Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Node JS Express framework
- var express = require('express');
- var app = express();
- //Required for parsing GET/POST parameters
- var bodyParser = require('body-parser');
- //Required for HTTP/HTTPS servers
- var https = require('https');
- var http = require('http');
- //Required for reaading file streams
- var fs = require('fs');
- //Required to get access to MySQL databases
- var mysql = require('mysql');
- //Required for waiting for async functions to finish
- var after = require('after');
- //Required for password hashing
- var bcrypt = require('bcrypt');
- //Loads info about SSL certificate
- var privateKey = fs.readFileSync('key.pem');
- var certificate = fs.readFileSync('cert.pem');
- var credentials = {key: privateKey, cert: certificate};
- //Creates HTTP and HTTPS servers
- var httpsServer = https.createServer(credentials, app);
- var httpServer = http.createServer(function (req, res) {
- res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url });
- res.end();
- });
- httpsServer.listen(3000);
- httpServer.listen(3001);
- //Middlewares for Express
- app.use(bodyParser.urlencoded({ extended: false }));
- app.use(bodyParser.json());
- app.use(express.static(__dirname + '/public'));
- //Establishes connection to MySQL database
- var connection = mysql.createConnection({
- host : 'localhost',
- port : '/var/run/mysqld/mysqld.sock',
- user : 'root',
- password : 'YourBigM@m@n4815162342',
- database : 'LLDB',
- charset: "utf8_general_ci"
- });
- connection.connect();
- //Access to root directory
- app.get('/', function (req, res) {
- //console.log("Cookies: ", req.cookies);
- res.sendFile(__dirname+ '/private/home.html');
- });
- //Access to signup page
- app.all('/signup', function (req, res) {
- //Emails that have any of these phrases in them won't be accepted
- var bannedEmailDomains = [ "mvrht", "noicd", "10minuteemail" , "10minutemail", "20email", "dropmail"];
- //Stores final result of signup process
- var signupStatus = {};
- //Stores all errors that relate to username
- var usernameErrors = [];
- //Stores all errors that relate to email
- var emailErrors = [];
- //Stores all errors that relate to password
- var passwordErrors = [];
- //Basically a counter, that keeps track of every finished async event, before submitting response on signup process
- var finished = after(3, sendSignupStatus);
- ////////////
- //Username rules
- ////////////
- //Can't be empty and must be at least 4 characters long
- if(!req.body.username || req.body.username.length < 4) {
- usernameErrors.push("Must be at least 4 characters long");
- //Decrease couter for sending signup process status
- finished();
- }
- else {
- //Must contain only ASCII characters WITHOUT special characters such as "'?&*@# etc.
- if(!isASCII(req.body.username, false))
- usernameErrors.push("Invalid symbols");
- //Must be less than 30 characters long
- if(req.body.username.length > 30)
- usernameErrors.push("Must be less than 30 characters long");
- //If no username errors were found yet - make a query to database
- if(usernameErrors.length === 0) {
- //Find any registered users with the same username
- connection.query("SELECT * FROM user_main_info WHERE username = '"+req.body.username + "';", function(error, result, field) {
- //If someone with the same username found
- if(result.length > 0 ) {
- usernameErrors.push("Account already exists");
- }
- finished();
- });
- }
- else
- finished();
- }
- ////////////
- //Email
- ////////////
- //Can't be empty
- if(!req.body.email) {
- emailErrors.push("Email not specified");
- //Decrease couter for sending signup process status
- finished();
- }
- else {
- //Must contain only ASCII characters
- if(!isASCII(req.body.email,true))
- emailErrors.push("Invalid symbols");
- //Must be less than 30 characters long
- if(req.body.email.length > 30)
- emailErrors.push("Must be less than 30 characters long");
- //Can't contain banned parts of email
- for(var i = 0; i < bannedEmailDomains.length; i++) {
- if(req.body.email.indexOf(bannedEmailDomains[i]) !== -1) {
- emailErrors.push("Invalid email domain");
- break;
- }
- }
- //Must be in email form: contains signle "@" and no spaces;
- if(str.replace(/[^@]/g, "").length === 1|| req.body.email.indexOf(" ") !== -1)
- emailErrors.push("Invalid email");
- //If no email errors were found yet - make a query to database
- if(emailErrors.length === 0) {
- //Find any registered users with the same email
- connection.query("SELECT * FROM user_main_info WHERE email = '"+req.body.email + "';", function(error, result, field) {
- //If someone with the same email found
- if(result.length > 0 ) {
- emailErrors.push("This email is taken");
- }
- finished();
- });
- }
- else
- finished();
- }
- ////////////
- //Email
- ////////////
- //Must be at least 10 characters long
- if(!req.body.password || req.body.password.length < 10) {
- passwordErrors.push("Must be at least 10 characters long");
- //Decrease couter for sending signup process status
- finished();
- }
- else {
- //At least one digit
- if(/^[0-9]+$/.test(req.body.password) === false)
- passwordErrors.push("Must contain at least one digit");
- //At least one small letter
- if(/^[a-z]+$/.test(req.body.password) === false)
- passwordErrors.push("Must contain at least one small letter");
- //At least one capital letter
- if(/^[A-Z]+$/.test(req.body.password) === false)
- passwordErrors.push("Must contain at least one capital letter");
- finished();
- }
- //Function that sends response of signup process
- function sendSignupStatus() {
- //Generates final response out of three error checks
- signupStatus["usernameErrors"] = usernameErrors;
- signupStatus["emailErrors"] = emailErrors;
- signupStatus["passwordErrors"] = passwordErrors;
- //If any errors are present - send them as a response
- if(signupStatus["usernameErrors"].length !== 0 ||
- signupStatus["emailErrors"].length !== 0 ||
- signupStatus["passwordErrors"].length !== 0) {
- res.send(JSON.stringify(signupStatus));
- }
- else {
- //No errors are present - generate salt for the password
- bcrypt.genSalt(10, function(err, salt) {
- //Generate passsword hash
- bcrypt.hash(req.body.password, salt, function(err, hash) {
- //Send query to add user to database
- connection.query("INSERT INTO user_main_info (username, email, password, salt) VALUES ('"+ req.body.username+"', '"+req.body.email +"', '"+ hash + "', '"+salt+"');");
- res.send("1");
- });
- });
- }
- }
- });
- //Access to any user page
- app.get('/:id', function (req, res) {
- if(req.params.id !== "profile")
- {
- res.status(404);
- res.send('Not found!');
- }
- res.sendFile(__dirname+ '/private/profile.html');
- });
- //Checks if string contains only ASCII characters
- function isASCII(str, acceptSpecial) {
- if(acceptSpecial)
- return /^[\x00-\x7F]*$/.test(str);
- else
- return /^[0-9a-zA-Z]+$/.test(str);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement