API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 25th, 2018
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 5.89 KB | None | 0 0
raw download clone embed print report
  1. "use strict";
  2.  
  3. const Hapi = require("hapi");
  4. const MySQL = require("mysql");
  5. const Joi = require("joi");
  6. const Bcrypt = require("bcrypt");
  7. const Inert = require("inert");
  8. const Vision = require("vision");
  9. const Path = require("path");
  10. const CookieAuth = require("hapi-auth-cookie");
  11.  
  12.  
  13.  
  14.  
  15. const db = MySQL.createConnection({
  16.      host: "localhost",
  17.      user: "root",
  18.      password: "root",
  19.      database: "user_db"
  20. });
  21.  
  22.  
  23. var server = new Hapi.Server();
  24.  
  25. server.connection({
  26.   host: 'localhost',
  27.   port: 3000
  28. });
  29. server.register(Inert);
  30. server.register(Vision);
  31.  
  32. // register plugins to server instance
  33. server.register(CookieAuth, function (err) {
  34.  
  35.   server.auth.strategy('session', 'cookie', {
  36.     password: "longpasswordbecauseidontgiveashit",
  37.     cookie: "session",
  38.     isSecure: false,
  39.     redirectTo: '/login',
  40.     appendNext: true,
  41.     validateFunc: (request, reply) => {
  42.       const user = reply.authUser;
  43.       console.log("cookie User: "+user.username);
  44.       return{valid: user !==undefined, credentials: user}
  45.     }
  46.   }) // your TODO: options -> there are required ones
  47.  
  48.   // start your server after plugin registration
  49.   server.start(function (err) {
  50.     console.log('info', 'Server running at: ' + server.info.uri)
  51.   })
  52.  
  53.  
  54.   server.route({
  55.       method: "GET",
  56.       path: "/",
  57.       handler: function (request, reply) {
  58.         return reply.view("home", {title: "hello"});
  59.  
  60.       }
  61.   });
  62.  
  63.  
  64.   server.route({
  65.     method: "GET",
  66.     path: "/restricted",
  67.     handler: function(request, reply){
  68.       reply.view("restricted", {
  69.         title: "restricted page title"
  70.       });
  71.     },
  72.     config: {
  73.       auth: {
  74.         strategy: "session",
  75.         mode: "try"
  76.       }
  77.     }
  78.   });
  79.  
  80.   server.route({
  81.     method: "GET",
  82.     path: "/ash",
  83.     handler: function(request, reply){
  84.       reply.view("restricted", {
  85.         title: "restricted page title"
  86.       });
  87.     }
  88.   });
  89.  
  90.   server.route({
  91.     method: "GET",
  92.     path: "/login",
  93.     handler: function(request, reply){
  94.       console.log("query parameters: ");
  95.       console.log(request.query.next);
  96.       reply.view("login",{
  97.         title: "login page"
  98.       });
  99.     }
  100.   });
  101.  
  102.  
  103.  
  104.  
  105.   server.route({
  106.     method: "POST",
  107.     path: "/login",
  108.     handler: async function(request, reply){
  109.       const inUser = request.payload.username;
  110.       const inPwd = request.payload.password;
  111.       var authUser = {
  112.         username: inUser
  113.       }
  114.       var allUsers = null;
  115.       var pwdHash;
  116.       if(!inUser=='vikas' && !inPwd=='vikas')
  117.       {
  118.           return reply.view(login);
  119.       }
  120.       request.cookieAuth.set({ authUser });
  121.       return reply.redirect("/restricted");
  122.  
  123.       /*db.query(
  124.         "SELECT username FROM users;",
  125.         function(err, result, fields){
  126.           if(err) throw err;
  127.           allUsers = result;
  128.           var user = null;
  129.           for (var i=0; i< allUsers.length; i++)
  130.           {
  131.             const storeUser = allUsers[i];
  132.             if(inUser === storeUser.username)
  133.             {
  134.  
  135.               user = storeUser;
  136.               break;
  137.             }
  138.           }
  139.           if(user){
  140.             console.log("User found: "+user.username);
  141.             console.log("now checking its password");
  142.             var usr = user.username;
  143.             var queryString = "SELECT password FROM users where username='"+usr+"';"
  144.             console.log("query: "+queryString);
  145.             db.query(
  146.               queryString,
  147.               function(err, result, fields){
  148.                 pwdHash = result[0].password;
  149.                 //return reply(pwdHash);
  150.                 console.log("user: "+usr);
  151.                 console.log("pwdHash: "+pwdHash);
  152.                 console.log("inPwd: "+inPwd);
  153.                 Bcrypt.compare(inPwd, pwdHash, function(err, res){
  154.                   if(res)
  155.                   {
  156.                     console.log("user: "+usr+" authenticated");
  157.                     request.cookieAuth.set({user: usr});
  158.                     console.log(request.query);
  159.                     return reply.redirect(request.query.next, {user: 'vikas'});
  160.                   }
  161.                   else {
  162.                     return reply.redirect("/login");
  163.                   }
  164.                 });
  165.               }
  166.             );
  167.  
  168.  
  169.           }
  170.         }
  171.  
  172.       );*/
  173.  
  174.  
  175.  
  176.     }
  177.  
  178.   });
  179.  
  180.   server.route({
  181.     method: "GET",
  182.     path: "/logout",
  183.     handler: function(request, reply){
  184.       request.cookieAuth.clear();
  185.       return reply.redirect("/");
  186.  
  187.     }
  188.   });
  189.  
  190.  
  191.   // Get users list
  192.   server.route({
  193.       method: "GET",
  194.       path: "/allUsers",
  195.  
  196.       handler: function (request, reply) {
  197.          db.query("SELECT user_id, username, email FROM users;",
  198.          function (error, results, fields) {
  199.          if (error) throw error;
  200.          console.log("showing all users");
  201.          reply(results);
  202.       });
  203.     }
  204.   });
  205.  
  206.   server.route({
  207.       method: "POST",
  208.       path: "/signup",
  209.       handler: function (request, reply) {
  210.       console.log("signing up new");
  211.       reply("signing up");
  212.       const username = request.payload.username;
  213.       const email = request.payload.email;
  214.       const password = request.payload.password;
  215.  
  216.       //Encryption
  217.       var salt = Bcrypt.genSaltSync();
  218.       var encryptedPassword = Bcrypt.hashSync(password, salt);
  219.  
  220.       //Decrypt
  221.       var orgPassword = Bcrypt.compareSync(password, encryptedPassword);
  222.  
  223.       db.query('SELECT uid, username, email FROM users WHERE uid = "' + uid + '"',
  224.       function (error, results, fields) {
  225.           if (error) throw error;
  226.  
  227.           reply(results);
  228.       });
  229.     },
  230.  
  231.  
  232.  
  233.   });
  234.  
  235.  
  236.   server.views({
  237.     relativeTo: Path.join(__dirname,"templates"),
  238.     engines: {
  239.       hbs: require("handlebars")
  240.     },
  241.     isCached: false,
  242.     context: (request) => {
  243.       return {
  244.         user: request.auth.credentials
  245.       };
  246.     }
  247.  
  248.   })
  249.  
  250.  
  251.  
  252.  
  253. });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!