Logins and logouts (sessions) are working
This commit is contained in:
+72
-1
@@ -127,7 +127,78 @@ function verify(connection) {
|
||||
}
|
||||
}
|
||||
|
||||
function login(connection) {
|
||||
return (req, res) => {
|
||||
//formidable handles forms
|
||||
let form = formidable.IncomingForm();
|
||||
|
||||
//parse form
|
||||
form.parse(req, (err, fields) => {
|
||||
if (err) throw err;
|
||||
|
||||
//validate email, username and password
|
||||
if (!validateEmail(fields.email) || fields.password.length < 8) {
|
||||
res.write('<p>Invalid login data</p>');
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
//find this email's information
|
||||
let query = 'SELECT id, username, salt, hash FROM accounts WHERE email = ?;';
|
||||
connection.query(query, [fields.email], (err, results) => {
|
||||
if (err) throw err;
|
||||
|
||||
//found this email?
|
||||
if (results.length === 0) {
|
||||
res.status(400).write('Incorrect email or password');
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
//gen a new hash from the salt and password
|
||||
bcrypt.hash(fields.password, results[0].salt, (err, newHash) => {
|
||||
if (err) throw err;
|
||||
|
||||
//compare the passwords
|
||||
if (results[0].hash !== newHash) {
|
||||
res.status(400).write('Incorrect email or password');
|
||||
res.end();
|
||||
return;
|
||||
}
|
||||
|
||||
//create the new session
|
||||
let rand = Math.floor(Math.random() * 100000);
|
||||
|
||||
let query = 'INSERT INTO sessions (accountId, token) VALUES (?, ?);';
|
||||
connection.query(query, [results[0].id, rand], (err) => {
|
||||
if (err) throw err;
|
||||
|
||||
//send json containing the account info
|
||||
res.status(200).json({
|
||||
id: results[0].id,
|
||||
email: fields.email,
|
||||
username: results[0].username,
|
||||
token: rand
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
function logout(connection) {
|
||||
return (req, res) => {
|
||||
let query = 'DELETE FROM sessions WHERE sessions.accountId IN (SELECT accounts.id FROM accounts WHERE email = ?) AND token = ?;';
|
||||
connection.query(query, [req.body.email, req.body.token], (err) => {
|
||||
if (err) throw err;
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
signup: signup,
|
||||
verify: verify
|
||||
verify: verify,
|
||||
login: login,
|
||||
logout: logout
|
||||
};
|
||||
@@ -5,8 +5,11 @@ require('dotenv').config();
|
||||
let express = require('express');
|
||||
let app = express();
|
||||
let http = require('http').Server(app);
|
||||
let bodyParser = require('body-parser');
|
||||
let path = require('path');
|
||||
|
||||
app.use(bodyParser.json());
|
||||
|
||||
//database
|
||||
let { connectToDatabase } = require('./database.js');
|
||||
let connection = connectToDatabase(); //uses .env
|
||||
@@ -15,6 +18,8 @@ let connection = connectToDatabase(); //uses .env
|
||||
let accounts = require('./accounts.js');
|
||||
app.post('/signup', accounts.signup(connection));
|
||||
app.get('/verify', accounts.verify(connection));
|
||||
app.post('/login', accounts.login(connection));
|
||||
app.post('/logout', accounts.logout(connection));
|
||||
|
||||
//static directories
|
||||
app.use('/styles', express.static(path.resolve(__dirname + '/../public/styles')) );
|
||||
|
||||
Reference in New Issue
Block a user