Added user management

.gitignore

@@ -138,3 +138,8 @@ dist
 # Vite logs files
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
+
+
+# user files
+
+/responses

.vscode/settings.json

@@ -0,0 +1,13 @@
+{
+    "rest-client.environmentVariables": {
+        "$shared": {},
+        "local": {
+            "host": "localhost",
+            "port": "12345"
+        },
+        "docker": {
+            "host": "localhost",
+            "port": "11001"
+        }
+    }
+}

Dockerfile

@@ -14,6 +14,7 @@ FROM node:${NODE_VERSION}-alpine
 WORKDIR /app
 COPY --from=builder /app/node_modules node_modules/
 COPY --from=builder /app/index.js .
+COPY --from=builder /app/src src/
 USER node
 EXPOSE 12345
 ENV NODE_ENV=production

Readme.md

@@ -0,0 +1,32 @@
+# Jeopardy Server
+
+Der Server für Jeopardy
+
+## Developing
+
+Zum entwickeln am besten `docker compose` nutzen.
+
+```sh
+npm run docker-build
+```
+
+Dann im Jeopardy Projekt die `docker-compose.yml` starten. Eventuell muss dort die `docker-compose.yml` und das `.env.local` angepasst werden, sollte aber eigentlich alles so stimmen.
+
+Ansonsten kann man auch mit `npm run dev` entwickeln.
+
+## Build Production
+
+1. Versionsnummer in `package.json` updaten
+2. commit erstellen und mit Versionsnummer taggen
+3. push des commits **und der tags**
+4. Auf Server connecten
+    ```sh
+    sudo su
+    cd /opt/jeopardy/Jeopardy-Server
+    git fetch --tags
+    git checkout <versionsnummer>
+    docker build -t jeopardy .
+    docker tag jeopardyserver:latest jeopardyserver:<versionsnummer>
+    cd ..
+    docker compose up -d
+    ```

index.js

@@ -1,111 +1,35 @@
-import WebSocket, { WebSocketServer } from 'ws';
+import dotenv from "dotenv";
+dotenv.config();
+import express from "express";
+import expressWs from "express-ws";
+import morgan from "morgan";
+import cookieParser from "cookie-parser";
+import cors from "cors";
+import { initWebsocket } from "./src/websocket.js";
+import { initAuth } from "./src/auth.js";
+import { close as closeDbConnection, initDbConnection, db } from "./src/db.js";
+import { initUsers } from "./src/user.js";
+const app = express();
+const appWs = expressWs(app);
+const port = 12345;
 
-let hostConnection;
+process.on('exit', function() {
-let displayConnection;
+  console.log('Shutting down...');
-
+  console.log('Closing db connection...');
-const wss = new WebSocketServer({
+  closeDbConnection();
-    port: 12345,
-}, () => {
-    console.log("Websocket Server started\nListening on Port 12345")
 });
 
-wss.on('connection', (ws) => {
+app.use(cors({credentials: true, origin: process.env.JEOPARDY_URL}));
-    console.log("Trying to connect");
+app.use(morgan(process.env.production ? 'common' : 'dev'));
-    ws.on('error', console.error);
+app.use(express.json());
+app.use(cookieParser());
 
-    ws.on('message', (data) => {
+await initDbConnection();
-        if (ws == hostConnection || ws == displayConnection) return;
-        console.log('received: %s', data);
-        if (data == "HOST") {
-            if (hostConnection === undefined) {
-                hostConnection = ws;
-                initHostConnection();
-            }
-            else
-            {
-                ws.send("ERROR HOST");
-                ws.close();
-            }
-        } else if (data == "DISPLAY") {
-            if (displayConnection === undefined) {
-                displayConnection = ws;
-                initDisplayConnection();
-            }
-            else
-            {
-                ws.send("ERROR DISPLAY");
-                ws.close();
-            }
-        }
-        else
-        {
-            ws.send("ERROR MESSAGE");
-            ws.close();
-        }
-    })
 
