2019-11-23 17:40:51 +01:00
|
|
|
import * as DataEvent from '../../../src/com/events/DataEvent';
|
2019-10-12 01:10:55 +02:00
|
|
|
const express = require('express');
|
|
|
|
const router = express.Router();
|
2020-06-10 01:55:24 +02:00
|
|
|
const bcrypt = require('bcrypt');
|
2019-10-12 01:10:55 +02:00
|
|
|
const jwt = require('jsonwebtoken');
|
2019-11-16 23:20:04 +01:00
|
|
|
const fs = require('fs-extra');
|
|
|
|
const _ = require('lodash');
|
2020-06-21 03:13:23 +02:00
|
|
|
const crypto = require('crypto'); // for setting up new accounts
|
|
|
|
const secret_key = '58d5aeec3c604e2837aef70bc1606f35131ab8fea9731925558f5acfaa00da60';
|
|
|
|
const moment = require('moment');
|
2019-10-12 01:10:55 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get Auth Status
|
|
|
|
*/
|
2020-05-05 22:44:45 +02:00
|
|
|
router.get('/', function (req, res) {
|
2019-10-12 01:10:55 +02:00
|
|
|
var token = req.headers['x-access-token'];
|
|
|
|
if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' });
|
|
|
|
|
2020-05-05 22:44:45 +02:00
|
|
|
jwt.verify(token, 'super-secret-string', function (err, decoded) {
|
2019-10-12 01:10:55 +02:00
|
|
|
if (err)
|
|
|
|
return res.status(500).send({ auth: false, message: 'Failed to authenticate token.' });
|
|
|
|
res.status(200).send(decoded);
|
|
|
|
});
|
|
|
|
});
|
2019-12-02 22:07:16 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get Auth Status
|
|
|
|
*/
|
2020-05-05 22:44:45 +02:00
|
|
|
router.get('/status', function (req, res) {
|
2019-12-02 22:07:16 +01:00
|
|
|
if (req.session.user) {
|
|
|
|
let session = req.session;
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_REQUEST_GOOD,
|
|
|
|
message: 'Auth is Good',
|
2019-12-03 02:59:04 +01:00
|
|
|
token: session.hashToken
|
2019-12-02 22:07:16 +01:00
|
|
|
});
|
|
|
|
} else {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_REQUEST_LAME,
|
|
|
|
message: 'NOT AUTHORIZED'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
});
|
2019-10-12 01:10:55 +02:00
|
|
|
/**
|
|
|
|
* Login Member and return token
|
|
|
|
*/
|
2020-05-05 22:44:45 +02:00
|
|
|
router.post('/login', function (req, res) {
|
2019-11-23 19:30:34 +01:00
|
|
|
fs.readJson('site/folks.json').then(folks => {
|
2019-11-16 23:20:04 +01:00
|
|
|
let found = _.find(folks, { handle: req.body.handle });
|
|
|
|
if (found) {
|
|
|
|
if (!isValidPassword(found, req.body.password)) {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.REQUEST_LAME,
|
|
|
|
message: 'CHECK YOUR PASSWORD'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2019-12-02 22:07:16 +01:00
|
|
|
let token = jwt.sign({ id: found.id }, found.key, {
|
2019-11-16 23:20:04 +01:00
|
|
|
expiresIn: 86400 // expires in 24 hours
|
|
|
|
});
|
|
|
|
|
|
|
|
let session = req.session;
|
|
|
|
session.user = found;
|
|
|
|
session.token = token;
|
2019-12-03 02:59:04 +01:00
|
|
|
session.hashToken = hashToken(token);
|
2019-11-24 21:23:01 +01:00
|
|
|
res.json({
|
|
|
|
type: DataEvent.REQUEST_GOOD,
|
|
|
|
message: 'Welcome Back',
|
2019-12-03 02:59:04 +01:00
|
|
|
token: session.hashToken
|
2019-11-24 21:23:01 +01:00
|
|
|
});
|
2019-11-16 23:20:04 +01:00
|
|
|
} else {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.REQUEST_LAME,
|
2019-11-25 22:58:34 +01:00
|
|
|
message: 'Need to see some id, champ.'
|
2019-11-16 23:20:04 +01:00
|
|
|
});
|
|
|
|
}
|
|
|
|
});
|
2019-10-12 01:10:55 +02:00
|
|
|
});
|
|
|
|
|
2020-06-21 03:13:23 +02:00
|
|
|
/**
|
|
|
|
* Initial Site Setup
|
|
|
|
*/
|
|
|
|
router.post('/init', function (req, res) {
|
|
|
|
let body = req.body;
|
|
|
|
let re = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
|
|
|
|
// check email
|
|
|
|
if (!re.test(body.new_member_email)) {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_INIT_LAME,
|
|
|
|
message: 'Need a valid email address'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
//check handle is being passed
|
|
|
|
if (body.new_member_handle === null || body.new_member_handle === '') {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_INIT_LAME,
|
|
|
|
message: 'No handle. Kinda need that.'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
// check password match
|
|
|
|
if (
|
|
|
|
body.new_member_pass !== body.new_member_pass2 ||
|
|
|
|
body.new_member_pass === '' ||
|
|
|
|
body.new_member_pass2 === ''
|
|
|
|
) {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_INIT_LAME,
|
|
|
|
message: 'Passwords do not match.'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
if (body.new_member_title === null || body.new_member_title === '') {
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_INIT_LAME,
|
|
|
|
message: 'No title. Gotta call it something.'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
let key = crypto
|
|
|
|
.createHash('sha256')
|
|
|
|
.update(body.new_member_pass + secret_key)
|
|
|
|
.digest('hex');
|
|
|
|
|
|
|
|
// set up config files
|
|
|
|
fs.readJson('site/init/settings-template.json').then(fresh => {
|
|
|
|
fresh.global.title = body.new_member_title;
|
|
|
|
fs.writeJSON('site/settings.json', fresh);
|
|
|
|
});
|
|
|
|
|
|
|
|
fs.readJson('site/init/folks-template.json').then(folks => {
|
|
|
|
folks[0].id = 1;
|
|
|
|
folks[0].handle = body.new_member_handle;
|
|
|
|
folks[0].email = body.new_member_email;
|
|
|
|
folks[0].password = bcrypt.hashSync(body.new_member_pass, bcrypt.genSaltSync(10), null);
|
|
|
|
folks[0].key = key;
|
|
|
|
folks[0].role = 'hnic';
|
|
|
|
folks[0].created = moment(Date.now()).format();
|
|
|
|
folks[0].updated = moment(Date.now()).format();
|
|
|
|
fs.writeJSON('site/folks.json', folks);
|
|
|
|
});
|
|
|
|
|
|
|
|
fs.writeJson('site/tags.json', { tags: [] });
|
|
|
|
|
|
|
|
res.json({
|
|
|
|
type: DataEvent.API_INIT_GOOD,
|
|
|
|
message: 'All Set Up'
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-10-12 01:10:55 +02:00
|
|
|
//router.post('/logout', function(req, res) {});
|
|
|
|
module.exports = router;
|
|
|
|
|
|
|
|
function isValidPassword(user, password) {
|
2020-06-10 01:55:24 +02:00
|
|
|
return bcrypt.compareSync(password, user.password);
|
2019-10-12 01:10:55 +02:00
|
|
|
}
|
2019-12-03 02:59:04 +01:00
|
|
|
|
|
|
|
function hashToken(token) {
|
2020-06-10 01:55:24 +02:00
|
|
|
return bcrypt.hashSync(token, bcrypt.genSaltSync(10), null);
|
2019-12-03 02:59:04 +01:00
|
|
|
}
|