From 538e7b0a603bdff7dc3d1907c4bd10ab7371a78c Mon Sep 17 00:00:00 2001 From: Ruben Meyer <46384706+rxbnDE@users.noreply.github.com> Date: Sun, 24 Nov 2019 00:37:01 +0100 Subject: [PATCH] web - login and logout --- bin/database/models.js | 2 +- bin/web/routes/api.js | 62 ++++++++++++++++++++++++++++++++- bin/web/routes/static.js | 7 +++- bin/web/views/blocks/footer.pug | 2 +- bin/web/views/blocks/login.pug | 4 +-- bin/web/views/blocks/nav.pug | 5 +-- bin/web/views/index.pug | 23 ++++++------ bin/web/views/login.pug | 37 +++++++++++--------- bin/web/views/logout.pug | 18 ++++++++++ res/web/js/custom.js | 35 +++++++++++++++++++ 10 files changed, 161 insertions(+), 34 deletions(-) create mode 100644 bin/web/views/logout.pug create mode 100644 res/web/js/custom.js diff --git a/bin/database/models.js b/bin/database/models.js index 7ab6629..911aacf 100644 --- a/bin/database/models.js +++ b/bin/database/models.js @@ -28,7 +28,7 @@ models.user = new Schema({ ] }, passhash: String, // hashed password (String + separator + Salt) - token: { // last remember me cookie + token: { // last remember me cookie; removed feature type: String, default: "" }, diff --git a/bin/web/routes/api.js b/bin/web/routes/api.js index 6d20dd4..71fc47f 100644 --- a/bin/web/routes/api.js +++ b/bin/web/routes/api.js @@ -15,7 +15,67 @@ route.post('/register', (req, res) => { }); route.post('/login', (req, res) => { - // TODO: login + /* + * done - check body vars -> else ERR 401 'msg.auth.login.failed' + * done - get users by mail / nickname -> else ERR 401 'msg.auth.login.failed' OR ERR 500 'msg.database.error' + * done - validate password hash -> else ERR 401 'msg.auth.login.failed' + * TODO - add new activity 'action.user.login' + */ + + if(req.session.user) { + return res.type('json').end(JSON.stringify({ + status: 401, + message: 'msg.auth.logout.required' + })); + } + + // check body variables + if(!req.body.email && !req.body.password) { + return res.type('json').status(401).end(JSON.stringify({ + status: 401, + message: [ + 'msg.request.data.missing', + 'msg.auth.login.failed' + ] + })); + } + let email = req.body.email; + let pass = req.body.password; + + global['modules'].database.getUser(email, (err, rep) => { + console.log(err, rep); + if(err) { + global['logs'].debug(err); + return res.type('json').status(500).end(JSON.stringify({ + status: 500, + message: [ + 'msg.database.error', + 'msg.auth.login.failed' + ] + })); + } + if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) { + return res.type('json').status(401).end(JSON.stringify({ + status: 401, + message: 'msg.auth.login.failed' + })); + } else { + // add cookies; login + // new activity 'action.user.login' + + // add session data + req.session.user = { + 'id': rep[0]._id, + 'group': rep[0].group + }; + + return res.type('json').end(JSON.stringify({ + status: 200, + message: 'msg.auth.login.successful', + type: 'form' // TODO: types - { form, access_app} + })); + } + }); }); route.post('/authenticate', (req, res) => { diff --git a/bin/web/routes/static.js b/bin/web/routes/static.js index 2ca08cc..1808325 100644 --- a/bin/web/routes/static.js +++ b/bin/web/routes/static.js @@ -32,7 +32,12 @@ var fileCheck = (file) => { route.all('/', function(req, res, next) { // TODO: show login page or dashboard // res.end('login or dashboard'); - res.render('index'); + global['modules'].database.getApps((err, rep) => { + res.render('index', { + session: req.session, + apps: rep + }); + }) }); // login page or app request diff --git a/bin/web/views/blocks/footer.pug b/bin/web/views/blocks/footer.pug index db0363f..92344bd 100644 --- a/bin/web/views/blocks/footer.pug +++ b/bin/web/views/blocks/footer.pug @@ -22,4 +22,4 @@ block scripts //- Custom scripts for this template script(src="/public/js/locales.js") - script(src="/public/js/custom.js") + script(src="/res/js/custom.js") diff --git a/bin/web/views/blocks/login.pug b/bin/web/views/blocks/login.pug index 4d5c079..6e7e9c0 100644 --- a/bin/web/views/blocks/login.pug +++ b/bin/web/views/blocks/login.pug @@ -1,6 +1,6 @@ append var - - var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "ERROR - Please login", "active": true}}; - - var title = "Please login"; + - if(!session.user) var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "ERROR - Please login", "active": true}}; + - if(!session.user) var title = "Please login"; .uk-flex.uk-margin-medium-top.uk-margin-medium-bottom div(class="uk-width-auto uk-width-1-4@s") .uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right diff --git a/bin/web/views/blocks/nav.pug b/bin/web/views/blocks/nav.pug index 0f9de95..65bec95 100644 --- a/bin/web/views/blocks/nav.pug +++ b/bin/web/views/blocks/nav.pug @@ -13,12 +13,13 @@ nav(uk-navbar).uk-navbar-container span authRXBN .uk-navbar-right.uk-margin-right ul.uk-navbar-nav - if(user) + if(session && session.user) +navItem("Apps", "apps", "fas fa-tachometer-alt", "/") +navItem("Configs", "configs", "fas fa-wrench", "/configs") + +navItem("Logout", "logout", "fas fa-sign-out-alt", "/logout") else +navItem("Register", "register", "fas fa-user-plus", "/register") - +navItem("Login", "login", "far fa-arrow-alt-circle-right", "/login") + +navItem("Login", "login", "fas fa-sign-in-alt", "/login") +navItem("Forgot your password?", "reset", "fas fa-key", "/reset") div - var breadcrumb_isSet = typeof breadcrumb !