Modules now return a function which creates app-s, qmining module auth handle

2025-04-01 20:24:18 +02:00 · 2020-04-08 12:11:48 +02:00 · 2020-04-08 12:11:48 +02:00 · a03f56028a
commit a03f56028a
parent b5f9ede2cf
12 changed files with 1046 additions and 990 deletions
--- a/middlewares/auth.middleware.js
+++ b/middlewares/auth.middleware.js
@ -3,7 +3,7 @@ const utils = require('../utils/utils.js')
 const dbtools = require('../utils/dbtools.js')
 module.exports = function (options) {
-  const { authDB, jsonResponse, exceptions } = options
+  const { userDB, jsonResponse, exceptions } = options
  const renderLogin = (res) => {
    if (jsonResponse) {
@ -23,6 +23,12 @@ module.exports = function (options) {
      return req.url === exc
    })
    // TODO Allowing all urls with _next in it, but not in params
    if (req.url.split('?')[0].includes('_next')) {
      next()
      return
    }
    if (isException) {
      logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
      next()
@ -35,7 +41,7 @@ module.exports = function (options) {
      return
    }
-    const user = GetUserBySessionID(authDB, sessionID, req)
+    const user = GetUserBySessionID(userDB, sessionID, req)
    if (!user) {
      logger.DebugLog(`No user:${req.url}`, 'auth', 1)
@ -50,15 +56,15 @@ module.exports = function (options) {
    logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
-    UpdateAccess(authDB, user, ip, sessionID)
+    UpdateAccess(userDB, user, ip, sessionID)
-    dbtools.Update(authDB, 'sessions', {
+    dbtools.Update(userDB, 'sessions', {
      lastAccess: utils.GetDateString()
    }, {
      id: sessionID
    })
-    dbtools.Update(authDB, 'users', {
+    dbtools.Update(userDB, 'users', {
      lastIP: ip,
      lastAccess: utils.GetDateString()
    }, {
--- a/modules.json
+++ b/modules.json
@ -30,10 +30,5 @@
    "path": "./modules/stuff/stuff.js",
    "name": "stuff",
    "urls": [ "stuff.frylabs.net" ]
  },
  "old": {
    "path": "./modules/old/old.js",
    "name": "old",
    "urls": [ "qmining.tk", "www.qmining.tk" ]
  }
 }
--- a/modules/api/api.js
+++ b/modules/api/api.js
@ -21,7 +21,6 @@
 const express = require('express')
 const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const cookieParser = require('cookie-parser')
 const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
 const fs = require('fs')
 const app = express()
@ -44,7 +43,6 @@ const versionFile = 'public/version'
 const passwordFile = 'data/dataEditorPasswords.json'
 const dataEditsLog = 'stats/dataEdits'
 const dailyDataCountFile = 'stats/dailyDataCount'
 const usersDBPath = 'data/dbs/users.db'
 const usersDbBackupPath = 'data/dbs/backup'
 const maxVeteranPwGetCount = 5
@ -52,13 +50,10 @@ const addPWPerDay = 3 // every x day a user can give a pw
 const maxPWCount = 2 // maximum pw give opportunities a user can have at once
 const daysAfterUserGetsPWs = 2 // days after user gets pw-s
-if (!utils.FileExists(usersDBPath)) {
+let userDB
-  throw new Error('No user DB exists yet! please run utils/dbSetup.js first!')
