albert/mrfrys-node-server
1
0
Fork 0
mirror of https://gitlab.com/MrFry/mrfrys-node-server synced 2025-04-01 20:24:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Storing session id in cookies, and db

Browse source
This commit is contained in:
MrFry 2020-04-03 10:36:53 +02:00
parent 840f64c66b
commit 52ae2828e5
3 changed files with 56 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

25
modules/api/api.js
View file

@ -143,12 +143,25 @@ Load()
app.post('/login', (req, res) => { app.post('/login', (req, res) => {
logger.LogReq(req) logger.LogReq(req)
const pw = req.body.pw const pw = req.body.pw
// FIXME: redirect to original url const user = dbtools.Select(authDB, 'users', {
const user = 'u' pw: pw
// TODO: get user })[0]
// TODO: check if pw is correct
res.cookie('pw', pw).redirect('/') if (user) {
const sessionID = uuidv4()
req.session.user = user req.session.user = user
dbtools.Insert(authDB, 'sessions', {
id: sessionID,
ip: req.headers['cf-connecting-ip'] || req.connection.remoteAddress,
userID: user.id
})
// FIXME: redirect to original url
res.cookie('sessionID', sessionID).redirect('/')
} else {
res.json({
msg: 'invalid pw'
})
}
}) })
app.post('/logout', (req, res) => { app.post('/logout', (req, res) => {
@ -158,7 +171,7 @@ app.post('/logout', (req, res) => {
req.session.destroy(function () { req.session.destroy(function () {
logger.Log(`User ${userID} logout`) logger.Log(`User ${userID} logout`)
}) })
res.clearCookie('pw').redirect('/') res.clearCookie('sessionID').redirect('/')
}) })
// -------------------------------------------------------------- // --------------------------------------------------------------

17
modules/api/apiDBStruct.json
View file

@ -20,6 +20,23 @@
} }
} }
}, },
"sessions": {
"tableStruct": {
"id": {
"type": "text",
"primary": true,
"notNull": true
},
"ip": {
"type": "text",
"notNull": true
},
"userID": {
"type": "number",
"notNull": true
}
}
},
"acesses": { "acesses": {
"tableStruct": { "tableStruct": {
"accessId": { "accessId": {

31
modules/api/auth.middleware.js
View file

@ -1,48 +1,55 @@
const logger = require('../../utils/logger.js') const logger = require('../../utils/logger.js')
const dbtools = require('../../utils/dbtools.js') const dbtools = require('../../utils/dbtools.js')
const usersDBName = 'users'
const exceptions = [ const exceptions = [
'favicon', 'favicon',
'/login' '/login'
] ]
// TODO: session // TODO: session table, dont store pw in cookie
module.exports = function (options) { module.exports = function (options) {
const { authDB } = options const { authDB } = options
return function (req, res, next) { return function (req, res, next) {
logger.DebugLog(`AUTH: ${req.url}`, 'auth', 1)
const isException = exceptions.some((exc) => { const isException = exceptions.some((exc) => {
return req.url === exc return req.url === exc
}) })
if (isException) { if (isException) {
logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
next() next()
return return
} }
const user = GetUserByPW(authDB, req.cookies.pw) const user = req.session.user || GetUserBySessionID(authDB, req.cookies.sessionID, req)
if (user) { if (user) {
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
next() next()
} else { } else {
logger.DebugLog(`No user:${req.url}`, 'auth', 1)
res.render('login') res.render('login')
} }
} }
} }
function GetUserByPW (db, password) { function GetUserBySessionID (db, sessionID, req) {
if (password === undefined) { logger.DebugLog(`Getting user from db`, 'auth', 2)
if (sessionID === undefined) {
return return
} }
const res = dbtools.Select(db, usersDBName, { const session = dbtools.Select(db, 'sessions', {
pw: password id: sessionID
}) })[0]
if (res) {
return res[0] const user = dbtools.Select(db, 'users', {
id: session.userID
})[0]
if (user) {
req.session.user = user
return user
} }
} }