Ratstail91/kingdombattles
Archived
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
This repository has been archived on 2026-04-30. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
fa615fba17c5281bdc2df5d5cef38a2a4843efdd
kingdombattles/server/accounts.js
T
Ratstail91 fa615fba17 Minor fix
2019-05-08 11:48:23 +10:00

206 lines
5.6 KiB
JavaScript
Raw Blame History

//environment variables
require('dotenv').config();
//libraries
let bcrypt = require('bcrypt');
let formidable = require('formidable');
let sendmail = require('sendmail')();
//utilities
let { validateEmail } = require('../common/utilities.js');
function signup(connection) {
return (req, res) => {
//formidable handles forms
let form = formidable.IncomingForm();
//parse form
form.parse(req, (err, fields) => {
if (err) throw err;
//validate email, username and password
if (!validateEmail(fields.email) || fields.username.length < 4 || fields.username.length > 100 || fields.password.length < 8 || fields.password !== fields.retype) {
res.write('<p>Invalid signup data</p>');
res.end();
return;
}
//check if email, username already exists
let query = 'SELECT (SELECT COUNT(*) FROM accounts WHERE email = ?) AS email, (SELECT COUNT(*) FROM accounts WHERE username = ?) AS username;';
connection.query(query, [fields.email, fields.username], (err, results) => {
if (err) throw err;
if (results[0].email !== 0) {
res.write('<p>Email already registered!</p>');
res.end();
return;
}
if (results[0].username !== 0) {
res.write('<p>Username already registered!</p>');
res.end();
return;
}
//generate the salt, hash
bcrypt.genSalt(11, (err, salt) => {
if (err) throw err;
bcrypt.hash(fields.password, salt, (err, hash) => {
if (err) throw err;
//generate a random number as a key
let rand = Math.floor(Math.random() * 100000);
//save the generated data to the signups table
let query = 'REPLACE INTO signups (email, username, salt, hash, verify) VALUES (?, ?, ?, ?, ?);';
connection.query(query, [fields.email, fields.username, salt, hash, rand], (err) => {
if (err) throw err;
//build the verification email
let addr = `http://${process.env.WEB_ADDRESS}/verify?email=${fields.email}&verify=${rand}`;
let msg = 'Hello! Please visit the following address to verify your account: ';
let msgHtml = `<html><body><p>${msg}<a href='${addr}'>${addr}</a></p></body></html>`;
//send the verification email
sendmail({
from: `signup@${process.env.WEB_ADDRESS}`,
to: fields.email,
subject: 'Email Verification',
text: msg + addr,
html: msgHtml
}, (err, reply) => {
//final check
if (err) {
res.write(`<p>Something went wrong (did you use a valid email?)</p>${err}`)
res.end();
return;
}
res.write('<p>Verification email sent!</p>');
res.end();
});
})
});
});
});
});
}
}
function verify(connection) {
return (req, res) => {
//get the saved data
let query = 'SELECT email, username, salt, hash, verify FROM signups WHERE email = ?;';
connection.query(query, [req.query.email], (err, results) => {
if (err) throw err;
//correct number of results
if (results.length != 1) {
res.write('<p>That account does not exist or this link has already been used.</p>');
res.end();
return;
}
//verify the link
if (req.query.verify != results[0].verify) {
res.write('<p>Verification failed!</p>');
res.end();
return;
}
//move the data from signups to accounts
let query = 'INSERT INTO accounts (email, username, salt, hash) VALUES (?, ?, ?, ?);';
connection.query(query, [results[0].email, results[0].username, results[0].salt, results[0].hash], (err) => {
if (err) throw err;
//delete from signups
let query = 'DELETE FROM signups WHERE email = ?;';
connection.query(query, [results[0].email], (err) => {
if (err) throw err;
res.write('<p>Verification succeeded!</p>');
res.end();
});
});
});
}
}
function login(connection) {
return (req, res) => {
//formidable handles forms
let form = formidable.IncomingForm();
//parse form
form.parse(req, (err, fields) => {
if (err) throw err;
//validate email, username and password
if (!validateEmail(fields.email) || fields.password.length < 8) {
res.write('<p>Invalid login data</p>');
res.end();
return;
}
//find this email's information
let query = 'SELECT id, username, salt, hash FROM accounts WHERE email = ?;';
connection.query(query, [fields.email], (err, results) => {
if (err) throw err;
//found this email?
if (results.length === 0) {
res.status(400).write('Incorrect email or password');
res.end();
return;
}
//gen a new hash from the salt and password
bcrypt.hash(fields.password, results[0].salt, (err, newHash) => {
if (err) throw err;
//compare the passwords
if (results[0].hash !== newHash) {
res.status(400).write('Incorrect email or password');
res.end();
return;
}
//create the new session
let rand = Math.floor(Math.random() * 100000);
let query = 'INSERT INTO sessions (accountId, token) VALUES (?, ?);';
connection.query(query, [results[0].id, rand], (err) => {
if (err) throw err;
//send json containing the account info
res.status(200).json({
id: results[0].id,
email: fields.email,
username: results[0].username,
token: rand
});
});
});
});
});
}
}
function logout(connection) {
return (req, res) => {
let query = 'DELETE FROM sessions WHERE sessions.accountId IN (SELECT accounts.id FROM accounts WHERE email = ?) AND token = ?;';
connection.query(query, [req.body.email, req.body.token], (err) => {
if (err) throw err;
});
res.end();
}
}
module.exports = {
signup: signup,
verify: verify,
login: login,
logout: logout
};
Reference in New Issue View Git Blame Copy Permalink