diff options
| author | LarsVomMars | 2020-10-04 00:52:42 +0200 |
|---|---|---|
| committer | LarsVomMars | 2020-10-04 00:52:49 +0200 |
| commit | 53b84f7ede1ad26e5111cd6da9c13042d98a290b (patch) | |
| tree | bc314b88c83ee4e046ab1041a06fd3e3d4eb26ea | |
| parent | 88a2c395ad96c65d75ea64c57d68b62d93bc12c3 (diff) | |
Password change
| -rw-r--r-- | auth/index.js | 22 | ||||
| -rw-r--r-- | auth/public/change.html | 32 | ||||
| -rw-r--r-- | auth/public/script.js | 6 |
3 files changed, 50 insertions, 10 deletions
diff --git a/auth/index.js b/auth/index.js index 8e61e51..bfff5e1 100644 --- a/auth/index.js +++ b/auth/index.js @@ -16,7 +16,7 @@ app.use( "/", (req, res, next) => { // Very important, don't change :) - if (!req.session.loggedIn || req.path.startsWith("/api")) next(); + if (!req.session.loggedIn || req.path.startsWith("/api") || /.*?\.[html|js|css]/.test(req.path)) next(); else res.redirect("/"); }, express.static(__dirname + "/public"), @@ -39,20 +39,20 @@ app.post("/api/login", async (req, res) => { app.use("/api/logout", (req, res) => req.session.destroy() & res.redirect("/")); -app.put("/api/password", checkUser, async (req, res) => { - const { pwd, newPwd } = req.body; - if (!(pwd && newPwd)) return res.redirect("/auth"); - const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]); +app.post("/api/password", checkUser, async (req, res) => { + const { oldPassword, newPassword, newPasswordRep } = req.body; + if (!(oldPassword && newPassword && newPasswordRep) || newPassword !== newPasswordRep) return res.send("error"); + const user = (await db.query("SELECT id, password FROM users WHERE id = ?", [req.session.uid]))[0]; if (!user.password) return res.send("error"); - if (!((await bcrypt.compare(pwd, user.password)) && user.id === req.session.uid && req.session.loggedIn)) - return res.redirect("/auth"); + if (req.session.loggedIn && user.id === req.session.uid) return res.redirect("/auth"); + if (!(await bcrypt.compare(oldPassword, user.password))) return res.send("error"); try { - const newHash = await bcrypt.hash(newPwd, 12); + const newHash = await bcrypt.hash(newPassword, 12); await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]); - res.redirect("/auth"); + res.redirect("/"); } catch (e) { console.error(e); - res.redirect("/auth"); + res.send("error"); } }); @@ -70,4 +70,6 @@ app.get("/api/list", checkUser, async (req, res) => { res.json(users); }); +app.get("/api/status", (req, res) => res.json({ loggedIn: req.session.loggedIn })); + module.exports = { auth: app, checkUser }; diff --git a/auth/public/change.html b/auth/public/change.html new file mode 100644 index 0000000..ab2fd5c --- /dev/null +++ b/auth/public/change.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset="UTF-8" /> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + <link + rel="stylesheet" + href="https://unpkg.com/purecss@2.0.3/build/pure-min.css" + integrity="sha384-cg6SkqEOCV1NbJoCu11+bm0NvBRc8IYLRGXkmNrqUBfTjmMYwNKPWBTIKyw9mHNJ" + crossorigin="anonymous" + /> + <link rel="stylesheet" href="style.css" type="text/css" media="all" /> + + <title>Auth</title> + </head> + <body> + <form class="pure-form pure-form-stacked" id="change-form" action="api/password" method="POST"> + <fieldset> + <legend>Login</legend> + <label for="old-password">Altes Passwort</label> + <input name="oldPassword" type="password" id="old-password" placeholder="Passwort" required /> + <label for="password">Neues Passwort</label> + <input name="newPassword" type="password" id="password" placeholder="Neues Passwort" required /> + <label for="new-password">Neues Passwort (wiederholt)</label> + <input name="newPasswordRep" type="password" id="new-password" placeholder="Neues Passwort" required /> + <button type="submit" class="pure-button pure-button-primary">Anmelden</button> + </fieldset> + </form> + + <script src="script.js"></script> + </body> +</html> diff --git a/auth/public/script.js b/auth/public/script.js new file mode 100644 index 0000000..b50bf9b --- /dev/null +++ b/auth/public/script.js @@ -0,0 +1,6 @@ +loggedIn(); + +async function loggedIn() { + const resp = await fetch("api/status"); + if (!(await resp.json())["loggedIn"]) location.redirect("/"); +} |