== 'undefined'; diff --git a/bin/web/views/index.pug b/bin/web/views/index.pug index 3b2d0e2..6b78908 100644 --- a/bin/web/views/index.pug +++ b/bin/web/views/index.pug @@ -1,26 +1,29 @@ extends blocks/layout.pug append var - if(user) + if(session && session.user) - var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "Dashboard", "active": true}}; - var title = "Dashboard"; -mixin item(name, url, description) - .card.mb-5 - .card-body - h5.font-weight-bold.card-title=name - p.card-text=description - a(href=url) Login +mixin item(name, id, description) + div + .uk-card.uk-card-default + .uk-card-header.uk-card-primary + h3.uk-card-title=name + .uk-card-body + p=description + .uk-card-footer.uk-flex.uk-flex-right + a.uk-button.uk-button-default.uk-button-primary(href="/api/redirect?id="+id) Login mixin items() - .flex + div(class="uk-child-width-1-2@m uk-margin-bottom", uk-grid) if(apps) each app in apps - +item(app.name, app.access, app.description) + +item(app.name, app.id, app.description) else p.text-center No applications were found. append content - if(user) + if(session && session.user) .uk-container h1 Apps +items() diff --git a/bin/web/views/login.pug b/bin/web/views/login.pug index 706608b..33db50b 100644 --- a/bin/web/views/login.pug +++ b/bin/web/views/login.pug @@ -1,22 +1,27 @@ extends blocks/layout.pug append var - if(user) + if(session && !session.user) - var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "Login", "active": true}}; - var title = "Login"; append content - .uk-flex.uk-margin-medium-top.uk-margin-medium-bottom - div(class="uk-width-auto uk-width-1-4@s") - .uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right - h1= login_title|| "Please login" - form.uk-form-horizontal - .uk-margin - label.uk-form-label(for="login_user") Username / Email - .uk-form-controls - input.uk-input#login_user(type="text", placeholder="tetrahedron") - .uk-margin - label.uk-form-label(for="login_pass") Password - .uk-form-controls - input.uk-input#login_pass(type="password") - a(href="/login").uk-button.uk-button-default Login - div(class="uk-width-auto uk-width-1-4@s") + if(session && !session.user) + .uk-flex.uk-margin-medium-top.uk-margin-medium-bottom + div(class="uk-width-auto uk-width-1-4@s") + .uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right + h1= login_title || "Please login" + form.uk-form-horizontal + .uk-margin + label.uk-form-label(for="login_user") Username / Email + .uk-form-controls + input.uk-input#login_user(type="text", placeholder="tetrahedron") + .uk-margin + label.uk-form-label(for="login_pass") Password + .uk-form-controls + input.uk-input#login_pass(type="password") + button(onclick="login()").uk-button.uk-button-default Login + div(class="uk-width-auto uk-width-1-4@s") + else + append var + - overwrite_vars = (session && session.user) ? true : false; + include blocks/error/permission.pug diff --git a/bin/web/views/logout.pug b/bin/web/views/logout.pug new file mode 100644 index 0000000..146f6b3 --- /dev/null +++ b/bin/web/views/logout.pug @@ -0,0 +1,18 @@ +extends blocks/layout.pug +append var + if(session && session.user) + - var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "Logout", "active": true}}; + - var title = "Logout"; + +append content + if(session && session.user) + .uk-flex.uk-margin-medium-top.uk-margin-medium-bottom + div(class="uk-width-auto uk-width-1-4@s") + .uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right + h1 You will be redirected + #listener_logout + div(class="uk-width-auto uk-width-1-4@s") + else + append var + - overwrite_vars = (session && session.user) ? true : false; + include blocks/error/permission.pug diff --git a/res/web/js/custom.js b/res/web/js/custom.js new file mode 100644 index 0000000..d857313 --- /dev/null +++ b/res/web/js/custom.js @@ -0,0 +1,35 @@ +function login() { + let user = document.getElementById("login_user").value; + let pass = document.getElementById("login_pass").value; + + let data = { + "email": user, + "password": pass + }; + + let ajax = new XMLHttpRequest(); + ajax.open("POST", "/api/login", true); + ajax.setRequestHeader('Content-Type', 'application/json; charset=UTF-8'); + ajax.send(JSON.stringify(data)); + ajax.onload = () => { + let json = JSON.parse(ajax.responseText); + if(json.message && json.message == "msg.auth.login.successful") window.location.href= "/"; + }; +}; + +function logout() { + let ajax = new XMLHttpRequest(); + ajax.open("GET", "/api/logout", true); + ajax.setRequestHeader('Content-Type', 'charset=UTF-8'); + ajax.send(""); + ajax.onload = () => { + let json = JSON.parse(ajax.responseText); + if(json.message && json.message == "msg.auth.logout.successful") window.location.href= "/"; + }; +} +setTimeout(function () { + if(document.getElementById("listener_logout")) { + console.log("logout"); + logout(); + } +}, 100);