albert/mrfrys-node-server
1
0
Fork 0
mirror of https://gitlab.com/MrFry/mrfrys-node-server synced 2025-04-01 20:24:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Modules now return a function which creates app-s, qmining module auth handle

Browse source
This commit is contained in:
MrFry 2020-04-08 12:11:48 +02:00
parent b5f9ede2cf
commit a03f56028a
12 changed files with 1046 additions and 990 deletions
Download patch file Download diff file Expand all files Collapse all files

16
middlewares/auth.middleware.js
View file

@ -3,7 +3,7 @@ const utils = require('../utils/utils.js')
const dbtools = require('../utils/dbtools.js')
module.exports = function (options) {
const { authDB, jsonResponse, exceptions } = options
const { userDB, jsonResponse, exceptions } = options
const renderLogin = (res) => {
if (jsonResponse) {
@ -23,6 +23,12 @@ module.exports = function (options) {
return req.url === exc
})
// TODO Allowing all urls with _next in it, but not in params
if (req.url.split('?')[0].includes('_next')) {
next()
return
}
if (isException) {
logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
next()
@ -35,7 +41,7 @@ module.exports = function (options) {
return
}
const user = GetUserBySessionID(authDB, sessionID, req)
const user = GetUserBySessionID(userDB, sessionID, req)
if (!user) {
logger.DebugLog(`No user:${req.url}`, 'auth', 1)
@ -50,15 +56,15 @@ module.exports = function (options) {
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
UpdateAccess(authDB, user, ip, sessionID)
UpdateAccess(userDB, user, ip, sessionID)
dbtools.Update(authDB, 'sessions', {
dbtools.Update(userDB, 'sessions', {
lastAccess: utils.GetDateString()
}, {
id: sessionID
})
dbtools.Update(authDB, 'users', {
dbtools.Update(userDB, 'users', {
lastIP: ip,
lastAccess: utils.GetDateString()
}, {

5
modules.json
View file

@ -30,10 +30,5 @@
"path": "./modules/stuff/stuff.js",
"name": "stuff",
"urls": [ "stuff.frylabs.net" ]
},
"old": {
"path": "./modules/old/old.js",
"name": "old",
"urls": [ "qmining.tk", "www.qmining.tk" ]
}
}

