diff options
| author | Lars Krönner | 2020-10-01 17:55:10 +0200 |
|---|---|---|
| committer | GitHub | 2020-10-01 17:55:10 +0200 |
| commit | 2a41466c4167fdcfdc98f76cba7ad0713bd01ce9 (patch) | |
| tree | c62c1d582c99def9c89c63cde56e88bcd3da7ada | |
| parent | 91f4af6e9a3a5d770f98d4a5b75c729c18861cc1 (diff) | |
| parent | 6a18abb61acc70a90d9a4401dd5b6a6f43040800 (diff) | |
Merge pull request #2 from marvinborner/auth
Basic user login
| -rw-r--r-- | app.js | 3 | ||||
| -rw-r--r-- | auth/index.js | 34 | ||||
| -rw-r--r-- | package.json | 1 |
3 files changed, 36 insertions, 2 deletions
@@ -1,5 +1,6 @@ require("dotenv").config(); const express = require("express"); +const session = require("express-session"); const motto = require("./motto"); const auth = require("./auth"); @@ -7,6 +8,8 @@ const quotes = require("./quotes"); const app = express(); +app.use(session({ secret: "keyboard cat", resave: false, saveUninitialized: true, cookie: { secure: true } })); + app.use(express.urlencoded({ extended: true })); app.use(express.json()); diff --git a/auth/index.js b/auth/index.js index b726a25..69f6435 100644 --- a/auth/index.js +++ b/auth/index.js @@ -1,14 +1,44 @@ const express = require("express"); +const bcrypt = require("bcrypt"); const db = require("../db"); + const app = express.Router(); -// TODO: Name list parser (teachers + pupils) -// TODO: Add users (OTP) // TODO: Change passwords // TODO: Login (+ Frontend, cookie, etc) app.use("/", express.static(__dirname + "/public")); +app.post("/api/login", async (req, res) => { + const { username, password } = req.body; + if (!(username && password)) return res.send("error"); + const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]); + if (!user.password) return res.send("error"); + const loggedIn = await bcrypt.compare(password, user.password); + if (loggedIn) { + req.session.loggedIn = true; + req.session.uid = user.id; + } + return res.send(LoggedIn); +}); + +app.put("/api/password", async (req, res) => { + const { pwd, newPwd } = req.body; + if (!(pwd && newPwd)) return res.send("error"); + const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]); + if (!user.password) return res.send("error"); + if (!((await bcrypt.compare(pwd, user.password)) && user.id === req.session.uid && req.session.loggedIn)) + return res.send("error"); + try { + const newHash = await bcrypt.hash(newPwd, 12); + await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]); + res.send("ok"); + } catch (e) { + console.error(e); + res.send("error"); + } +}); + app.get("/api/list", async (req, res) => { const users = await db.query("SELECT id, name, middlename, surname FROM users"); res.json(users); diff --git a/package.json b/package.json index a7ad9d3..a9691f4 100644 --- a/package.json +++ b/package.json @@ -10,6 +10,7 @@ "dotenv": "^8.2.0", "express": "^4.17.1", "express-rate-limit": "^5.1.3", + "express-session": "^1.17.1", "mariadb": "^2.4.2", "nanoid": "^3.1.12" } |