API tools faq
paste
Advertisement
Guest User

grsdgsdgdsgs

a guest
Mar 15th, 2017
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.71 KB | None | 0 0
raw download clone embed print report
  1. var mysql = require('mysql');
  2. var db_config = ({
  3. host : '35.156.58.36',
  4. user : 'evolveUser',
  5. password : 'CapOne5216',
  6. database : 'MobileAuth',
  7. dateStrings: true
  8. });
  9.  
  10. var express = require('express');
  11. var app = express();
  12. var fs = require("fs");
  13. var cors = require('cors');
  14. var bodyParser = require('body-parser');
  15. var crypto = require('crypto');
  16. var dateFormat = require('dateformat');
  17.  
  18. app.use(cors());
  19. app.use(bodyParser.json());
  20.  
  21. var conn;
  22. function handleDisconnect() {
  23. conn = mysql.createConnection(db_config);
  24.  
  25. conn.connect(function(err) { // The server is either down
  26. if(err) { // or restarting (takes a while sometimes).
  27. console.log('error when connecting to db:', err);
  28. setTimeout(handleDisconnect, 2000); // We introduce a delay before attempting to reconnect,
  29. } // to avoid a hot loop, and to allow our node script to
  30. }); // process asynchronous requests in the meantime.
  31. // If you're also serving http, display a 503 error.
  32. conn.on('error', function(err) {
  33. console.log('db error', err);
  34. if(err.code === 'PROTOCOL_CONNECTION_LOST') { // Connection to the MySQL server is usually
  35. handleDisconnect(); // lost due to either server restart, or a
  36. } else { // connnection idle timeout (the wait_timeout
  37. throw err; // server variable configures this)
  38. }
  39. });
  40. }
  41.  
  42. handleDisconnect();
  43.  
  44. var server = app.listen(8081, function () {
  45.  
  46. var host = server.address().address;
  47. var port = server.address().port;
  48.  
  49. console.log("MobileAuth server listening at http://%s:%s", host, port)
  50. });
  51.  
  52. app.get('/login/:email', function (req, res) {
  53. conn.query('SELECT * FROM User WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  54. if (err) throw err;
  55.  
  56. console.log("login request for: " + req.params.email);
  57.  
  58. if(rows.length==0) {
  59. return res.send('false');
  60. } else {
  61. // reset the login flag
  62. conn.query('UPDATE User SET loginFlag=0 WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  63. if (err) throw err;
  64. });
  65.  
  66. return res.send('true');
  67. }
  68. });
  69. });
  70.  
  71. app.get('/auth-wait/:email', function (req, res) {
  72. conn.query('SELECT loginFlag FROM User WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  73. if (err) throw err;
  74.  
  75. console.log("checking auth for: " + req.params.email);
  76.  
  77. if(rows.length!=0) {
  78. if(rows[0].loginFlag==1) {
  79. console.log(req.params.email + " logged in successfully");
  80.  
  81. // reset the login flag
  82. conn.query('UPDATE User SET loginFlag=0 WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  83. if (err) throw err;
  84. });
  85.  
  86. // tell them they're in
  87. return res.send('true');
  88. } else {
  89. return res.send('false');
  90. }
  91. }
  92. });
  93. });
  94.  
  95. app.post('/register', function(req, res) {
  96. // hash the password and pin
  97. var hashedPassword = crypto.createHash('sha256').update(req.body.password).digest('base64');
  98. var hashedPIN = crypto.createHash('sha256').update(req.body.pin).digest('base64');
  99.  
  100. // insert into the database
  101. conn.query('SELECT * FROM User WHERE email like ?', req.body.email, function(err, rows, fields) {
  102. // make sure no duplicate users exist
  103. if(rows.length==0) {
  104. conn.query('INSERT INTO User (email, password, firstname, lastname, mobilenum, pin) VALUES (?, ?, ?, ?, ?, ?);',
  105. [req.body.email, hashedPassword, req.body.fname, req.body.lname, req.body.mobileNum, hashedPIN], function(err, rows, fields) {
  106. if (err) throw err;
  107.  
  108. console.log("registered user: " + req.body.email);
  109. });
  110. }
  111. });
  112. });
  113.  
  114. // route to return first name
  115. app.get('/fname/:email', function (req, res) {
  116. conn.query('SELECT firstname FROM User WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  117. if (err) throw err;
  118.  
