albert/mrfrys-node-server
1
0
Fork 0
mirror of https://gitlab.com/MrFry/mrfrys-node-server synced 2025-04-01 20:24:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auth middleware polish

Browse source
This commit is contained in:
MrFry 2020-04-06 22:28:14 +02:00
parent 81db237b48
commit 5f0b17a0db
5 changed files with 68 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/api/api.js
View file

@ -62,6 +62,11 @@ function CreateDB () {
// TODO: fill with data // TODO: fill with data
dbtools.Insert(authDB, 'users', { dbtools.Insert(authDB, 'users', {
pw: 2, pw: 2,
id: 2,
notes: 'hemnlo'
})
dbtools.Insert(authDB, 'users', {
pw: 1,
id: 1, id: 1,
notes: 'hemnlo' notes: 'hemnlo'
}) })
@ -84,7 +89,8 @@ app.set('views', [
'./sharedViews' './sharedViews'
]) ])
app.use(auth({ app.use(auth({
authDB: authDB authDB: authDB,
jsonResponse: true
})) }))
app.use(express.static('public')) app.use(express.static('public'))
app.use(busboy({ app.use(busboy({
@ -128,6 +134,7 @@ app.post('/login', (req, res) => {
logger.LogReq(req) logger.LogReq(req)
const isScript = req.body.script const isScript = req.body.script
const pw = req.body.pw const pw = req.body.pw
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
const user = dbtools.Select(authDB, 'users', { const user = dbtools.Select(authDB, 'users', {
pw: pw pw: pw
})[0] })[0]
@ -149,9 +156,17 @@ app.post('/login', (req, res) => {
}) })
} }
dbtools.Update(authDB, 'users', {
loginCount: user.loginCount + 1,
lastIP: ip,
lastLogin: new Date().toString()
}, {
id: user.id
})
dbtools.Insert(authDB, 'sessions', { dbtools.Insert(authDB, 'sessions', {
id: sessionID, id: sessionID,
ip: req.headers['cf-connecting-ip'] || req.connection.remoteAddress, ip: ip,
userID: user.id, userID: user.id,
createDate: new Date().toString() createDate: new Date().toString()
}) })

6
modules/api/apiDBStruct.json
View file

@ -17,6 +17,12 @@
}, },
"loginCount": { "loginCount": {
"type": "number" "type": "number"
},
"lastLogin": {
"type": "text"
},
"lastAccess": {
"type": "text"
} }
} }
}, },

65
modules/api/auth.middleware.js
View file

@ -7,9 +7,21 @@ const exceptions = [
] ]
module.exports = function (options) { module.exports = function (options) {
const { authDB } = options const { authDB, jsonResponse } = options
const renderLogin = (res) => {
if (jsonResponse) {
res.json({
result: 'nouser',
msg: 'You are not logged in'
})
} else {
res.render('login')
}
}
return function (req, res, next) { return function (req, res, next) {
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
const sessionID = req.cookies.sessionID const sessionID = req.cookies.sessionID
const isException = exceptions.some((exc) => { const isException = exceptions.some((exc) => {
return req.url === exc return req.url === exc
@ -21,40 +33,41 @@ module.exports = function (options) {
return return
} }
if (!sessionID) {
logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
renderLogin(res)
return
}
const user = GetUserBySessionID(authDB, sessionID, req) const user = GetUserBySessionID(authDB, sessionID, req)
// update 'sessiosn' table 'lastAccess' stuff if (!user) {
if (sessionID) {
dbtools.Update(authDB, 'sessions', {
lastAccess: new Date().toString()
}, {
id: sessionID
})
}
console.log(dbtools.SelectAll(authDB, 'sessions'))
// FIXME: invalidate when new ip or something
if (user) {
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
next()
} else {
logger.DebugLog(`No user:${req.url}`, 'auth', 1) logger.DebugLog(`No user:${req.url}`, 'auth', 1)
// res.render('login') renderLogin(res)
res.json({ return
result: 'nouser',
msg: 'You are not logged in'
})
} }
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
dbtools.Update(authDB, 'sessions', {
lastAccess: new Date().toString()
}, {
id: sessionID
})
dbtools.Update(authDB, 'users', {
lastIP: ip,
lastAccess: new Date().toString()
}, {
id: user.id
})
next()
} }
} }
function GetUserBySessionID (db, sessionID, req) { function GetUserBySessionID (db, sessionID, req) {
logger.DebugLog(`Getting user from db`, 'auth', 2) logger.DebugLog(`Getting user from db`, 'auth', 2)
if (sessionID === undefined) {
return
}
const session = dbtools.Select(db, 'sessions', { const session = dbtools.Select(db, 'sessions', {
id: sessionID id: sessionID

2
utils/dbtools.js
View file

@ -16,6 +16,7 @@ module.exports = {
const Sqlite = require('better-sqlite3') const Sqlite = require('better-sqlite3')
const logger = require('../utils/logger.js') const logger = require('../utils/logger.js')
const utils = require('../utils/utils.js')
const debugLog = process.env.NS_SQL_DEBUG_LOG const debugLog = process.env.NS_SQL_DEBUG_LOG
@ -35,6 +36,7 @@ function GetSqlQuerry (conditions) {
// ------------------------------------------------------------------------- // -------------------------------------------------------------------------
function GetDB (path) { function GetDB (path) {
utils.CreatePath(path)
return new Sqlite(path) return new Sqlite(path)
} }

5
utils/utils.js
View file

@ -78,7 +78,10 @@ function CreatePath (path, onlyPath) {
} }
currDir += '/' + p[i] currDir += '/' + p[i]
} }
if (onlyPath === undefined || onlyPath === false) { fs.writeFileSync(path, '') } else { fs.mkdirSync(path) } if (onlyPath === undefined || onlyPath === false) {
} else {
fs.mkdirSync(path)
}
} }
function WriteFile (content, path) { function WriteFile (content, path) {