72
modules/api/api.js
View file

@ -21,7 +21,6 @@
const express = require('express')
const bodyParser = require('body-parser')
const busboy = require('connect-busboy')
const cookieParser = require('cookie-parser')
const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
const fs = require('fs')
const app = express()
@ -44,7 +43,6 @@ const versionFile = 'public/version'
const passwordFile = 'data/dataEditorPasswords.json'
const dataEditsLog = 'stats/dataEdits'
const dailyDataCountFile = 'stats/dailyDataCount'
const usersDBPath = 'data/dbs/users.db'
const usersDbBackupPath = 'data/dbs/backup'
const maxVeteranPwGetCount = 5
@ -52,13 +50,10 @@ const addPWPerDay = 3 // every x day a user can give a pw
const maxPWCount = 2 // maximum pw give opportunities a user can have at once
const daysAfterUserGetsPWs = 2 // days after user gets pw-s
if (!utils.FileExists(usersDBPath)) {
throw new Error('No user DB exists yet! please run utils/dbSetup.js first!')
}
const authDB = dbtools.GetDB(usersDBPath)
let userDB
let url
const cookieSecret = uuidv4()
app.use(cookieParser(cookieSecret))
function GetApp () {
app.use(bodyParser.urlencoded({
limit: '10mb',
extended: true
@ -72,7 +67,7 @@ app.set('views', [
'./sharedViews'
])
app.use(auth({
authDB: authDB,
userDB: userDB,
jsonResponse: true,
exceptions: [
'/favicon.ico',
@ -131,7 +126,7 @@ app.post('/getpw', function (req, res) {
return
}
dbtools.Update(authDB, 'users', {
dbtools.Update(userDB, 'users', {
avaiblePWRequests: requestingUser.avaiblePWRequests - 1,
pwRequestCount: requestingUser.pwRequestCount + 1
}, {
@ -139,7 +134,7 @@ app.post('/getpw', function (req, res) {
})
const pw = uuidv4()
const insertRes = dbtools.Insert(authDB, 'users', {
const insertRes = dbtools.Insert(userDB, 'users', {
pw: pw,
created: utils.GetDateString()
})
@ -157,7 +152,7 @@ app.post('/getveteranpw', function (req, res) {
logger.LogReq(req)
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
const tries = dbtools.Select(authDB, 'veteranPWRequests', {
const tries = dbtools.Select(userDB, 'veteranPWRequests', {
ip: ip
})[0]
@ -170,7 +165,7 @@ app.post('/getveteranpw', function (req, res) {
logger.Log(`Too many veteran PW requests from ${ip}!`, logger.GetColor('cyan'))
return
} else {
dbtools.Update(authDB, 'veteranPWRequests', {
dbtools.Update(userDB, 'veteranPWRequests', {
count: tries.count + 1,
lastDate: utils.GetDateString()
}, {
@ -178,7 +173,7 @@ app.post('/getveteranpw', function (req, res) {
})
}
} else {
dbtools.Insert(authDB, 'veteranPWRequests', {
dbtools.Insert(userDB, 'veteranPWRequests', {
ip: ip,
lastDate: utils.GetDateString()
})
@ -194,14 +189,14 @@ app.post('/getveteranpw', function (req, res) {
return
}
const user = dbtools.Select(authDB, 'users', {
const user = dbtools.Select(userDB, 'users', {
oldCID: oldUserID
})[0]
if (user) {
if (user.pwGotFromCID === 0) {
logger.Log(`Sent password to veteran user #${user.id}`, logger.GetColor('cyan'))
dbtools.Update(authDB, 'users', {
dbtools.Update(userDB, 'users', {
pwGotFromCID: 1
}, {
id: user.id
@ -231,7 +226,7 @@ app.post('/login', (req, res) => {
logger.LogReq(req)
const pw = req.body.pw
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
const user = dbtools.Select(authDB, 'users', {
const user = dbtools.Select(userDB, 'users', {
pw: pw
})[0]
@ -239,20 +234,20 @@ app.post('/login', (req, res) => {
const sessionID = uuidv4()
// FIXME: Users now can only log in in one session, this might be too strict.
const existingSessions = dbtools.Select(authDB, 'sessions', {
const existingSessions = dbtools.Select(userDB, 'sessions', {
userID: user.id
})
if (existingSessions.length > 0) {
logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
existingSessions.forEach((sess) => {
dbtools.Delete(authDB, 'sessions', {
dbtools.Delete(userDB, 'sessions', {
id: sess.id
})
})
}
dbtools.Update(authDB, 'users', {
dbtools.Update(userDB, 'users', {
loginCount: user.loginCount + 1,
lastIP: ip,
lastLogin: utils.GetDateString()
@ -260,7 +255,7 @@ app.post('/login', (req, res) => {
id: user.id
})
dbtools.Insert(authDB, 'sessions', {
dbtools.Insert(userDB, 'sessions', {
id: sessionID,
ip: ip,
userID: user.id,
@ -268,7 +263,10 @@ app.post('/login', (req, res) => {
})
// TODO: cookie age
res.cookie('sessionID', sessionID)
res.cookie('sessionID', sessionID, {
domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net"
sameSite: 'none'
})
res.json({
result: 'success',
@ -289,7 +287,7 @@ app.post('/logout', (req, res) => {
const sessionID = req.cookies.sessionID
// removing session from db
dbtools.Delete(authDB, 'sessions', {
dbtools.Delete(userDB, 'sessions', {
id: sessionID
})
// TODO: remove old sessions every once in a while
@ -559,14 +557,14 @@ function ExportDailyDataCount () {
questionCOunt: data.Subjects.reduce((acc, subj) => {
return acc + subj.Questions.length
}, 0),
userCount: dbtools.TableInfo(authDB, 'users').dataCount
userCount: dbtools.TableInfo(userDB, 'users').dataCount
}), dailyDataCountFile)
}
function BackupDB () {
logger.Log('Backing up auth DB ...')
utils.CreatePath(usersDbBackupPath, true)
authDB.backup(`${usersDbBackupPath}/users.${utils.GetDateString().replace(/ /g, '_')}.db`)
userDB.backup(`${usersDbBackupPath}/users.${utils.GetDateString().replace(/ /g, '_')}.db`)
.then(() => {
logger.Log('Auth DB backup complete!')
})
@ -577,7 +575,7 @@ function BackupDB () {
}
function IncrementAvaiblePWs () {
const users = dbtools.SelectAll(authDB, 'users')
const users = dbtools.SelectAll(userDB, 'users')
const today = new Date()
const getDayDiff = (dateString) => {
let msdiff = today - new Date(dateString)
@ -595,7 +593,7 @@ function IncrementAvaiblePWs () {
}
if (dayDiff % addPWPerDay === 0) {
dbtools.Update(authDB, 'users', {
dbtools.Update(userDB, 'users', {
avaiblePWRequests: u.avaiblePWRequests + 1
}, {
id: u.id
@ -604,15 +602,21 @@ function IncrementAvaiblePWs () {
})
}
exports.app = app
exports.cleanup = () => {
logger.Log('Closing Auth DB')
authDB.close()
}
exports.dailyAction = () => {
function DailyActions () {
ExportDailyDataCount()
BackupDB()
IncrementAvaiblePWs()
}
logger.Log('API module started', logger.GetColor('yellow'))
return {
DailyActions: DailyActions,
app: app
}
}
exports.name = 'API'
exports.getApp = GetApp
exports.setup = (data) => {
userDB = data.userDB
url = data.url
}

