Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var express = require('express');
- var Client = require('mysql').Client;
- var client = new Client();
- var RedisStore = require('connect-redis');
- var crypto = require('crypto');
- var fs = require('fs');
- var winston = require('winston');
- //Load configuration settings from external file.
- var config = require('./conf/conf.js');
- //mySQL user and server info
- client.user = config.db.user;
- client.password = config.db.password;
- client.host = config.db.host;
- client.port = config.db.port;
- function requiresLogin(req, res, next) {
- if (req.session.user) {
- next();
- } else {
- res.send(403);
- }
- };
- function requiresAdmin(req, res, next) {
- if (req.session.level >= 20) {
- logger.info('User is an admin');
- next();
- } else {
- logger.info('Sending a 403');
- logger.info(req.session);
- res.send(403);
- }
- };
- function authenticate(login, password, callback) {
- var cipher = crypto.createCipher('blowfish', password);
- var pass = cipher.final('base64');
- var values = [login, pass];
- client.query("SELECT * FROM login WHERE login = ? AND password = ?", values,
- function(error, results) {
- if(error) {
- logger.error(error)
- } else {
- var user = results[0];
- if (!user) {
- callback(null);
- return;
- } else {
- callback(user);
- return;
- }
- }
- });
- };
- app.get('/logout', function(req, res) {
- req.session.destroy();
- res.redirect('/login');
- });
- app.post('/newuser', requiresAdmin, function(req, res) {
- var cipher = crypto.createCipher('blowfish', req.body.password);
- var pass = cipher.final('base64');
- var values = [req.body.login, pass, req.body.community, req.body.userlevel];
- client.query("INSERT INTO login SET login = ?, password = ?, comm = ?, level = ?", values,
- function(error, results) {
- if(error) {
- logger.error(error);
- res.send('Fail! Error was: ' + error.message);
- } else {
- logger.info('New user added');
- res.send('User created successfully.');
- }
- });
- });
- app.get('/newuser', requiresAdmin, function(req, res) {
- res.sendfile('newuser.html');
- });
- app.post('/changepass', requiresLogin, function(req, res) {
- if ( req.body.newpass.length < 8 ) {
- logger.info('Short password recieved');
- res.send('fault');
- } else if ( req.body.newpass.search(/[0-9]/) === -1 && req.body.newpass.search(/[.:,;\-$%_=!?]/) === -1 ) {
- logger.info('Weak password recieved');
- res.send('fault');
- } else {
- var cipher = crypto.createCipher('blowfish', req.body.oldpass);
- var pass = cipher.final('base64');
- var login = req.session.user;
- var values = [login, pass];
- client.query("SELECT * FROM login WHERE login = ? AND password = ?", values,
- function(error, results) {
- if(error) {
- logger.error(error);
- res.send('fault');
- } else {
- if ( !results[0] ) {
- logger.info('Password match failed');
- res.send('fail');
- } else if (pass == results[0].password) {
- var cipher = crypto.createCipher('blowfish', req.body.newpass);
- var newpass = cipher.final('base64');
- var values = [newpass, req.session.user];
- client.query("UPDATE login SET password = ? WHERE login = ?", values,
- function(error, results) {
- if(error) {
- console.log(error);
- res.send('fault');
- } else {
- res.send('success');
- };
- });
- } else {
- logger.error('Something went wrong with the database while changing password')
- res.send('fault');
- }
- }
- });
- }
- });
- app.post('/auth', function(req, res) {
- authenticate(req.body.login, req.body.password, function(user) {
- if (user) {
- res.send('1');
- } else {
- req.send(403);
- }
- })
- });
- app.post('/login', function(req, res) {
- authenticate(req.body.login, req.body.password, function(user) {
- if (user) {
- req.session.user = user.login;
- req.session.community = user.comm;
- req.session.level = user.level;
- res.redirect('/');
- } else {
- res.send(403);
- }
- })
- });
- app.get('/login', function(req, res) {
- res.sendfile('login.html');
- })
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement