albert/mrfrys-node-server
1
0
Fork 0
mirror of https://gitlab.com/MrFry/mrfrys-node-server synced 2025-04-01 20:24:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auth middleware polish

Browse source
This commit is contained in:
MrFry 2020-04-06 22:28:14 +02:00
parent 81db237b48
commit 5f0b17a0db
5 changed files with 68 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/api/api.js
View file

@ -62,6 +62,11 @@ function CreateDB () {
// TODO: fill with data
dbtools.Insert(authDB, 'users', {
pw: 2,
id: 2,
notes: 'hemnlo'
})
dbtools.Insert(authDB, 'users', {
pw: 1,
id: 1,
notes: 'hemnlo'
})
@ -84,7 +89,8 @@ app.set('views', [
'./sharedViews'
])
app.use(auth({
authDB: authDB
authDB: authDB,
jsonResponse: true
}))
app.use(express.static('public'))
app.use(busboy({
@ -128,6 +134,7 @@ app.post('/login', (req, res) => {
logger.LogReq(req)
const isScript = req.body.script
const pw = req.body.pw
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
const user = dbtools.Select(authDB, 'users', {
pw: pw
})[0]
@ -149,9 +156,17 @@ app.post('/login', (req, res) => {
})
}
dbtools.Update(authDB, 'users', {
loginCount: user.loginCount + 1,
lastIP: ip,
lastLogin: new Date().toString()
}, {
id: user.id
})
dbtools.Insert(authDB, 'sessions', {
id: sessionID,
ip: req.headers['cf-connecting-ip'] || req.connection.remoteAddress,
ip: ip,
userID: user.id,
createDate: new Date().toString()
})

6
modules/api/apiDBStruct.json
View file

@ -17,6 +17,12 @@
},
"loginCount": {
"type": "number"
},
"lastLogin": {
"type": "text"
},
"lastAccess": {
"type": "text"
}
}
},

65
modules/api/auth.middleware.js
View file

@ -7,9 +7,21 @@ const exceptions = [
]
module.exports = function (options) {
const { authDB } = options
const { authDB, jsonResponse } = options
const renderLogin = (res) => {
if (jsonResponse) {
res.json({
result: 'nouser',
msg: 'You are not logged in'
})
} else {
res.render('login')
}
}
return function (req, res, next) {
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
const sessionID = req.cookies.sessionID
const isException = exceptions.some((exc) => {
return req.url === exc
@ -21,40 +33,41 @@ module.exports = function (options) {
return
}
if (!sessionID) {
logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
renderLogin(res)
return
}
const user = GetUserBySessionID(authDB, sessionID, req)
// update 'sessiosn' table 'lastAccess' stuff
if (sessionID) {
dbtools.Update(authDB, 'sessions', {
lastAccess: new Date().toString()
}, {
id: sessionID
})
}
console.log(dbtools.SelectAll(authDB, 'sessions'))
// FIXME: invalidate when new ip or something
if (user) {
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
next()
} else {
if (!user) {
logger.DebugLog(`No user:${req.url}`, 'auth', 1)
// res.render('login')
res.json({
result: 'nouser',
msg: 'You are not logged in'
})
renderLogin(res)
return
}
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
dbtools.Update(authDB, 'sessions', {
lastAccess: new Date().toString()
}, {
id: sessionID
})
dbtools.Update(authDB, 'users', {
lastIP: ip,
lastAccess: new Date().toString()
}, {
id: user.id
})
next()
}
}
function GetUserBySessionID (db, sessionID, req) {
logger.DebugLog(`Getting user from db`, 'auth', 2)
if (sessionID === undefined) {
return
}
const session = dbtools.Select(db, 'sessions', {
id: sessionID

2
utils/dbtools.js
View file

@ -16,6 +16,7 @@ module.exports = {
const Sqlite = require('better-sqlite3')
const logger = require('../utils/logger.js')
const utils = require('../utils/utils.js')
const debugLog = process.env.NS_SQL_DEBUG_LOG
@ -35,6 +36,7 @@ function GetSqlQuerry (conditions) {
// -------------------------------------------------------------------------
function GetDB (path) {
utils.CreatePath(path)
return new Sqlite(path)
}

5
utils/utils.js
View file

@ -78,7 +78,10 @@ function CreatePath (path, onlyPath) {
}
currDir += '/' + p[i]
}
if (onlyPath === undefined || onlyPath === false) { fs.writeFileSync(path, '') } else { fs.mkdirSync(path) }
if (onlyPath === undefined || onlyPath === false) {
} else {
fs.mkdirSync(path)
}
}
function WriteFile (content, path) {