+let url
 }
 const authDB = dbtools.GetDB(usersDBPath)
-const cookieSecret = uuidv4()
+function GetApp () {
 app.use(cookieParser(cookieSecret))
  app.use(bodyParser.urlencoded({
    limit: '10mb',
    extended: true
@ -72,7 +67,7 @@ app.set('views', [
    './sharedViews'
  ])
  app.use(auth({
-  authDB: authDB,
+    userDB: userDB,
    jsonResponse: true,
    exceptions: [
      '/favicon.ico',
@ -131,7 +126,7 @@ app.post('/getpw', function (req, res) {
      return
    }
-  dbtools.Update(authDB, 'users', {
+    dbtools.Update(userDB, 'users', {
      avaiblePWRequests: requestingUser.avaiblePWRequests - 1,
      pwRequestCount: requestingUser.pwRequestCount + 1
    }, {
@ -139,7 +134,7 @@ app.post('/getpw', function (req, res) {
    })
    const pw = uuidv4()
-  const insertRes = dbtools.Insert(authDB, 'users', {
+    const insertRes = dbtools.Insert(userDB, 'users', {
      pw: pw,
      created: utils.GetDateString()
    })
@ -157,7 +152,7 @@ app.post('/getveteranpw', function (req, res) {
    logger.LogReq(req)
    const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
-  const tries = dbtools.Select(authDB, 'veteranPWRequests', {
+    const tries = dbtools.Select(userDB, 'veteranPWRequests', {
      ip: ip
    })[0]
@ -170,7 +165,7 @@ app.post('/getveteranpw', function (req, res) {
        logger.Log(`Too many veteran PW requests from ${ip}!`, logger.GetColor('cyan'))
        return
      } else {
-      dbtools.Update(authDB, 'veteranPWRequests', {
+        dbtools.Update(userDB, 'veteranPWRequests', {
          count: tries.count + 1,
          lastDate: utils.GetDateString()
        }, {
@ -178,7 +173,7 @@ app.post('/getveteranpw', function (req, res) {
        })
      }
    } else {
-    dbtools.Insert(authDB, 'veteranPWRequests', {
+      dbtools.Insert(userDB, 'veteranPWRequests', {
        ip: ip,
        lastDate: utils.GetDateString()
      })
@ -194,14 +189,14 @@ app.post('/getveteranpw', function (req, res) {
      return
    }
-  const user = dbtools.Select(authDB, 'users', {
+    const user = dbtools.Select(userDB, 'users', {
      oldCID: oldUserID
    })[0]
    if (user) {
      if (user.pwGotFromCID === 0) {
        logger.Log(`Sent password to veteran user #${user.id}`, logger.GetColor('cyan'))
-      dbtools.Update(authDB, 'users', {
+        dbtools.Update(userDB, 'users', {
          pwGotFromCID: 1
        }, {
          id: user.id
@ -231,7 +226,7 @@ app.post('/login', (req, res) => {
    logger.LogReq(req)
    const pw = req.body.pw
    const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
-  const user = dbtools.Select(authDB, 'users', {
+    const user = dbtools.Select(userDB, 'users', {
      pw: pw
    })[0]
@ -239,20 +234,20 @@ app.post('/login', (req, res) => {
      const sessionID = uuidv4()
      // FIXME: Users now can only log in in one session, this might be too strict.
-    const existingSessions = dbtools.Select(authDB, 'sessions', {
+      const existingSessions = dbtools.Select(userDB, 'sessions', {
        userID: user.id
      })
      if (existingSessions.length > 0) {
        logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
        existingSessions.forEach((sess) => {
-        dbtools.Delete(authDB, 'sessions', {
+          dbtools.Delete(userDB, 'sessions', {
            id: sess.id
          })
        })
      }
-    dbtools.Update(authDB, 'users', {
+      dbtools.Update(userDB, 'users', {
        loginCount: user.loginCount + 1,
        lastIP: ip,
        lastLogin: utils.GetDateString()
@ -260,7 +255,7 @@ app.post('/login', (req, res) => {
        id: user.id
      })
-    dbtools.Insert(authDB, 'sessions', {
+      dbtools.Insert(userDB, 'sessions', {
        id: sessionID,
        ip: ip,
        userID: user.id,
@ -268,7 +263,10 @@ app.post('/login', (req, res) => {
      })
      // TODO: cookie age
-    res.cookie('sessionID', sessionID)
+      res.cookie('sessionID', sessionID, {
        domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net"
        sameSite: 'none'
      })
      res.json({
        result: 'success',
@ -289,7 +287,7 @@ app.post('/logout', (req, res) => {
    const sessionID = req.cookies.sessionID
    // removing session from db
-  dbtools.Delete(authDB, 'sessions', {
+    dbtools.Delete(userDB, 'sessions', {
      id: sessionID
    })
    // TODO: remove old sessions every once in a while
@ -559,14 +557,14 @@ function ExportDailyDataCount () {
      questionCOunt: data.Subjects.reduce((acc, subj) => {
        return acc + subj.Questions.length
      }, 0),
-    userCount: dbtools.TableInfo(authDB, 'users').dataCount
+      userCount: dbtools.TableInfo(userDB, 'users').dataCount
    }), dailyDataCountFile)
  }
  function BackupDB () {
    logger.Log('Backing up auth DB ...')
    utils.CreatePath(usersDbBackupPath, true)
-  authDB.backup(`${usersDbBackupPath}/users.${utils.GetDateString().replace(/ /g, '_')}.db`)
+    userDB.backup(`${usersDbBackupPath}/users.${utils.GetDateString().replace(/ /g, '_')}.db`)
      .then(() => {
        logger.Log('Auth DB backup complete!')
