qwik-account-manager/routes/auth.js

import bcrypt from 'bcrypt'
import crypto from 'crypto'
import jwt from 'jsonwebtoken'
import { Router } from 'express'
import { glauth } from '../libs/database.js'
import execawait from '../libs/execawait.js'

export const SECRET = process.env.TK_SECRET ?? crypto.generateKeySync("aes", { length: 128 }).export().toString()
const AUTH = Router()
let valid = {}

/**
 * This is needed because GLAuth (GLAuth's bcrypt) and Node (Node's bcrypt) read hashes differently.
 * @param {string} hash The hash to be converted to hex.
 * @returns {string} hex of hash
 */
function hash2hex(hash) {
    return hash
        .split('')
        .map(e => e
            .charCodeAt(0)
            .toString(16)
        )
        .join('')
}

AUTH.post('/register', async (req, res) => {
    const { captcha, password, username } = req.body

    if (!username || !password || !captcha)
        return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password,'}${captcha ? '' : ' captcha'}`))

    if (!valid[captcha])
        return(res.send("Invalid captcha!"))

    const captchaAge = Math.abs((valid[captcha].getTime() - new Date().getTime())/1000)

    if (captchaAge > 600)
        return(res.send("Invalid captcha!"))

    // Expire the captcha.
    delete valid[captcha]

    // Does the username match the requirements?
    if (!(/^(?=[a-zA-Z0-9]{2,20}$).*$/.test(username)))
        return(res.send("Username does not match the requirements"))

    if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount)
        return(res.send("User already exists"))

    bcrypt.hash(password, 10).then(
        hash => {
            const hexHash = hash2hex(hash)
            glauth.query(
                "INSERT INTO users(name, primarygroup, passbcrypt, qam_pass) VALUES($1::text, 0, $2::text, $3::text)",
                [ username, hexHash, hash ]
            ).then(
                () => res.send("Account registered!")
            ).catch(
                err => res.json({ _: "Sorry an error occured!", err })
            )
        }
    )
})

AUTH.post('/login', async (req, res) => {
    const { password, username } = req.body

    // Was input sent?
    if (!username || !password )
        return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password'}`))

    const user = (await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rows[0]

    if (!user)
        return(res.send("User doesn't exist!"))

    bcrypt.compare(password, user.qam_pass).then(
        async match => {
            if (!match)
                return res.send("Password's is incorrect!")

            const bearer = {
                name: user.name,
                id: user.uidnumber,
                group: (await glauth.query("SELECT name FROM groups WHERE gidnumber = $1::int", [ user.primarygroup ])).rows[0].name
            }
            
            const token = jwt.sign(
                bearer,
                SECRET,
                { expiresIn: '1h' }
            )

            const fourHoursInMillis = 60 * 60 * 1000
            res.cookie(
                'api-token',
                token,
                {
                    expires: new Date(Date.now() + fourHoursInMillis),
                    httpOnly: true,
                    signed: true
                }
            ).redirect('/manager')
        }
    )
})

AUTH.get('/captcha', async (req, res) => {
    const captcha = crypto.randomBytes(3).toString('hex')
    await execawait(`./captcha.sh ${captcha} > captcha.png`)

    // Make it valid for 10 minutes
    valid[captcha] = new Date()

    // Send the captcha image
    res.contentType('image/png')
        .sendFile('captcha.png', { root: './' })
})


export default AUTH
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`import bcrypt from 'bcrypt'`
Refactor 2022-01-15 19:27:18 +01:00			`import crypto from 'crypto'`
You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`import jwt from 'jsonwebtoken'`
Refactor 2022-01-15 19:27:18 +01:00			`import { Router } from 'express'`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`import { glauth } from '../libs/database.js'`
Refactor 2022-01-15 19:27:18 +01:00			`import execawait from '../libs/execawait.js'`

You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`export const SECRET = process.env.TK_SECRET ?? crypto.generateKeySync("aes", { length: 128 }).export().toString()`
Refactor 2022-01-15 19:27:18 +01:00			`const AUTH = Router()`
			`let valid = {}`

Fixed ldap auth bullshit! 2022-01-23 17:49:27 +01:00			`/**`
You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`* This is needed because GLAuth (GLAuth's bcrypt) and Node (Node's bcrypt) read hashes differently.`
Fixed ldap auth bullshit! 2022-01-23 17:49:27 +01:00			`* @param {string} hash The hash to be converted to hex.`
			`* @returns {string} hex of hash`
			`*/`
			`function hash2hex(hash) {`
			`return hash`
			`.split('')`
			`.map(e => e`
			`.charCodeAt(0)`
			`.toString(16)`
			`)`
			`.join('')`
			`}`
Refactor 2022-01-15 19:27:18 +01:00
Movedto postgres... 2022-01-23 15:52:12 +01:00			`AUTH.post('/register', async (req, res) => {`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`const { captcha, password, username } = req.body`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (!username \|\| !password \|\| !captcha)`
			return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password,'}${captcha ? '' : ' captcha'}`))
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (!valid[captcha])`
Refactor 2022-01-15 19:27:18 +01:00			`return(res.send("Invalid captcha!"))`

