Setup login/logout system

2020-05-30 23:01:50 +02:00 · 2020-05-30 23:01:50 +02:00 · 1385f6659e
parent bad1e38760
commit 1385f6659e
15 changed files with 127 additions and 47 deletions
--- a/app.js
+++ b/app.js
@ -1,8 +1,10 @@
 const createError = require("http-errors");
 const express = require("express");
 const path = require("path");
+const session = require("express-session");
 const cookieParser = require("cookie-parser");
 const logger = require("morgan");
+const config = require("./config/config.json");

 const indexRouter = require("./routes/index");
 const loginRouter = require("./routes/login")
@ -13,6 +15,18 @@ const serviceRouter = require("./routes/service")
 const stocksRouter = require("./routes/stocks")

 const app = express();
+const sess = {
+  key: "userSId",
+  secret: config.secret,
+  resave: false,
+  saveUninitialized: false,
+  cookie: {}
+}
+
+if (app.get("env") === "production") {
+  app.set("trust proxy", 1);
+  sess.cookie.secure = true;
+}

 // view engine setup
 app.set("views", path.join(__dirname, "views"));
@ -22,7 +36,13 @@ app.use(logger("dev"));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
 app.use(cookieParser());
+app.use(session(sess));
 app.use(express.static(path.join(__dirname, "public")));
+app.use((req, res, next) => {
+  if (req.cookies.userSId && !req.session.user)
+    res.clearCookie("userSId");
+  next();
+});

 app.use("/", indexRouter);
 app.use("/login", loginRouter);
--- a/config/config_exemple.json
+++ b/config/config_exemple.json
@ -1,26 +1,11 @@
 {
-  "development": {
+  "secret": "keyboard cat",
+  "database": {
    "username": "root",
    "password": null,
    "database": "database_development",
    "host": "127.0.0.1",
    "dialect": "mysql",
    "operatorsAliases": false
-  },
-  "test": {
-    "username": "root",
-    "password": null,
-    "database": "database_test",
-    "host": "127.0.0.1",
-    "dialect": "mysql",
-    "operatorsAliases": false
-  },
-  "production": {
-    "username": "root",
-    "password": null,
-    "database": "database_production",
-    "host": "127.0.0.1",
-    "dialect": "mysql",
-    "operatorsAliases": false
  }
 }
--- a/models/index.js
+++ b/models/index.js
@ -4,8 +4,7 @@ const fs = require("fs");
 const path = require("path");
 const Sequelize = require("sequelize");
 const basename = path.basename(__filename);
-const env = process.env.NODE_ENV || "development";
-const config = require(__dirname + "/../config/config.json")[env];
+const config = require(__dirname + "/../config/config.json").database;
 const db = {};

 let sequelize;
--- a/models/user.js
+++ b/models/user.js
@ -10,7 +10,7 @@ module.exports = (sequelize, DataTypes) => {
      type: DataTypes.STRING,
      set(value) {
        if (value)
-          this.setDataValue("passwordHash", require("crypto").createHash("sha256").update(this.username + value).digest("utf-8"));
+          this.setDataValue("passwordHash", require("crypto").createHash("sha256").update(this.username + value).digest("base64"));
      }
    },
    firstName: {
--- a/package-lock.json
+++ b/package-lock.json
@ -663,6 +663,33 @@
        }
      }
    },
+    "express-session": {
+      "version": "1.17.1",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.1.tgz",
+      "integrity": "sha512-UbHwgqjxQZJiWRTMyhvWGvjBQduGCSBDhhZXYenziMFjxst5rMV+aJZ6hKPHZnPyHGsrqRICxtX8jtEbm/z36Q==",
+      "requires": {
+        "cookie": "0.4.0",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.0.2",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "5.2.0",
+        "uid-safe": "~2.1.5"
+      },
+      "dependencies": {
+        "depd": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
+        },
+        "safe-buffer": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz",
+          "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg=="
+        }
+      }
+    },
    "ext": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/ext/-/ext-1.4.0.tgz",
@ -1430,6 +1457,11 @@
      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="
    },
+    "random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs="
+    },
    "range-parser": {
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@ -1878,6 +1910,14 @@
      "integrity": "sha1-bgkk1r2mta/jSeOabWMoUKD4grc=",
      "optional": true
    },
+    "uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "requires": {
+        "random-bytes": "~1.0.0"
+      }
+    },
    "umzug": {
      "version": "2.3.0",
      "resolved": "https://registry.npmjs.org/umzug/-/umzug-2.3.0.tgz",
--- a/package.json
+++ b/package.json
@ -9,6 +9,7 @@
    "cookie-parser": "~1.4.4",
    "debug": "~2.6.9",
    "express": "~4.16.1",
+    "express-session": "^1.17.1",
    "http-errors": "~1.6.3",
    "morgan": "~1.9.1",
    "pg": "^8.2.1",
--- a/routes/commands.js
+++ b/routes/commands.js
@ -1,8 +1,9 @@
 const express = require("express");
 const router = express.Router();
+const middleware = require("./middleware");

 /* GET home page. */
-router.get("/", function(req, res) {
+router.get("/", middleware.sessionCheck, (req, res) => {
    res.render("commands", { title: "Kfet - Commands" });
 });

