Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const express = require('express');
- const hbs = require('hbs');
- const session = require('express-session');
- const http = require('http');
- const path = require('path');
- const fs = require('fs');
- const db = require('./db');
- const cookieParser = require('cookie-parser');
- const PORT = process.env.PORT || 8080;
- const app = express(http);
- hbs.registerPartials(path.resolve(__dirname, 'views', 'partials'));
- app.set('view engine', 'hbs');
- app.set('views', path.resolve(__dirname, 'views'));
- app.use('/', express.static(path.resolve(__dirname, 'public')));
- const jsonParser = express.json();
- const urlEncodedParser = express.urlencoded({extended: true});
- app.use(cookieParser());
- app.use(session({
- secret: String(fs.readFileSync(path.resolve(__dirname, 'secret'))),
- resave: false,
- saveUninitialized: true
- }));
- app.get('/', (req, res) => {
- if (req.session.userID) {
- res.render('index.hbs', {
- isOfficer: req.session.profile.isOfficer,
- error: req.session.error
- });
- } else {
- res.render('login.hbs', {
- error: req.session.error
- });
- }
- req.session.info = null;
- req.session.error = null;
- });
- app.get('/profile', (req, res) => {
- if (!req.session.userID) {
- req.session.error = 'You must be logged in to view this page';
- res.redirect('/');
- } else {
- res.render('profile.hbs', {
- firstName: req.session.profile.firstName,
- lastName: req.session.profile.lastName,
- isOfficer: req.session.profile.isOfficer,
- error: req.session.error,
- info: req.session.info
- });
- req.session.info = null;
- req.session.error = null;
- }
- });
- app.get('/logout', (req, res) => {
- req.session.destroy();
- res.redirect('/');
- });
- app.get('*', (req, res) => {
- res.redirect('/');
- });
- app.post('/register', urlEncodedParser, async (req, res) => {
- if (!req.body || !req.body.username || !req.body.password || !req.body.password_confirm) {
- req.session.error = 'Missing required fields';
- res.redirect('/');
- return;
- }
- if (req.body.password !== req.body.password_confirm) {
- req.session.error = 'Passwords do not match';
- res.redirect('/');
- return;
- }
- try {
- let users = await db.all('SELECT * FROM users WHERE username = ?', [req.body.username]);
- if (users && users[0]) {
- req.session.error = 'User already exists';
- res.redirect('/');
- return;
- }
- let id = await db.run('INSERT INTO users (username, password, firstName, lastName) VALUES (?, ?, ?, ?)',
- [req.body.username, req.body.password, '', '']);
- req.session.userID = id;
- req.session.profile = {
- firstName: '',
- lastName: '',
- };
- res.redirect('/profile');
- } catch (err) {
- console.error(err);
- req.session.error = 'Internal server error';
- res.redirect('/');
- }
- });
- app.post('/login', urlEncodedParser, async (req, res) => {
- if (!req.body || !req.body.username || !req.body.password) {
- req.session.error = 'Missing required fields';
- res.redirect('/');
- return;
- }
- try {
- let users = await db.all('SELECT * FROM users WHERE username = ? AND password = ?',
- [req.body.username, req.body.password]);
- if (!users || !users.length) {
- req.session.error = 'Invalid username or password';
- res.redirect('/');
- return;
- }
- // Check if user is a police officer
- let officers = await db.all('SELECT * FROM officers WHERE userid = ?', [users[0].id]);
- req.session.userID = users[0].id;
- req.session.profile = {
- firstName: users[0].firstName,
- lastName: users[0].lastName,
- };
- if (officers && officers[0]) {
- req.session.profile.isOfficer = true;
- }
- res.redirect('/');
- } catch (err) {
- console.error(err);
- req.session.error = 'Internal server error';
- res.redirect('/');
- }
- });
- app.post('/profile', jsonParser, async (req, res) => {
- if (!req.session.userID) {
- req.session.error = 'You must be logged in to perform this action';
- res.status(403);
- res.send(req.session.error);
- return;
- }
- if (!req.body || Object.keys(req.body).length === 0) {
- req.session.error = 'Missing required fields';
- res.status(400);
- res.send(req.session.error);
- return;
- }
- let profile = Object.assign({}, req.session.profile);
- let requested = req.body;
- // Make sure we only update existing properties
- for (let key of Object.keys(requested)) {
- if (typeof(requested[key]) === 'string')
- requested[key] = requested[key].substring(0, 32);
- if (profile[key] !== undefined && typeof(profile[key]) === typeof(requested[key]))
- profile[key] = requested[key];
- }
- if (Object.keys(profile).length === 0) {
- req.session.error = 'Missing required fields';
- res.status(400);
- res.send(req.session.error);
- return;
- }
- try {
- await db.run('UPDATE users SET firstName = ?, lastName = ? WHERE id = ?',
- [profile.firstName, profile.lastName, req.session.userID]);
- req.session.profile.firstName = profile.firstName;
- req.session.profile.lastName = profile.lastName;
- if (profile.isOfficer)
- req.session.profile.isOfficer = true;
- req.session.info = 'Changes saved successfully';
- res.send('OK');
- } catch (err) {
- console.error(err);
- req.session.error = 'Internal server error';
- res.status(500);
- res.send(req.session.error);
- }
- });
- db.connect().then(() => {
- app.listen(PORT, () => {
- console.log(`We are live on port ${PORT}`);
- });
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement