web - login and logout

bin/database/models.js

@@ -28,7 +28,7 @@ models.user = new Schema({
 		]
 	},
 	passhash: String, // hashed password (String + separator + Salt)
-	token: { // last remember me cookie
+	token: { // last remember me cookie; removed feature
 		type: String,
 		default: ""
 	},

bin/web/routes/api.js

@@ -15,7 +15,67 @@ route.post('/register', (req, res) => {
 });
 
 route.post('/login', (req, res) => {
-	// TODO: login
+	/*
+	 * done - check body vars -> else ERR 401 'msg.auth.login.failed'
+	 * done - get users by mail / nickname -> else ERR 401 'msg.auth.login.failed' OR ERR 500 'msg.database.error'
+	 * done - validate password hash -> else ERR 401 'msg.auth.login.failed'
+	 * TODO - add new activity 'action.user.login'
+	 */
+
+	if(req.session.user) {
+		return res.type('json').end(JSON.stringify({
+			status: 401,
+			message: 'msg.auth.logout.required'
+		}));
+	}
+
+	// check body variables
+	if(!req.body.email && !req.body.password) {
+		return res.type('json').status(401).end(JSON.stringify({
+			status: 401,
+			message: [
+				'msg.request.data.missing',
+				'msg.auth.login.failed'
+			]
+		}));
+	}
+	let email = req.body.email;
+	let pass = req.body.password;
+
+	global['modules'].database.getUser(email, (err, rep) => {
+		console.log(err, rep);
+		if(err) {
+			global['logs'].debug(err);
+			return res.type('json').status(500).end(JSON.stringify({
+				status: 500,
+				message: [
+					'msg.database.error',
+					'msg.auth.login.failed'
+				]
+			}));
+		}
+		if(!rep || rep === null || rep.length == 0 || rep.length > 1 || !global['modules'].auth.validateHash(rep[0].passhash, pass)) {
+			return res.type('json').status(401).end(JSON.stringify({
+				status: 401,
+				message: 'msg.auth.login.failed'
+			}));
+		} else {
+			// add cookies; login
+			// new activity 'action.user.login'
+
+			// add session data
+			req.session.user = {
+				'id': rep[0]._id,
+				'group': rep[0].group
+			};
+
+			return res.type('json').end(JSON.stringify({
+				status: 200,
+				message: 'msg.auth.login.successful',
+				type: 'form' // TODO: types - { form, access_app}
+			}));
+		}
+	});
 });
 
 route.post('/authenticate', (req, res) => {

bin/web/routes/static.js

@@ -32,7 +32,12 @@ var fileCheck = (file) => {
 route.all('/', function(req, res, next) {
 	// TODO: show login page or dashboard
 	// res.end('login or dashboard');
-	res.render('index');
+	global['modules'].database.getApps((err, rep) => {
+		res.render('index', {
+			session: req.session,
+			apps: rep
+		});
+	})
 });
 
 // login page or app request

bin/web/views/blocks/footer.pug

@@ -22,4 +22,4 @@ block scripts
 
 	//- Custom scripts for this template
 	script(src="/public/js/locales.js")
-	script(src="/public/js/custom.js")
+	script(src="/res/js/custom.js")

bin/web/views/blocks/login.pug

@@ -1,6 +1,6 @@
 append var
-	- var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "ERROR - Please login", "active": true}};
+	- if(!session.user) var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "ERROR - Please login", "active": true}};
-	- var title = "Please login";
+	- if(!session.user) var title = "Please login";
 .uk-flex.uk-margin-medium-top.uk-margin-medium-bottom
 	div(class="uk-width-auto uk-width-1-4@s")
 	.uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right

bin/web/views/blocks/nav.pug

@@ -13,12 +13,13 @@ nav(uk-navbar).uk-navbar-container
 					span authRXBN
 	.uk-navbar-right.uk-margin-right
 		ul.uk-navbar-nav
-			if(user)
+			if(session && session.user)
 				+navItem("Apps", "apps", "fas fa-tachometer-alt", "/")
 				+navItem("Configs", "configs", "fas fa-wrench", "/configs")
+				+navItem("Logout", "logout", "fas fa-sign-out-alt", "/logout")
 			else
 				+navItem("Register", "register", "fas fa-user-plus", "/register")
-				+navItem("Login", "login", "far fa-arrow-alt-circle-right", "/login")
+				+navItem("Login", "login", "fas fa-sign-in-alt", "/login")
 				+navItem("Forgot your password?", "reset", "fas fa-key", "/reset")
 div
 	- var breadcrumb_isSet = typeof breadcrumb !== 'undefined';

bin/web/views/index.pug

@@ -1,26 +1,29 @@
 extends blocks/layout.pug
 append var
-	if(user)
+	if(session && session.user)
 		- var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "Dashboard", "active": true}};
 		- var title = "Dashboard";
 
