From c540544e158743b4291a10252d223c3a9d55f43b Mon Sep 17 00:00:00 2001
From: MrFry <mrfry@airmail.cc>
Date: Fri, 3 Apr 2020 09:27:37 +0200
Subject: [PATCH] Added sessions

---
 modules/api/api.js           | 34 ++++++++++++++++++++++++++++++----
 modules/api/apiDBStruct.json |  7 +++++--
 package.json                 |  2 ++
 3 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/modules/api/api.js b/modules/api/api.js
index 4e9efad..a1c0a7b 100644
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -22,6 +22,8 @@ const express = require('express')
 const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const cookieParser = require('cookie-parser')
+const session = require('express-session')
+const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
 const fs = require('fs')
 const app = express()
 
@@ -59,6 +61,25 @@ function CreateDB () {
 }
 CreateDB()
 
+// TODO: https and testing
+// var app = express()
+// var sess = {
+//   secret: 'keyboard cat',
+//   cookie: {}
+// }
+//
+// if (app.get('env') === 'production') {
+//   app.set('trust proxy', 1) // trust first proxy
+//   sess.cookie.secure = true // serve secure cookies
+// }
+//
+// app.use(session(sess))
+
+app.use(session({
+  secret: uuidv4(),
+  resave: false,
+  saveUninitialized: true
+}))
 app.use(cookieParser())
 app.set('view engine', 'ejs')
 app.set('views', [
@@ -113,18 +134,23 @@ Load()
 
 // -------------------------------------------------------------
 
-app.get('/login', (req, res) => {
+app.post('/login', (req, res) => {
   logger.LogReq(req)
   // FIXME: redirect to original url
+  const user = 'u'
+  // TODO: get user
   // TODO: check if pw is correct
   res.cookie('pw', req.query.pw).redirect('/')
-  // TODO: create session
+  req.session.user = user
 })
 
-app.get('/logout', (req, res) => {
+app.post('/logout', (req, res) => {
   logger.LogReq(req)
   // FIXME: redirect to original url
-  // TODO: destroy session
+  const userID = req.session.user.id
+  req.session.destroy(function () {
+    logger.Log(`User ${userID} logout`)
+  })
   res.clearCookie('pw').redirect('/')
 })
 
diff --git a/modules/api/apiDBStruct.json b/modules/api/apiDBStruct.json
index 0e2ae15..882158b 100644
--- a/modules/api/apiDBStruct.json
+++ b/modules/api/apiDBStruct.json
@@ -6,7 +6,7 @@
         "primary": true,
         "notNull": true
       },
-      "userID": {
+      "id": {
         "type": "number"
       },
       "lastIP": {
@@ -22,11 +22,14 @@
   },
   "acesses": {
     "tableStruct": {
-      "userID": {
+      "accessId": {
         "type": "number",
         "primary": true,
         "notNull": true
       },
+      "userId": {
+        "type": "number"
+      },
       "ip": {
         "type": "text"
       }
diff --git a/package.json b/package.json
index cc93c82..449ef88 100755
--- a/package.json
+++ b/package.json
@@ -9,7 +9,9 @@
     "ejs": "^1.0.0",
     "express": "^4.6.1",
     "express-ejs-layouts": "^1.1.0",
+    "express-session": "^1.17.0",
     "sqlite3": "^4.1.1",
+    "uuid": "^7.0.3",
     "vhost": "^3.0.2"
   },
   "scripts": {