208 lines
6.9 KiB
JavaScript
208 lines
6.9 KiB
JavaScript
import { Utils } from './helpers/utils.js'
|
|
import { verifyPassword } from './helpers/pwd.js'
|
|
import { MySQLClient } from './helpers/mysqlClient.js'
|
|
import { authGuard } from './authGuard.js'
|
|
|
|
export class P42ApiEndpoints{
|
|
constructor(app, db) {
|
|
this.db = new MySQLClient(db, 60)
|
|
this.app = app
|
|
this.userinfos = null
|
|
this.utils = new Utils()
|
|
this.registerPaths()
|
|
}
|
|
|
|
registerPaths(){
|
|
this.app.get('/checkauth', this.checkauth.bind(this))
|
|
this.app.post('/login', this.login.bind(this))
|
|
this.app.get('/logout', this.logout.bind(this))
|
|
this.app.get('/preferences', authGuard, this.getPrefs.bind(this))
|
|
this.app.put('/preferences', authGuard, this.setPrefs.bind(this))
|
|
}
|
|
|
|
err(req, res, msg, debug, status=500) {
|
|
if(!debug) debug = msg
|
|
let jsonResp = {'success':false,
|
|
'payload': null,
|
|
'error': {
|
|
'displayMessage' : msg,
|
|
'debugMessage' : debug
|
|
}
|
|
}
|
|
res.set('Content-Type', 'application/json');
|
|
res.status(status)
|
|
res.send(JSON.stringify(jsonResp));
|
|
}
|
|
|
|
ok(req, res, payload) {
|
|
let jsonResp = { "success": true,
|
|
"payload": payload,
|
|
};
|
|
res.set('Content-Type', 'application/json');
|
|
res.send(JSON.stringify(jsonResp));
|
|
}
|
|
|
|
|
|
async makeSession(req, res) {
|
|
req.session.userinfo = req.body
|
|
console.log('REQ body:', req.body)
|
|
this.ok(req, res, {})
|
|
}
|
|
|
|
hasRole(roles) {
|
|
if(!this.userinfos.userRoles) return(false)
|
|
if(typeof(roles) == 'string') return(this.userinfos.userRoles.includes(roles))
|
|
else if(Array.isArray(roles)) {
|
|
for(let role of roles) {
|
|
if(this.userinfos.userRoles.includes(role)) return(true)
|
|
}
|
|
}
|
|
return(false)
|
|
}
|
|
|
|
///////////////////////////API starts here.../////////////////////////////
|
|
async checkauth(req, res) {
|
|
if(req.session.userInfos && req.session.authenticated && req.session.userInfos && req.session.userInfos.identity && req.session.userInfos.identity.username) {
|
|
this.ok(req, res, {
|
|
authenticated: true,
|
|
userInfos: req.session.userInfos,
|
|
trials: 3,
|
|
locked: false,
|
|
})
|
|
} else {
|
|
let trials = 3
|
|
let locked = false
|
|
if(req.session.userInfos && req.session.userInfos.identity && req.session.userInfos.identity.username) {
|
|
const results = await this.db.execute('SELECT usr_trials, usr_locked FROM users WHERE usr_name = ?', [req.session.userInfos.username])
|
|
if(results.length==1){
|
|
trials = results[0].usr_trials
|
|
locked = results[0].usr_locked
|
|
}
|
|
}
|
|
this.ok(req, res, {
|
|
authenticated: false,
|
|
userInfos: null,
|
|
trials: trials,
|
|
locked: locked,
|
|
})
|
|
}
|
|
|
|
}
|
|
|
|
async setUserLock(username, locked, trials){
|
|
await this.db.execute('UPDATE users SET usr_locked=?, usr_trials=? WHERE usr_name = ?', [locked, trials, username])
|
|
}
|
|
|
|
async login(req, res) {
|
|
let [isValid, payload, errors] = this.utils.validateMapObject(req.body, {
|
|
username: ((val, obj) => (typeof(val)=='string') && (val.length>0) && (/^\w+$/.test(val))),
|
|
passwd: ((val, obj) => (typeof(val)=='string') && (val.length>0) ),
|
|
},{
|
|
'username': 'username',
|
|
'passwd': 'passwd',
|
|
})
|
|
|
|
if((!isValid)){
|
|
this.err(req, res, `Invalid request`, `Invalid login payload:: ${errors}`, 401)
|
|
return
|
|
}
|
|
|
|
const results = await this.db.execute('SELECT * FROM users WHERE usr_name = ?', [payload.username])
|
|
let pwdCheck = false
|
|
let userLocked = false
|
|
let trials = 3
|
|
if(results.length==1){
|
|
userLocked = results[0].usr_locked
|
|
trials = results[0].usr_trials
|
|
if(userLocked) {
|
|
this.ok(req, res, {
|
|
authenticated: false,
|
|
userInfos: null,
|
|
trials: 0,
|
|
locked: true,
|
|
})
|
|
return
|
|
}
|
|
}
|
|
|
|
if(results.length>0) pwdCheck = await verifyPassword(payload.passwd, results[0].usr_pwd)
|
|
if(pwdCheck){
|
|
req.session.userInfos = {
|
|
identity:{
|
|
username: payload.username,
|
|
uuid: results[0].usr_uuid,
|
|
},
|
|
roles: ['admin'],
|
|
}
|
|
req.session.authenticated = true
|
|
|
|
await this.setUserLock(payload.username, false, 3)
|
|
this.ok(req, res, {
|
|
authenticated: true,
|
|
userInfos: req.session.userInfos,
|
|
trials: 3,
|
|
locked: false,
|
|
})
|
|
} else {
|
|
let newtrials = (trials>0) ? trials-1 : 0
|
|
if(newtrials == 0){
|
|
await this.setUserLock(payload.username, true, 0)
|
|
this.ok(req, res, {
|
|
authenticated: false,
|
|
userInfos: null,
|
|
trials: 0,
|
|
locked: true,
|
|
})
|
|
return
|
|
} else {
|
|
await this.setUserLock(payload.username, false, newtrials)
|
|
}
|
|
|
|
req.session.authenticated = false
|
|
req.session.userInfos = null
|
|
this.ok(req, res, {
|
|
authenticated: false,
|
|
userInfos: null,
|
|
trials: newtrials,
|
|
locked: false,
|
|
})
|
|
}
|
|
}
|
|
|
|
async logout(req, res) {
|
|
if(req.session.userInfos && req.session.authenticated) {
|
|
req.session.authenticated = false
|
|
this.ok(req, res, {
|
|
authenticated: false,
|
|
userInfos: null,
|
|
trials: 3,
|
|
locked: false,
|
|
})
|
|
}
|
|
|
|
}
|
|
|
|
async getPrefs(req, res) {
|
|
const results = await this.db.execute(`
|
|
SELECT * FROM preferences
|
|
LEFT JOIN users ON prf_usr_id=usr_id
|
|
WHERE usr_uuid = ?
|
|
`, [req.session.userInfos.identity.uuid])
|
|
let prefs = {}
|
|
if(results.length){ prefs = results[0].prf_value }
|
|
this.ok(req, res, prefs)
|
|
}
|
|
|
|
|
|
async setPrefs(req, res) {
|
|
const results = await this.db.execute(`
|
|
INSERT INTO preferences (prf_usr_id, prf_value)
|
|
SELECT usr_id, ?
|
|
FROM users
|
|
WHERE usr_uuid = ?
|
|
ON DUPLICATE KEY UPDATE prf_value = ?
|
|
`, [req.body, req.session.userInfos.identity.uuid, req.body])
|
|
this.ok(req, res, {})
|
|
}
|
|
}
|