const argon2 = require('argon2')const crypto = require('crypto')const jwt = re

1. const argon2 = require('argon2')
2. const crypto = require('crypto')
3. const jwt = require('jsonwebtoken')
4. const sequelize = require('../models/db.js')
5. const {setAsync, getAsync} = require('../models/redis.js')
6. const User = require('../models/user.js')
7. const Player = require('../models/player.js')
8. const {jwtSecret} = require('../../keys.js')
9.  
10. async function register(user) {
11. // TODO not a terribly good password strength test
12. let passwordRequirements = new RegExp('(?=.*[A-Z])(?=.*[!@#$&*])(?=.*[0-9])(?=.*[a-z])')
13. if (!user.password) {
14. return {success: false, error: 'empty password'}
15. } else if (user.password.length < 10) {
16. return {success: false, error: 'password too short'}
17. } else if (user.password.length >= 128) {
18. return {success: false, error: 'password too long'}
19. } else if (!passwordRequirements.test(user.password)) {
20. return {success: false, error: 'weak password'}
21. }
22.  
23. let passwordHash = await argon2.hash(user.password)
24. try {
25. await User.create({
26. email: user.email,
27. passwordHash,
28. })
29. } catch (err) {
30. if (err instanceof sequelize.ValidationError) {
31. if (err.errors[0].type === 'unique violation') {
32. return {success: false, error: 'unique validation error'}
33. }
34.  
35. return {success: false, error: 'validation error'}
36. } else if (err instanceof sequelize.ForeignKeyConstraintError) {
37. // At the moment, I don't know how to trigger one of these
38. return {success: false, error: 'foreign key constrain error'}
39. }
40.  
41. console.error(err)
42. return {success: false, error: 'Unkown'}
43. }
44.  
45. return {success: true}
46. }
47.  
48. async function login(user) {
49. let {email, password} = user
50. let existingUser = await User.findOne({
51. where: {
52. email,
53. },
54. include: [Player],
55. })
56.  
57. if (!existingUser) {
58. return {success: false, error: 'invalid username or password'}
59. }
60.  
61. let isValidPassword = await argon2.verify(existingUser.passwordHash, password)
62. if (isValidPassword) {
63. const token = jwt.sign({
64. userId: existingUser.id,
65. exp: Math.floor(Date.now() / 1000) + (60 * 60), // Signin is valid for 1 hour
66. }, jwtSecret)
67. return {success: true, token, players: existingUser.players}
68. }
69.  
70. return {success: false, error: 'invalid username or password'}
71. }
72.  
73. async function authorize(token) {
74. let res = await getAsync(token)
75. if (res) {
76. return {success: true}
77. }
78.  
79. return {success: false}
80. }