RochesterX/PasswordManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c896e711ac017d3b8c55dcd55091f3da7289ea5
PasswordManager/server.js
RochesterX 2c896e711a First working prototype
2026-03-09 16:31:40 -04:00

277 lines
8.2 KiB
JavaScript
Raw Blame History

const express = require("express");
const sqlite = require("better-sqlite3");
const bcrypt = require("bcrypt");
const cors = require("cors");
const jwt = require("jsonwebtoken")
const dotenv = require("dotenv");
const Database = require("better-sqlite3");
const serverPort = 3001;
const dev = process.argv.length > 2 && process.argv[2] == "-dev";
const app = express();
app.use(express.json());
app.use((req, res, next) =>{
if (req.path.endsWith(".html")) {
res.redirect(req.path.replace(".html", ""));
return;
}
next();
})
app.use(express.static("public"))
app.use(cors({
origin: [
"https://project.rochesterx.dev",
"https://localhost:3001"
]
}));
const db = new Database("project.db");
db.pragma("journal_mode = WAL")
dotenv.config();
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) {
throw new Error("JWT_SECRET not set in environment.");
}
app.post("/register", async (req, res) => {
const { username, password, role, salt } = req.body;
try {
const hash = await bcrypt.hash(password, 10);
const inputs = {
username: username,
hash: hash,
role: role,
salt: salt
}
const query = db.prepare("INSERT INTO Users (Username, PasswordHash, Role, CreatedAt, Salt) VALUES (@username, @hash, @role, datetime('now'), @salt)");
query.run(inputs);
res.send({ success: true, message: "User registered" })
} catch (err) {
if (err.message.includes("UNIQUE")) {
res.status(500).send({ success: false, message: `Username "${username}" is already taken.` });
return;
}
res.status(500).send({ success: false, message: err.message });
}
});
app.post("/login", async (req, res) => {
const { username, password } = req.body;
//try {
const query = db.prepare("SELECT * FROM Users WHERE Username = @username");
const results = query.all({ username: username });
if (results.length == 0) return res.status(400).send({ message: "User not found" });
const hash = results[0].PasswordHash;
const isDeleted = results[0].IsDeleted;
if (isDeleted === true) {
return res.status(400).json({ message: "User not found (deleted)" })
}
const match = await bcrypt.compare(password, hash);
if (match){
const token = jwt.sign(results[0], JWT_SECRET, { expiresIn: "1h" });
res.send({
success: true,
message: "Login successful",
token,
salt: results[0].Salt
});
const update = db.prepare("UPDATE Users SET LastLogin = datetime('now') WHERE Username = @username");
update.run({ username: username });
console.log("Issued token: " + JSON.stringify(token))
}
else res.status(401).send({ success: false, message: "Invalid credentials" });
//} catch (err) {
// res.status(500).send({ success: false, message: err.message });
//}
});
app.post("/getSalt", async (req, res) => {
const { username } = req.body;
try {
const query = db.prepare("SELECT * FROM Users WHERE Username = @username");
const results = query.all({ username: username });
if (results.length == 0) return res.status(400).send({ message: "User not found" });
const isDeleted = results[0].IsDeleted;
if (isDeleted === true) {
return res.status(400).json({ message: "User not found (deleted)" })
}
res.send({
salt: results[0].Salt
});
} catch (err) {
res.status(500).send({ success: false, message: err.message });
}
});
app.post("/setPassword", authenticate, async (req, res) => {
try {
const { name, iv, password } = req.body;
const inputs = {
name: name,
userID: req.user.Id,
iv: iv,
password: password
}
const query = db.prepare("INSERT INTO Passwords (Name, UserID, Password, IV) VALUES (@name, @userID, @password, @iv)");
query.run(inputs);
res.status(200).json({ success: true, message: "Success" });
} catch (err) {
res.status(500).json({ success: false, message: err.message });
}
});
app.post("/updatePassword", authenticate, async (req, res) => {
try {
const { name, iv, password } = req.body;
const inputs = {
name: name,
userID: req.user.Id,
iv: iv,
password: password
}
const query = db.prepare("UPDATE Passwords SET Password = @password, IV = @iv WHERE UserID = @userID AND Name = @name");
query.run(inputs);
res.status(200).json({ success: true, message: "Success" });
} catch (err) {
res.status(500).json({ success: false, message: err.message });
}
});
app.post("/getPassword", authenticate, async (req, res) => {
try {
const { name } = req.body;
const query = db.prepare("SELECT * FROM Passwords WHERE UserID = @userID AND Name = @name");
const results = query.all({ userID: req.user.Id, name: name});
if (results.length == 0) {
res.status(500).json({ success: false, message: `No password with name ${name}` });
return;
}
if (results.length > 1) {
res.status(500).json({ success: false, message: `More than one password with name ${name}` });
return;
}
res.status(200).json({ password: results[0].Password, iv: results[0].IV, success: true, message: "Success" });
} catch (err) {
res.status(500).json({ success: false, message: err.message });
}
});
app.post("/getWatchlist", authenticate, async (req, res) => {
const { id } = req.body;
const query = db.prepare(`SELECT Player.PlayerName, Player.Team, Player.Position, Player.PlayerID FROM Watch JOIN Player ON Watch.PlayerID = Player.PlayerID WHERE UserID = @userID ORDER BY Player.PlayerName`);
const watchlist = query.all({
userID: req.user.Id,
id: id
});
res.status(200).json({ watchlist: watchlist });
});
app.post("/getInfo", authenticate, async (req, res) => {
const userData = req.user;
res.status(200).json(userData);
});
app.post("/delete", authenticate, async (req, res) => {
let { username, actor } = req.body;
if (username === true) {
username = req.user.Username;
}
if (actor === true) {
actor = req.user.Username;
}
console.log(`Deleting user ${username}`);
const query = ("UPDATE Users SET IsDeleted = 1, DeletedAt = datetime('now'), DeletedBy = @actor WHERE Username = @username");
query.run({
username: username,
actor: actor
});
console.log(`User ${username} deleted`);
res.status(200).json({ message: `User "${username}" deleted.` });
});
async function authenticate(req, res, next) {
try {
const authenticationHeader = req.headers["authorization"];
console.log("authenticationheader: " + authenticationHeader);
const token = authenticationHeader.split(" ")[1];
console.log(JSON.stringify(authenticationHeader));
const decoded = jwt.verify(token, JWT_SECRET);
req.user = decoded;
console.log(req.user);
console.log(decoded.Username + " authenticated");
} catch (error) {
console.log("Authentication header missing");
console.log(error);
res.status(401).json({ message: "You are not logged in", error: error, logout: true });
return;
}
next();
}
app.get("/player/:id", (req, res) => {
res.sendFile(__dirname + "/public/player.html");
})
app.get("/search", (req, res) => {
res.sendFile(__dirname + "/public/search.html");
})
app.get("/home", (req, res) => {
res.sendFile(__dirname + "/public/home.html");
})
app.get("/info", (req, res) => {
res.sendFile(__dirname + "/public/info.html");
})
app.get("/register", (req, res) => {
res.sendFile(__dirname + "/public/register.html");
})
app.get("/login", (req, res) => {
res.sendFile(__dirname + "/public/login.html");
})
app.listen(serverPort, "0.0.0.0", () => console.log(`Running ${dev ? "dev " : ""}server on port ${serverPort}`));
Reference in New Issue View Git Blame Copy Permalink