2022-11-18 15:21:28 +01:00
|
|
|
const express = require('express');
|
|
|
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
|
var passport = require('passport');
|
|
|
|
|
const JwtStrategy = require('passport-jwt').Strategy;
|
|
|
|
|
|
|
|
|
|
const db = require('../db');
|
|
|
|
|
const { PRIV_KEY, PUB_KEY } = require('../config');
|
|
|
|
|
|
|
|
|
|
const router = express.Router();
|
|
|
|
|
|
|
|
|
|
router.get('/login', function (req, res, next) {
|
|
|
|
|
res.render('login');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
router.post('/login', async (req, res, next) => {
|
|
|
|
|
const { email, password } = req.body;
|
2022-11-18 18:01:30 +01:00
|
|
|
console.log("/login: " + JSON.stringify(req.body));
|
2022-11-18 15:21:28 +01:00
|
|
|
const r = await db.query('SELECT * FROM users WHERE email=$1', [email]);
|
|
|
|
|
if (r.rowCount < 1 || r.rows[0].password !== password) {
|
|
|
|
|
res.locals.errormsg = 'Wrong credentials';
|
2022-11-18 17:38:24 +01:00
|
|
|
console.log("login failed");
|
2022-11-18 15:21:28 +01:00
|
|
|
return res.status(403).render('login');
|
|
|
|
|
}
|
|
|
|
|
const token = jwt.sign({ email }, PRIV_KEY, { algorithm: 'RS256' });
|
|
|
|
|
|
2022-11-18 17:38:24 +01:00
|
|
|
console.log("Login success");
|
|
|
|
|
|
2022-11-18 15:21:28 +01:00
|
|
|
res.cookie('session', token);
|
|
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
router.get('/register', function (req, res, next) {
|
|
|
|
|
res.render('register');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
router.post('/register', async (req, res, next) => {
|
|
|
|
|
const { email, nickname, password } = req.body;
|
2022-11-18 18:01:30 +01:00
|
|
|
console.log("/register: " + JSON.stringify(req.body));
|
2022-11-18 15:21:28 +01:00
|
|
|
|
|
|
|
|
const reg = /^[\w\.@]{4,40}$/;
|
|
|
|
|
|
|
|
|
|
if (!reg.test(email) || !reg.test(nickname) || !reg.test(password)) {
|
|
|
|
|
res.locals.errormsg = 'Bad data';
|
|
|
|
|
return res.render('register');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const token = jwt.sign({ email }, PRIV_KEY, { algorithm: 'RS256' });
|
|
|
|
|
res.cookie('session', token);
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await db.query('INSERT INTO users (email, nickname, password, propic) VALUES ($1,$2,$3,\'/static/img/default.png\')', [email, nickname, password]);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
res.locals.errormsg = 'Email or nickname already used';
|
|
|
|
|
res.clearCookie('session');
|
2022-11-18 17:38:24 +01:00
|
|
|
console.log("register fail");
|
2022-11-18 15:21:28 +01:00
|
|
|
return res.render('register');
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-18 17:38:24 +01:00
|
|
|
console.log("register success");
|
|
|
|
|
|
2022-11-18 15:21:28 +01:00
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
router.get('/logout', function (req, res, next) {
|
|
|
|
|
res.clearCookie('session');
|
|
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const cookieExtractor = function (req) {
|
|
|
|
|
var token = null;
|
|
|
|
|
// console.log(req.cookies);
|
|
|
|
|
if (req && req.cookies) {
|
|
|
|
|
token = req.cookies['session'];
|
|
|
|
|
}
|
|
|
|
|
return token;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const opts = {};
|
|
|
|
|
opts.jwtFromRequest = cookieExtractor;
|
|
|
|
|
opts.secretOrKey = PUB_KEY;
|
2022-11-18 18:21:51 +01:00
|
|
|
opts.algorithms = ['RS256'];
|
2022-11-18 15:21:28 +01:00
|
|
|
//opts.issuer = 'localhost';
|
|
|
|
|
//opts.audience = 'localhost';
|
|
|
|
|
|
|
|
|
|
passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
|
|
|
|
|
if (!jwt_payload.email) {
|
|
|
|
|
return done('Error', false);
|
|
|
|
|
}
|
|
|
|
|
return done(null, { email: jwt_payload.email, nickname: jwt_payload.nickname });
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
router.use(passport.authenticate('jwt', { session: false, failureRedirect: '/login' }));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
module.exports = router;
|