-    // ws.send('Connected to server');
+initAuth(app, db);
+initUsers(app, db);
+initWebsocket(app);
+
+app.listen(port, () => {
+    console.log(`Listening on port ${port}`);
 });
-
-function initHostConnection() {
-    console.log("Initialize Host connection...");
-
-    hostConnection.on('message', (data) => {
-        console.log("[HOST] " + data);
-        if (displayConnection) {
-            displayConnection.send("" + data);
-        }
-    });
-
-    hostConnection.on('error', (data) => {
-        console.error("[HOST] " + data);
-        hostConnection = undefined;
-        if (displayConnection) {
-            displayConnection.send("HOST-DISCONNECTED");
-        }
-    });
-
-    hostConnection.on('close', (code, reason) => {
-        console.error("[HOST] " + code + " " + reason);
-        hostConnection = undefined;
-        if (displayConnection) {
-            displayConnection.send("HOST-DISCONNECTED");
-        }
-    });
-
-    hostConnection.send("HOST");
-    if (displayConnection) {
-        displayConnection.send("HOST-CONNECTED");
-        hostConnection.send("DISPLAY-CONNECTED");
-    }
-}
-
-function initDisplayConnection() {
-    console.log("Initialize Display connection...");
-
-    displayConnection.on('message', (data) => {
-        console.log("[DISPLAY] " + data);
-    });
-
-    displayConnection.on('error', (data) => {
-        console.error("[DISPLAY] " + data);
-        displayConnection = undefined;
-        if (hostConnection) {
-            hostConnection.send("DISPLAY-DISCONNECTED");
-        }
-    });
-
-    displayConnection.on('close', (code, reason) => {
-        console.error("[DISPLAY] " + code + " " + reason);
-        displayConnection = undefined;
-        if (hostConnection) {
-            hostConnection.send("DISPLAY-DISCONNECTED");
-        }
-    });
-
-    displayConnection.send("DISPLAY");
-    if (hostConnection) {
-        hostConnection.send("DISPLAY-CONNECTED");
-        displayConnection.send("HOST-CONNECTED");
-    }
-}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "jeopardyserver",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "",
   "license": "ISC",
   "author": "",
@@ -11,6 +11,17 @@
     "docker-build": "docker build -t jeopardyserver ."
   },
   "dependencies": {
+    "@types/express": "^5.0.3",
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.5",
+    "dotenv": "^17.2.3",
+    "express": "^5.1.0",
+    "express-ws": "^5.0.2",
+    "mongodb": "^6.20.0",
+    "morgan": "^1.10.1",
     "ws": "^8.18.3"
+  },
+  "devDependencies": {
+    "@types/node": "^24.6.0"
   }
 }

requests/auth.http

@@ -0,0 +1,14 @@
+
+@url = http://{{host}}:{{port}}
+
+POST {{url}}/auth/login HTTP/1.1
+content-type: application/json
+
+{
+    "username": "jonas",
+    "password": "paula"
+}
+
+###
+
+GET {{url}}/auth HTTP/1.1

requests/user.http

@@ -0,0 +1,45 @@
+@url = http://{{host}}:{{port}}
+
+PUT {{url}}/admin/user HTTP/1.1
+Content-Type: application/json
+
+{
+    "username": "Paula"
+}
+
+###
+
+GET {{url}}/admin/user/list HTTP/1.1
+
+###
+
+POST {{url}}/admin/user/resetpw HTTP/1.1
+Content-Type: application/json
+
+{
+    "userid": "68e1058faf78b3aabbdfe8dc"
+}
+
+###
+
+GET {{url}}/admin/roles HTTP/1.1
+
+###
+
+POST {{url}}/admin/user/changerole HTTP/1.1
+Content-Type: application/json
+
+{
+    "userid": "68e0efc6e4ac740114d8fc9d",
+    "role": "default"
+}
+
+###
+
+POST {{url}}/user/changepw HTTP/1.1
+Content-Type: application/json
+
+{
+    "old": "DkgnWspm4To2ww==",
+    "new": "Kolata"
+}