-mixin item(name, url, description)
+mixin item(name, id, description)
-	.card.mb-5
+	div
-		.card-body
+		.uk-card.uk-card-default
-			h5.font-weight-bold.card-title=name
+			.uk-card-header.uk-card-primary
-			p.card-text=description
+				h3.uk-card-title=name
-			a(href=url) Login
+			.uk-card-body
+				p=description
+			.uk-card-footer.uk-flex.uk-flex-right
+				a.uk-button.uk-button-default.uk-button-primary(href="/api/redirect?id="+id) Login
 
 mixin items()
-	.flex
+	div(class="uk-child-width-1-2@m uk-margin-bottom", uk-grid)
 		if(apps)
 			each app in apps
-				+item(app.name, app.access, app.description)
+				+item(app.name, app.id, app.description)
 		else
 			p.text-center No applications were found.
 
 append content
-	if(user)
+	if(session && session.user)
 		.uk-container
 			h1 Apps
 			+items()

bin/web/views/login.pug

@@ -1,14 +1,15 @@
 extends blocks/layout.pug
 append var
-	if(user)
+	if(session && !session.user)
 		- var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "Login", "active": true}};
 		- var title = "Login";
 
 append content
+	if(session && !session.user)
 		.uk-flex.uk-margin-medium-top.uk-margin-medium-bottom
 			div(class="uk-width-auto uk-width-1-4@s")
 			.uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right
-			h1= login_title|| "Please login"
+				h1= login_title || "Please login"
 				form.uk-form-horizontal
 					.uk-margin
 						label.uk-form-label(for="login_user") Username / Email
@@ -18,5 +19,9 @@ append content
 						label.uk-form-label(for="login_pass") Password
 						.uk-form-controls
 							input.uk-input#login_pass(type="password")
-			a(href="/login").uk-button.uk-button-default Login
+				button(onclick="login()").uk-button.uk-button-default Login
 			div(class="uk-width-auto uk-width-1-4@s")
+	else
+		append var
+			- overwrite_vars = (session && session.user) ? true : false;
+		include blocks/error/permission.pug

bin/web/views/logout.pug

@@ -0,0 +1,18 @@
+extends blocks/layout.pug
+append var
+	if(session && session.user)
+		- var breadcrumb = {0: {"name": "authRXBN", "href": "/"}, 1: {"name": "Logout", "active": true}};
+		- var title = "Logout";
+
+append content
+	if(session && session.user)
+		.uk-flex.uk-margin-medium-top.uk-margin-medium-bottom
+			div(class="uk-width-auto uk-width-1-4@s")
+			.uk-flex.uk-flex-auto.uk-flex-column.uk-flex-center.uk-margin-left.uk-margin-right
+				h1 You will be redirected
+				#listener_logout
+			div(class="uk-width-auto uk-width-1-4@s")
+	else
+		append var
+			- overwrite_vars = (session && session.user) ? true : false;
+		include blocks/error/permission.pug

res/web/js/custom.js

@@ -0,0 +1,35 @@
+function login() {
+	let user = document.getElementById("login_user").value;
+	let pass = document.getElementById("login_pass").value;
+
+	let data = {
+		"email": user,
+		"password": pass
+	};
+
+	let ajax = new XMLHttpRequest();
+	ajax.open("POST", "/api/login", true);
+	ajax.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
+	ajax.send(JSON.stringify(data));
+	ajax.onload = () => {
+		let json = JSON.parse(ajax.responseText);
+		if(json.message && json.message == "msg.auth.login.successful") window.location.href= "/";
+	};
+};
+
+function logout() {
+	let ajax = new XMLHttpRequest();
+	ajax.open("GET", "/api/logout", true);
+	ajax.setRequestHeader('Content-Type', 'charset=UTF-8');
+	ajax.send("");
+	ajax.onload = () => {
+		let json = JSON.parse(ajax.responseText);
+		if(json.message && json.message == "msg.auth.logout.successful") window.location.href= "/";
+	};
+}
+setTimeout(function () {
+	if(document.getElementById("listener_logout")) {
+		console.log("logout");
+		logout();
+	}
+}, 100);