Advertisement
Guest User

Rough login system with express and nodejs

a guest
Jun 15th, 2011
1,005
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.97 KB | None | 0 0
  1. var express = require('express');
  2. var Client = require('mysql').Client;
  3. var client = new Client();
  4. var RedisStore = require('connect-redis');
  5. var crypto = require('crypto');
  6. var fs = require('fs');
  7. var winston = require('winston');
  8.  
  9. //Load configuration settings from external file.
  10. var config = require('./conf/conf.js');
  11.  
  12. //mySQL user and server info
  13. client.user = config.db.user;
  14. client.password = config.db.password;
  15. client.host = config.db.host;
  16. client.port = config.db.port;
  17.  
  18. function requiresLogin(req, res, next) {
  19. if (req.session.user) {
  20. next();
  21. } else {
  22. res.send(403);
  23. }
  24. };
  25.  
  26. function requiresAdmin(req, res, next) {
  27. if (req.session.level >= 20) {
  28. logger.info('User is an admin');
  29. next();
  30. } else {
  31. logger.info('Sending a 403');
  32. logger.info(req.session);
  33. res.send(403);
  34. }
  35. };
  36.  
  37. function authenticate(login, password, callback) {
  38. var cipher = crypto.createCipher('blowfish', password);
  39. var pass = cipher.final('base64');
  40. var values = [login, pass];
  41. client.query("SELECT * FROM login WHERE login = ? AND password = ?", values,
  42. function(error, results) {
  43. if(error) {
  44. logger.error(error)
  45. } else {
  46. var user = results[0];
  47. if (!user) {
  48. callback(null);
  49. return;
  50. } else {
  51. callback(user);
  52. return;
  53. }
  54. }
  55. });
  56. };
  57.  
  58. app.get('/logout', function(req, res) {
  59. req.session.destroy();
  60. res.redirect('/login');
  61. });
  62.  
  63. app.post('/newuser', requiresAdmin, function(req, res) {
  64. var cipher = crypto.createCipher('blowfish', req.body.password);
  65. var pass = cipher.final('base64');
  66. var values = [req.body.login, pass, req.body.community, req.body.userlevel];
  67. client.query("INSERT INTO login SET login = ?, password = ?, comm = ?, level = ?", values,
  68. function(error, results) {
  69. if(error) {
  70. logger.error(error);
  71. res.send('Fail! Error was: ' + error.message);
  72. } else {
  73. logger.info('New user added');
  74. res.send('User created successfully.');
  75. }
  76. });
  77. });
  78.  
  79. app.get('/newuser', requiresAdmin, function(req, res) {
  80. res.sendfile('newuser.html');
  81. });
  82.  
  83. app.post('/changepass', requiresLogin, function(req, res) {
  84. if ( req.body.newpass.length < 8 ) {
  85. logger.info('Short password recieved');
  86. res.send('fault');
  87. } else if ( req.body.newpass.search(/[0-9]/) === -1 && req.body.newpass.search(/[.:,;\-$%_=!?]/) === -1 ) {
  88. logger.info('Weak password recieved');
  89. res.send('fault');
  90. } else {
  91. var cipher = crypto.createCipher('blowfish', req.body.oldpass);
  92. var pass = cipher.final('base64');
  93. var login = req.session.user;
  94. var values = [login, pass];
  95. client.query("SELECT * FROM login WHERE login = ? AND password = ?", values,
  96. function(error, results) {
  97. if(error) {
  98. logger.error(error);
  99. res.send('fault');
  100. } else {
  101. if ( !results[0] ) {
  102. logger.info('Password match failed');
  103. res.send('fail');
  104. } else if (pass == results[0].password) {
  105. var cipher = crypto.createCipher('blowfish', req.body.newpass);
  106. var newpass = cipher.final('base64');
  107. var values = [newpass, req.session.user];
  108. client.query("UPDATE login SET password = ? WHERE login = ?", values,
  109. function(error, results) {
  110. if(error) {
  111. console.log(error);
  112. res.send('fault');
  113. } else {
  114. res.send('success');
  115. };
  116. });
  117. } else {
  118. logger.error('Something went wrong with the database while changing password')
  119. res.send('fault');
  120. }
  121. }
  122. });
  123. }
  124. });
  125.  
  126. app.post('/auth', function(req, res) {
  127. authenticate(req.body.login, req.body.password, function(user) {
  128. if (user) {
  129. res.send('1');
  130. } else {
  131. req.send(403);
  132. }
  133. })
  134. });
  135.  
  136. app.post('/login', function(req, res) {
  137. authenticate(req.body.login, req.body.password, function(user) {
  138. if (user) {
  139. req.session.user = user.login;
  140. req.session.community = user.comm;
  141. req.session.level = user.level;
  142. res.redirect('/');
  143. } else {
  144. res.send(403);
  145. }
  146. })
  147. });
  148.  
  149. app.get('/login', function(req, res) {
  150. res.sendfile('login.html');
  151. })
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement