Added sessions

modules/api/api.js

@@ -22,6 +22,8 @@ const express = require('express')
 const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const cookieParser = require('cookie-parser')
+const session = require('express-session')
+const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
 const fs = require('fs')
 const app = express()
 
@@ -59,6 +61,25 @@ function CreateDB () {
 }
 CreateDB()
 
+// TODO: https and testing
+// var app = express()
+// var sess = {
+//   secret: 'keyboard cat',
+//   cookie: {}
+// }
+//
+// if (app.get('env') === 'production') {
+//   app.set('trust proxy', 1) // trust first proxy
+//   sess.cookie.secure = true // serve secure cookies
+// }
+//
+// app.use(session(sess))
+
+app.use(session({
+  secret: uuidv4(),
+  resave: false,
+  saveUninitialized: true
+}))
 app.use(cookieParser())
 app.set('view engine', 'ejs')
 app.set('views', [
@@ -113,18 +134,23 @@ Load()
 
 // -------------------------------------------------------------
 
-app.get('/login', (req, res) => {
+app.post('/login', (req, res) => {
   logger.LogReq(req)
   // FIXME: redirect to original url
+  const user = 'u'
+  // TODO: get user
   // TODO: check if pw is correct
   res.cookie('pw', req.query.pw).redirect('/')
-  // TODO: create session
+  req.session.user = user
 })
 
-app.get('/logout', (req, res) => {
+app.post('/logout', (req, res) => {
   logger.LogReq(req)
   // FIXME: redirect to original url
-  // TODO: destroy session
+  const userID = req.session.user.id
+  req.session.destroy(function () {
+    logger.Log(`User ${userID} logout`)
+  })
   res.clearCookie('pw').redirect('/')
 })