Authetication, logger middleware, db create tool

2025-04-01 20:24:18 +02:00 · 2020-04-07 09:26:45 +02:00 · 2020-04-07 09:26:45 +02:00 · ebd27f93c1
commit ebd27f93c1
parent 5f0b17a0db
11 changed files with 164 additions and 94 deletions
--- a/modules/api/api.js
+++ b/modules/api/api.js
@ -33,7 +33,8 @@ const logger = require('../../utils/logger.js')
 const utils = require('../../utils/utils.js')
 const actions = require('../../utils/actions.js')
 const dbtools = require('../../utils/dbtools.js')
-const auth = require('../../modules/api/auth.middleware.js')
+const auth = require('../../middlewares/auth.middleware.js')
+const reqlogger = require('../../middlewares/reqlogger.middleware.js')

 const recivedFiles = 'public/recivedfiles'
 const uloadFiles = 'public/f'
@ -45,34 +46,11 @@ const passwordFile = 'data/dataEditorPasswords.json'
 const dataEditsLog = 'stats/dataEdits'
 const dailyDataCountFile = 'stats/dailyDataCount'
 const usersDBPath = 'data/dbs/users.db'
-const dbStructPath = './modules/api/apiDBStruct.json'

-let authDB
-function CreateDB () {
-  const dbStruct = utils.ReadJSON(dbStructPath)
-  // TODO: check if path exists, create it if not
-  authDB = dbtools.GetDB(usersDBPath)
-
-  // TODO: foreign key
-  Object.keys(dbStruct).forEach((tableName) => {
-    const tableData = dbStruct[tableName]
-    dbtools.CreateTable(authDB, tableName, tableData.tableStruct)
-  })
-
-  // TODO: fill with data
-  dbtools.Insert(authDB, 'users', {
-    pw: 2,
-    id: 2,
-    notes: 'hemnlo'
-  })
-  dbtools.Insert(authDB, 'users', {
-    pw: 1,
-    id: 1,
-    notes: 'hemnlo'
-  })
-  // console.log(dbtools.TableInfo(authDB, 'users'))
+if (!utils.FileExists(usersDBPath)) {
+  throw new Error('No user DB exists yet! please run utils/dbSetup.js first!')
 }
-CreateDB()
+const authDB = dbtools.GetDB(usersDBPath)

 const cookieSecret = uuidv4()
 app.use(cookieParser(cookieSecret))
@ -92,6 +70,9 @@ app.use(auth({
  authDB: authDB,
  jsonResponse: true
 }))
+app.use(reqlogger([
+  'stable.user.js' // TODO
+]))
 app.use(express.static('public'))
 app.use(busboy({
  limits: {
@ -130,9 +111,7 @@ Load()
 // -------------------------------------------------------------

 app.post('/login', (req, res) => {
-  // TODO: user.logincount update in db
  logger.LogReq(req)
-  const isScript = req.body.script
  const pw = req.body.pw
  const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
  const user = dbtools.Select(authDB, 'users', {
@ -174,15 +153,10 @@ app.post('/login', (req, res) => {
    // TODO: cookie age
    res.cookie('sessionID', sessionID)

-    if (isScript) {
-      res.json({
-        result: 'success',
-        sessionID: sessionID
-      })
-    } else {
-      // FIXME: redirect to original url
-      res.redirect('/')
-    }
+    res.json({
+      result: 'success',
+      sessionID: sessionID
+    })

    logger.Log(`Successfull login with user ID: #${user.id}`, logger.GetColor('cyan'))
  } else {
@ -202,8 +176,9 @@ app.post('/logout', (req, res) => {
    id: sessionID
  })
  // TODO: remove old sessions every once in a while
-  // FIXME: redirect to original url
-  res.clearCookie('sessionID').redirect('/')
+  res.clearCookie('sessionID').json({
+    result: 'success'
+  })
 })

