diff --git a/app.js b/app.js index c6b7e7e..d5d7409 100644 --- a/app.js +++ b/app.js @@ -1,8 +1,10 @@ const createError = require("http-errors"); const express = require("express"); const path = require("path"); +const session = require("express-session"); const cookieParser = require("cookie-parser"); const logger = require("morgan"); +const config = require("./config/config.json"); const indexRouter = require("./routes/index"); const loginRouter = require("./routes/login") @@ -13,6 +15,18 @@ const serviceRouter = require("./routes/service") const stocksRouter = require("./routes/stocks") const app = express(); +const sess = { + key: "userSId", + secret: config.secret, + resave: false, + saveUninitialized: false, + cookie: {} +} + +if (app.get("env") === "production") { + app.set("trust proxy", 1); + sess.cookie.secure = true; +} // view engine setup app.set("views", path.join(__dirname, "views")); @@ -22,7 +36,13 @@ app.use(logger("dev")); app.use(express.json()); app.use(express.urlencoded({ extended: false })); app.use(cookieParser()); +app.use(session(sess)); app.use(express.static(path.join(__dirname, "public"))); +app.use((req, res, next) => { + if (req.cookies.userSId && !req.session.user) + res.clearCookie("userSId"); + next(); +}); app.use("/", indexRouter); app.use("/login", loginRouter); diff --git a/config/config_exemple.json b/config/config_exemple.json index b503d20..de52ac3 100644 --- a/config/config_exemple.json +++ b/config/config_exemple.json @@ -1,26 +1,11 @@ { - "development": { + "secret": "keyboard cat", + "database": { "username": "root", "password": null, "database": "database_development", "host": "127.0.0.1", "dialect": "mysql", "operatorsAliases": false - }, - "test": { - "username": "root", - "password": null, - "database": "database_test", - "host": "127.0.0.1", - "dialect": "mysql", - "operatorsAliases": false - }, - "production": { - "username": "root", - "password": null, - "database": "database_production", - "host": "127.0.0.1", - "dialect": "mysql", - "operatorsAliases": false } } diff --git a/models/index.js b/models/index.js index 7b55558..cbfd4d0 100644 --- a/models/index.js +++ b/models/index.js @@ -4,8 +4,7 @@ const fs = require("fs"); const path = require("path"); const Sequelize = require("sequelize"); const basename = path.basename(__filename); -const env = process.env.NODE_ENV || "development"; -const config = require(__dirname + "/../config/config.json")[env]; +const config = require(__dirname + "/../config/config.json").database; const db = {}; let sequelize; diff --git a/models/user.js b/models/user.js index eaa711a..42e2cab 100644 --- a/models/user.js +++ b/models/user.js @@ -10,7 +10,7 @@ module.exports = (sequelize, DataTypes) => { type: DataTypes.STRING, set(value) { if (value) - this.setDataValue("passwordHash", require("crypto").createHash("sha256").update(this.username + value).digest("utf-8")); + this.setDataValue("passwordHash", require("crypto").createHash("sha256").update(this.username + value).digest("base64")); } }, firstName: { diff --git a/package-lock.json b/package-lock.json index cb6bed7..56b33a5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -663,6 +663,33 @@ } } }, + "express-session": { + "version": "1.17.1", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.1.tgz", + "integrity": "sha512-UbHwgqjxQZJiWRTMyhvWGvjBQduGCSBDhhZXYenziMFjxst5rMV+aJZ6hKPHZnPyHGsrqRICxtX8jtEbm/z36Q==", + "requires": { + "cookie": "0.4.0", + "cookie-signature": "1.0.6", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-headers": "~1.0.2", + "parseurl": "~1.3.3", + "safe-buffer": "5.2.0", + "uid-safe": "~2.1.5" + }, + "dependencies": { + "depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" + }, + "safe-buffer": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", + "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==" + } + } + }, "ext": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/ext/-/ext-1.4.0.tgz", @@ -1430,6 +1457,11 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, + "random-bytes": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", + "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs=" + }, "range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", @@ -1878,6 +1910,14 @@ "integrity": "sha1-bgkk1r2mta/jSeOabWMoUKD4grc=", "optional": true }, + "uid-safe": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz", + "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==", + "requires": { + "random-bytes": "~1.0.0" + } + }, "umzug": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/umzug/-/umzug-2.3.0.tgz", diff --git a/package.json b/package.json index 7c1c3bf..5995010 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,7 @@ "cookie-parser": "~1.4.4", "debug": "~2.6.9", "express": "~4.16.1", + "express-session": "^1.17.1", "http-errors": "~1.6.3", "morgan": "~1.9.1", "pg": "^8.2.1", diff --git a/routes/commands.js b/routes/commands.js index 9d7feac..ec337ad 100644 --- a/routes/commands.js +++ b/routes/commands.js @@ -1,8 +1,9 @@ const express = require("express"); const router = express.Router(); +const middleware = require("./middleware"); /* GET home page. */ -router.get("/", function(req, res) { +router.get("/", middleware.sessionCheck, (req, res) => { res.render("commands", { title: "Kfet - Commands" }); }); diff --git a/routes/index.js b/routes/index.js index eeb4545..86a4653 100644 --- a/routes/index.js +++ b/routes/index.js @@ -1,8 +1,9 @@ const express = require("express"); const router = express.Router(); +const middleware = require("./middleware"); /* GET home page. */ -router.get("/", function(req, res) { +router.get("/", middleware.sessionCheck, (req, res) => { res.render("index", { title: "Kfet" }); }); diff --git a/routes/kitchen.js b/routes/kitchen.js index 14722db..7062fa9 100644 --- a/routes/kitchen.js +++ b/routes/kitchen.js @@ -1,8 +1,9 @@ const express = require("express"); const router = express.Router(); +const middleware = require("./middleware"); /* GET home page. */ -router.get("/", function(req, res) { +router.get("/", middleware.sessionCheck, (req, res) => { res.render("kitchen", { title: "Kfet - Kitchen" }); }); diff --git a/routes/login.js b/routes/login.js index d4f7c53..e503bd5 100644 --- a/routes/login.js +++ b/routes/login.js @@ -1,9 +1,26 @@ const express = require("express"); const router = express.Router(); +const models = require("../models"); /* GET home page. */ -router.get("/", function(req, res) { - res.render("login", { title: "Kfet - Login" }); -}); +router.get("/", async (req, res) => { + if (req.session.user && req.cookies.userSId) + res.redirect("/") + else + res.render("login", { title: "Kfet - Login" }); +}) + .post("/", async (req, res) => { + if (!req.body.username || !req.body.password) + res.redirect("/login"); + else { + let u = await models.User.findByPk(req.body.username); + if (!u || !u.passwordHash || require("crypto").createHash("sha256").update(u.username + req.body.password).digest("base64") !== u.passwordHash) + res.redirect("/login?err=true"); + else { + req.session.user = u; + res.redirect("/"); + } + } + }); module.exports = router; diff --git a/routes/logout.js b/routes/logout.js index 287627c..6f77067 100644 --- a/routes/logout.js +++ b/routes/logout.js @@ -2,8 +2,12 @@ const express = require("express"); const router = express.Router(); /* GET home page. */ -router.get("/", function(req, res) { - res.send("Ok"); +router.get("/", (req, res) => { + if (req.session.user && req.cookies.userSId) { + req.session.user = null; + res.clearCookie("userSId"); + } + res.redirect("/login"); }); module.exports = router; diff --git a/routes/middleware.js b/routes/middleware.js new file mode 100644 index 0000000..a550ed0 --- /dev/null +++ b/routes/middleware.js @@ -0,0 +1,8 @@ +function sessionCheck(req, res, next) { + if (!req.session.user || !req.cookies.userSId) + res.redirect("/login"); + else + next(); +} + +module.exports.sessionCheck = sessionCheck; \ No newline at end of file diff --git a/routes/service.js b/routes/service.js index 466564f..1dac879 100644 --- a/routes/service.js +++ b/routes/service.js @@ -1,8 +1,9 @@ const express = require("express"); const router = express.Router(); +const middleware = require("./middleware"); /* GET home page. */ -router.get("/", function(req, res) { +router.get("/", middleware.sessionCheck, (req, res) => { res.render("service", { title: "Kfet - Service" }); }); diff --git a/routes/stocks.js b/routes/stocks.js index ef80334..cdb959d 100644 --- a/routes/stocks.js +++ b/routes/stocks.js @@ -1,8 +1,9 @@ const express = require("express"); const router = express.Router(); +const middleware = require("./middleware"); /* GET home page. */ -router.get("/", function(req, res) { +router.get("/", middleware.sessionCheck, (req, res) => { res.render("stocks", { title: "Kfet - Stocks" }); }); diff --git a/views/login.pug b/views/login.pug index e48a62b..086177b 100644 --- a/views/login.pug +++ b/views/login.pug @@ -5,20 +5,21 @@ block content div.container-contact2 div.wrap-contact2 span.contact2-form-title Login - div.wrap-input2.validate-input(data-validate="Username is required") - input.input2(type="text" name="name") - span.focus-input2(data-placeholder="Username") - div.wrap-input2.validate-input(data-validate="Password invalid") - input.input2(type="password" name="password") - span.focus-input2(data-placeholder="Mot de passe") - div#fct - input#commi(type="radio" name="fct") - label(for="commi") Commi - input#pc(type="radio" name="fct") - label(for="pc") PC - input#guest(type="radio" name="fct") - label(for="guest") Guest - div.container-contact2-form-btn - div.wrap-contact2-form-btn - div.contact2-form-bgbtn - button.contact2-form-btn(type="submit") Login + form(action="/login" method="POST") + div.wrap-input2.validate-input(data-validate="Username is required") + input.input2(type="text" name="username") + span.focus-input2(data-placeholder="Username") + div.wrap-input2.validate-input(data-validate="Password invalid") + input.input2(type="password" name="password") + span.focus-input2(data-placeholder="Mot de passe") + div#fct + input#commi(type="radio" name="fct") + label(for="commi") Commi + input#pc(type="radio" name="fct") + label(for="pc") PC + input#guest(type="radio" name="fct") + label(for="guest") Guest + div.container-contact2-form-btn + div.wrap-contact2-form-btn + div.contact2-form-bgbtn + button.contact2-form-btn(type="submit") Login