9
modules/dataEditor/dataEditor.js
View file

@ -26,6 +26,7 @@ const app = express()
const utils = require('../../utils/utils.js')
const logger = require('../../utils/logger.js')
function GetApp () {
app.set('view engine', 'ejs')
app.set('views', [
'./modules/dataEditor/views',
@ -83,6 +84,10 @@ app.post('*', function (req, res) {
res.status(404).render('404')
})
exports.app = app
return {
app: app
}
}
logger.Log('DataEditor module started', logger.GetColor('yellow'))
exports.name = 'Data editor'
exports.getApp = GetApp

13
modules/main/main.js
View file

@ -25,10 +25,11 @@ const bodyParser = require('body-parser')
const busboy = require('connect-busboy')
const app = express()
const logger = require('../../utils/logger.js')
// const logger = require('../../utils/logger.js')
// const utils = require('../utils/utils.js')
// const actions = require('../utils/actions.js')
function GetApp () {
app.set('view engine', 'ejs')
app.set('views', [
'./modules/main/views',
@ -65,9 +66,13 @@ app.post('*', function (req, res) {
res.status(404).render('404')
})
exports.app = app
return {
app: app
}
}
exports.name = 'Main'
exports.getApp = GetApp
exports.setup = (x) => {
url = x.url
}
logger.Log('Main module started', logger.GetColor('yellow'))

46
modules/old/old.js
View file

@ -1,46 +0,0 @@
/* ----------------------------------------------------------------------------
Question Server
GitLab: <https://gitlab.com/MrFry/mrfrys-node-server>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
------------------------------------------------------------------------- */
let url = ''
const express = require('express')
const app = express()
const logger = require('../../utils/logger.js')
// --------------------------------------------------------------
app.get('/', function (req, res) {
res.redirect(url + req.url)
})
app.get('*', function (req, res) {
res.redirect(url + req.url)
})
app.post('*', function (req, res) {
res.redirect(url + req.url)
})
exports.app = app
exports.setup = (x) => {
url = x.url
}
logger.Log('Old module started', logger.GetColor('yellow'))

24
modules/qmining/qmining.js
View file

@ -23,17 +23,20 @@ const bodyParser = require('body-parser')
const busboy = require('connect-busboy')
const app = express()
const reqlogger = require('../../middlewares/reqlogger.middleware.js')
const utils = require('../../utils/utils.js')
const logger = require('../../utils/logger.js')
const auth = require('../../middlewares/auth.middleware.js')
let donateURL = ''
let userDB
try {
donateURL = utils.ReadFile('./data/donateURL')
} catch (e) {
logger.Log('Couldnt read donate URL file!', logger.GetColor('red'))
}
function GetApp () {
app.use(bodyParser.urlencoded({
limit: '5mb',
extended: true
@ -46,7 +49,13 @@ app.set('views', [
'./modules/qmining/views',
'./sharedViews'
])
app.use(reqlogger())
app.use(auth({
userDB: userDB,
jsonResponse: false,
exceptions: [
'/favicon.ico'
]
}))
app.use(express.static('modules/qmining/public'))
app.use(express.static('public'))
app.use(busboy({
@ -171,6 +180,13 @@ app.post('*', function (req, res) {
res.status(404).render('404')
})
exports.app = app
return {
app: app
}
}
logger.Log('Qmining module started', logger.GetColor('yellow'))
exports.name = 'Qmining'
exports.getApp = GetApp
exports.setup = (data) => {
userDB = data.userDB
}

