//Node JS Express frameworkvar express = require('express');var app = expres

1. //Node JS Express framework
2. var express = require('express');
3. var app = express();
4.  
5. //Required for parsing GET/POST parameters
6. var bodyParser = require('body-parser');
7.  
8. //Required for HTTP/HTTPS servers
9. var https = require('https');
10. var http = require('http');
11.  
12. //Required for reaading file streams
13. var fs = require('fs');
14.  
15. //Required to get access to MySQL databases
16. var mysql = require('mysql');
17.  
18. //Required for waiting for async functions to finish
19. var after = require('after');
20.  
21. //Required for password hashing
22. var bcrypt = require('bcrypt');
23.  
24. //Loads info about SSL certificate
25. var privateKey = fs.readFileSync('key.pem');
26. var certificate = fs.readFileSync('cert.pem');
27. var credentials = {key: privateKey, cert: certificate};
28.  
29. //Creates HTTP and HTTPS servers
30. var httpsServer = https.createServer(credentials, app);
31. var httpServer = http.createServer(function (req, res) {
32. res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url });
33. res.end();
34. });
35.  
36. httpsServer.listen(3000);
37. httpServer.listen(3001);
38.  
39. //Middlewares for Express
40. app.use(bodyParser.urlencoded({ extended: false }));
41. app.use(bodyParser.json());
42. app.use(express.static(__dirname + '/public'));
43.  
44. //Establishes connection to MySQL database
45. var connection = mysql.createConnection({
46. host : 'localhost',
47. port : '/var/run/mysqld/mysqld.sock',
48. user : 'root',
49. password : 'YourBigM@m@n4815162342',
50. database : 'LLDB',
51. charset: "utf8_general_ci"
52. });
53. connection.connect();
54.  
55. //Access to root directory
56. app.get('/', function (req, res) {
57. //console.log("Cookies: ", req.cookies);
58. res.sendFile(__dirname+ '/private/home.html');
59. });
60.  
61. //Access to signup page
62. app.all('/signup', function (req, res) {
63. //Emails that have any of these phrases in them won't be accepted
64. var bannedEmailDomains = [ "mvrht", "noicd", "10minuteemail" , "10minutemail", "20email", "dropmail"];
65.  
66. //Stores final result of signup process
67. var signupStatus = {};
68.  
69. //Stores all errors that relate to username
70. var usernameErrors = [];
71.  
72. //Stores all errors that relate to email
73. var emailErrors = [];
74.  
75. //Stores all errors that relate to password
76. var passwordErrors = [];
77.  
78. //Basically a counter, that keeps track of every finished async event, before submitting response on signup process
79. var finished = after(3, sendSignupStatus);
80.  
81. ////////////
82. //Username rules
83. ////////////
84. //Can't be empty and must be at least 4 characters long
85. if(!req.body.username || req.body.username.length < 4) {
86. usernameErrors.push("Must be at least 4 characters long");
87.  
88. //Decrease couter for sending signup process status
89. finished();
90. }
91. else {
92. //Must contain only ASCII characters WITHOUT special characters such as "'?&*@# etc.
93. if(!isASCII(req.body.username, false))
94. usernameErrors.push("Invalid symbols");
95.  
96. //Must be less than 30 characters long
97. if(req.body.username.length > 30)
98. usernameErrors.push("Must be less than 30 characters long");
99.  
100. //If no username errors were found yet - make a query to database
101. if(usernameErrors.length === 0) {
102. //Find any registered users with the same username
103. connection.query("SELECT * FROM user_main_info WHERE username = '"+req.body.username + "';", function(error, result, field) {
104.  
105. //If someone with the same username found
106. if(result.length > 0 ) {
107. usernameErrors.push("Account already exists");
108. }
109. finished();
110. });
111. }
112. else
113. finished();
114. }
115.  
116.  
117. ////////////
118. //Email
119. ////////////
120. //Can't be empty
121. if(!req.body.email) {
122. emailErrors.push("Email not specified");
123.  
