Handling sessions, json response if not logged in

2025-04-01 20:24:18 +02:00 · 2020-04-06 21:34:33 +02:00 · 2020-04-06 21:34:33 +02:00 · 4c2c617b96
commit 4c2c617b96
parent 52ae2828e5
7 changed files with 110 additions and 23 deletions
--- a/modules/api/api.js
+++ b/modules/api/api.js
@ -54,16 +54,18 @@ function CreateDB () {
  // TODO: check if path exists, create it if not
  authDB = dbtools.GetDB(usersDBPath)
  // TODO: foreign key
  Object.keys(dbStruct).forEach((tableName) => {
    const tableData = dbStruct[tableName]
    dbtools.CreateTable(authDB, tableName, tableData.tableStruct)
  })
-  // dbtools.Insert(authDB, 'users', {
+  // TODO: fill with data
-  //   pw: 2,
+  dbtools.Insert(authDB, 'users', {
-  //   id: 1,
+    pw: 2,
-  //   notes: 'hemnlo'
+    id: 1,
-  // })
+    notes: 'hemnlo'
  })
  // console.log(dbtools.TableInfo(authDB, 'users'))
 }
 CreateDB()
@ -82,12 +84,15 @@ CreateDB()
 //
 // app.use(session(sess))
 const cookieSecret = uuidv4()
 app.use(session({
-  secret: uuidv4(),
+  secret: cookieSecret,
  resave: false,
  saveUninitialized: true
 }))
-app.use(cookieParser())
+app.use(cookieParser({
  secret: cookieSecret
 }))
 app.use(bodyParser.urlencoded({
  limit: '10mb',
  extended: true
@ -141,7 +146,9 @@ Load()
 // -------------------------------------------------------------
 app.post('/login', (req, res) => {
  // TODO: user.logincount update in db
  logger.LogReq(req)
  const isScript = req.body.script
  const pw = req.body.pw
  const user = dbtools.Select(authDB, 'users', {
    pw: pw
@ -149,15 +156,48 @@ app.post('/login', (req, res) => {
  if (user) {
    const sessionID = uuidv4()
    // Setting session
    req.session.user = user
    req.session.sessionID = sessionID
    // FIXME: Users now can only log in in one session, this might be too strict.
    const existingSessions = dbtools.Select(authDB, 'sessions', {
      userID: user.id
    })
    if (existingSessions.length > 0) {
      logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
      existingSessions.forEach((sess) => {
        dbtools.Delete(authDB, 'sessions', {
          id: sess.id
        })
      })
    }
    dbtools.Insert(authDB, 'sessions', {
      id: sessionID,
      ip: req.headers['cf-connecting-ip'] || req.connection.remoteAddress,
-      userID: user.id
+      userID: user.id,
      createDate: new Date().toString()
    })
    // TODO: cookie age
    res.cookie('sessionID', sessionID)
    if (isScript) {
      res.json({
        result: 'success',
        sessionID: sessionID
      })
    // FIXME: redirect to original url
    res.cookie('sessionID', sessionID).redirect('/')
    } else {
      // FIXME: redirect to original url
      res.redirect('/')
    }
    logger.Log(`Successfull login with user ID: #${user.id}`, logger.GetColor('cyan'))
  } else {
    logger.Log(`Login attempt with invalid pw: ${pw}`, logger.GetColor('cyan'))
    res.json({
      msg: 'invalid pw'
    })
@ -166,11 +206,20 @@ app.post('/login', (req, res) => {
 app.post('/logout', (req, res) => {
  logger.LogReq(req)
-  // FIXME: redirect to original url
+  const sessionID = req.cookies.sessionID
  const userID = req.session.user.id
  // destroying session
  req.session.destroy(function () {
-    logger.Log(`User ${userID} logout`)
+    logger.Log(`User ${userID} logout`, logger.GetColor('cyan'))
  })
  // removing session from db
  dbtools.Delete(authDB, 'sessions', {
    id: sessionID
  })
  // TODO: remove old sessions every once in a while
  // FIXME: redirect to original url
  res.clearCookie('sessionID').redirect('/')
 })
@ -402,7 +451,9 @@ app.get('/datacount', function (req, res) {
 })
 app.get('/infos', function (req, res) {
-  let result = {}
+  let result = {
    result: 'success'
  }
  if (req.query.subjinfo) {
    result.subjinfo = getSimplreRes()
  }
--- a/modules/api/apiDBStruct.json
+++ b/modules/api/apiDBStruct.json
@ -34,6 +34,13 @@
      "userID": {
        "type": "number",
        "notNull": true
      },
      "createDate": {
        "type": "text",
        "notNull": true
      },
      "lastAccess": {
        "type": "text"
      }
    }
  },
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@ -6,12 +6,11 @@ const exceptions = [
  '/login'
 ]
 // TODO: session table, dont store pw in cookie
 module.exports = function (options) {
  const { authDB } = options
  return function (req, res, next) {
    const sessionID = req.cookies.sessionID || req.session.id
    const isException = exceptions.some((exc) => {
      return req.url === exc
    })
@ -22,14 +21,32 @@ module.exports = function (options) {
      return
    }
-    const user = req.session.user || GetUserBySessionID(authDB, req.cookies.sessionID, req)
+    const user = req.session.user || GetUserBySessionID(authDB, sessionID, req)
    console.log(req.session)
    // update 'sessiosn' table 'lastAccess' stuff
    if (sessionID) {
      dbtools.Update(authDB, 'sessions', {
        lastAccess: new Date().toString()
      }, {
        id: sessionID
      })
    }
    console.log(dbtools.SelectAll(authDB, 'sessions'))
    // FIXME: invalidate when new ip or something
    if (user) {
      logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
      next()
    } else {
      logger.DebugLog(`No user:${req.url}`, 'auth', 1)
-      res.render('login')
+      // res.render('login')
      res.json({
        result: 'nouser',
        msg: 'You are not logged in'
      })
    }
  }
 }
@ -44,12 +61,17 @@ function GetUserBySessionID (db, sessionID, req) {
    id: sessionID
  })[0]
  if (!session) {
    return
  }
  const user = dbtools.Select(db, 'users', {
    id: session.userID
  })[0]
  if (user) {
    req.session.user = user
    req.session.id = sessionID
    return user
  }
 }
--- a/modules/qmining/qmining-page
+++ b/modules/qmining/qmining-page
@ -1 +1 @@
-Subproject commit 86b01f443a306695a9a17f29785ba20b7f08f810
+Subproject commit 72ea24c07133d02a983152b4416ff98eb5dc4369
--- a/server.js
+++ b/server.js
@ -17,6 +17,7 @@
 along with this program. If not, see <https://www.gnu.org/licenses/>.
 ------------------------------------------------------------------------- */
 console.clear()
 const startHTTPS = true
 const port = 8080
@ -38,7 +39,6 @@ const loggableKeywords = [
 ]
 let modules = JSON.parse(utils.ReadFile(modulesFile))
 console.clear()
 logger.Load()
 try {
--- a/utils/dbtools.js
+++ b/utils/dbtools.js
@ -5,7 +5,7 @@ module.exports = {
  GetDB,
  AddColumn,
  TableInfo,
-  UpdateRecord,
+  Update,
  Delete,
  CreateTable,
  SelectAll,
@ -83,7 +83,7 @@ function TableInfo (db, table) {
  }
 }
-function UpdateRecord (db, table, newData, conditions) {
+function Update (db, table, newData, conditions) {
  try {
    const s = `UPDATE ${table} SET ${GetSqlQuerry(newData)} WHERE ${GetSqlQuerry(conditions)}`
    DebugLog(s)
@ -118,7 +118,8 @@ function CreateTable (db, name, columns) {
      return acc
    }, []).join(', ')
-    const s = `CREATE TABLE IF NOT EXISTS ${name}(${cols})`
+    // IF NOT EXISTS  // TODO
    const s = `CREATE TABLE ${name}(${cols})`
    DebugLog(s)
    const stmt = db.prepare(s)
--- a/utils/logger.js
+++ b/utils/logger.js
@ -118,7 +118,13 @@ function LogReq (req, toFile, sc) {
      dl += C('red')
    }
-    const hostname = req.hostname.replace('www.', '').split('.')[0]
+    let hostname
    if (req.hostname) {
      hostname = req.hostname.replace('www.', '').split('.')[0]
    } else {
      hostname = 'NOHOST'
      Log('req.hostname is undefined! req.hostname: ' + req.hostname, GetColor('redbg'))
    }
    logEntry += dl + hostname + dl + req.headers['user-agent'] + dl + req.method + dl
    logEntry += GetRandomColor(req.url.split('?')[0]) + req.url
		`@ -1 +1 @@`
			`Subproject commit 86b01f443a306695a9a17f29785ba20b7f08f810`				`Subproject commit 72ea24c07133d02a983152b4416ff98eb5dc4369`