Ratstail91/kingdombattles
Archived
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Wrote basic banning system

Browse Source
This commit is contained in:
Kayne Ruse
2019-06-11 14:46:06 +10:00
parent 1989bae438
commit b2fdda9a47
3 changed files with 112 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/content/task_list.md
+1
View File
@@ -23,6 +23,7 @@ Minor
Patch Patch
--- ---
* Open the game ladder to the page the player is on.
* Game Balance - move balance variables to a config file. * Game Balance - move balance variables to a config file.
* Images to social media instead of links. * Images to social media instead of links.
* Occasional flickering when rendering Profile page. * Occasional flickering when rendering Profile page.
server/accounts.js
+101 -75
View File
@@ -35,70 +35,83 @@ const signupRequest = (connection) => (req, res) => {
return; return;
} }
//check if email, username already exists //check to see if the email has been banned
let query = 'SELECT (SELECT COUNT(*) FROM accounts WHERE email = ?) AS email, (SELECT COUNT(*) FROM accounts WHERE username = ?) AS username;'; let query = 'SELECT COUNT(*) as total FROM bannedEmails WHERE email = ?;';
connection.query(query, [fields.email, fields.username], (err, results) => { connection.query(query, [fields.email], (err, results) => {
if (err) throw err; if (err) throw err;
if (results[0].email !== 0) { //if the email has been banned
res.status(400).write(log('Email already registered!', fields.email)); if (results[0].total > 0) {
res.status(400).write(log('This email account has been banned!', 'signup', fields.email, fields.username));
res.end(); res.end();
return; return;
} }
if (results[0].username !== 0) { //check if email, username already exists
res.status(400).write(log('Username already registered!', fields.username)); let query = 'SELECT (SELECT COUNT(*) FROM accounts WHERE email = ?) AS email, (SELECT COUNT(*) FROM accounts WHERE username = ?) AS username;';
res.end(); connection.query(query, [fields.email, fields.username], (err, results) => {
return;
}
//generate the salt, hash
bcrypt.genSalt(11, (err, salt) => {
if (err) throw err; if (err) throw err;
bcrypt.hash(fields.password, salt, (err, hash) => {
if (results[0].email !== 0) {
res.status(400).write(log('Email already registered!', fields.email));
res.end();
return;
}
if (results[0].username !== 0) {
res.status(400).write(log('Username already registered!', fields.username));
res.end();
return;
}
//generate the salt, hash
bcrypt.genSalt(11, (err, salt) => {
if (err) throw err; if (err) throw err;
bcrypt.hash(fields.password, salt, (err, hash) => {
//generate a random number as a token
let rand = Math.floor(Math.random() * 100000);
//save the generated data to the signups table
let query = 'REPLACE INTO signups (email, username, salt, hash, verify) VALUES (?, ?, ?, ?, ?);';
connection.query(query, [fields.email, fields.username, salt, hash, rand], (err) => {
if (err) throw err; if (err) throw err;
//TODO: make the verification email prettier //generate a random number as a token
//build the verification email let rand = Math.floor(Math.random() * 100000);
let addr = `http://${process.env.WEB_ADDRESS}/verifyrequest?email=${fields.email}&verify=${rand}`;
let msg = 'Hello! Please visit the following address to verify your account: ';
// let msgHtml = `<html><body><p>${msg}<a href='${addr}'>${addr}</a></p></body></html>`;
//BUGFIX: is gmail being cruel? //save the generated data to the signups table
let sentinel = false; let query = 'REPLACE INTO signups (email, username, salt, hash, verify) VALUES (?, ?, ?, ?, ?);';
connection.query(query, [fields.email, fields.username, salt, hash, rand], (err) => {
if (err) throw err;
//send the verification email //TODO: make the verification email prettier
sendmail({ //build the verification email
from: `signup@${process.env.WEB_ADDRESS}`, let addr = `http://${process.env.WEB_ADDRESS}/verifyrequest?email=${fields.email}&verify=${rand}`;
to: fields.email, let msg = 'Hello! Please visit the following address to verify your account: ';
subject: 'Email Verification', // let msgHtml = `<html><body><p>${msg}<a href='${addr}'>${addr}</a></p></body></html>`;
text: msg + addr,
// html: msgHtml
}, (err, reply) => {
if (err) { //final check
let msg = log('Something went wrong (did you use a valid email?)', err);
if (!sentinel) { //BUGFIX: is gmail being cruel?
