mirror of
https://gitlab.com/MrFry/mrfrys-node-server
synced 2025-04-01 20:24:18 +02:00
116 lines
2.5 KiB
JavaScript
116 lines
2.5 KiB
JavaScript
const logger = require('../utils/logger.js')
|
|
const utils = require('../utils/utils.js')
|
|
const dbtools = require('../utils/dbtools.js')
|
|
|
|
module.exports = function (options) {
|
|
const { userDB, jsonResponse, exceptions } = options
|
|
|
|
const renderLogin = (req, res) => {
|
|
if (jsonResponse) {
|
|
res.json({
|
|
result: 'nouser',
|
|
msg: 'You are not logged in'
|
|
})
|
|
} else {
|
|
res.render('login', {
|
|
redirect: 'https://' + req.hostname + req.url
|
|
})
|
|
}
|
|
}
|
|
|
|
return function (req, res, next) {
|
|
const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress
|
|
const sessionID = req.cookies.sessionID
|
|
const isException = exceptions.some((exc) => {
|
|
return req.url.split('?')[0] === exc
|
|
})
|
|
|
|
// FIXME Allowing all urls with _next in it, but not in params
|
|
if (req.url.split('?')[0].includes('_next')) {
|
|
req.session = { isException: true }
|
|
next()
|
|
return
|
|
}
|
|
|
|
if (isException) {
|
|
req.session = { isException: true }
|
|
logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
|
|
next()
|
|
return
|
|
}
|
|
|
|
if (!sessionID) {
|
|
logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1)
|
|
renderLogin(req, res)
|
|
return
|
|
}
|
|
|
|
const user = GetUserBySessionID(userDB, sessionID, req)
|
|
|
|
if (!user) {
|
|
logger.DebugLog(`No user:${req.url}`, 'auth', 1)
|
|
renderLogin(req, res)
|
|
return
|
|
}
|
|
|
|
req.session = {
|
|
user: user,
|
|
sessionID: sessionID
|
|
}
|
|
|
|
logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
|
|
|
|
UpdateAccess(userDB, user, ip, sessionID)
|
|
|
|
dbtools.Update(userDB, 'sessions', {
|
|
lastAccess: utils.GetDateString()
|
|
}, {
|
|
id: sessionID
|
|
})
|
|
|
|
dbtools.Update(userDB, 'users', {
|
|
lastIP: ip,
|
|
lastAccess: utils.GetDateString()
|
|
}, {
|
|
id: user.id
|
|
})
|
|
|
|
next()
|
|
}
|
|
}
|
|
|
|
function UpdateAccess (db, user, ip, sessionID) {
|
|
const accesses = dbtools.Select(db, 'accesses', {
|
|
userId: user.id,
|
|
ip: ip
|
|
})
|
|
|
|
if (accesses.length === 0) {
|
|
dbtools.Insert(db, 'accesses', {
|
|
userID: user.id,
|
|
ip: ip,
|
|
sessionID: sessionID,
|
|
date: utils.GetDateString()
|
|
})
|
|
}
|
|
}
|
|
|
|
function GetUserBySessionID (db, sessionID, req) {
|
|
logger.DebugLog(`Getting user from db`, 'auth', 2)
|
|
|
|
const session = dbtools.Select(db, 'sessions', {
|
|
id: sessionID
|
|
})[0]
|
|
|
|
if (!session) {
|
|
return
|
|
}
|
|
|
|
const user = dbtools.Select(db, 'users', {
|
|
id: session.userID
|
|
})[0]
|
|
|
|
if (user) {
|
|
return user
|
|
}
|
|
}
|