From bcf377ad56b3a6b6edff718e5f32872868bad1cf Mon Sep 17 00:00:00 2001
From: MrFry <mrfry@airmail.cc>
Date: Wed, 8 Apr 2020 13:37:54 +0200
Subject: [PATCH] Added login redirects

---
 middlewares/auth.middleware.js | 10 +++--
 modules/api/api.js             | 24 +++++++----
 sharedViews/login.ejs          | 77 ++++++++++++++++++++++++++++------
 3 files changed, 86 insertions(+), 25 deletions(-)

diff --git a/middlewares/auth.middleware.js b/middlewares/auth.middleware.js
index 95ee287..46099ac 100644
--- a/middlewares/auth.middleware.js
+++ b/middlewares/auth.middleware.js
@@ -5,14 +5,16 @@ const dbtools = require('../utils/dbtools.js')
 module.exports = function (options) {
   const { userDB, jsonResponse, exceptions } = options
 
-  const renderLogin = (res) => {
+  const renderLogin = (req, res) => {
     if (jsonResponse) {
       res.json({
         result: 'nouser',
         msg: 'You are not logged in'
       })
     } else {
-      res.render('login')
+      res.render('login', {
+        redirect: 'https://' + req.hostname + req.url
+      })
     }
   }
 
@@ -37,7 +39,7 @@ module.exports = function (options) {
 
     if (!sessionID) {
       logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
-      renderLogin(res)
+      renderLogin(req, res)
       return
     }
 
@@ -45,7 +47,7 @@ module.exports = function (options) {
 
     if (!user) {
       logger.DebugLog(`No user:${req.url}`, 'auth', 1)
-      renderLogin(res)
+      renderLogin(req, res)
       return
     }
 
diff --git a/modules/api/api.js b/modules/api/api.js
index 2c7a4e9..e4c6032 100644
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -225,6 +225,7 @@ function GetApp () {
   app.post('/login', (req, res) => {
     logger.LogReq(req)
     const pw = req.body.pw
+    const redirectTo = req.body.redirect
     const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
     const user = dbtools.Select(userDB, 'users', {
       pw: pw
@@ -268,17 +269,24 @@ function GetApp () {
         sameSite: 'none'
       })
 
-      res.json({
-        result: 'success',
-        sessionID: sessionID
-      })
-
+      if (redirectTo) {
+        res.redirect(redirectTo)
+      } else {
+        res.json({
+          result: 'success',
+          msg: 'you are now logged in'
+        })
+      }
       logger.Log(`Successfull login with user ID: #${user.id}`, logger.GetColor('cyan'))
     } else {
       logger.Log(`Login attempt with invalid pw: ${pw}`, logger.GetColor('cyan'))
-      res.json({
-        msg: 'invalid pw'
-      })
+      if (redirectTo) {
+        res.redirect(redirectTo) // TODO
+      } else {
+        res.json({
+          msg: 'invalid pw'
+        })
+      }
     }
   })
 
diff --git a/sharedViews/login.ejs b/sharedViews/login.ejs
index 511af66..368dbd5 100644
--- a/sharedViews/login.ejs
+++ b/sharedViews/login.ejs
@@ -1,34 +1,85 @@
 <html>
   <body bgcolor="#212127">
     <head>
-      <title>login</title>
+      <title>Frylabs</title>
       <meta charset="UTF-8">
       <meta name="viewport" content="width=device-width, initial-scale=0.6" />
       <style>
-        .text {
-          color: white;
+
+        .center {
+          width: 340px;
+          height: 340px;
+          position: absolute;
+          left: 0;
+          right: 0;
+          top: 0;
+          bottom: 0;
+          margin: auto;
+          max-width: 100%;
+          max-height: 100%;
+          overflow: auto;
+
+          text-align: center;
         }
         .title {
-          font: normal 28px Verdana;
+          font-size: 50px;
           font-weight: bold;
           color: white;
         }
-
+        .inputContainer {
+          width: 100%;
+        }
+        .showpwContainer {
+          color: white;
+          width: 40px;
+          cursor: pointer;
+        }
+        input[type=text], input[type=password] {
+          width: 100%;
+          padding: 12px 20px;
+          margin: 8px 0;
+          box-sizing: border-box;
+          border: 2px solid #fff;
+          text-align: center;
+        }
+        input[type=text], input[type=password]:focus {
+          border: 2px solid #000;
+        }
+         input[type=button], input[type=submit], input[type=reset] {
+          background-color: #9999ff;
+          border: none;
+          color: white;
+          padding: 16px 32px;
+          text-decoration: none;
+          margin: 4px 2px;
+          cursor: pointer;
+        }
       </style>
     </head>
-    <center>
-      <h2 class='title'>
-        Frylabs Login
-      </h2>
-      <div class='text'>
-        Jelszó:
+    <div class='center'>
+      <div class='title'>
+        Frylabs
       </div>
 	<form action="http://api.frylabs.net/login" method="POST">
-        <input type='text' id='pw' name='pw' />
+        <div class='inputContainer'>
+          <input type='password' id='pw' name='pw' autocomplete="off"/>
+          <!-- <span onclick="ShowHidePW()" class='showpwContainer'>
+            👁
+          </span> -->
+        </div>
+        <input type='hidden' name='redirect' value=<%= redirect %> autocomplete="off"/>
         <input type='submit' value='Submit' formmethod='post' />
       </form>
-    </center>
+    </div>
   </body>
   <script>
+    function ShowHidePW() {
+      const x = document.getElementById('pw')
+      if (x.type === "password") {
+        x.type = "text";
+      } else {
+        x.type = "password";
+      }
+    } 
   </script>
 </html>