res.status(400).write(msg); let sentinel = false;
res.end();
//send the verification email
sendmail({
from: `signup@${process.env.WEB_ADDRESS}`,
to: fields.email,
subject: 'Email Verification',
text: msg + addr,
// html: msgHtml
}, (err, reply) => {
if (err) { //final check
let msg = log('Something went wrong (did you use a valid email?)', err);
if (!sentinel) {
res.status(400).write(msg);
res.end();
}
} else {
let msg = log('Verification email sent!', fields.email, fields.username, rand);
if (!sentinel) {
res.status(200).json({ msg: msg });
res.end();
}
} }
} else { sentinel = true;
let msg = log('Verification email sent!', fields.email, fields.username, rand); });
if (!sentinel) {
res.status(200).json({ msg: msg });
res.end();
}
}
sentinel = true;
}); });
}); });
}); });
@@ -167,47 +180,60 @@ const loginRequest = (connection) => (req, res) => {
return; return;
} }
//find this email's information //check to see if the email has been banned
let query = 'SELECT id, username, salt, hash FROM accounts WHERE email = ?;'; let query = 'SELECT COUNT(*) as total FROM bannedEmails WHERE email = ?;';
connection.query(query, [fields.email], (err, results) => { connection.query(query, [fields.email], (err, results) => {
if (err) throw err; if (err) throw err;
//found this email? //if the email has been banned
if (results.length === 0) { if (results[0].total > 0) {
res.status(400).write(log('Incorrect email or password', fields.email, 'Did not find this email')); //NOTE: deliberately obscure incorrect email or password res.status(400).write(log('This email account has been banned!', 'login', fields.email));
res.end(); res.end();
return; return;
} }
//gen a new hash from the salt and password //find this email's information
bcrypt.hash(fields.password, results[0].salt, (err, newHash) => { let query = 'SELECT id, username, salt, hash FROM accounts WHERE email = ?;';
connection.query(query, [fields.email], (err, results) => {
if (err) throw err; if (err) throw err;
//compare the passwords //found this email?
if (results[0].hash !== newHash) { if (results.length === 0) {
res.status(400).write(log('Incorrect email or password', fields.email, 'Did not find this password')); res.status(400).write(log('Incorrect email or password', fields.email, 'Did not find this email')); //NOTE: deliberately obscure incorrect email or password
res.end(); res.end();
return; return;
} }
//create the new session //gen a new hash from the salt and password
let rand = Math.floor(Math.random() * 100000); bcrypt.hash(fields.password, results[0].salt, (err, newHash) => {
let query = 'INSERT INTO sessions (accountId, token) VALUES (?, ?);';
connection.query(query, [results[0].id, rand], (err) => {
if (err) throw err; if (err) throw err;
//send json containing the account info //compare the passwords
res.status(200).json({ if (results[0].hash !== newHash) {
id: results[0].id, res.status(400).write(log('Incorrect email or password', fields.email, 'Did not find this password'));
email: fields.email, res.end();
username: results[0].username, return;
token: rand, }
msg: log('Logged in', fields.email, rand)
});
res.end();
logActivity(connection, results[0].id); //create the new session
let rand = Math.floor(Math.random() * 100000);
let query = 'INSERT INTO sessions (accountId, token) VALUES (?, ?);';
connection.query(query, [results[0].id, rand], (err) => {
if (err) throw err;
//send json containing the account info
res.status(200).json({
id: results[0].id,
email: fields.email,
username: results[0].username,
token: rand,
msg: log('Logged in', fields.email, rand)
});
res.end();
logActivity(connection, results[0].id);
});
}); });
}); });
}); });
sql/create_database_structure.sql
+10 -1
View File
@@ -208,4 +208,13 @@ CREATE TABLE IF NOT EXISTS badges (
# qualifyTime TIMESTAMP DEFAULT CURRENT_TIMESTAMP(), # qualifyTime TIMESTAMP DEFAULT CURRENT_TIMESTAMP(),
# #
# CONSTRAINT FOREIGN KEY fk_accountId(accountId) REFERENCES accounts(id) ON UPDATE CASCADE ON DELETE CASCADE # CONSTRAINT FOREIGN KEY fk_accountId(accountId) REFERENCES accounts(id) ON UPDATE CASCADE ON DELETE CASCADE
#); #);
#banning system
CREATE TABLE IF NOT EXISTS bannedEmails (
id INTEGER UNSIGNED AUTO_INCREMENT PRIMARY KEY UNIQUE,
td TIMESTAMP DEFAULT CURRENT_TIMESTAMP(),
email VARCHAR(320) UNIQUE,
reason VARCHAR(1000)
);