var express = require('express'); var Client = require('mysql').Client; var client = new Client(); var RedisStore = require('connect-redis'); var crypto = require('crypto'); var fs = require('fs'); var winston = require('winston'); //Load configuration settings from external file. var config = require('./conf/conf.js'); //mySQL user and server info client.user = config.db.user; client.password = config.db.password; client.host = config.db.host; client.port = config.db.port; function requiresLogin(req, res, next) { if (req.session.user) { next(); } else { res.send(403); } }; function requiresAdmin(req, res, next) { if (req.session.level >= 20) { logger.info('User is an admin'); next(); } else { logger.info('Sending a 403'); logger.info(req.session); res.send(403); } }; function authenticate(login, password, callback) { var cipher = crypto.createCipher('blowfish', password); var pass = cipher.final('base64'); var values = [login, pass]; client.query("SELECT * FROM login WHERE login = ? AND password = ?", values, function(error, results) { if(error) { logger.error(error) } else { var user = results[0]; if (!user) { callback(null); return; } else { callback(user); return; } } }); }; app.get('/logout', function(req, res) { req.session.destroy(); res.redirect('/login'); }); app.post('/newuser', requiresAdmin, function(req, res) { var cipher = crypto.createCipher('blowfish', req.body.password); var pass = cipher.final('base64'); var values = [req.body.login, pass, req.body.community, req.body.userlevel]; client.query("INSERT INTO login SET login = ?, password = ?, comm = ?, level = ?", values, function(error, results) { if(error) { logger.error(error); res.send('Fail! Error was: ' + error.message); } else { logger.info('New user added'); res.send('User created successfully.'); } }); }); app.get('/newuser', requiresAdmin, function(req, res) { res.sendfile('newuser.html'); }); app.post('/changepass', requiresLogin, function(req, res) { if ( req.body.newpass.length < 8 ) { logger.info('Short password recieved'); res.send('fault'); } else if ( req.body.newpass.search(/[0-9]/) === -1 && req.body.newpass.search(/[.:,;\-$%_=!?]/) === -1 ) { logger.info('Weak password recieved'); res.send('fault'); } else { var cipher = crypto.createCipher('blowfish', req.body.oldpass); var pass = cipher.final('base64'); var login = req.session.user; var values = [login, pass]; client.query("SELECT * FROM login WHERE login = ? AND password = ?", values, function(error, results) { if(error) { logger.error(error); res.send('fault'); } else { if ( !results[0] ) { logger.info('Password match failed'); res.send('fail'); } else if (pass == results[0].password) { var cipher = crypto.createCipher('blowfish', req.body.newpass); var newpass = cipher.final('base64'); var values = [newpass, req.session.user]; client.query("UPDATE login SET password = ? WHERE login = ?", values, function(error, results) { if(error) { console.log(error); res.send('fault'); } else { res.send('success'); }; }); } else { logger.error('Something went wrong with the database while changing password') res.send('fault'); } } }); } }); app.post('/auth', function(req, res) { authenticate(req.body.login, req.body.password, function(user) { if (user) { res.send('1'); } else { req.send(403); } }) }); app.post('/login', function(req, res) { authenticate(req.body.login, req.body.password, function(user) { if (user) { req.session.user = user.login; req.session.community = user.comm; req.session.level = user.level; res.redirect('/'); } else { res.send(403); } }) }); app.get('/login', function(req, res) { res.sendfile('login.html'); })