added user creation, login, qr-code verification

3 years ago · 8419a1c7a3
5 changed files with 4848 additions and 0 deletions
--- a/.env.template
+++ b/.env.template
@ -0,0 +1,7 @@
 SERVER_PORT=1234
 SERVER_SESSION_SECRET=verylongsecret
 WEBSITE_URL=http://localhost:3000
 COOKIE_DOMAIN=localhost,127.0.0.1
 SERVER_API_URL=http://localhost:1234
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,118 @@
 # Logs
 logs
 *.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 .pnpm-debug.log*
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
 # Runtime data
 pids
 *.pid
 *.seed
 *.pid.lock
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 # nyc test coverage
 .nyc_output
 # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 .grunt
 # Bower dependency directory (https://bower.io/)
 bower_components
 # node-waf configuration
 .lock-wscript
 # Compiled binary addons (https://nodejs.org/api/addons.html)
 build/Release
 # Dependency directories
 node_modules/
 jspm_packages/
 # Snowpack dependency directory (https://snowpack.dev/)
 web_modules/
 # TypeScript cache
 *.tsbuildinfo
 # Optional npm cache directory
 .npm
 # Optional eslint cache
 .eslintcache
 # Microbundle cache
 .rpt2_cache/
 .rts2_cache_cjs/
 .rts2_cache_es/
 .rts2_cache_umd/
 # Optional REPL history
 .node_repl_history
 # Output of 'npm pack'
 *.tgz
 # Yarn Integrity file
 .yarn-integrity
 # dotenv environment variables file
 .env
 .env.test
 .env.production
 # parcel-bundler cache (https://parceljs.org/)
 .cache
 .parcel-cache
 # Next.js build output
 .next
 out
 # Nuxt.js build / generate output
 .nuxt
 dist
 # Gatsby files
 .cache/
 # Comment in the public line in if your project uses Gatsby and not Next.js
 # https://nextjs.org/blog/next-9-1#public-directory-support
 # public
 # vuepress build output
 .vuepress/dist
 # Serverless directories
 .serverless/
 # FuseBox cache
 .fusebox/
 # DynamoDB Local files
 .dynamodb/
 # TernJS port file
 .tern-port
 # Stores VSCode versions used for testing VSCode extensions
 .vscode-test
 # yarn v2
 .yarn/cache
 .yarn/unplugged
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
--- a/index.js
+++ b/index.js
@ -0,0 +1,158 @@
 const express = require('express');
 const cors = require('cors')
 const { Sequelize, DataTypes, STRING } = require('sequelize');
 const session = require('express-session');
 const bcrypt = require('bcrypt');
 const QRCode = require('qrcode');
 const { createSecureServer } = require('http2');
 require("dotenv").config();
 const sequelize = new Sequelize('sqlite::memory:')
 const User = sequelize.define('User', {
    email: {
        type: DataTypes.STRING,
        allowNull: false,
        unique: true,
    },
    name: {
        type: DataTypes.STRING,
    },
    hash: {
        type: STRING,
    },
    phoneNumber: {
        type: DataTypes.STRING,
    },
    verification: {
        type: DataTypes.STRING,
    },
    org: {
        type: DataTypes.STRING,
    },
 });
 User.sync();
 function authUser(email, password, done) {
    User.findOne({
        where: {
            email: email
        }
    }).then(user => {
        if (!user) {
            done(false, "User not found")
        } else {
            const auth = bcrypt.compareSync(password, user.hash);
            done(auth, auth ? "Authorized" : "Wrong password");
        }
    });
 }
 function refreshVerification(user, done) {
    const newVerification = bcrypt.hashSync(`${new Date().getTime()}-${user.hash}`, 5);
    user.verification = newVerification;
    user.save().then(result => {
        done(result)
    });
 }
 function createQRCode(email, done) {
    User.findOne({
        where: {
            email: email
        }
    }).then(user => {
        refreshVerification(user, result => {
            const verifyURL = `${process.env.SERVER_API_URL}/verify/${result.verification}`;
            QRCode.toDataURL(verifyURL, { width: 300, height: 300 }, (err, url) => {
                done(err, url);
            })
        });
    });
 }
 function checkVerification() {
 }
 function createUser(email, password, name, phoneNumber, done) {
    hash = bcrypt.hashSync(password, 10);
    User.create({
        email: email,
        name: name,
        hash: hash,
        phoneNumber: phoneNumber,
    }).then(user => {
        if (!user) {
            done(false, "Could not create user");
        } else {
            done(true, "Success");
        }
    }).catch(reason => {
        if (reason.name == "SequelizeUniqueConstraintError") {
            done(false, "User already exists");
        } else {
            done(false, "Unknown error");
        }
    });
 }
 const app = express();
 app.set('trust proxy', 1)
 app.use(session({
    secret: process.env.SERVER_SESSION_SECRET,
    resave: false,
    saveUninitialized: false,
 }))
 app.use(cors({ credentials: true, origin: process.env.WEBSITE_URL }))
 app.use(express.json())
 app.post('/login', (req, res) => {
    const auth = authUser(req.body.email, req.body.password, (success, msg) => {
        req.session.regenerate(() => {
            req.session.user = req.body.email;
            res.cookie("authorized", success, { domain: process.env.COOKIE_DOMAIN.split(","), sameSite: "none", secure: true });
            res.send({ authorized: success, message: msg })
        });
    });
 });
 app.post('/create', (req, res) => {
    if (!req.session.verified) {
        createUser(req.body.email, req.body.password, req.body.name, req.body.phoneNumber, (success, msg) => {
            req.session.user = req.body.email;
            res.cookie("authorized", success, { domain: process.env.COOKIE_DOMAIN.split(","), sameSite: "none", secure: true });
            res.send({ success: success, message: msg });
        });
    } else {
        res.status(401).send("Not verified");
    }
 })
 app.get('/code', (req, res) => {
    console.log(req.session)
    if (!req.session.user) {
        res.status(401).send("Not logged in");
        return;
    }
    createQRCode(req.session.user, (err, url) => {
        res.send({ error: err, data: url });
    });
 })
 app.get("/verify/:id", (req, res) => {
    checkVerification(req.params.id, (success, msg) => {
        req.session.verified = success;
        if (success) {
            res.redirect(`${process.env.WEBSITE_URL}/#/create`)
        }
    });
 });
 const port = process.env.SERVER_PORT;
 app.listen(port, () => {
    console.log(`Listening on port ${port}`);
 })
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -0,0 +1,21 @@
 {
  "name": "ssr-tracing-backend",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "bcrypt": "^5.0.1",
    "cors": "^2.8.5",
    "dotenv": "^10.0.0",
    "express": "^4.17.1",
    "express-session": "^1.17.2",
    "qrcode": "^1.4.4",
    "sequelize": "^6.6.5",
    "sqlite3": "^5.0.2"
  }
 }