qwik-account-manager/routes/auth.js

import bcrypt from 'bcrypt'
import crypto from 'crypto'
import { Router } from 'express'
import { glauth } from '../libs/database.js'
import execawait from '../libs/execawait.js'

const AUTH = Router()
let valid = {}


AUTH.post('/register', (req, res) => {
    const { captcha, password, username } = req.body

    // Was input sent?
    if (!username || !password || !captcha)
        return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password,'}${captcha ? '' : ' captcha'}`))

    // is captcha valid
    if (!valid[captcha])
        return(res.send("Invalid captcha!"))

    const captchaAge = Math.abs((valid[captcha].getTime() - new Date().getTime())/1000)

    if (captchaAge > 600)
        return(res.send("Invalid captcha!"))

    // expire the captcha
    delete valid[captcha]

    // does the username match the requirements
    if (!(/^(?=[a-zA-Z0-9]{2,20}$).*$/.test(username)))
        return(res.send("Username does not match the requirements"))

    if (glauth.prepare(`SELECT * FROM users WHERE name = ?`).get(username))
        return(res.send("User already exists"))

    bcrypt.hash(password, 10).then(
        hash => {
            glauth.prepare(`
                INSERT INTO users(
                    name, primarygroup, passbcrypt
                ) VALUES(?, 0, ?)
            `).run(username, hash)

            res.send("Account registered!")
        }
    )
})

AUTH.post('/login', (req, res) => {
    const { password, username } = req.body

    // Was input sent?
    if (!username || !password )
        return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password'}`))

    const user = glauth.prepare(`SELECT * FROM users WHERE name = ?`).get(username)

    if (!user)
        return(res.send("User doesn't exist!"))

    bcrypt.compare(password, user.passbcrypt).then(
        match => {
            if (!match)
                return res.send("Password's is incorrect!")

            return res.send("Welcome " + user.name + "!")
        }
    )
})

AUTH.get('/captcha', async (req, res) => {
    const captcha = crypto.randomBytes(3).toString('hex')
    await execawait(`./captcha.sh ${captcha} > captcha.png`)

    // Make it valid for 10 minutes
    valid[captcha] = new Date()

    // Send the captcha image
    res.contentType('image/png')
        .sendFile('captcha.png', { root: './' })
})


export default AUTH
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`import bcrypt from 'bcrypt'`
Refactor 2022-01-15 19:27:18 +01:00			`import crypto from 'crypto'`
			`import { Router } from 'express'`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`import { glauth } from '../libs/database.js'`
Refactor 2022-01-15 19:27:18 +01:00			`import execawait from '../libs/execawait.js'`

			`const AUTH = Router()`
			`let valid = {}`


			`AUTH.post('/register', (req, res) => {`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`const { captcha, password, username } = req.body`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`// Was input sent?`
			`if (!username \|\| !password \|\| !captcha)`
			return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password,'}${captcha ? '' : ' captcha'}`))
Refactor 2022-01-15 19:27:18 +01:00
			`// is captcha valid`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (!valid[captcha])`
Refactor 2022-01-15 19:27:18 +01:00			`return(res.send("Invalid captcha!"))`

Basic registration and login done. 2022-01-22 21:32:14 +01:00			`const captchaAge = Math.abs((valid[captcha].getTime() - new Date().getTime())/1000)`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (captchaAge > 600)`
Refactor 2022-01-15 19:27:18 +01:00			`return(res.send("Invalid captcha!"))`

			`// expire the captcha`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`delete valid[captcha]`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`// does the username match the requirements`
			`if (!(/^(?=[a-zA-Z0-9]{2,20}$).*$/.test(username)))`
			`return(res.send("Username does not match the requirements"))`

			if (glauth.prepare(`SELECT * FROM users WHERE name = ?`).get(username))
Refactor 2022-01-15 19:27:18 +01:00			`return(res.send("User already exists"))`

Basic registration and login done. 2022-01-22 21:32:14 +01:00			`bcrypt.hash(password, 10).then(`
			`hash => {`
			glauth.prepare(`
			`INSERT INTO users(`
			`name, primarygroup, passbcrypt`
			`) VALUES(?, 0, ?)`
			`).run(username, hash)

			`res.send("Account registered!")`
			`}`
			`)`
			`})`

			`AUTH.post('/login', (req, res) => {`
			`const { password, username } = req.body`

			`// Was input sent?`
			`if (!username \|\| !password )`
			return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password'}`))

			const user = glauth.prepare(`SELECT * FROM users WHERE name = ?`).get(username)

			`if (!user)`
			`return(res.send("User doesn't exist!"))`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`bcrypt.compare(password, user.passbcrypt).then(`
			`match => {`
			`if (!match)`
			`return res.send("Password's is incorrect!")`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`return res.send("Welcome " + user.name + "!")`
			`}`
			`)`
Refactor 2022-01-15 19:27:18 +01:00			`})`

			`AUTH.get('/captcha', async (req, res) => {`
			`const captcha = crypto.randomBytes(3).toString('hex')`
			await execawait(`./captcha.sh ${captcha} > captcha.png`)

			`// Make it valid for 10 minutes`
			`valid[captcha] = new Date()`

			`// Send the captcha image`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`res.contentType('image/png')`
			`.sendFile('captcha.png', { root: './' })`
Refactor 2022-01-15 19:27:18 +01:00			`})`


			`export default AUTH`