aboutsummaryrefslogtreecommitdiff
path: root/auth/index.js
diff options
context:
space:
mode:
Diffstat (limited to 'auth/index.js')
-rw-r--r--auth/index.js40
1 files changed, 23 insertions, 17 deletions
diff --git a/auth/index.js b/auth/index.js
index cc1f5b3..e8d23d0 100644
--- a/auth/index.js
+++ b/auth/index.js
@@ -6,7 +6,7 @@ const app = express.Router();
function checkUser(req, res, next) {
if (req.session.loggedIn) next();
- else res.redirect("/auth");
+ else res.redirect(`/auth?ref=${encodeURI(req.originalUrl)}`);
}
function checkAdmin(req, res, next) {
@@ -35,22 +35,26 @@ app.post("/api/login", async (req, res) => {
if (req.session.loggedIn) return res.redirect("/");
const { username, password } = req.body;
- if (!(username && password)) return res.redirect("/auth");
- const user = (
+ if (!(username && password)) return res.json({ success: false, message: "Username oder Passwort fehlen!" });
+ const users = (
await db.query("SELECT id, password, is_admin, class_id FROM users WHERE username = ?", [username])
- )[0];
+ );
+ if (users.length === 0)
+ return res.json({ success: false, message: "Username oder Passwort falsch!" })
+ const user = users[0];
if (!user || !user.password) return res.redirect("/auth");
const loggedIn = await bcrypt.compare(password, user.password);
if (loggedIn) {
console.log("LOGIN: " + user.id);
req.session.loggedIn = true;
req.session.isAdmin = user.is_admin;
- // Hardcoding ftw lol
- req.session.isSuperAdmin = username == "bornerma" || username == "krönnela" ? user.is_admin : false;
+ // Hardcoding ftw lol - yay
+ req.session.isSuperAdmin = username === "bornerma" || username === "krönnela" ? user.is_admin : false;
req.session.uid = user.id;
req.session.cid = user.class_id;
+ return res.json({success: true});
}
- res.redirect("/auth");
+ return res.json({ success: false, message: "Username oder Passwort falsch!" })
});
app.use("/api/logout", checkUser, (req, res) => {
@@ -62,18 +66,21 @@ app.use("/api/logout", checkUser, (req, res) => {
app.post("/api/password", checkUser, async (req, res) => {
const { oldPassword, newPassword, newPasswordRep } = req.body;
if (!oldPassword || !newPassword || !newPasswordRep || newPassword !== newPasswordRep || newPassword.length < 8)
- return res.send("error");
+ return res.json({ success: false, message: "Passwörter müssen übereinstimmen!" });
const user = (await db.query("SELECT id, password FROM users WHERE id = ?", [req.session.uid]))[0];
- if (!user || !user.password) return res.send("error");
- if (!(await bcrypt.compare(oldPassword, user.password))) return res.send("error");
+ if (!user || !user.password) return res.json({ success: false });
+ if (!(await bcrypt.compare(oldPassword, user.password))) return res.json({
+ success: false,
+ message: "Altes Passwort falsch!"
+ });
try {
console.log("PASSWORD CHANGE: " + user.id);
const newHash = await bcrypt.hash(newPassword, 12);
await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]);
- res.redirect("/");
+ res.json({success: true});
} catch (e) {
console.error(e);
- res.send("error");
+ return res.json({ success: false, message: "An error occurred!" });
}
});
@@ -94,10 +101,9 @@ app.get("/api/list", checkUser, async (req, res) => {
}
} catch (e) {
console.error(e);
- return res.send("error");
+ return res.json({ success: false });
}
-
- res.json(users);
+ return res.json(users);
});
app.get("/api/status", (req, res) => {
@@ -114,10 +120,10 @@ app.get("/api/self", checkUser, async (req, res) => {
"SELECT id, username, name, middlename, surname, class_id, type_id, is_admin FROM users WHERE id = ?",
[req.session.uid],
);
- res.json(user[0]);
+ res.json(user.length > 0 ? user[0] : {});
} catch (e) {
console.error(e);
- return res.send("error");
+ return res.json({ success: false });
}
});