const express = require('express'), cookieParser = require('cookie-pars

1. const
2. express = require('express'),
3. cookieParser = require('cookie-parser'),
4. randomBytes = require('random-bytes'),
5. bodyParser = require('body-parser'),
6.  
7. constants = require('./app/constants'),
8.  
9. app = express(),
10.  
11. PORT = 9090;
12.  
13. // middleware
14. // TODO: set middleware in app/middleware.js
15. app.use(cookieParser());
16. app.use(bodyParser.urlencoded({extended: false}));
17. app.use(bodyParser.json());
18. app.use(express.static('public'));
19.  
20. const SESSION_DATA = {};
21.  
22. // default route : check if a session is active
23. app.get('/', (req, res) => {
24.  
25. let session_id = req.cookies['session-id'];
26.  
27. if(session_id && SESSION_DATA[session_id]){
28. res.sendFile('public/form.html', { root: __dirname });
29. } else {
30. res.sendFile('public/login.html', { root: __dirname});
31. }
32.  
33. });
34.  
35. // handle user login and token generation
36. app.post('/login', (req, res) => {
37.  
38. let username = req.body.username;
39. let password = req.body.password;
40.  
41. // validate user input
42. if(username === undefined || username === ""){
43. res.status(400).json({ success:false, message: "Username undefined"});
44. return;
45. }
46.  
47. if(password === undefined || password === ""){
48. res.status(400).json({ success:false, message: "Password undefined"});
49. return;
50. }
51.  
52. if(username === constants.username && password === constants.password){
53.  
54. // generate session info
55. let session_id = Buffer.from(randomBytes.sync(32)).toString('base64');
56. let csrf_token = Buffer.from(randomBytes.sync(32)).toString('base64');
57.  
58. // saving session info
59. SESSION_DATA[session_id] = csrf_token;
60.  
61. res.setHeader('Set-Cookie', [`session-id=${session_id}`, `time=${Date.now()}`]);
62. res.sendFile('public/form.html', { root: __dirname });
63. }else {
64. res.status(405).json({ success:false, message:"Unauthorized user"});
65. res.redirect('/');
66. }
67. })
68.  
69. app.post('/posts', (req, res) => {
70.  
71. let session_id = req.cookies['session-id'];
72.  
73. // check if the token in the request is same as that is stored in the server
74. if(session_id && SESSION_DATA[session_id]){
75.  
76. if(SESSION_DATA[session_id] === req.body.csrf_token){
77. res.status(200).json({success:true});
78. } else {
79. res.status(400).json({ success:false });
80.  
81. }
82. } else {
83.  
84. res.sendFile('public/login.html', { root: __dirname });
85.  
86. }
87.  
88. });
89.  
90. // get token
91. app.get('/tokens', (req, res) => {
92.  
93. let session_id = req.cookies['session-id'];
94.  
95. console.log('cookies: ', req.cookies);
96.  
97. if(session_id && SESSION_DATA[session_id]){
98.  
99. res.status(200).json({ success:true, token: SESSION_DATA[session_id]});
100.  
101. } else {
102.  
103. res.status(400).json({ success:false, message: 'Token unavailable'});
104.  
105. }
106. })
107.  
108. // logout user from the application
109. app.post('/logout', (req, res) => {
110.  
111. let session_id = req.cookies['session-id'];
112. delete SESSION_DATA[session_id]; // remove csrf token from memory
113.  
114. req.clearCookie('session-id');
115. req.clearCookie('time');
116.  
117. res.sendFile('public/login.html', { root: __dirname });
118.  
119. });
120.  
121. app.listen(PORT, err => {
122. if(err){
123. console.log('ERROR: Could not start server on port ', PORT);
124. return;
125. }
126.  
127. console.log('SUCCESS: Started server on port ', PORT);
128.  
129. })