      })
@ -577,7 +575,7 @@ function BackupDB () {
  }
  function IncrementAvaiblePWs () {
-  const users = dbtools.SelectAll(authDB, 'users')
+    const users = dbtools.SelectAll(userDB, 'users')
    const today = new Date()
    const getDayDiff = (dateString) => {
      let msdiff = today - new Date(dateString)
@ -595,7 +593,7 @@ function IncrementAvaiblePWs () {
      }
      if (dayDiff % addPWPerDay === 0) {
-      dbtools.Update(authDB, 'users', {
+        dbtools.Update(userDB, 'users', {
          avaiblePWRequests: u.avaiblePWRequests + 1
        }, {
          id: u.id
@ -604,15 +602,21 @@ function IncrementAvaiblePWs () {
    })
  }
-exports.app = app
+  function DailyActions () {
 exports.cleanup = () => {
  logger.Log('Closing Auth DB')
  authDB.close()
 }
 exports.dailyAction = () => {
    ExportDailyDataCount()
    BackupDB()
    IncrementAvaiblePWs()
  }
-logger.Log('API module started', logger.GetColor('yellow'))
+  return {
    DailyActions: DailyActions,
    app: app
  }
 }
 exports.name = 'API'
 exports.getApp = GetApp
 exports.setup = (data) => {
  userDB = data.userDB
  url = data.url
 }
--- a/modules/dataEditor/dataEditor.js
+++ b/modules/dataEditor/dataEditor.js
@ -26,6 +26,7 @@ const app = express()
 const utils = require('../../utils/utils.js')
 const logger = require('../../utils/logger.js')
 function GetApp () {
  app.set('view engine', 'ejs')
  app.set('views', [
    './modules/dataEditor/views',
@ -83,6 +84,10 @@ app.post('*', function (req, res) {
    res.status(404).render('404')
  })
-exports.app = app
+  return {
    app: app
  }
 }
-logger.Log('DataEditor module started', logger.GetColor('yellow'))
+exports.name = 'Data editor'
 exports.getApp = GetApp
--- a/modules/main/main.js
+++ b/modules/main/main.js
@ -25,10 +25,11 @@ const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const app = express()
-const logger = require('../../utils/logger.js')
+// const logger = require('../../utils/logger.js')
 // const utils = require('../utils/utils.js')
 // const actions = require('../utils/actions.js')
 function GetApp () {
  app.set('view engine', 'ejs')
  app.set('views', [
    './modules/main/views',
@ -65,9 +66,13 @@ app.post('*', function (req, res) {
    res.status(404).render('404')
  })
-exports.app = app
+  return {
    app: app
  }
 }
 exports.name = 'Main'
 exports.getApp = GetApp
 exports.setup = (x) => {
  url = x.url
 }
 logger.Log('Main module started', logger.GetColor('yellow'))
--- a/modules/old/old.js
+++ b/modules/old/old.js
@ -1,46 +0,0 @@
 /* ----------------------------------------------------------------------------
 Question Server
 GitLab: <https://gitlab.com/MrFry/mrfrys-node-server>
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see <https://www.gnu.org/licenses/>.
 ------------------------------------------------------------------------- */
 let url = ''
 const express = require('express')
 const app = express()
 const logger = require('../../utils/logger.js')
 // --------------------------------------------------------------
 app.get('/', function (req, res) {
  res.redirect(url + req.url)
 })
 app.get('*', function (req, res) {
  res.redirect(url + req.url)
 })
 app.post('*', function (req, res) {
  res.redirect(url + req.url)
 })
 exports.app = app
 exports.setup = (x) => {
  url = x.url
 }
 logger.Log('Old module started', logger.GetColor('yellow'))
--- a/modules/qmining/qmining.js
+++ b/modules/qmining/qmining.js
@ -23,17 +23,20 @@ const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const app = express()
 const reqlogger = require('../../middlewares/reqlogger.middleware.js')
 const utils = require('../../utils/utils.js')
 const logger = require('../../utils/logger.js')
 const auth = require('../../middlewares/auth.middleware.js')
 let donateURL = ''
 let userDB
 try {
  donateURL = utils.ReadFile('./data/donateURL')
 } catch (e) {
  logger.Log('Couldnt read donate URL file!', logger.GetColor('red'))
 }
 function GetApp () {
  app.use(bodyParser.urlencoded({
    limit: '5mb',
    extended: true
@ -46,7 +49,13 @@ app.set('views', [
    './modules/qmining/views',
    './sharedViews'
  ])
-app.use(reqlogger())
+  app.use(auth({
    userDB: userDB,
    jsonResponse: false,
    exceptions: [
      '/favicon.ico'
    ]
  }))
  app.use(express.static('modules/qmining/public'))
  app.use(express.static('public'))
  app.use(busboy({
@ -171,6 +180,13 @@ app.post('*', function (req, res) {
    res.status(404).render('404')
  })
-exports.app = app
+  return {
    app: app
