From fa4b29efe64f592d5792455eed7e514c7add675c Mon Sep 17 00:00:00 2001
From: MrFry <mrfry@airmail.cc>
Date: Thu, 9 Apr 2020 12:33:29 +0200
Subject: [PATCH] Fix for logging in on site and with script

---
 modules/api/api.js                  | 14 +++++++++++---
 modules/api/apiDBStruct.json        |  4 ++++
 modules/qmining/qmining.js          |  2 +-
 modules/qmining/views/veteranPw.ejs |  4 ++--
 server.js                           |  7 ++++++-
 utils/dbSetup.js                    |  4 ++--
 6 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/modules/api/api.js b/modules/api/api.js
index 3d80e7f..5339925 100644
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -228,7 +228,8 @@ function GetApp () {
 
   app.post('/login', (req, res) => {
     logger.LogReq(req)
-    const pw = req.body.pw
+    const pw = req.body.pw || false
+    const isScript = req.body.script
     const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
     const user = dbtools.Select(userDB, 'users', {
       pw: pw
@@ -239,14 +240,16 @@ function GetApp () {
 
       // FIXME: Users now can only log in in one session, this might be too strict.
       const existingSessions = dbtools.Select(userDB, 'sessions', {
-        userID: user.id
+        userID: user.id,
+        isScript: isScript ? 1 : 0
       })
 
       if (existingSessions.length > 0) {
         logger.Log(`Multiple sessions ( ${existingSessions.length} ) for #${user.id}, deleting olds`, logger.GetColor('cyan'))
         existingSessions.forEach((sess) => {
           dbtools.Delete(userDB, 'sessions', {
-            id: sess.id
+            id: sess.id,
+            isScript: isScript ? 1 : 0
           })
         })
       }
@@ -263,14 +266,19 @@ function GetApp () {
         id: sessionID,
         ip: ip,
         userID: user.id,
+        isScript: isScript ? 1 : 0,
         createDate: utils.GetDateString()
       })
 
+      // https://www.npmjs.com/package/cookie
       // TODO: cookie age
       res.cookie('sessionID', sessionID, {
         domain: '.frylabs.net', // TODO: use url. url: "https://api.frylabs.net"
         sameSite: 'none'
       })
+      res.cookie('sessionID', sessionID, {
+        sameSite: 'none'
+      })
 
       res.json({
         result: 'success',
diff --git a/modules/api/apiDBStruct.json b/modules/api/apiDBStruct.json
index 1a10e8a..381dfd7 100644
--- a/modules/api/apiDBStruct.json
+++ b/modules/api/apiDBStruct.json
@@ -81,6 +81,10 @@
       },
       "lastAccess": {
         "type": "text"
+      },
+      "isScript": {
+        "type": "number",
+        "notNull": true
       }
     }
   },
diff --git a/modules/qmining/qmining.js b/modules/qmining/qmining.js
index 3cd8de1..db5f638 100644
--- a/modules/qmining/qmining.js
+++ b/modules/qmining/qmining.js
@@ -178,7 +178,7 @@ function GetApp () {
 
   app.get('/getVeteranPw', function (req, res) {
     res.render('veteranPw', {
-      cid: req.query.cid
+      cid: req.query.cid || ''
     })
     logger.LogReq(req)
   })
diff --git a/modules/qmining/views/veteranPw.ejs b/modules/qmining/views/veteranPw.ejs
index eabb2cd..ee9c3c8 100644
--- a/modules/qmining/views/veteranPw.ejs
+++ b/modules/qmining/views/veteranPw.ejs
@@ -70,12 +70,12 @@
         Frylabs
       </div>
       <div id='text' class='text'>
-        Másold be ide régi kliens ID-d, és az alapján jelszót ad. Ezt csak egyszer teheted meg, a
+        Másold be ide régi kliens ID-d, és az alapján jelszót kapsz. Ezt csak egyszer teheted meg, a
         kapott jelszót tuti helyre írd le!
       </div>
       <div id='form'>
         <div class='inputContainer'>
-          <input type='text' id='cid' name='pw' autocomplete="off"/>
+          <input type='text' id='cid' name='pw' value=<%= cid %> autocomplete="off"/>
         </div>
         <input type='hidden' name='redirect' value='asd' autocomplete="off"/>
         <button id='sendButton' onclick="GetVeteranPW(this)">Submit</button>
diff --git a/server.js b/server.js
index a991ae1..ee62646 100755
--- a/server.js
+++ b/server.js
@@ -20,7 +20,8 @@
 console.clear()
 
 const startHTTPS = true
-const port = 80
+const isRoot = process.getuid && process.getuid() === 0
+const port = isRoot ? 80 : 8080
 const httpsport = 5001
 
 const express = require('express')
@@ -91,6 +92,7 @@ function exit (reason) {
 }
 
 const app = express()
+// https://github.com/expressjs/cors#configuration-options
 app.use(cors({
   credentials: true,
   origin: true
@@ -198,6 +200,9 @@ function LogTimerAction () {
 logger.Log('Node version: ' + process.version)
 logger.Log('Current working directory: ' + process.cwd())
 logger.Log('Listening on port: ' + port)
+if (isRoot) {
+  logger.Log('Running as root', logger.GetColor('red'))
+}
 
 const httpServer = http.createServer(app)
 httpServer.listen(port)
diff --git a/utils/dbSetup.js b/utils/dbSetup.js
index c229118..a00b4c7 100644
--- a/utils/dbSetup.js
+++ b/utils/dbSetup.js
@@ -24,8 +24,8 @@ function CreateDB () {
   })
 
   try {
-    if (utils.FileExists('../dbUsers/keys')) {
-      const uids = utils.ReadFile('../dbUsers/keys').split('\n')
+    if (utils.FileExists('./ids')) {
+      const uids = utils.ReadFile('./ids').split('\n')
 
       uids.forEach((cid, i) => {
         if (!cid) { return }