9
modules/sio/sio.js
View file

@ -31,6 +31,7 @@ const utils = require('../../utils/utils.js')
const uloadFiles = './public/f'
function GetApp () {
app.set('view engine', 'ejs')
app.set('views', [
'./modules/sio/views',
@ -94,6 +95,10 @@ app.post('*', function (req, res) {
res.status(404).render('404')
})
exports.app = app
return {
app: app
}
}
logger.Log('Sio module started', logger.GetColor('yellow'))
exports.name = 'Sio'
exports.getApp = GetApp

11
modules/stuff/stuff.js
View file

@ -31,6 +31,7 @@ const logger = require('../../utils/logger.js')
const listedFiles = './public/files'
function GetApp () {
app.set('view engine', 'ejs')
app.set('views', [
'./modules/stuff/views',
@ -205,9 +206,13 @@ app.post('*', function (req, res) {
res.status(404).render('404')
})
exports.app = app
return {
app: app
}
}
exports.name = 'Stuff'
exports.getApp = GetApp
exports.setup = (x) => {
url = x.url
}
logger.Log('Stuff module started', logger.GetColor('yellow'))

38
server.js
View file

@ -20,7 +20,7 @@
console.clear()
const startHTTPS = true
const port = 8080
const port = 80
const httpsport = 5001
const express = require('express')
@ -30,10 +30,19 @@ const utils = require('./utils/utils.js')
const http = require('http')
const https = require('https')
const cors = require('cors')
const cookieParser = require('cookie-parser')
const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
const dbtools = require('./utils/dbtools.js')
const reqlogger = require('./middlewares/reqlogger.middleware.js')
const extraModulesFile = './extraModules.json'
const modulesFile = './modules.json'
const usersDBPath = 'data/dbs/users.db'
if (!utils.FileExists(usersDBPath)) {
throw new Error('No user DB exists yet! please run utils/dbSetup.js first!')
}
const userDB = dbtools.GetDB(usersDBPath)
let modules = JSON.parse(utils.ReadFile(modulesFile))
@ -70,15 +79,25 @@ function exit (reason) {
x.cleanup()
} catch (e) {
logger.Log(`Error in ${k} cleanup! Details in STDERR`, logger.GetColor('redbg'))
console.err(e)
console.error(e)
}
}
})
logger.Log('Closing Auth DB')
userDB.close()
process.exit()
}
const app = express()
app.use(cors())
app.use(cors({
credentials: true,
origin: true
// origin: [ /\.frylabs\.net$/ ]
}))
const cookieSecret = uuidv4()
app.use(cookieParser(cookieSecret))
app.use(reqlogger({
loggableKeywords: [
'stable.user.js'
@ -92,14 +111,19 @@ Object.keys(modules).forEach(function (k, i) {
let x = modules[k]
try {
let mod = require(x.path)
logger.Log(`Loading ${mod.name} module`, logger.GetColor('yellow'))
if (mod.setup) {
mod.setup({
url: 'https://' + x.urls[0]
url: 'https://' + x.urls[0],
userDB: userDB
})
}
x.app = mod.app
x.dailyAction = mod.dailyAction
x.cleanup = mod.cleanup
const modApp = mod.getApp()
x.app = modApp.app
x.dailyAction = modApp.DailyAction
x.cleanup = modApp.cleanup
x.urls.forEach((url) => {
app.use(vhost(url, x.app))
})

34
sharedViews/login.ejs Normal file
View file

@ -0,0 +1,34 @@
<html>
<body bgcolor="#212127">
<head>
<title>login</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=0.6" />
<style>
.text {
color: white;
}
.title {
font: normal 28px Verdana;
font-weight: bold;
color: white;
}
</style>
</head>
<center>
<h2 class='title'>
Frylabs Login
</h2>
<div class='text'>
Jelszó:
</div>
<form action="http://api.frylabs.net/login" method="POST">
<input type='text' id='pw' name='pw' />
<input type='submit' value='Submit' formmethod='post' />
</form>
</center>
</body>
<script>
</script>
</html>

3
utils/dbtools.js
View file

@ -216,6 +216,9 @@ function CloseDB (db) {
// -------------------------------------------------------------------------
function PrepareStatement (db, s) {
if (!db) {
throw new Error('DB is undefined in prepare statement! DB action called with undefined db')
}
DebugLog(s)
return db.prepare(s)
}