  119. if(rows.length!=0) {
  120. return res.send(rows[0].firstname);
  121. }
  122. });
  123. });
  124.  
  125. // route to return last login method where 0 = PIN and 1 = touch
  126. app.get('/last-method/:email', function (req, res) {
  127. conn.query('SELECT lastMethod FROM Stats WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  128. if (err) throw err;
  129.  
  130. if(rows.length!=0) {
  131. return res.send(String(rows[0].lastMethod));
  132. }
  133. });
  134. });
  135.  
  136. // route to return last login date
  137. app.get('/last-date/:email', function (req, res) {
  138. conn.query('SELECT lastDate FROM Stats WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  139. if (err) throw err;
  140.  
  141. if(rows.length!=0) {
  142. var t = rows[0].lastDate;
  143. t = t.split(/[- :]/);
  144.  
  145. var d = new Date(Date.UTC(t[0], t[1]-1, t[2], t[3], t[4], t[5]));
  146. d = dateFormat(d, "dddd mmm dS yyyy h:MMtt");
  147.  
  148. return res.send(String(d));
  149. }
  150. });
  151. });
  152.  
  153. // route to return last login location
  154. app.get('/last-loc/:email', function (req, res) {
  155. conn.query('SELECT lastLoc FROM Stats WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  156. if (err) throw err;
  157.  
  158. if(rows.length!=0) {
  159. return res.send(rows[0].lastLoc);
  160. }
  161. });
  162. });
  163.  
  164. // route to return last device
  165. app.get('/last-device/:email', function (req, res) {
  166. conn.query('SELECT lastDevice FROM Stats WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  167. if (err) throw err;
  168.  
  169. if(rows.length!=0) {
  170. return res.send(rows[0].lastDevice);
  171. }
  172. });
  173. });
  174.  
  175. // route to check if they're an admin
  176. app.get('/admin/:email', function (req, res) {
  177. conn.query('SELECT isAdmin FROM User WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  178. if (err) throw err;
  179.  
  180. console.log("checking admin rights for: " + req.params.email);
  181.  
  182. if(rows.length!=0) {
  183. if(rows[0].isAdmin==1) {
  184. console.log(req.params.email + " is an admin");
  185. // tell them they're an admin
  186. return res.send('true');
  187. } else {
  188. return res.send('false');
  189. }
  190. }
  191. });
  192. });
  193.  
  194. // route to return method totals
  195. app.get('/method-freq', function (req, res) {
  196. conn.query('SELECT * FROM Stats;', req.params.email, function(err, rows, fields) {
  197. if (err) throw err;
  198.  
  199. var totPIN = 0;
  200. var totTouch = 0;
  201.  
  202. for(var i=0; i<rows.length; i++) {
  203. totPIN+=rows[i].countPIN;
  204. totTouch+=rows[i].countTouch;
  205. }
  206.  
  207. var freqObj = {
  208. "totPIN": totPIN,
  209. "totTouch": totTouch
  210. }
  211.  
  212. return res.send(JSON.stringify(freqObj));
  213. });
  214. });
  215.  
  216. // route to return login frequency
  217. app.get('/login-freq', function (req, res) {
  218. conn.query('SELECT * FROM LoginFreq;', function(err, rows, fields) {
  219. if (err) throw err;
  220.  
  221. if(rows.length!=0) {
  222. return res.send(rows[rows.length-1]);
  223. }
  224. });
  225. });
  226.  
  227. // route to return non-sensitive user details
  228. app.get('/details/:email', function (req, res) {
  229. conn.query('SELECT email, firstname, lastname, mobilenum FROM User WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  230. if (err) throw err;
  231.  
  232. if(rows.length!=0) {
  233. return res.send(JSON.stringify(rows[0]));
  234. }
  235. });
  236. });
  237.  
  238. app.post('/update-details/:email', function(req, res) {
  239. // get previous details just in case
  240. var oldPass;
  241. var oldPIN;
  242. var passToUse;
  243. var pinToUse;
  244.  
  245. conn.query('SELECT * FROM User WHERE email like ?', req.params.email, function(err, rows, fields) {
  246. if(rows.length!=0) {
  247. oldPass = rows[0].password;
  248. oldPIN = rows[0].pin;
  249.  
  250. if(!req.body.password || req.body.password.length==0) req.body.password = oldPass;
  251. if(!req.body.pin || req.body.pin.length==0) req.body.pin = oldPIN;
  252.  
