Trushy/Jeopardy-Server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added user management

Browse Source
This commit is contained in:
Jonas Kappa
2025-10-04 13:40:30 +02:00
parent a197d9bd3b
commit 34696a1fc8
10 changed files with 308 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
src/auth.js
View File

@@ -1,14 +1,28 @@
import { createHash, pbkdf2Sync, randomBytes } from "node:crypto";
import { createUser, generateHash, updateSessionToken } from "./userHelper.js";
let db;
let users;
export function initAuth(app, db) {
app.use(checkSessionToken);
app.use('/admin', checkAuthorization('admin'));
users = db.collection('users');
app.get('/auth', getUserInfo);
app.post('/auth/login', loginUser);
}
async function getUserInfo(req, res) {
const sessiontoken = await updateSessionToken(users, req.user._id);
setTokenCookie(res, sessiontoken);
res.status(200).send({
username: req.user.username,
role: req.user.role,
_id: req.user._id
});
}
async function checkSessionToken(req, res, next) {
if (req.path.startsWith("/auth/")) {
next();
@@ -26,81 +40,75 @@ async function checkSessionToken(req, res, next) {
req.user = {
role: user.role,
username: user.username
username: user.username,
_id: user._id
}
next();
}
function checkAuthorization(role) {
return (req, res, next) => {
if (req.user === undefined) {
res.status(403).send();
return;
}
if (req.user.role === role) {
next();
} else {
res.status(403).send();
}
}
}
async function loginUser(req, res) {
const username = req.body.username;
const password = req.body.password;
let userCount = await users.estimatedDocumentCount();
let sessiontoken = null;
let userobj = null;
if (userCount <= 0) {
// create first user
sessiontoken = await createUser(username, password, 'admin');
userobj = await createUser(users, username, password, 'admin', true);
} else {
// authenticate user
sessiontoken = await authenticateUser(username, password);
userobj = await authenticateUser(username, password);
}
if (sessiontoken !== null) {
const expires = new Date();
expires.setDate(expires.getDate() + 1);
if (userobj !== null) {
setTokenCookie(res, userobj.sessiontoken);
res.cookie('jeopardytoken', sessiontoken, {
maxAge: 1e3 * 60 * 60 * 24,
path: "/"
})
res.status(200).send(username);
res.status(200).send({username: userobj.username, role: userobj.role, _id: userobj._id});
} else {
res.sendStatus(403);
}
}
async function createUser(username, password, role) {
const salt = randomBytes(128).toString('base64');
const iterations = Math.floor(Math.random() * 5000) + 5000;
const hash = generateHash(password, salt, iterations);
const sessiontoken = generateSessionToken();
await users.insertOne({
username,
role,
salt,
iterations,
hash,
sessiontoken
});
return sessiontoken;
}
async function authenticateUser(username, password) {
export async function authenticateUser(username, password, updateSession = true) {
let foundUser = await users.findOne({username});
if (foundUser === null) return null;
const hash = generateHash(password, foundUser.salt, foundUser.iterations);
if (hash === foundUser.hash) {
const sessiontoken = generateSessionToken();
await users.updateOne({_id: foundUser._id}, {$set: {
sessiontoken
}});
return sessiontoken;
if (updateSession) {
let sessiontoken = await updateSessionToken(users, foundUser._id);
return {sessiontoken, username, role: foundUser.role, _id: foundUser._id};
} else {
return {sessiontoken: foundUser.sessiontoken, username, role: foundUser.role, _id: foundUser._id};
}
}
return null;
}
function generateSessionToken() {
return randomBytes(128).toString('base64');
}
function setTokenCookie(res, sessiontoken) {
const expires = new Date();
expires.setDate(expires.getDate() + 1);
function generateHash(password, salt, iterations) {
return pbkdf2Sync(password, salt, iterations, 128, 'sha512').toString('hex');
res.cookie('jeopardytoken', sessiontoken, {
maxAge: 1e3 * 60 * 60 * 24,
path: "/"
})
}