Notes/src/routes/login.js

"use strict";

const utils = require('../services/utils');
const optionService = require('../services/options');
const myScryptService = require('../services/my_scrypt');
const log = require('../services/log');

function loginPage(req, res) {
    res.render('login', { failedAuth: false });
}

function setPasswordPage(req, res) {
    res.render('set_password', { failed: false });
}

function login(req, res) {
    const userName = optionService.getOption('username');

    const guessedPassword = req.body.password;

    if (req.body.username === userName && verifyPassword(guessedPassword)) {
        const rememberMe = req.body.remember_me;

        req.session.regenerate(() => {
            if (rememberMe) {
                req.session.cookie.maxAge = 21 * 24 * 3600000;  // 3 weeks
            } else {
                req.session.cookie.expires = false;
            }

            req.session.loggedIn = true;
            res.redirect('.');
        });
    }
    else {
        // note that logged IP address is usually meaningless since the traffic should come from a reverse proxy
        log.info(`WARNING: Wrong username / password from ${req.ip}, rejecting.`);

        res.render('login', {'failedAuth': true});
    }
}

function verifyPassword(guessedPassword) {
    const hashed_password = utils.fromBase64(optionService.getOption('passwordVerificationHash'));

    const guess_hashed = myScryptService.getVerificationHash(guessedPassword);

    return guess_hashed.equals(hashed_password);
}

function logout(req, res) {
    req.session.regenerate(() => {
        req.session.loggedIn = false;

        res.redirect('login');
    });

}

module.exports = {
    loginPage,
    setPasswordPage,
    login,
    logout
};
use strict in all JS files 2017-10-21 21:10:33 -04:00			`"use strict";`

reorganization of source code 2017-10-15 19:47:05 -04:00			`const utils = require('../services/utils');`
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00			`const optionService = require('../services/options');`
			`const myScryptService = require('../services/my_scrypt');`
log warning about unsucessful login 2021-04-19 21:41:29 +02:00			`const log = require('../services/log');`
node authentication 2017-10-15 16:32:49 -04:00
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`function loginPage(req, res) {`
			`res.render('login', { failedAuth: false });`
			`}`
node authentication 2017-10-15 16:32:49 -04:00
set password WIP 2021-12-29 23:19:05 +01:00			`function setPasswordPage(req, res) {`
			`res.render('set_password', { failed: false });`
			`}`

syncification 2020-06-20 12:31:38 +02:00			`function login(req, res) {`
			`const userName = optionService.getOption('username');`
node authentication 2017-10-15 16:32:49 -04:00
			`const guessedPassword = req.body.password;`

syncification 2020-06-20 12:31:38 +02:00			`if (req.body.username === userName && verifyPassword(guessedPassword)) {`
remember me reimplemented 2017-10-16 19:14:15 -04:00			`const rememberMe = req.body.remember_me;`
node authentication 2017-10-15 16:32:49 -04:00
regenerate session after login/logout 2017-10-15 20:16:30 -04:00			`req.session.regenerate(() => {`
remember me reimplemented 2017-10-16 19:14:15 -04:00			`if (rememberMe) {`
			`req.session.cookie.maxAge = 21 * 24 * 3600000; // 3 weeks`
			`} else {`
			`req.session.cookie.expires = false;`
			`}`

regenerate session after login/logout 2017-10-15 20:16:30 -04:00			`req.session.loggedIn = true;`
fix redirect after login 2019-05-22 21:25:13 +02:00			`res.redirect('.');`
regenerate session after login/logout 2017-10-15 20:16:30 -04:00			`});`
node authentication 2017-10-15 16:32:49 -04:00			`}`
			`else {`
log warning about unsucessful login 2021-04-19 21:41:29 +02:00			`// note that logged IP address is usually meaningless since the traffic should come from a reverse proxy`
			log.info(`WARNING: Wrong username / password from ${req.ip}, rejecting.`);

node authentication 2017-10-15 16:32:49 -04:00			`res.render('login', {'failedAuth': true});`
			`}`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`}`
node authentication 2017-10-15 16:32:49 -04:00
syncification 2020-06-20 12:31:38 +02:00			`function verifyPassword(guessedPassword) {`
			`const hashed_password = utils.fromBase64(optionService.getOption('passwordVerificationHash'));`
node authentication 2017-10-15 16:32:49 -04:00
syncification 2020-06-20 12:31:38 +02:00			`const guess_hashed = myScryptService.getVerificationHash(guessedPassword);`
node authentication 2017-10-15 16:32:49 -04:00
			`return guess_hashed.equals(hashed_password);`
			`}`

converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`function logout(req, res) {`
			`req.session.regenerate(() => {`
			`req.session.loggedIn = false;`

fix login/logout redirects when not in the document root 2019-04-11 22:04:36 +02:00			`res.redirect('login');`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`});`

			`}`

			`module.exports = {`
			`loginPage,`
set password WIP 2021-12-29 23:19:05 +01:00			`setPasswordPage,`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`login,`
			`logout`
			`};`