  253. // hash the password and pin
  254. var hashedPassword;
  255. if(req.body.password===oldPass) {
  256. hashedPassword = oldPass;
  257. console.log("using old pass");
  258. } else {
  259. hashedPassword = crypto.createHash('sha256').update(req.body.password).digest('base64');
  260. }
  261.  
  262. var hashedPIN;
  263. if(req.body.pin===oldPIN) {
  264. hashedPIN = oldPIN;
  265. console.log("using old pin");
  266. } else {
  267. hashedPIN = crypto.createHash('sha256').update(req.body.pin).digest('base64');
  268. }
  269.  
  270. // update the database
  271. conn.query('SELECT * FROM User WHERE email like ?', req.params.email, function(err, rows, fields) {
  272. conn.query('UPDATE User SET email=?, password=?, firstname=?, lastname=?, mobilenum=?, pin=? WHERE email LIKE ?;',
  273. [req.body.email, hashedPassword, req.body.fname, req.body.lname, req.body.mobileNum, hashedPIN, req.params.email], function(err, rows, fields) {
  274. if (err) throw err;
  275.  
  276. console.log("updated user: " + req.params.email);
  277. return res.send('true');
  278. });
  279. });
  280. }
  281. });
  282. });
  283.  
  284. // app login route
  285. app.post('/app-login/:email/:password', function (req, res) {
  286. var hashedPassword = crypto.createHash('sha256').update(req.params.password).digest('base64');
  287.  
  288. conn.query('SELECT * FROM User WHERE email LIKE ? AND password LIKE ?;', [req.params.email, hashedPassword], function(err, rows, fields) {
  289. if (err) throw err;
  290.  
  291. console.log("app login request for: " + req.params.email);
  292.  
  293. if(rows.length==0) {
  294. console.log(req.params.email + " didn't log in successfully");
  295. return res.send('false');
  296. } else {
  297. console.log(req.params.email + " logged in successfully");
  298. return res.send('true');
  299. }
  300. });
  301. });
  302.  
  303. // app pin check route
  304. app.post('/app-pin/:email/:pin', function (req, res) {
  305. var hashedPIN = crypto.createHash('sha256').update(req.params.pin).digest('base64');
  306.  
  307. conn.query('SELECT * FROM User WHERE email LIKE ? AND pin LIKE ?;', [req.params.email, hashedPIN], function(err, rows, fields) {
  308. if (err) throw err;
  309.  
  310. console.log("app pin request for: " + req.params.email);
  311.  
  312. if(rows.length==0) {
  313. console.log(req.params.email + "'s pin was wrong");
  314. return res.send('false');
  315. } else {
  316. console.log(req.params.email + "'s pin was right");
  317. return res.send('true');
  318. }
  319. });
  320. });
  321.  
  322. // app authenticate flag route
  323. app.post('/app-auth/:email', function (req, res) {
  324. conn.query('UPDATE User SET loginFlag=1 WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  325. if (err) throw err;
  326.  
  327. console.log(req.params.email + " has authenticated");
  328.  
  329. if(rows.length==0) {
  330. return res.send('false');
  331. } else {
  332. return res.send('true');
  333. }
  334. });
  335. });
  336.  
  337. // app stats route
  338. app.post('/app-stats/:month/:email', function (req, res) {
  339. // set the last location, date, method and device
  340. conn.query('UPDATE Stats SET lastLoc=?, lastDate=?, lastMethod=?, lastDevice=? WHERE email LIKE ?;', [req.body.lastLoc, req.body.lastDate, req.body.lastMethod, req.body.lastDevice, req.params.email], function(err, rows, fields) {
  341. if (err) throw err;
  342. });
  343.  
  344. if(req.body.lastMethod==0) {
  345. // PIN
  346. conn.query('UPDATE Stats SET countPIN=countPIN+1 WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  347. if (err) throw err;
  348. });
  349. } else if(req.body.lastMethod==1) {
  350. // Touch
  351. conn.query('UPDATE Stats SET countTouch=countTouch+1 WHERE email LIKE ?;', req.params.email, function(err, rows, fields) {
  352. if (err) throw err;
  353. });
  354. }
  355.  
  356. // update the frequency
  357. var date = new Date();
  358. var year = date.getFullYear();
  359. conn.query('UPDATE LoginFreq SET ?=?+1 WHERE year LIKE ?;', [req.params.month, year], function(err, rows, fields) {
  360. if (err) throw err;
  361. });
  362. });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!