From c0adc5e96bb91d7b3fbdd0a85e2ebfd574ae797c Mon Sep 17 00:00:00 2001 From: BurnyLlama Date: Mon, 31 Jan 2022 20:47:34 +0100 Subject: [PATCH] You can now log in - fantastic! :D --- index.js | 3 +++ package.json | 2 ++ routes/auth.js | 36 ++++++++++++++++++++++++++++-------- routes/routes.js | 22 +++++++++++++++++++++- static/css/theme.css | 1 - views/pages/login.njk | 2 ++ views/pages/manager.njk | 15 +++++++++++++++ 7 files changed, 71 insertions(+), 10 deletions(-) create mode 100644 views/pages/manager.njk diff --git a/index.js b/index.js index 9b6270a..04e8885 100644 --- a/index.js +++ b/index.js @@ -1,3 +1,5 @@ +import cookieParser from 'cookie-parser' +import crypto from 'crypto' import { dbInit } from './libs/database.js' import dotenv from 'dotenv' import express from 'express' @@ -19,6 +21,7 @@ await dbInit() } ) +APP.use(cookieParser(process.env.CK_SECRET ?? crypto.generateKeySync("aes", { length: 128 }).export().toString(), {})) APP.use(express.urlencoded({ extended: true })) APP.use('/static', express.static('static')) diff --git a/package.json b/package.json index 9ffe7fd..7c9ba61 100644 --- a/package.json +++ b/package.json @@ -11,8 +11,10 @@ "license": "ISC", "dependencies": { "bcrypt": "^5.0.1", + "cookie-parser": "^1.4.6", "dotenv": "^12.0.3", "express": "^4.17.2", + "jsonwebtoken": "^8.5.1", "nunjucks": "^3.2.3", "pg": "^8.7.1" } diff --git a/routes/auth.js b/routes/auth.js index a7cb720..be36bec 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -1,14 +1,16 @@ import bcrypt from 'bcrypt' import crypto from 'crypto' +import jwt from 'jsonwebtoken' import { Router } from 'express' import { glauth } from '../libs/database.js' import execawait from '../libs/execawait.js' +export const SECRET = process.env.TK_SECRET ?? crypto.generateKeySync("aes", { length: 128 }).export().toString() const AUTH = Router() let valid = {} /** - * ... + * This is needed because GLAuth (GLAuth's bcrypt) and Node (Node's bcrypt) read hashes differently. * @param {string} hash The hash to be converted to hex. * @returns {string} hex of hash */ @@ -25,11 +27,9 @@ function hash2hex(hash) { AUTH.post('/register', async (req, res) => { const { captcha, password, username } = req.body - // Was input sent? if (!username || !password || !captcha) return(res.send(`Not entered:${username ? '' : ' username,'}${password ? '' : ' password,'}${captcha ? '' : ' captcha'}`)) - // is captcha valid if (!valid[captcha]) return(res.send("Invalid captcha!")) @@ -38,10 +38,10 @@ AUTH.post('/register', async (req, res) => { if (captchaAge > 600) return(res.send("Invalid captcha!")) - // expire the captcha + // Expire the captcha. delete valid[captcha] - // does the username match the requirements + // Does the username match the requirements? if (!(/^(?=[a-zA-Z0-9]{2,20}$).*$/.test(username))) return(res.send("Username does not match the requirements")) @@ -59,7 +59,6 @@ AUTH.post('/register', async (req, res) => { ).catch( err => res.json({ _: "Sorry an error occured!", err }) ) - } ) }) @@ -77,11 +76,32 @@ AUTH.post('/login', async (req, res) => { return(res.send("User doesn't exist!")) bcrypt.compare(password, user.qam_pass).then( - match => { + async match => { if (!match) return res.send("Password's is incorrect!") - return res.send("Welcome " + user.name + "!") + const bearer = { + name: user.name, + id: user.uidnumber, + group: (await glauth.query("SELECT name FROM groups WHERE gidnumber = $1::int", [ user.primarygroup ])).rows[0].name + } + + const token = jwt.sign( + bearer, + SECRET, + { expiresIn: '1h' } + ) + + const fourHoursInMillis = 60 * 60 * 1000 + res.cookie( + 'api-token', + token, + { + expires: new Date(Date.now() + fourHoursInMillis), + httpOnly: true, + signed: true + } + ).redirect('/manager') } ) }) diff --git a/routes/routes.js b/routes/routes.js index d51b175..4a899a3 100644 --- a/routes/routes.js +++ b/routes/routes.js @@ -1,11 +1,31 @@ +import jwt from 'jsonwebtoken' import { Router } from 'express' -import AUTH from './auth.js' +import AUTH, { SECRET } from './auth.js' const ROUTES = Router() ROUTES.get('/', (_, res) => res.render("pages/landing.njk")) ROUTES.get('/login', (_, res) => res.render("pages/login.njk")) ROUTES.get('/register', (_, res) => res.render("pages/register.njk")) +ROUTES.get( + '/manager', + (req, res) => { + const apiToken = req.signedCookies['api-token'] ?? null + if (!apiToken) + return res.redirect('/login') + + try { + if (!jwt.verify(apiToken, SECRET)) + return res.redirect('/login') + + const bearer = jwt.decode(apiToken) + + res.render('pages/manager.njk', { user: bearer }) + } catch (error) { + res.redirect('/login') + } + } +) ROUTES.use('/auth', AUTH) export default ROUTES \ No newline at end of file diff --git a/static/css/theme.css b/static/css/theme.css index e6ce47e..64265e3 100644 --- a/static/css/theme.css +++ b/static/css/theme.css @@ -65,7 +65,6 @@ h6 { p { margin: .5em 0 .25em 0; - text-align: justify; overflow-wrap: break-word; } diff --git a/views/pages/login.njk b/views/pages/login.njk index bb60387..847db13 100644 --- a/views/pages/login.njk +++ b/views/pages/login.njk @@ -14,5 +14,7 @@ + +

Logging in will store an API token in a cookie. 😉

{% endblock %} \ No newline at end of file diff --git a/views/pages/manager.njk b/views/pages/manager.njk new file mode 100644 index 0000000..a3d26dc --- /dev/null +++ b/views/pages/manager.njk @@ -0,0 +1,15 @@ +{% extends "templates/base.njk" %} + +{% block head %} + {{ user.name }}@qam +{% endblock %} + +{% block body %} + {# #} +
Welcome {{ user.name }}! :D
+

This is your account manager!

+

+ Currently no features are implemented, but we want to implement at least password changing. + It would also be nice to have proper account deletion. (For now, if you want to delete your account contact an admin!) +

+{% endblock %} \ No newline at end of file