src/auth.js

@@ -0,0 +1,114 @@
+import { createUser, generateHash, updateSessionToken } from "./userHelper.js";
+
+let db;
+let users;
+
+export function initAuth(app, db) {
+    app.use(checkSessionToken);
+    app.use('/admin', checkAuthorization('admin'));
+    users = db.collection('users');
+    app.get('/auth', getUserInfo);
+    app.post('/auth/login', loginUser);
+}
+
+async function getUserInfo(req, res) {
+    const sessiontoken = await updateSessionToken(users, req.user._id);
+
+    setTokenCookie(res, sessiontoken);
+
+    res.status(200).send({
+        username: req.user.username,
+        role: req.user.role,
+        _id: req.user._id
+    });
+}
+
+async function checkSessionToken(req, res, next) {
+    if (req.path.startsWith("/auth/")) {
+        next();
+        return;
+    }
+
+    const token = req.cookies.jeopardytoken;
+    
+    let user = await users.findOne({sessiontoken: token});
+
+    if (user === null) {
+        res.sendStatus(401);
+        return;
+    }
+
+    req.user = {
+        role: user.role,
+        username: user.username,
+        _id: user._id
+    }
+
+    next();
+}
+
+function checkAuthorization(role) {
+    return (req, res, next) => {        
+        if (req.user === undefined) {
+            res.status(403).send();
+            return;
+        }
+
+        if (req.user.role === role) {
+            next();
+        } else {
+            res.status(403).send();
+        }
+    }
+}
+
+async function loginUser(req, res) {
+    const username = req.body.username;
+    const password = req.body.password;
+
+    let userCount = await users.estimatedDocumentCount();
+    let userobj = null;
+    if (userCount <= 0) {
+        // create first user
+        userobj = await createUser(users, username, password, 'admin', true);
+    } else {
+        // authenticate user
+        userobj = await authenticateUser(username, password);
+    }
+
+    if (userobj !== null) {
+        setTokenCookie(res, userobj.sessiontoken);
+
+        res.status(200).send({username: userobj.username, role: userobj.role, _id: userobj._id});
+    } else {
+        res.sendStatus(403);
+    }
+}
+
+export async function authenticateUser(username, password, updateSession = true) {
+    let foundUser = await users.findOne({username});
+    if (foundUser === null) return null;
+
+    const hash = generateHash(password, foundUser.salt, foundUser.iterations);
+
+    if (hash === foundUser.hash) {
+        if (updateSession) {
+            let sessiontoken =  await updateSessionToken(users, foundUser._id);
+            return {sessiontoken, username, role: foundUser.role, _id: foundUser._id};
+        } else {
+            return {sessiontoken: foundUser.sessiontoken, username, role: foundUser.role, _id: foundUser._id};
+        }
+    }
+
+    return null;
+}
+
+function setTokenCookie(res, sessiontoken) {
+    const expires = new Date();
+    expires.setDate(expires.getDate() + 1);
+
+    res.cookie('jeopardytoken', sessiontoken, {
+        maxAge: 1e3 * 60 * 60 * 24,
+        path: "/"
+    })
+}

src/db.js

@@ -0,0 +1,21 @@
+import { MongoClient } from "mongodb";
+
+let client;
+
+const dbName = `jeopardy`;
+
+/**
+ * @type {Db}
+ */
+export let db;
+
+export async function initDbConnection() {
+    client = new MongoClient(`mongodb://${process.env.JEOPARDYSERVER_MONGO_USERNAME}:${process.env.JEOPARDYSERVER_MONGO_PASSWORD}@${process.env.JEOPARDYSERVER_MONGO_URL}/`);
+    await client.connect();
+    console.log('Connected successfully to mongodb');
+    db = client.db(dbName);
+}
+
+export function close() {
+    client.close();
+}

src/roles.js

@@ -0,0 +1,12 @@
+export const roles = [
+    "admin",
+    "default"
+]
+
+/**
+ * 
+ * @param {string} newrole 
+ */
+export function isValidRole(newrole) {
+    return roles.includes(newrole);
+}

