var express = require('express');
var Client = require('mysql').Client;
var client = new Client();
var RedisStore = require('connect-redis');
var crypto = require('crypto');
var fs = require('fs');
var winston = require('winston');
//Load configuration settings from external file.
var config = require('./conf/conf.js');
//mySQL user and server info
client.user = config.db.user;
client.password = config.db.password;
client.host = config.db.host;
client.port = config.db.port;
function requiresLogin(req, res, next) {
if (req.session.user) {
next();
} else {
res.send(403);
}
};
function requiresAdmin(req, res, next) {
if (req.session.level >= 20) {
logger.info('User is an admin');
next();
} else {
logger.info('Sending a 403');
logger.info(req.session);
res.send(403);
}
};
function authenticate(login, password, callback) {
var cipher = crypto.createCipher('blowfish', password);
var pass = cipher.final('base64');
var values = [login, pass];
client.query("SELECT * FROM login WHERE login = ? AND password = ?", values,
function(error, results) {
if(error) {
logger.error(error)
} else {
var user = results[0];
if (!user) {
callback(null);
return;
} else {
callback(user);
return;
}
}
});
};
app.get('/logout', function(req, res) {
req.session.destroy();
res.redirect('/login');
});
app.post('/newuser', requiresAdmin, function(req, res) {
var cipher = crypto.createCipher('blowfish', req.body.password);
var pass = cipher.final('base64');
var values = [req.body.login, pass, req.body.community, req.body.userlevel];
client.query("INSERT INTO login SET login = ?, password = ?, comm = ?, level = ?", values,
function(error, results) {
if(error) {
logger.error(error);
res.send('Fail! Error was: ' + error.message);
} else {
logger.info('New user added');
res.send('User created successfully.');
}
});
});
app.get('/newuser', requiresAdmin, function(req, res) {
res.sendfile('newuser.html');
});
app.post('/changepass', requiresLogin, function(req, res) {
if ( req.body.newpass.length < 8 ) {
logger.info('Short password recieved');
res.send('fault');
} else if ( req.body.newpass.search(/[0-9]/) === -1 && req.body.newpass.search(/[.:,;\-$%_=!?]/) === -1 ) {
logger.info('Weak password recieved');
res.send('fault');
} else {
var cipher = crypto.createCipher('blowfish', req.body.oldpass);
var pass = cipher.final('base64');
var login = req.session.user;
var values = [login, pass];
client.query("SELECT * FROM login WHERE login = ? AND password = ?", values,
function(error, results) {
if(error) {
logger.error(error);
res.send('fault');
} else {
if ( !results[0] ) {
logger.info('Password match failed');
res.send('fail');
} else if (pass == results[0].password) {
var cipher = crypto.createCipher('blowfish', req.body.newpass);
var newpass = cipher.final('base64');
var values = [newpass, req.session.user];
client.query("UPDATE login SET password = ? WHERE login = ?", values,
function(error, results) {
if(error) {
console.log(error);
res.send('fault');
} else {
res.send('success');
};
});
} else {
logger.error('Something went wrong with the database while changing password')
res.send('fault');
}
}
});
}
});
app.post('/auth', function(req, res) {
authenticate(req.body.login, req.body.password, function(user) {
if (user) {
res.send('1');
} else {
req.send(403);
}
})
});
app.post('/login', function(req, res) {
authenticate(req.body.login, req.body.password, function(user) {
if (user) {
req.session.user = user.login;
req.session.community = user.comm;
req.session.level = user.level;
res.redirect('/');
} else {
res.send(403);
}
})
});
app.get('/login', function(req, res) {
res.sendfile('login.html');
})