diff options
| author | LarsVomMars | 2020-10-01 17:51:06 +0200 |
|---|---|---|
| committer | LarsVomMars | 2020-10-01 17:51:06 +0200 |
| commit | ce4f9770702ee261b238a3466b1e1cf27246dfc8 (patch) | |
| tree | a3b361003a5f0bd0a5670b7a6a3959380aa507fa | |
| parent | 590723afb4178e070a372d6e6054fe4d8549a4b0 (diff) | |
Login, sessions, password reset
| -rw-r--r-- | app.js | 3 | ||||
| -rw-r--r-- | auth/index.js | 34 | ||||
| -rw-r--r-- | package.json | 1 |
3 files changed, 36 insertions, 2 deletions
@@ -1,5 +1,6 @@ require("dotenv").config(); const express = require("express"); +const session = require("express-session"); const motto = require("./motto"); const auth = require("./auth"); @@ -7,6 +8,8 @@ const quotes = require("./quotes"); const app = express(); +app.use(session({ secret: "keyboard cat", resave: false, saveUninitialized: true, cookie: { secure: true } })); + app.use(express.urlencoded({ extended: true })); app.use(express.json()); diff --git a/auth/index.js b/auth/index.js index 9bc3f58..bbe3589 100644 --- a/auth/index.js +++ b/auth/index.js @@ -1,14 +1,44 @@ const express = require("express"); +const bcrypt = require("bcrypt"); const db = require("../db"); + const app = express.Router(); -// TODO: Name list parser (teachers + pupils) -// TODO: Add users (OTP) // TODO: Change passwords // TODO: Login (+ Frontend, cookie, etc) app.use("/", express.static(__dirname + "/public")); +app.post("/api/login", async (req, res) => { + const { username, password } = req.body; + if (!(username && password)) return res.send("error"); + const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]); + if (!user.password) return res.send("error"); + const loggedIn = await bcrypt.compare(password, user.password); + if (loggedIn) { + req.session.loggedIn = true; + req.session.uid = user.id; + } + return res.send(LoggedIn); +}); + +app.put("/api/password", async (req, res) => { + const { pwd, newPwd } = req.body; + if (!(pwd && newPwd)) return res.send("error"); + const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]); + if (!user.password) return res.send("error"); + if (!((await bcrypt.compare(pwd, user.password)) && user.id === req.session.uid && req.session.loggedIn)) + return res.send("error"); + try { + const newHash = await bcrypt.hash(newPwd, 12); + await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]); + res.send("ok"); + } catch (e) { + console.error(e); + res.send("error"); + } +}); + app.get("/api/list", (req, res) => {}); module.exports = app; diff --git a/package.json b/package.json index a7ad9d3..a9691f4 100644 --- a/package.json +++ b/package.json @@ -10,6 +10,7 @@ "dotenv": "^8.2.0", "express": "^4.17.1", "express-rate-limit": "^5.1.3", + "express-session": "^1.17.1", "mariadb": "^2.4.2", "nanoid": "^3.1.12" } |