112 lines
3 KiB
JavaScript
112 lines
3 KiB
JavaScript
let express = require("express");
|
|
let morgan = require("morgan");
|
|
let cookieParser = require("cookie-parser");
|
|
let bodyParser = require('body-parser');
|
|
let session = require("express-session");
|
|
let fs = require("fs");
|
|
let passwordHash = require('password-hash');
|
|
let multer = require("multer");
|
|
let crypto = require("crypto");
|
|
let path = require("path");
|
|
|
|
let app = express();
|
|
let storage = multer.diskStorage({
|
|
destination: './images/',
|
|
filename: function (req, file, cb) {
|
|
crypto.pseudoRandomBytes(16, function (err, raw) {
|
|
if (err) return cb(err)
|
|
cb(null, raw.toString('hex') + path.extname(file.originalname))
|
|
})
|
|
}}
|
|
);
|
|
let upload = multer({storage: storage});
|
|
|
|
if (!fs.existsSync("users.json")) {
|
|
fs.writeFileSync("users.json", "{}");
|
|
console.log("Register first user");
|
|
addUser();
|
|
} else if (Object.keys(JSON.parse(fs.readFileSync("users.json"))).length === 0) {
|
|
console.log("No user found, adding a new one");
|
|
addUser();
|
|
}
|
|
|
|
async function addUser() {
|
|
let rl = require("readline").createInterface({input: process.stdin, output: process.stdout, terminal: false});
|
|
let username;
|
|
let password;
|
|
file = JSON.parse(fs.readFileSync("users.json"));
|
|
do {
|
|
username = await new Promise(resolve => rl.question("Username: ", resolve));
|
|
} while (username in file || ["", null].indexOf(username) >= 0);
|
|
password = passwordHash.generate(await new Promise(resolve => rl.question("Password: ", resolve)));
|
|
file[username] = password;
|
|
fs.writeFileSync("users.json", JSON.stringify(file));
|
|
}
|
|
|
|
|
|
function isAuth(req, res, next) {
|
|
if (req.session.login) {
|
|
next();
|
|
} else {
|
|
res.redirect("/login");
|
|
}
|
|
}
|
|
|
|
|
|
app.use(morgan("dev"))
|
|
.use(express.static("public"))
|
|
.use(bodyParser.urlencoded({ extended: true }))
|
|
.use(cookieParser(process.env.SECRET))
|
|
.use(session({
|
|
secret: process.env.SECRET,
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
cookie: { secure: "auto" }
|
|
}))
|
|
.set("trust proxy", 1)
|
|
.set("view engine", "pug")
|
|
.get("/", isAuth, (req, res) => {
|
|
res.render("index");
|
|
})
|
|
.post("/upload", isAuth, upload.single("image"), (req, res) => {
|
|
res.redirect("/images/" + req.file.filename);
|
|
})
|
|
.get("/login", (req, res) => {
|
|
let fail = false;
|
|
if ("fail" in req.query) {
|
|
fail = true;
|
|
}
|
|
res.render("login", {title: "login", fail: fail});
|
|
})
|
|
.post("/login", (req, res) => {
|
|
if ("username" in req.body && "password" in req.body) {
|
|
file = JSON.parse(fs.readFileSync("users.json"));
|
|
if (req.body.username in file && passwordHash.verify(req.body.password, file[req.body.username])) {
|
|
req.session.login = true;
|
|
req.session.save();
|
|
res.redirect("/");
|
|
} else {
|
|
res.redirect("/login?fail");
|
|
}
|
|
} else {
|
|
res.redirect("/login?fail");
|
|
}
|
|
})
|
|
.get("/images/:name", (req, res, next) => {
|
|
if ("name" in req.params && fs.existsSync("./images/"+req.params.name)) {
|
|
res.sendfile("./images/"+req.params.name);
|
|
} else {
|
|
next();
|
|
}
|
|
})
|
|
.use((req, res) => {
|
|
res.status(404);
|
|
res.render("404", {url: req.path});
|
|
})
|
|
.use((err, req, res, next) => {
|
|
console.error(err.stack);
|
|
res.status(500);
|
|
res.render("error");
|
|
})
|
|
.listen(8080);
|
|
|