src/user.js

@@ -0,0 +1,114 @@
+import { ObjectId } from "mongodb";
+import { createUser as userHelperCreateUser, generateSessionToken, updatePassword, userExists } from "./userHelper.js";
+import { isValidRole, roles } from "./roles.js";
+import { authenticateUser } from "./auth.js";
+
+let db;
+let users;
+
+export function initUsers(app, db) {
+    users = db.collection('users');
+    app.put('/admin/user', createUser);
+    app.get('/admin/user/list', userlist);
+    app.post('/admin/user/resetpw', resetpassword);
+    app.post('/admin/user/changerole', changerole);
+    app.get('/admin/roles', getRoles);
+    app.post('/user/changepw', changePassword);
+}
+
+async function createUser(req, res) {
+    const username = req.body.username;
+    // check if user exists
+    let foundUser = await users.findOne({username});
+
+    if (foundUser !== null) {
+        res.status(400).send();
+        return;
+    }
+
+    const password = generateSessionToken(10);
+
+    const userobj = await userHelperCreateUser(users, username, password, 'default', false);
+
+    res.status(200).send({
+        username: userobj.username,
+        role: userobj.role,
+        _id: userobj._id,
+        password
+    });
+}
+
+async function userlist(req, res) {
+    const result = await users.find().project({
+            username: 1,
+            role: 1
+        }).toArray();
+
+    res.status(200).send(result);
+}
+
+async function resetpassword(req, res) {
+    /** @type {string} */
+    const userid = req.body.userid;
+    const _id = new ObjectId(userid);
+
+    const foundUser = userExists(res, users, _id);
+    if (foundUser === null) return;
+
+    const password = generateSessionToken(10);
+
+    await updatePassword(users, _id, password, false);
+    res.status(200).send({
+        _id: userid,
+        username: foundUser.username,
+        role: foundUser.role,
+        password
+    });
+}
+
+async function changerole(req, res) {
+    /** @type {string} */
+    const userid = req.body.userid;
+    const _id = new ObjectId(userid);
+    const newrole = req.body.role;
+
+    if (!isValidRole(newrole)) {
+        res.status(400).send();
+        return;
+    }
+
+    const foundUser = await userExists(res, users, _id);
+    if (foundUser === null) return;
+
+    await users.updateOne({_id}, {
+        $set: {
+            role: newrole
+        }
+    });
+
+    res.status(200).send({
+        _id,
+        username: foundUser.username,
+        role: newrole
+    });
+}
+
+function getRoles(req, res) {
+    res.status(200).send(roles);
+}
+
+async function changePassword(req, res) {
+    const oldpassword = req.body.old;
+    const newpassword = req.body.new;
+
+    const userobj = await authenticateUser(req.user.username, oldpassword, false);
+
+    if (userobj === null) {
+        res.status(400).send();
+        return;
+    }
+
+    await updatePassword(users, req.user._id, newpassword, false);
+
+    res.status(200).send();
+}