  }
 }
-logger.Log('Qmining module started', logger.GetColor('yellow'))
+exports.name = 'Qmining'
 exports.getApp = GetApp
 exports.setup = (data) => {
  userDB = data.userDB
 }
--- a/modules/sio/sio.js
+++ b/modules/sio/sio.js
@ -31,6 +31,7 @@ const utils = require('../../utils/utils.js')
 const uloadFiles = './public/f'
 function GetApp () {
  app.set('view engine', 'ejs')
  app.set('views', [
    './modules/sio/views',
@ -94,6 +95,10 @@ app.post('*', function (req, res) {
    res.status(404).render('404')
  })
-exports.app = app
+  return {
    app: app
  }
 }
-logger.Log('Sio module started', logger.GetColor('yellow'))
+exports.name = 'Sio'
 exports.getApp = GetApp
--- a/modules/stuff/stuff.js
+++ b/modules/stuff/stuff.js
@ -31,6 +31,7 @@ const logger = require('../../utils/logger.js')
 const listedFiles = './public/files'
 function GetApp () {
  app.set('view engine', 'ejs')
  app.set('views', [
    './modules/stuff/views',
@ -205,9 +206,13 @@ app.post('*', function (req, res) {
    res.status(404).render('404')
  })
-exports.app = app
+  return {
    app: app
  }
 }
 exports.name = 'Stuff'
 exports.getApp = GetApp
 exports.setup = (x) => {
  url = x.url
 }
 logger.Log('Stuff module started', logger.GetColor('yellow'))
--- a/server.js
+++ b/server.js
@ -20,7 +20,7 @@
 console.clear()
 const startHTTPS = true
-const port = 8080
+const port = 80
 const httpsport = 5001
 const express = require('express')
@ -30,10 +30,19 @@ const utils = require('./utils/utils.js')
 const http = require('http')
 const https = require('https')
 const cors = require('cors')
 const cookieParser = require('cookie-parser')
 const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
 const dbtools = require('./utils/dbtools.js')
 const reqlogger = require('./middlewares/reqlogger.middleware.js')
 const extraModulesFile = './extraModules.json'
 const modulesFile = './modules.json'
 const usersDBPath = 'data/dbs/users.db'
 if (!utils.FileExists(usersDBPath)) {
  throw new Error('No user DB exists yet! please run utils/dbSetup.js first!')
 }
 const userDB = dbtools.GetDB(usersDBPath)
 let modules = JSON.parse(utils.ReadFile(modulesFile))
@ -70,15 +79,25 @@ function exit (reason) {
        x.cleanup()
      } catch (e) {
        logger.Log(`Error in ${k} cleanup! Details in STDERR`, logger.GetColor('redbg'))
-        console.err(e)
+        console.error(e)
      }
    }
  })
  logger.Log('Closing Auth DB')
  userDB.close()
  process.exit()
 }
 const app = express()
-app.use(cors())
+app.use(cors({
  credentials: true,
  origin: true
  // origin: [ /\.frylabs\.net$/ ]
 }))
 const cookieSecret = uuidv4()
 app.use(cookieParser(cookieSecret))
 app.use(reqlogger({
  loggableKeywords: [
    'stable.user.js'
@ -92,14 +111,19 @@ Object.keys(modules).forEach(function (k, i) {
  let x = modules[k]
  try {
    let mod = require(x.path)
    logger.Log(`Loading ${mod.name} module`, logger.GetColor('yellow'))
    if (mod.setup) {
      mod.setup({
-        url: 'https://' + x.urls[0]
+        url: 'https://' + x.urls[0],
        userDB: userDB
      })
    }
-    x.app = mod.app
+
-    x.dailyAction = mod.dailyAction
+    const modApp = mod.getApp()
-    x.cleanup = mod.cleanup
+    x.app = modApp.app
    x.dailyAction = modApp.DailyAction
    x.cleanup = modApp.cleanup
    x.urls.forEach((url) => {
      app.use(vhost(url, x.app))
    })
--- a/sharedViews/login.ejs
+++ b/sharedViews/login.ejs
@ -0,0 +1,34 @@
 <html>
  <body bgcolor="#212127">
    <head>
      <title>login</title>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, initial-scale=0.6" />
      <style>
        .text {
          color: white;
        }
        .title {
          font: normal 28px Verdana;
          font-weight: bold;
          color: white;
        }
      </style>
    </head>
    <center>
      <h2 class='title'>
        Frylabs Login
      </h2>
      <div class='text'>
        Jelszó:
      </div>
 	<form action="http://api.frylabs.net/login" method="POST">
        <input type='text' id='pw' name='pw' />
        <input type='submit' value='Submit' formmethod='post' />
      </form>
    </center>
  </body>
  <script>
  </script>
 </html>
--- a/utils/dbtools.js
+++ b/utils/dbtools.js
@ -216,6 +216,9 @@ function CloseDB (db) {
 // -------------------------------------------------------------------------
 function PrepareStatement (db, s) {
  if (!db) {
    throw new Error('DB is undefined in prepare statement! DB action called with undefined db')
  }
  DebugLog(s)
  return db.prepare(s)
 }