Basic registration and login done. 2022-01-22 21:32:14 +01:00			`const captchaAge = Math.abs((valid[captcha].getTime() - new Date().getTime())/1000)`
Refactor 2022-01-15 19:27:18 +01:00
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (captchaAge > 600)`
Refactor 2022-01-15 19:27:18 +01:00			`return(res.send("Invalid captcha!"))`

You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`// Expire the captcha.`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`delete valid[captcha]`
Refactor 2022-01-15 19:27:18 +01:00
You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`// Does the username match the requirements?`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (!(/^(?=[a-zA-Z0-9]{2,20}$).*$/.test(username)))`
			`return(res.send("Username does not match the requirements"))`

Movedto postgres... 2022-01-23 15:52:12 +01:00			`if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount)`
Refactor 2022-01-15 19:27:18 +01:00			`return(res.send("User already exists"))`

Basic registration and login done. 2022-01-22 21:32:14 +01:00			`bcrypt.hash(password, 10).then(`
			`hash => {`
Fixed ldap auth bullshit! 2022-01-23 17:49:27 +01:00			`const hexHash = hash2hex(hash)`
Movedto postgres... 2022-01-23 15:52:12 +01:00			`glauth.query(`
Fixed ldap auth bullshit! 2022-01-23 17:49:27 +01:00			`"INSERT INTO users(name, primarygroup, passbcrypt, qam_pass) VALUES($1::text, 0, $2::text, $3::text)",`
			`[ username, hexHash, hash ]`
Movedto postgres... 2022-01-23 15:52:12 +01:00			`).then(`
			`() => res.send("Account registered!")`
			`).catch(`
			`err => res.json({ _: "Sorry an error occured!", err })`
			`)`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`}`
			`)`
			`})`

Movedto postgres... 2022-01-23 15:52:12 +01:00			`AUTH.post('/login', async (req, res) => {`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`const { password, username } = req.body`

			`// Was input sent?`
			`if (!username \|\| !password )`
			return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password'}`))

Movedto postgres... 2022-01-23 15:52:12 +01:00			`const user = (await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rows[0]`
Basic registration and login done. 2022-01-22 21:32:14 +01:00
			`if (!user)`
			`return(res.send("User doesn't exist!"))`
Refactor 2022-01-15 19:27:18 +01:00
Fixed ldap auth bullshit! 2022-01-23 17:49:27 +01:00			`bcrypt.compare(password, user.qam_pass).then(`
You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`async match => {`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`if (!match)`
			`return res.send("Password's is incorrect!")`
Refactor 2022-01-15 19:27:18 +01:00
You can now log in - fantastic! :D 2022-01-31 20:47:34 +01:00			`const bearer = {`
			`name: user.name,`
			`id: user.uidnumber,`
			`group: (await glauth.query("SELECT name FROM groups WHERE gidnumber = $1::int", [ user.primarygroup ])).rows[0].name`
			`}`

			`const token = jwt.sign(`
			`bearer,`
			`SECRET,`
			`{ expiresIn: '1h' }`
			`)`

			`const fourHoursInMillis = 60 * 60 * 1000`
			`res.cookie(`
			`'api-token',`
			`token,`
			`{`
			`expires: new Date(Date.now() + fourHoursInMillis),`
			`httpOnly: true,`
			`signed: true`
			`}`
			`).redirect('/manager')`
Basic registration and login done. 2022-01-22 21:32:14 +01:00			`}`
			`)`
Refactor 2022-01-15 19:27:18 +01:00			`})`

			`AUTH.get('/captcha', async (req, res) => {`
			`const captcha = crypto.randomBytes(3).toString('hex')`
Movedto postgres... 2022-01-23 15:52:12 +01:00			await execawait(`./captcha.sh ${captcha} > captcha.png`)

			`// Make it valid for 10 minutes`
			`valid[captcha] = new Date()`

			`// Send the captcha image`
			`res.contentType('image/png')`
			`.sendFile('captcha.png', { root: './' })`
Refactor 2022-01-15 19:27:18 +01:00			`})`


			`export default AUTH`