-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
114 lines (88 loc) · 2.64 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
'use strict';
var express = require('express');
var exphbr = require('express-handlebars');
var serveStatic = require('serve-static');
var bodyParser = require('body-parser');
var session = require('express-session');
var bcrypt = require('bcrypt');
var db = require("./common.js").db;
var config = require("./common.js").config;
var app = express();
app.engine('html', exphbr({
defaultLayout: 'main',
extname: '.html'
}));
app.set('view engine', 'html');
// Middleware to parse the data sent by the browser to the server.
app.use(bodyParser.urlencoded({
extended: false
}));
app.use(session({
secret: 'whatever',
resave: false,
saveUninitialized: true
}));
app.use(serveStatic(__dirname + '/public'));
app.get('/', function(req, res) {
res.render('home');
});
// The route for the admin page.
app.get('/admin', function(req, res) {
if (!req.session.logged_in) {
res.redirect('/login');
} else {
// we need to send the admin page contents here
res.send('<p>You are logged in.</p><br><a href="/logout">Logout</a>');
}
});
// The route for the login page.
app.get('/login', function(req, res) {
res.render('login');
});
// The route for the login form submission.
app.post('/login', function(req, res) {
var allowed = false;
// Checks against the DB if the username exists
db.select()
.where('username', req.body.username)
.from(config.tables.users)
.limit(1)
.then(function(results) {
if (results.length) {
// The username exists. Compares the provided password with the stored hash
bcrypt.compare(req.body.password, results[0].password, function(err, result) {
if (err) {
console.log(err);
} else {
// If the hash and pass doesn't match:
if (!result) {
return res.redirect('/login?error=wrong_login');
}
// If the hash and pass matches
req.session.logged_in = true;
allowed = true; // do we still need this?
res.redirect('/admin');
}
});
} else {
// In case the username doesn't exist in the DB
return res.redirect('/login?error=wrong_login');
}
}).catch(console.log);
});
// The route for logging out.
app.get('/logout', function(req, res) {
// Should always regenerate a session when changing authenticated state of a session (login/logout).
req.session.regenerate(function(error) {
res.redirect('/login');
});
});
app.listen(3000, function() {
console.log('Example app listening on port 3000!');
});
// This catches errors from middleware and routes.
// We don't want to send full error stack traces to the client (browser).
app.use(function(err, req, res, next) {
console.error(err.stack);
res.status(500).send('Something broke!');
});