diff options
Diffstat (limited to 'auth')
| -rw-r--r-- | auth/index.js | 40 | ||||
| -rw-r--r-- | auth/public/change.html | 2 | ||||
| -rw-r--r-- | auth/public/index.html | 1 | ||||
| -rw-r--r-- | auth/public/script.js | 22 |
4 files changed, 46 insertions, 19 deletions
diff --git a/auth/index.js b/auth/index.js index cc1f5b3..e8d23d0 100644 --- a/auth/index.js +++ b/auth/index.js @@ -6,7 +6,7 @@ const app = express.Router(); function checkUser(req, res, next) { if (req.session.loggedIn) next(); - else res.redirect("/auth"); + else res.redirect(`/auth?ref=${encodeURI(req.originalUrl)}`); } function checkAdmin(req, res, next) { @@ -35,22 +35,26 @@ app.post("/api/login", async (req, res) => { if (req.session.loggedIn) return res.redirect("/"); const { username, password } = req.body; - if (!(username && password)) return res.redirect("/auth"); - const user = ( + if (!(username && password)) return res.json({ success: false, message: "Username oder Passwort fehlen!" }); + const users = ( await db.query("SELECT id, password, is_admin, class_id FROM users WHERE username = ?", [username]) - )[0]; + ); + if (users.length === 0) + return res.json({ success: false, message: "Username oder Passwort falsch!" }) + const user = users[0]; if (!user || !user.password) return res.redirect("/auth"); const loggedIn = await bcrypt.compare(password, user.password); if (loggedIn) { console.log("LOGIN: " + user.id); req.session.loggedIn = true; req.session.isAdmin = user.is_admin; - // Hardcoding ftw lol - req.session.isSuperAdmin = username == "bornerma" || username == "krönnela" ? user.is_admin : false; + // Hardcoding ftw lol - yay + req.session.isSuperAdmin = username === "bornerma" || username === "krönnela" ? user.is_admin : false; req.session.uid = user.id; req.session.cid = user.class_id; + return res.json({success: true}); } - res.redirect("/auth"); + return res.json({ success: false, message: "Username oder Passwort falsch!" }) }); app.use("/api/logout", checkUser, (req, res) => { @@ -62,18 +66,21 @@ app.use("/api/logout", checkUser, (req, res) => { app.post("/api/password", checkUser, async (req, res) => { const { oldPassword, newPassword, newPasswordRep } = req.body; if (!oldPassword || !newPassword || !newPasswordRep || newPassword !== newPasswordRep || newPassword.length < 8) - return res.send("error"); + return res.json({ success: false, message: "Passwörter müssen übereinstimmen!" }); const user = (await db.query("SELECT id, password FROM users WHERE id = ?", [req.session.uid]))[0]; - if (!user || !user.password) return res.send("error"); - if (!(await bcrypt.compare(oldPassword, user.password))) return res.send("error"); + if (!user || !user.password) return res.json({ success: false }); + if (!(await bcrypt.compare(oldPassword, user.password))) return res.json({ + success: false, + message: "Altes Passwort falsch!" + }); try { console.log("PASSWORD CHANGE: " + user.id); const newHash = await bcrypt.hash(newPassword, 12); await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]); - res.redirect("/"); + res.json({success: true}); } catch (e) { console.error(e); - res.send("error"); + return res.json({ success: false, message: "An error occurred!" }); } }); @@ -94,10 +101,9 @@ app.get("/api/list", checkUser, async (req, res) => { } } catch (e) { console.error(e); - return res.send("error"); + return res.json({ success: false }); } - - res.json(users); + return res.json(users); }); app.get("/api/status", (req, res) => { @@ -114,10 +120,10 @@ app.get("/api/self", checkUser, async (req, res) => { "SELECT id, username, name, middlename, surname, class_id, type_id, is_admin FROM users WHERE id = ?", [req.session.uid], ); - res.json(user[0]); + res.json(user.length > 0 ? user[0] : {}); } catch (e) { console.error(e); - return res.send("error"); + return res.json({ success: false }); } }); diff --git a/auth/public/change.html b/auth/public/change.html index f703649..5652af4 100644 --- a/auth/public/change.html +++ b/auth/public/change.html @@ -41,7 +41,7 @@ minlength="8" required /> - <button type="submit" class="pure-button pure-button-primary">Anmelden</button> + <button type="submit" class="pure-button pure-button-primary">Passwort ändern</button> </fieldset> </form> diff --git a/auth/public/index.html b/auth/public/index.html index 8273238..e0980d1 100644 --- a/auth/public/index.html +++ b/auth/public/index.html @@ -32,5 +32,6 @@ <button type="submit" class="pure-button pure-button-primary">Anmelden</button> </fieldset> </form> + <script src="script.js"></script> </body> </html> diff --git a/auth/public/script.js b/auth/public/script.js index b50bf9b..fd1fb3a 100644 --- a/auth/public/script.js +++ b/auth/public/script.js @@ -2,5 +2,25 @@ loggedIn(); async function loggedIn() { const resp = await fetch("api/status"); - if (!(await resp.json())["loggedIn"]) location.redirect("/"); + const res = await resp.json(); + if (res.loggedIn && !window.location.pathname.endsWith("change.html")) window.location.replace("/"); + else if (!res.loggedIn && window.location.pathname.endsWith("change.html")) window.location.replace("/"); } + +const form = document.querySelector("form"); +form.addEventListener("submit", async e => { + e.preventDefault(); + const method = e.target.method; + const url = e.target.action; + const rawBody = {}; + for (const input of form.querySelectorAll("input")) + rawBody[input.name] = input.value; + const body = JSON.stringify(rawBody); + const resp = await fetch(url, { method, body, headers: { "Content-Type": "application/json" } }); + const res = await resp.json(); + if (!res.success) alert(res.message); + else { + const ref = new URL(location.href).searchParams.get("ref"); + window.location.replace(ref); + } +});
\ No newline at end of file |