 })
 
 app.get('/infos', function (req, res) {
-  let result = {}
+  let result = {
+    result: 'success'
+  }
   if (req.query.subjinfo) {
     result.subjinfo = getSimplreRes()
   }