--- a/routes/index.js
+++ b/routes/index.js
@ -1,8 +1,9 @@
 const express = require("express");
 const router = express.Router();
+const middleware = require("./middleware");

 /* GET home page. */
-router.get("/", function(req, res) {
+router.get("/", middleware.sessionCheck, (req, res) => {
  res.render("index", { title: "Kfet" });
 });

--- a/routes/kitchen.js
+++ b/routes/kitchen.js
@ -1,8 +1,9 @@
 const express = require("express");
 const router = express.Router();
+const middleware = require("./middleware");

 /* GET home page. */
-router.get("/", function(req, res) {
+router.get("/", middleware.sessionCheck, (req, res) => {
    res.render("kitchen", { title: "Kfet - Kitchen" });
 });

--- a/routes/login.js
+++ b/routes/login.js
@ -1,9 +1,26 @@
 const express = require("express");
 const router = express.Router();
+const models = require("../models");

 /* GET home page. */
-router.get("/", function(req, res) {
-    res.render("login", { title: "Kfet - Login" });
-});
+router.get("/", async (req, res) => {
+    if (req.session.user && req.cookies.userSId)
+        res.redirect("/")
+    else
+        res.render("login", { title: "Kfet - Login" });
+})
+    .post("/", async (req, res) => {
+        if (!req.body.username || !req.body.password)
+            res.redirect("/login");
+        else {
+            let u = await models.User.findByPk(req.body.username);
+            if (!u || !u.passwordHash || require("crypto").createHash("sha256").update(u.username + req.body.password).digest("base64") !== u.passwordHash)
+                res.redirect("/login?err=true");
+            else {
+                req.session.user = u;
+                res.redirect("/");
+            }
+        }
+    });

 module.exports = router;
--- a/routes/logout.js
+++ b/routes/logout.js
@ -2,8 +2,12 @@ const express = require("express");
 const router = express.Router();

 /* GET home page. */
-router.get("/", function(req, res) {
-    res.send("Ok");
+router.get("/", (req, res) => {
+    if (req.session.user && req.cookies.userSId) {
+        req.session.user = null;
+        res.clearCookie("userSId");
+    }
+    res.redirect("/login");
 });

 module.exports = router;
--- a/routes/middleware.js
+++ b/routes/middleware.js
@ -0,0 +1,8 @@
+function sessionCheck(req, res, next) {
+    if (!req.session.user || !req.cookies.userSId)
+        res.redirect("/login");
+    else
+        next();
+}
+
+module.exports.sessionCheck = sessionCheck;
--- a/routes/service.js
+++ b/routes/service.js
@ -1,8 +1,9 @@
 const express = require("express");
 const router = express.Router();
+const middleware = require("./middleware");

 /* GET home page. */
-router.get("/", function(req, res) {
+router.get("/", middleware.sessionCheck, (req, res) => {
    res.render("service", { title: "Kfet - Service" });
 });

--- a/routes/stocks.js
+++ b/routes/stocks.js
@ -1,8 +1,9 @@
 const express = require("express");
 const router = express.Router();
+const middleware = require("./middleware");

 /* GET home page. */
-router.get("/", function(req, res) {
+router.get("/", middleware.sessionCheck, (req, res) => {
    res.render("stocks", { title: "Kfet - Stocks" });
 });

--- a/views/login.pug
+++ b/views/login.pug
@ -5,20 +5,21 @@ block content
        div.container-contact2
            div.wrap-contact2
                span.contact2-form-title Login
-                div.wrap-input2.validate-input(data-validate="Username is required")
-                    input.input2(type="text" name="name")
-                    span.focus-input2(data-placeholder="Username")
-                div.wrap-input2.validate-input(data-validate="Password invalid")
-                    input.input2(type="password" name="password")
-                    span.focus-input2(data-placeholder="Mot de passe")
-                div#fct
-                    input#commi(type="radio" name="fct")
-                    label(for="commi") Commi
-                    input#pc(type="radio" name="fct")
-                    label(for="pc") PC
-                    input#guest(type="radio" name="fct")
-                    label(for="guest") Guest
-                div.container-contact2-form-btn
-                    div.wrap-contact2-form-btn
-                        div.contact2-form-bgbtn
-                        button.contact2-form-btn(type="submit") Login
+                form(action="/login" method="POST")
+                    div.wrap-input2.validate-input(data-validate="Username is required")
+                        input.input2(type="text" name="username")
+                        span.focus-input2(data-placeholder="Username")
+                    div.wrap-input2.validate-input(data-validate="Password invalid")
+                        input.input2(type="password" name="password")
+                        span.focus-input2(data-placeholder="Mot de passe")
+                    div#fct
+                        input#commi(type="radio" name="fct")
+                        label(for="commi") Commi
+                        input#pc(type="radio" name="fct")
+                        label(for="pc") PC
+                        input#guest(type="radio" name="fct")
+                        label(for="guest") Guest
+                    div.container-contact2-form-btn
+                        div.wrap-contact2-form-btn
+                            div.contact2-form-bgbtn
+                            button.contact2-form-btn(type="submit") Login