From 356f25ef3322a827055f83ab27f05a8c7455f716 Mon Sep 17 00:00:00 2001 From: flifloo Date: Sun, 26 Apr 2020 18:55:21 +0200 Subject: [PATCH] Add user login and setup extand pug template --- app.js | 58 ++++++++++++++++++++++++++++++++++++++++-------- package.json | 3 +++ views/index.pug | 13 +++++------ views/layout.pug | 11 +++++++++ views/login.pug | 12 ++++++++++ 5 files changed, 81 insertions(+), 16 deletions(-) create mode 100644 views/layout.pug create mode 100644 views/login.pug diff --git a/app.js b/app.js index 080754f..1fc5724 100644 --- a/app.js +++ b/app.js @@ -1,10 +1,12 @@ let express = require("express"); let morgan = require("morgan"); +let cookieParser = require("cookie-parser"); +let bodyParser = require('body-parser'); +let session = require("express-session"); let fs = require("fs"); -let rl = require("readline").createInterface({input: process.stdin, output: process.stdout, terminal: false}); let passwordHash = require('password-hash'); -let app = express(); +let app = express(); if (!fs.existsSync("users.json")) { fs.writeFileSync("users.json", "{}"); @@ -16,6 +18,7 @@ if (!fs.existsSync("users.json")) { } async function addUser() { + let rl = require("readline").createInterface({input: process.stdin, output: process.stdout, terminal: false}); let username; let password; file = JSON.parse(fs.readFileSync("users.json")); @@ -28,12 +31,49 @@ async function addUser() { } +function isAuth(req, res, next) { + if (req.session.login) { + next(); + } else { + res.redirect("/login"); + } +} + + app.use(morgan("dev")) -.use(express.static("public")) -.set("view engine", "pug") -.get("/", (req, res) => { - res.render("index"); -}); - -app.listen(8080) + .use(express.static("public")) + .use(bodyParser.urlencoded({ extended: true })) + .use(cookieParser()) + .use(session({ + secret: process.env.SECRET, + resave: false, + saveUninitialized: false, + cookie: { secure: "auto" } + })) + .set("trust proxy", 1) + .set("view engine", "pug") + .get("/", isAuth, (req, res) => { + res.render("index"); + }) + .get("/login", (req, res) => { + let fail = false; + if ("fail" in req.query) { + fail = true; + } + res.render("login", {title: "login", fail: fail}); + }).post("/login", (req, res) => { + if ("username" in req.body && "password" in req.body) { + file = JSON.parse(fs.readFileSync("users.json")); + if (req.body.username in file && passwordHash.verify(req.body.password, file[req.body.username])) { + req.session.login = true; + req.session.save(); + res.redirect("/"); + } else { + res.redirect("/login?fail"); + } + } else { + res.redirect("/login?fail"); + } + }) + .listen(8080); diff --git a/package.json b/package.json index c69201f..a06fe34 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,10 @@ "description": "A light web image uploader", "main": "app.js", "dependencies": { + "body-parser": "^1.19.0", + "cookie-parser": "^1.4.5", "express": "^4.17.1", + "express-session": "^1.17.1", "morgan": "^1.10.0", "password-hash": "^1.2.2", "pug": "^2.0.4" diff --git a/views/index.pug b/views/index.pug index 3845d54..4aee92c 100644 --- a/views/index.pug +++ b/views/index.pug @@ -1,8 +1,7 @@ -doctype html -html(lang="en") - head - meta(charset='utf-8') - title Image Node - body - h1 Image Node +extend layout +block content + h1 Image Node + form(method="POST", action="/upload", enctype="multipart/form-data") + input(type="file", name="image", accept="image/*") + button(type="submit") Upload diff --git a/views/layout.pug b/views/layout.pug new file mode 100644 index 0000000..74126d0 --- /dev/null +++ b/views/layout.pug @@ -0,0 +1,11 @@ +doctype html +html(lang="en") + head + meta(charset='utf-8') + if title + title Image Node - #{title} + else + title Image Node + body + block content + diff --git a/views/login.pug b/views/login.pug new file mode 100644 index 0000000..c8bf955 --- /dev/null +++ b/views/login.pug @@ -0,0 +1,12 @@ +extend layout +block content + h1 Login + if fail + h2 Invalid loggin ! + form(method="POST", action="/login") + label(for="username") Username: + input#username(type="text", name="username") + label(for="password") Password: + input#password(type="password", name="password") + button(type="submit") Login +