import { v4 as uuidv4 } from 'uuid' import type { Database } from 'better-sqlite3' import logger from '../../../utils/logger' import utils from '../../../utils/utils' import { Request, SubmoduleData, User, Submodule, } from '../../../types/basicTypes' import dbtools from '../../../utils/dbtools' const minimumAlowwedSessions = 2 // how many sessions are allowed for a user const usersDbBackupPath = 'data/dbs/backup' const maxPWCount = 3 const daysAfterUserGetsPWs = 7 // days after user gets pw-s interface Session { id: string userId: number createDate: string lastAccess: string isScript: number } function BackupDB(usersDbBackupPath: string, userDB: Database) { logger.Log('Backing up auth DB ...') utils.CreatePath(usersDbBackupPath, true) userDB .backup( `${usersDbBackupPath}/users.${utils .GetDateString() .replace(/ /g, '_')}.db` ) .then(() => { logger.Log('Auth DB backup complete!') }) .catch((err: Error) => { logger.Log('Auth DB backup failed!', logger.GetColor('redbg')) console.error(err) }) } function setup(data: SubmoduleData): Submodule { const { app, userDB, url /* publicdirs, moduleSpecificData */ } = data let domain: any = url.split('.') // [ "https://api", "frylabs", "net" ] domain.shift() // [ "frylabs", "net" ] domain = domain.join('.') // "frylabs.net" logger.DebugLog(`Cookie domain: ${domain}`, 'cookie', 1) app.get('/avaiblePWS', (req: Request, res: any) => { logger.LogReq(req) const user: User = req.session.user res.json({ success: true, userCreated: user.created, availablePWS: user.avaiblePWRequests, requestedPWS: user.pwRequestCount, maxPWCount: maxPWCount, daysAfterUserGetsPWs: daysAfterUserGetsPWs, dayDiff: getDayDiff(user.created), userCount: dbtools.TableInfo(userDB, 'users').dataCount, }) }) app.post('/getpw', function (req: Request, res: any) { logger.LogReq(req) const requestingUser = req.session.user if (requestingUser.avaiblePWRequests <= 0) { res.json({ result: 'error', success: false, msg: 'Too many passwords requested or cant request password yet, try later', }) logger.Log( `User #${requestingUser.id} requested too much passwords`, logger.GetColor('cyan') ) return } dbtools.Update( userDB, 'users', { avaiblePWRequests: requestingUser.avaiblePWRequests - 1, pwRequestCount: requestingUser.pwRequestCount + 1, }, { id: requestingUser.id, } ) const pw = uuidv4() const insertRes = dbtools.Insert(userDB, 'users', { pw: pw, avaiblePWRequests: 0, created: utils.GetDateString(), createdBy: requestingUser.id, }) logger.Log( `User #${requestingUser.id} created new user #${insertRes.lastInsertRowid}`, logger.GetColor('cyan') ) res.json({ pw: pw, success: true, userCreated: requestingUser.created, availablePWS: requestingUser.avaiblePWRequests, requestedPWS: requestingUser.pwRequestCount, maxPWCount: maxPWCount, daysAfterUserGetsPWs: daysAfterUserGetsPWs, dayDiff: getDayDiff(requestingUser.created), userCount: dbtools.TableInfo(userDB, 'users').dataCount, }) }) app.post('/login', (req: Request, res: any) => { logger.LogReq(req) const pw = req.body.pw ? req.body.pw.replace(/'/g, '').replace(/"/g, '').replace(/;/g, '') : false const isScript = req.body.script const user: User = dbtools.Select(userDB, 'users', { pw: pw, })[0] if (user) { const sessionID = uuidv4() const existingSessions = dbtools .Select(userDB, 'sessions', { userID: user.id, isScript: isScript ? 1 : 0, }) .sort((a: Session, b: Session) => { return ( new Date(a.lastAccess).getTime() - new Date(b.lastAccess).getTime() ) }) const diff = existingSessions.length - minimumAlowwedSessions if (diff > 0) { logger.Log( `Multiple ${isScript ? 'script' : 'website'} sessions ( ${ existingSessions.length } ) for #${user.id}, deleting olds`, logger.GetColor('cyan') ) for (let i = 0; i < diff; i++) { const id = existingSessions[i].id dbtools.Delete(userDB, 'sessions', { id: id, isScript: isScript ? 1 : 0, }) } } dbtools.Update( userDB, 'users', { loginCount: user.loginCount + 1, lastLogin: utils.GetDateString(), }, { id: user.id, } ) dbtools.Insert(userDB, 'sessions', { id: sessionID, userID: user.id, isScript: isScript ? 1 : 0, createDate: utils.GetDateString(), }) // https://www.npmjs.com/package/cookie res.cookie('sessionID', sessionID, { domain: domain, expires: new Date( new Date().getTime() + 10 * 365 * 24 * 60 * 60 * 1000 ), sameSite: 'none', secure: true, }) res.cookie('sessionID', sessionID, { expires: new Date( new Date().getTime() + 10 * 365 * 24 * 60 * 60 * 1000 ), sameSite: 'none', secure: true, }) res.json({ result: 'success', msg: 'you are now logged in', }) logger.Log( `Successfull login to ${ isScript ? 'script' : 'website' } with user ID: #${user.id}`, logger.GetColor('cyan') ) } else { logger.Log( `Login attempt with invalid pw: ${pw} to ${ isScript ? 'script' : 'website' }`, logger.GetColor('cyan') ) res.json({ result: 'error', msg: 'Invalid password', }) } }) app.get('/logout', (req: Request, res: any) => { logger.LogReq(req) const sessionID = req.cookies.sessionID const user: User = req.session.user if (!user) { res.json({ msg: 'You are not logged in', success: false, }) return } logger.Log( `Successfull logout with user ID: #${user.id}`, logger.GetColor('cyan') ) // removing session from db dbtools.Delete(userDB, 'sessions', { id: sessionID, }) res.clearCookie('sessionID').json({ msg: 'Successfull logout', result: 'success', }) }) function getDayDiff(dateString: string | Date) { const msdiff = new Date().getTime() - new Date(dateString).getTime() return Math.floor(msdiff / (1000 * 3600 * 24)) } function IncrementAvaiblePWs() { // FIXME: check this if this is legit and works logger.Log('Incrementing avaible PW-s ...') const users: Array = dbtools.SelectAll(userDB, 'users') const day = new Date().getDay() if (day === 1) { users.forEach((user) => { const dayDiff = getDayDiff(user.created) if (dayDiff < daysAfterUserGetsPWs) { logger.Log( `User #${user.id} is not registered long enough to get password ( ${dayDiff} days, ${daysAfterUserGetsPWs} needed)`, logger.GetColor('cyan') ) return } if (user.avaiblePWRequests >= maxPWCount) { return } logger.Log( `Setting avaible PW-s for user #${user.id}: ${user.avaiblePWRequests} -> ${maxPWCount}`, logger.GetColor('cyan') ) dbtools.Update( userDB, 'users', { avaiblePWRequests: maxPWCount, }, { id: user.id, } ) }) } users.forEach((user) => { const dayDiff = getDayDiff(user.created) if (dayDiff === daysAfterUserGetsPWs) { logger.Log( `Setting avaible PW-s for user #${user.id}: ${user.avaiblePWRequests} -> ${maxPWCount}`, logger.GetColor('cyan') ) dbtools.Update( userDB, 'users', { avaiblePWRequests: maxPWCount, }, { id: user.id, } ) } }) } return { dailyAction: () => { BackupDB(usersDbBackupPath, userDB) IncrementAvaiblePWs() }, } } export default { setup: setup, }