import { Utils } from './helpers/utils.js' import { verifyPassword } from './helpers/pwd.js' import { MySQLClient } from './helpers/mysqlClient.js' export class P42ApiEndpoints{ constructor(app, db) { this.db = new MySQLClient(db, 60) this.app = app this.userinfos = null this.utils = new Utils() this.registerPaths() } registerPaths(){ this.app.get('/hw', this.hw.bind(this)) this.app.get('/checkauth', this.checkauth.bind(this)) this.app.post('/login', this.login.bind(this)) this.app.get('/logout', this.logout.bind(this)) } err(req, res, msg, debug, status=500) { if(!debug) debug = msg let jsonResp = {'success':false, 'payload': null, 'error': { 'displayMessage' : msg, 'debugMessage' : debug } }; res.set('Content-Type', 'application/json'); res.status(status) res.send(JSON.stringify(jsonResp)); } ok(req, res, payload) { let jsonResp = { "success": true, "payload": payload, }; res.set('Content-Type', 'application/json'); res.send(JSON.stringify(jsonResp)); } async makeSession(req, res) { req.session.userinfo = req.body console.log('REQ body:', req.body) this.ok(req, res, {}) } hasRole(roles) { if(!this.userinfos.userRoles) return(false) if(typeof(roles) == 'string') return(this.userinfos.userRoles.includes(roles)) else if(Array.isArray(roles)) { for(let role of roles) { if(this.userinfos.userRoles.includes(role)) return(true) } } return(false) } ///////////////////////////API starts here...///////////////////////////// async hw(req, res) { this.ok(req, res, {hello:'world'}) } async checkauth(req, res) { if(req.session.userInfos && req.session.authenticated && req.session.userInfos && req.session.userInfos.identity && req.session.userInfos.identity.username) { this.ok(req, res, { authenticated: true, userInfos: req.session.userInfos, trials: 3, locked: false, }) } else { let trials = 3 let locked = false if(req.session.userInfos && req.session.userInfos.identity && req.session.userInfos.identity.username) { const results = await this.db.execute('SELECT usr_trials, usr_locked FROM users WHERE usr_name = ?', [req.session.userInfos.username]) if(results.length==1){ trials = results[0].usr_trials locked = results[0].usr_locked } } this.ok(req, res, { authenticated: false, userInfos: null, trials: trials, locked: locked, }) } } async setUserLock(username, locked, trials){ await this.db.execute('UPDATE users SET usr_locked=?, usr_trials=? WHERE usr_name = ?', [locked, trials, username]) } async login(req, res) { let [isValid, payload, errors] = this.utils.validateMapObject(req.body, { username: ((val, obj) => (typeof(val)=='string') && (val.length>0) && (/^\w+$/.test(val))), passwd: ((val, obj) => (typeof(val)=='string') && (val.length>0) ), },{ 'username': 'username', 'passwd': 'passwd', }) if((!isValid)){ this.err(req, res, `Invalid request`, `Invalid login payload:: ${errors}`, 401) return } const results = await this.db.execute('SELECT * FROM users WHERE usr_name = ?', [payload.username]) let pwdCheck = false let userLocked = false let trials = 3 if(results.length==1){ userLocked = results[0].usr_locked trials = results[0].usr_trials if(userLocked) { this.ok(req, res, { authenticated: false, userInfos: null, trials: 0, locked: true, }) return } } if(results.length>0) pwdCheck = await verifyPassword(payload.passwd, results[0].usr_pwd) if(pwdCheck){ req.session.userInfos = { identity:{ username: payload.username, uuid: results[0].usr_uuid, }, roles: ['admin'], } req.session.authenticated = true await this.setUserLock(payload.username, false, 3) this.ok(req, res, { authenticated: true, userInfos: req.session.userInfos, trials: 3, locked: false, }) } else { let newtrials = (trials>0) ? trials-1 : 0 if(newtrials == 0){ await this.setUserLock(payload.username, true, 0) this.ok(req, res, { authenticated: false, userInfos: null, trials: 0, locked: true, }) return } else { await this.setUserLock(payload.username, false, newtrials) } req.session.authenticated = false req.session.userInfos = null this.ok(req, res, { authenticated: false, userInfos: null, trials: newtrials, locked: false, }) } } async logout(req, res) { if(req.session.userInfos && req.session.authenticated) { req.session.authenticated = false this.ok(req, res, { authenticated: false, userInfos: null, trials: 3, locked: false, }) } } }