Storing session id in cookies, and db

modules/api/api.js

@@ -143,12 +143,25 @@ Load()
 app.post('/login', (req, res) => {
   logger.LogReq(req)
   const pw = req.body.pw
-  // FIXME: redirect to original url
-  const user = 'u'
-  // TODO: get user
-  // TODO: check if pw is correct
-  res.cookie('pw', pw).redirect('/')
-  req.session.user = user
+  const user = dbtools.Select(authDB, 'users', {
+    pw: pw
+  })[0]
+
+  if (user) {
+    const sessionID = uuidv4()
+    req.session.user = user
+    dbtools.Insert(authDB, 'sessions', {
+      id: sessionID,
+      ip: req.headers['cf-connecting-ip'] || req.connection.remoteAddress,
+      userID: user.id
+    })
+    // FIXME: redirect to original url
+    res.cookie('sessionID', sessionID).redirect('/')
+  } else {
+    res.json({
+      msg: 'invalid pw'
+    })
+  }
 })
 
 app.post('/logout', (req, res) => {
@@ -158,7 +171,7 @@ app.post('/logout', (req, res) => {
   req.session.destroy(function () {
     logger.Log(`User ${userID} logout`)
   })
-  res.clearCookie('pw').redirect('/')
+  res.clearCookie('sessionID').redirect('/')
 })
 
 // --------------------------------------------------------------