/*! * OS.js - JavaScript Cloud/Web Desktop Platform * * Mysql Handler: Login

1. /*!
2. * OS.js - JavaScript Cloud/Web Desktop Platform
3. *
4. * Mysql Handler: Login screen and session/settings handling via database
5. * PLEASE NOTE THAT THIS AN EXAMPLE ONLY, AND SHOUD BE MODIFIED BEFORE USAGE
6. *
7. * Copyright (c) 2011-2016, Anders Evenrud <andersevenrud@gmail.com>
8. * All rights reserved.
9. *
10. * Redistribution and use in source and binary forms, with or without
11. * modification, are permitted provided that the following conditions are met:
12. *
13. * 1. Redistributions of source code must retain the above copyright notice, this
14. * list of conditions and the following disclaimer.
15. * 2. Redistributions in binary form must reproduce the above copyright notice,
16. * this list of conditions and the following disclaimer in the documentation
17. * and/or other materials provided with the distribution.
18. *
19. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22. * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
23. * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29. *
30. * @author Anders Evenrud <andersevenrud@gmail.com>
31. * @licence Simplified BSD License
32. */
33. (function(mysql, bcrypt) {
34. 'use strict';
35. var connection;
36.  
37. /////////////////////////////////////////////////////////////////////////////
38. // CONFIGURATION
39. /////////////////////////////////////////////////////////////////////////////
40.  
41. var MYSQL_CONFIG = {
42. host : 'localhost',
43. user : 'osjs',
44. password : 'osjs',
45. database : 'osjs'
46. };
47.  
48. /////////////////////////////////////////////////////////////////////////////
49. // USER SESSION ABSTRACTION
50. /////////////////////////////////////////////////////////////////////////////
51.  
52. var APIUser = function() {};
53. APIUser.login = function(login, request, response, callback, config, handler) {
54. console.log('APIUser::login()');
55.  
56. function complete(data) {
57. handler.onLogin(request, response, {
58. userData: {
59. id : data.id,
60. username : data.username,
61. name : data.name,
62. groups : data.groups
63. },
64. userSettings: data.settings
65. }, callback);
66. }
67.  
68. function invalid() {
69. callback('Invalid login credentials');
70. }
71.  
72. function onerror(err) {
73. console.error(err.toString());
74. callback(err.toString());
75. return;
76. }
77.  
78. if ( !login ) {
79. invalid();
80. return;
81. }
82.  
83. function getUserInfo() {
84. var q = 'SELECT `id`, `username`, `name`, `groups`, `settings` FROM `osjs_users` WHERE `username` = ? LIMIT 1;';
85. var a = [login.username];
86.  
87. connection.query(q, a, function(err, rows, fields) {
88. if ( err ) {
89. onerror(err);
90. return;
91. }
92.  
93. if ( rows[0] ) {
94. var row = rows[0];
95. var settings = {};
96. var groups = [];
97.  
98. try {
99. settings = JSON.parse(row.settings);
100. } catch ( e ) {
101. console.log('failed to parse settings', e);
102. }
103.  
104. try {
105. groups = JSON.parse(row.groups);
106. } catch ( e ) {
107. console.log('failed to parse groups', e);
108. }
109.  
110. complete({
111. id: parseInt(row.id, 10),
112. username: row.username,
113. name: row.name,
114. groups: groups,
115. settings: settings
116. });
117. return;
118. }
119. invalid();
120. });
121. }
122.  
123. var q = 'SELECT `password` FROM `osjs_users` WHERE `username` = ? LIMIT 1;';
124. var a = [login.username];
125.  
126. connection.query(q, a, function(err, rows, fields) {
127. if ( err ) {
128. onerror(err);
129. return;
130. }
131.  
132. if ( rows[0] ) {
133. var row = rows[0];
134. var hash = row.password.replace(/^\$2y(.+)$/i, '\$2a$1');
135. bcrypt.compare(login.password, hash, function(err, res) {
136. if ( err ) {
137. onerror(err);
138. } else {
139. if ( res === true ) {
140. getUserInfo();
141. } else {
142. invalid();
143. }
144. }
145. });
146. return;
147. }
148.  
149. invalid();
150. });
151. };
152.  
153. APIUser.updateSettings = function(settings, request, response, callback) {
154. var uname = request.cookies.get('username');
155.  
156. var q = 'UPDATE `users` SET `settings` = ? WHERE `username` = ?;';
157. var a = [JSON.stringify(settings), uname];
158.  
159. connection.query(q, a, function(err, rows, fields) {
160. if ( err ) {
161. onerror(err);
162. return;
163. }
164.  
165. callback(false, true);
166. });
167. };
168.  
169. /////////////////////////////////////////////////////////////////////////////
170. // API
171. /////////////////////////////////////////////////////////////////////////////
172.  
173. var API = {
174. login: function(args, callback, request, response, config, handler) {
175. APIUser.login(args, request, response, function(error, result) {
176. if ( error ) {
177. callback(error);
178. return;
179. }
180.  
181. handler.onLogin(request, response, result, function() {
182. callback(false, result);
183. });
184. }, config, handler);
185. },
186.  
187. logout: function(args, callback, request, response, config, handler) {
188. handler.onLogout(request, response, callback);
189. },
190.  
191. settings: function(args, callback, request, response, config, handler) {
192. APIUser.updateSettings(args.settings, request, response, callback);
193. }
194. };
195.  
196. /////////////////////////////////////////////////////////////////////////////
197. // EXPORTS
198. /////////////////////////////////////////////////////////////////////////////
199.  
200. /**
201. * @api handler.MysqlHandler
202. * @see handler.Handler
203. * @class
204. */
205. exports.register = function(instance, DefaultHandler) {
206. function MysqlHandler() {
207. DefaultHandler.call(this, instance, API);
208. }
209.  
210. MysqlHandler.prototype = Object.create(DefaultHandler.prototype);
211. MysqlHandler.constructor = DefaultHandler;
212.  
213. MysqlHandler.prototype.onServerStart = function(cb) {
214. if ( !connection ) {
215. connection = mysql.createConnection(this.instance.config.handlers.mysql.connection);
216. connection.connect(function() {
217. cb();
218. });
219. } else {
220. cb();
221. }
222. };
223.  
224. MysqlHandler.prototype.onServerEnd = function(cb) {
225. if ( connection ) {
226. connection.end();
227. }
228. cb();
229. };
230.  
231. MysqlHandler.prototype._checkHasVFSPrivilege = function (request, response, method, args, callback) {
232. var self = this;
233. DefaultHandler.prototype._checkHasVFSPrivilege.call(request, response, method, args, function (err) {
234. if (err) {
235. callback(err);
236. return;
237. }
238.  
239. //var mount = self.instance.vfs.getRealPath(args.path || args.src, this.instance.config, request);
240. //var mountPointName = mount.protocol.replace(/\:\/\/$/, ''); // ex: "home" if path was home:///something/or/other
241.  
242. console.log('MYSQL HANDER -------------- START');
243.  
244. console.log(request);
245. console.log(method);
246. console.log(args);
247.  
248. console.log('MYSQL HANDER -------------- END');
249.  
250. //checkMyMountpointAgainstMysql(mountPointName, self.getUserName(request, response), function (err) {
251. // callback('You don`\'t have permission to view this mount or something', !!err);
252. //});
253.  
254. });
255.  
256. };
257.  
258. return new MysqlHandler();
259. };
260.  
261. })(require('mysql'), require('bcryptjs'));