124. //Decrease couter for sending signup process status
125. finished();
126. }
127. else {
128. //Must contain only ASCII characters
129. if(!isASCII(req.body.email,true))
130. emailErrors.push("Invalid symbols");
131.  
132. //Must be less than 30 characters long
133. if(req.body.email.length > 30)
134. emailErrors.push("Must be less than 30 characters long");
135.  
136. //Can't contain banned parts of email
137. for(var i = 0; i < bannedEmailDomains.length; i++) {
138. if(req.body.email.indexOf(bannedEmailDomains[i]) !== -1) {
139. emailErrors.push("Invalid email domain");
140. break;
141. }
142. }
143.  
144. //Must be in email form: contains signle "@" and no spaces;
145. if(str.replace(/[^@]/g, "").length === 1|| req.body.email.indexOf(" ") !== -1)
146. emailErrors.push("Invalid email");
147.  
148. //If no email errors were found yet - make a query to database
149. if(emailErrors.length === 0) {
150. //Find any registered users with the same email
151. connection.query("SELECT * FROM user_main_info WHERE email = '"+req.body.email + "';", function(error, result, field) {
152.  
153. //If someone with the same email found
154. if(result.length > 0 ) {
155. emailErrors.push("This email is taken");
156. }
157.  
158. finished();
159. });
160. }
161. else
162. finished();
163. }
164.  
165. ////////////
166. //Email
167. ////////////
168. //Must be at least 10 characters long
169. if(!req.body.password || req.body.password.length < 10) {
170. passwordErrors.push("Must be at least 10 characters long");
171.  
172. //Decrease couter for sending signup process status
173. finished();
174. }
175. else {
176.  
177. //At least one digit
178. if(/^[0-9]+$/.test(req.body.password) === false)
179. passwordErrors.push("Must contain at least one digit");
180.  
181. //At least one small letter
182. if(/^[a-z]+$/.test(req.body.password) === false)
183. passwordErrors.push("Must contain at least one small letter");
184.  
185. //At least one capital letter
186. if(/^[A-Z]+$/.test(req.body.password) === false)
187. passwordErrors.push("Must contain at least one capital letter");
188.  
189.  
190. finished();
191. }
192.  
193. //Function that sends response of signup process
194. function sendSignupStatus() {
195.  
196. //Generates final response out of three error checks
197. signupStatus["usernameErrors"] = usernameErrors;
198. signupStatus["emailErrors"] = emailErrors;
199. signupStatus["passwordErrors"] = passwordErrors;
200.  
201. //If any errors are present - send them as a response
202. if(signupStatus["usernameErrors"].length !== 0 ||
203. signupStatus["emailErrors"].length !== 0 ||
204. signupStatus["passwordErrors"].length !== 0) {
205. res.send(JSON.stringify(signupStatus));
206. }
207. else {
208.  
209. //No errors are present - generate salt for the password
210. bcrypt.genSalt(10, function(err, salt) {
211. //Generate passsword hash
212. bcrypt.hash(req.body.password, salt, function(err, hash) {
213. //Send query to add user to database
214. connection.query("INSERT INTO user_main_info (username, email, password, salt) VALUES ('"+ req.body.username+"', '"+req.body.email +"', '"+ hash + "', '"+salt+"');");
215. res.send("1");
216. });
217. });
218. }
219. }
220. });
221.  
222. //Access to any user page
223. app.get('/:id', function (req, res) {
224.  
225. if(req.params.id !== "profile")
226. {
227. res.status(404);
228. res.send('Not found!');
229. }
230.  
231. res.sendFile(__dirname+ '/private/profile.html');
232. });
233.  
234.  
235. //Checks if string contains only ASCII characters
236. function isASCII(str, acceptSpecial) {
237. if(acceptSpecial)
238. return /^[\x00-\x7F]*$/.test(str);
239. else
240. return /^[0-9a-zA-Z]+$/.test(str);
241. }