-
Notifications
You must be signed in to change notification settings - Fork 3
/
app.js
143 lines (111 loc) · 3.11 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// Define TCP port
const PORT = process.env.PORT || 3000;
// Import from Node.js standard library
const fs = require('fs');
const path = require('path');
// Import from third part package
var bodyParser = require('body-parser');
const express = require('express');
const session = require('express-session');
const pug = require('pug');
const sqlite3 = require('sqlite3');
// Create an express application
const app = express();
// Cookie settings for CSRF hands-on
const cookieConfig = {
path: '/',
httpOnly: true,
secure: false,
maxAge: 600000,
sameSite: 'strict'
};
// Session settings
var sessionConfig = {
cookie: cookieConfig,
resave: false,
saveUninitialized: false,
secret: 'mySecret'
};
// Enable module
app.use(session(sessionConfig));
app.use(bodyParser.urlencoded({extended: true}));
app.use(express.static(path.join(__dirname, '/static')));
// Create user database
var db = new sqlite3.Database(':memory:');
db.serialize(function() {
db.run("CREATE TABLE user (username TEXT, password TEXT, name TEXT)");
db.run("INSERT INTO user VALUES ('user', 'user123', 'User')");
db.run("INSERT INTO user VALUES ('client', 'client123', 'Client')");
db.run("INSERT INTO user VALUES ('admin', 'admin123', 'App Administrator')");
});
// Build pug template
const viewAccount = pug.compileFile('view/account.pug');
const viewLogin = pug.compileFile('view/login.pug');
app.get('/', (req, res) => {
// Get current session
let session = req.session;
if(session.username){
// User already log in
res.redirect("/account");
}else{
res.redirect("/login");
}
});
// Login endpoint
app.get('/account', (req, res) => {
// Get current session
let session = req.session;
if(session.username){
let content = viewAccount({name: session.username});
res.send(content);
}else{
res.redirect("/login");
}
});
// Login endpoint
app.get('/login', (req, res) => {
// Get current session
let session = req.session;
if(session.username){
// User already log in
res.redirect("/account");
}else{
let content = viewLogin();
res.send(content);
}
});
app.post('/login', (req, res) => {
// Get current session
let session = req.session;
if(session.username){
res.redirect("/account");
}else{
let username = req.body.username;
let password = req.body.password;
let query = "SELECT name FROM user where username = '" + username + "' and password = '" + password + "'";
console.log('query: ' + query);
db.get(query , function(err, row) {
if(err) {
console.log('ERROR', err);
// Technical issue
let content = viewLogin({message: err});
res.send(content);
} else if (!row) {
// User not found
let content = viewLogin({message: 'unauthorized'});
res.send(content);
} else {
// User found
session.username = row.name;
res.redirect("/account");
}
});
}
});
// Logout endpoint
app.get('/logout', (req, res) => {
req.session.destroy();
res.redirect("/login");
});
// Start Application
app.listen(PORT, '0.0.0.0', () => console.log('app listening on 3000'));