 // --------------------------------------------------------------
--- a/modules/api/apiDBStruct.json
+++ b/modules/api/apiDBStruct.json
@ -1,13 +1,15 @@
 {
  "users": {
    "tableStruct": {
+      "id": {
+        "type": "integer",
+        "primary": true,
+        "autoIncrement": true
+      },
      "pw": {
        "type": "text",
-        "primary": true,
-        "notNull": true
-      },
-      "id": {
-        "type": "number"
+        "notNull": true,
+        "unique": true
      },
      "lastIP": {
        "type": "text"
@ -27,6 +29,15 @@
    }
  },
  "sessions": {
+    "foreignKey": {
+      "keysFrom": [
+        "userID"
+      ],
+      "table": "users",
+      "keysTo": [
+        "id"
+      ]
+    },
    "tableStruct": {
      "id": {
        "type": "text",
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@ -1,87 +0,0 @@
-const logger = require('../../utils/logger.js')
-const dbtools = require('../../utils/dbtools.js')
-
-const exceptions = [
-  'favicon',
-  '/login'
-]
-
-module.exports = function (options) {
-  const { authDB, jsonResponse } = options
-
-  const renderLogin = (res) => {
-    if (jsonResponse) {
-      res.json({
-        result: 'nouser',
-        msg: 'You are not logged in'
-      })
-    } else {
-      res.render('login')
-    }
-  }
-
-  return function (req, res, next) {
-    const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
-    const sessionID = req.cookies.sessionID
-    const isException = exceptions.some((exc) => {
-      return req.url === exc
-    })
-
-    if (isException) {
-      logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
-      next()
-      return
-    }
-
-    if (!sessionID) {
-      logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
-      renderLogin(res)
-      return
-    }
-
-    const user = GetUserBySessionID(authDB, sessionID, req)
-
-    if (!user) {
-      logger.DebugLog(`No user:${req.url}`, 'auth', 1)
-      renderLogin(res)
-      return
-    }
-
-    logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
-
-    dbtools.Update(authDB, 'sessions', {
-      lastAccess: new Date().toString()
-    }, {
-      id: sessionID
-    })
-
-    dbtools.Update(authDB, 'users', {
-      lastIP: ip,
-      lastAccess: new Date().toString()
-    }, {
-      id: user.id
-    })
-
-    next()
-  }
-}
-
-function GetUserBySessionID (db, sessionID, req) {
-  logger.DebugLog(`Getting user from db`, 'auth', 2)
-
-  const session = dbtools.Select(db, 'sessions', {
-    id: sessionID
-  })[0]
-
-  if (!session) {
-    return
-  }
-
-  const user = dbtools.Select(db, 'users', {
-    id: session.userID
-  })[0]
-
-  if (user) {
-    return user
-  }
-}
--- a/modules/dataEditor/dataEditor.js
+++ b/modules/dataEditor/dataEditor.js
@ -71,6 +71,7 @@ AddHtmlRoutes(utils.ReadDir('modules/dataEditor/public'))
 // --------------------------------------------------------------

 app.get('/', function (req, res) {
+  // TODO: log this, regexp $/^
  res.end('hai')
  logger.LogReq(req)
 })
--- a/modules/qmining/qmining-page
+++ b/modules/qmining/qmining-page
@ -1 +1 @@
-Subproject commit 72ea24c07133d02a983152b4416ff98eb5dc4369
+Subproject commit 9f576a41f6a8b1de82f2a0cf901046a76ff9a1ed
--- a/modules/qmining/qmining.js
+++ b/modules/qmining/qmining.js
@ -23,6 +23,7 @@ const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const app = express()

+const reqlogger = require('../../middlewares/reqlogger.middleware.js')
 const utils = require('../../utils/utils.js')
 const logger = require('../../utils/logger.js')

@ -33,19 +34,6 @@ try {
  logger.Log('Couldnt read donate URL file!', logger.GetColor('red'))
 }

-app.set('view engine', 'ejs')
-app.set('views', [
-  './modules/qmining/views',
-  './sharedViews'
-])
-app.use(express.static('modules/qmining/public'))
-app.use(express.static('public'))
-app.use(busboy({
-  limits: {
-    fileSize: 10000 * 1024 * 1024
-  }
-}))
-app.use(bodyParser.json())
 app.use(bodyParser.urlencoded({
  limit: '5mb',
  extended: true
@ -53,6 +41,19 @@ app.use(bodyParser.urlencoded({
 app.use(bodyParser.json({
  limit: '5mb'
 }))
+app.set('view engine', 'ejs')
+app.set('views', [
+  './modules/qmining/views',
+  './sharedViews'
+])
+app.use(reqlogger())
+app.use(express.static('modules/qmining/public'))
+app.use(express.static('public'))
+app.use(busboy({
+  limits: {
+    fileSize: 10000 * 1024 * 1024
+  }
+}))

 // --------------------------------------------------------------
 // REDIRECTS