src/userHelper.js

@@ -0,0 +1,76 @@
+import { pbkdf2Sync, randomBytes } from "node:crypto";
+
+export async function createUser(collection, username, password, role, withSession = true) {
+    const {salt, iterations, hash} = createHash(password);
+
+    let sessiontoken = "";
+    if (withSession) {
+        sessiontoken = generateSessionToken();
+    }
+
+    const result = await collection.insertOne({
+        username,
+        role,
+        salt,
+        iterations,
+        hash,
+        sessiontoken
+    });
+
+    return {sessiontoken, username, role, _id: result.insertedId};
+}
+
+export async function updatePassword(collection, _id, password, keepSession = true) {
+    const {salt, iterations, hash} = createHash(password);
+
+    if (keepSession) {
+        await collection.updateOne({_id}, {$set: {
+            salt,
+            iterations,
+            hash
+        }});
+    } else {
+        await collection.updateOne({_id}, {$set: {
+            salt,
+            iterations,
+            hash,
+            sessiontoken: ""
+        }});
+    }
+}
+
+export function generateSessionToken(length = 128, encoding = 'base64') {
+    return randomBytes(length).toString(encoding);
+}
+
+export function generateHash(password, salt, iterations) {
+    return pbkdf2Sync(password, salt, iterations, 128, 'sha512').toString('hex');
+}
+
+export async function updateSessionToken(collection, _id) {
+    const sessiontoken = generateSessionToken();
+    await collection.updateOne({_id: _id}, {$set: {
+        sessiontoken
+    }});
+    return sessiontoken;
+}
+
+export async function userExists(res, collection, _id) {
+    const foundUser = await collection.findOne({_id});
+
+    if (foundUser === null) {
+        res.status(400).send();
+    }
+
+    return foundUser;
+}
+
+function createHash(password) {
+    const salt = randomBytes(128).toString('base64');
+    const iterations = Math.floor(Math.random() * 5000) + 5000;
+    const hash = generateHash(password, salt, iterations);
+
+    return {
+        salt, hash, iterations
+    }
+}

src/websocket.js

@@ -0,0 +1,103 @@
+let hostConnection;
+let displayConnection;
+
+function initHostConnection() {
+    console.log("Initialize Host connection...");
+
+    hostConnection.on('message', (data) => {
+        console.log("[HOST] " + data);
+        if (displayConnection) {
+            displayConnection.send("" + data);
+        }
+    });
+
+    hostConnection.on('error', (data) => {
+        console.error("[HOST] " + data);
+        hostConnection = undefined;
+        if (displayConnection) {
+            displayConnection.send("HOST-DISCONNECTED");
+        }
+    });
+
+    hostConnection.on('close', (code, reason) => {
+        console.error("[HOST] " + code + " " + reason);
+        hostConnection = undefined;
+        if (displayConnection) {
+            displayConnection.send("HOST-DISCONNECTED");
+        }
+    });
+
+    hostConnection.send("HOST");
+    if (displayConnection) {
+        displayConnection.send("HOST-CONNECTED");
+        hostConnection.send("DISPLAY-CONNECTED");
+    }
+}
+
+function initDisplayConnection() {
+    console.log("Initialize Display connection...");
+
+    displayConnection.on('message', (data) => {
+        console.log("[DISPLAY] " + data);
+    });
+
+    displayConnection.on('error', (data) => {
+        console.error("[DISPLAY] " + data);
+        displayConnection = undefined;
+        if (hostConnection) {
+            hostConnection.send("DISPLAY-DISCONNECTED");
+        }
+    });
+
+    displayConnection.on('close', (code, reason) => {
+        console.error("[DISPLAY] " + code + " " + reason);
+        displayConnection = undefined;
+        if (hostConnection) {
+            hostConnection.send("DISPLAY-DISCONNECTED");
+        }
+    });
+
+    displayConnection.send("DISPLAY");
+    if (hostConnection) {
+        hostConnection.send("DISPLAY-CONNECTED");
+        displayConnection.send("HOST-CONNECTED");
+    }
+}
+
+export function initWebsocket(app) {
+    app.ws("/websocket", (ws, req) => {
+        console.log("Trying to connect");
+        ws.on('error', console.error);
+
+        ws.on('message', (data) => {
+            if (ws == hostConnection || ws == displayConnection) return;
+            console.log('received: %s', data);
+            if (data == "HOST") {
+                if (hostConnection === undefined) {
+                    hostConnection = ws;
+                    initHostConnection();
+                }
+                else
+                {
+                    ws.send("ERROR HOST");
+                    ws.close();
+                }
+            } else if (data == "DISPLAY") {
+                if (displayConnection === undefined) {
+                    displayConnection = ws;
+                    initDisplayConnection();
+                }
+                else
+                {
+                    ws.send("ERROR DISPLAY");
+                    ws.close();
+                }
+            }
+            else
+            {
+                ws.send("ERROR MESSAGE");
+                ws.close();
+            }
+        })
+    });
+}