Notes/src/routes/login.js

"use strict";

const utils = require('../services/utils');
const optionService = require('../services/options');
const myScryptService = require('../services/my_scrypt');
const log = require('../services/log');
const sqlInit = require("../services/sql_init.js");
const optionsInitService = require("../services/options_init.js");

function loginPage(req, res) {
    res.render('login', { failedAuth: false });
}

function setPasswordPage(req, res) {
    res.render('set_password', { error: false });
}

function setPassword(req, res) {
    if (sqlInit.isPasswordSet()) {
        return [400, "Password has been already set"];
    }

    let {password1, password2} = req.body;
    password1 = password1.trim();
    password2 = password2.trim();

    let error;

    if (password1 !== password2) {
        error = "Entered passwords don't match.";
    } else if (password1.length < 4) {
        error = "Password must be at least 4 characters long.";
    }

    if (error) {
        res.render('set_password', { error });
        return;
    }

    optionsInitService.initPassword(password1);

    res.redirect('login');
}

function login(req, res) {
    const guessedPassword = req.body.password;

    if (verifyPassword(guessedPassword)) {
        const rememberMe = req.body.remember_me;

        req.session.regenerate(() => {
            if (rememberMe) {
                req.session.cookie.maxAge = 21 * 24 * 3600000;  // 3 weeks
            } else {
                req.session.cookie.expires = false;
            }

            req.session.loggedIn = true;
            res.redirect('.');
        });
    }
    else {
        // note that logged IP address is usually meaningless since the traffic should come from a reverse proxy
        log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);

        res.render('login', {'failedAuth': true});
    }
}

function verifyPassword(guessedPassword) {
    const hashed_password = utils.fromBase64(optionService.getOption('passwordVerificationHash'));

    const guess_hashed = myScryptService.getVerificationHash(guessedPassword);

    return guess_hashed.equals(hashed_password);
}

function logout(req, res) {
    req.session.regenerate(() => {
        req.session.loggedIn = false;

        res.redirect('login');
    });

}

module.exports = {
    loginPage,
    setPasswordPage,
    setPassword,
    login,
    logout
};
use strict in all JS files 2017-10-21 21:10:33 -04:00			`"use strict";`

reorganization of source code 2017-10-15 19:47:05 -04:00			`const utils = require('../services/utils');`
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00			`const optionService = require('../services/options');`
			`const myScryptService = require('../services/my_scrypt');`
log warning about unsucessful login 2021-04-19 21:41:29 +02:00			`const log = require('../services/log');`
set password from web trilium 2021-12-29 23:37:12 +01:00			`const sqlInit = require("../services/sql_init.js");`
			`const optionsInitService = require("../services/options_init.js");`
node authentication 2017-10-15 16:32:49 -04:00
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`function loginPage(req, res) {`
			`res.render('login', { failedAuth: false });`
			`}`
node authentication 2017-10-15 16:32:49 -04:00
set password WIP 2021-12-29 23:19:05 +01:00			`function setPasswordPage(req, res) {`
set password from web trilium 2021-12-29 23:37:12 +01:00			`res.render('set_password', { error: false });`
set password WIP 2021-12-29 23:19:05 +01:00			`}`

set password from web trilium 2021-12-29 23:37:12 +01:00			`function setPassword(req, res) {`
			`if (sqlInit.isPasswordSet()) {`
			`return [400, "Password has been already set"];`
			`}`

			`let {password1, password2} = req.body;`
			`password1 = password1.trim();`
			`password2 = password2.trim();`

			`let error;`

			`if (password1 !== password2) {`
			`error = "Entered passwords don't match.";`
			`} else if (password1.length < 4) {`
			`error = "Password must be at least 4 characters long.";`
			`}`
node authentication 2017-10-15 16:32:49 -04:00
set password from web trilium 2021-12-29 23:37:12 +01:00			`if (error) {`
			`res.render('set_password', { error });`
			`return;`
			`}`

			`optionsInitService.initPassword(password1);`

			`res.redirect('login');`
			`}`

			`function login(req, res) {`
node authentication 2017-10-15 16:32:49 -04:00			`const guessedPassword = req.body.password;`

set password from web trilium 2021-12-29 23:37:12 +01:00			`if (verifyPassword(guessedPassword)) {`
remember me reimplemented 2017-10-16 19:14:15 -04:00			`const rememberMe = req.body.remember_me;`
node authentication 2017-10-15 16:32:49 -04:00
regenerate session after login/logout 2017-10-15 20:16:30 -04:00			`req.session.regenerate(() => {`
remember me reimplemented 2017-10-16 19:14:15 -04:00			`if (rememberMe) {`
			`req.session.cookie.maxAge = 21 * 24 * 3600000; // 3 weeks`
			`} else {`
			`req.session.cookie.expires = false;`
			`}`

regenerate session after login/logout 2017-10-15 20:16:30 -04:00			`req.session.loggedIn = true;`
fix redirect after login 2019-05-22 21:25:13 +02:00			`res.redirect('.');`
regenerate session after login/logout 2017-10-15 20:16:30 -04:00			`});`
node authentication 2017-10-15 16:32:49 -04:00			`}`
			`else {`
log warning about unsucessful login 2021-04-19 21:41:29 +02:00			`// note that logged IP address is usually meaningless since the traffic should come from a reverse proxy`
set password from web trilium 2021-12-29 23:37:12 +01:00			log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
log warning about unsucessful login 2021-04-19 21:41:29 +02:00
node authentication 2017-10-15 16:32:49 -04:00			`res.render('login', {'failedAuth': true});`
			`}`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`}`
node authentication 2017-10-15 16:32:49 -04:00
syncification 2020-06-20 12:31:38 +02:00			`function verifyPassword(guessedPassword) {`
			`const hashed_password = utils.fromBase64(optionService.getOption('passwordVerificationHash'));`
node authentication 2017-10-15 16:32:49 -04:00
syncification 2020-06-20 12:31:38 +02:00			`const guess_hashed = myScryptService.getVerificationHash(guessedPassword);`
node authentication 2017-10-15 16:32:49 -04:00
			`return guess_hashed.equals(hashed_password);`
			`}`

converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`function logout(req, res) {`
			`req.session.regenerate(() => {`
			`req.session.loggedIn = false;`

fix login/logout redirects when not in the document root 2019-04-11 22:04:36 +02:00			`res.redirect('login');`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`});`

			`}`

			`module.exports = {`
			`loginPage,`
set password WIP 2021-12-29 23:19:05 +01:00			`setPasswordPage,`
set password from web trilium 2021-12-29 23:37:12 +01:00			`setPassword,`
converted of web (non-api) routes, basic conversion completed 2018-03-30 19:31:22 -04:00			`login,`
			`logout`
			`};`