This repository has been archived on 2024-04-29. You can view files and clone it, but cannot push or open issues or pull requests.
node-fftcg/backend/db.coffee

225 lines
6.7 KiB
CoffeeScript
Raw Normal View History

# node libraries
2018-12-07 09:38:46 +00:00
bcrypt = (require 'bcrypt')
sqlite3 = (require 'sqlite3').verbose()
2019-02-07 16:03:20 +00:00
logger = (require 'logging').default 'db'
2018-12-07 09:38:46 +00:00
2018-12-16 01:37:00 +00:00
# bruteforce countermeasure
saltRounds = 13
2018-12-27 02:03:22 +00:00
FFTCGDB = (filename, truncate) ->
that = @
2018-12-14 06:03:03 +00:00
@filename = filename
@db = new sqlite3.Database @filename, (err) ->
if err
2019-02-07 16:03:20 +00:00
logger.error err.message
2018-12-14 06:03:03 +00:00
2018-12-27 02:03:22 +00:00
else
2019-02-07 16:03:20 +00:00
logger.info "Connected to '#{that.filename}'"
2018-12-27 02:03:22 +00:00
that.db.run 'PRAGMA foreign_keys = ON;', (err) ->
2019-02-07 16:03:20 +00:00
logger.error err.message if err
2018-12-27 02:03:22 +00:00
if truncate == true
that.db.run 'DROP TABLE IF EXISTS users;', (err) ->
2019-02-07 16:03:20 +00:00
logger.error err.message if err
2018-12-27 02:03:22 +00:00
that.db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
2018-12-27 02:03:22 +00:00
UNIQUE(login)
);
''', (err) ->
logger.error err.message if err
2018-12-27 02:03:22 +00:00
that.db.run 'DROP TABLE IF EXISTS decks;', (err) ->
2019-02-07 16:03:20 +00:00
logger.error err.message if err
2018-12-27 02:03:22 +00:00
that.db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
2018-12-27 02:03:22 +00:00
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) ->
2019-02-07 16:03:20 +00:00
logger.error err.message if err
2018-12-27 02:03:22 +00:00
logger.info 'recreated sqlite3 db'
2018-12-14 06:03:03 +00:00
return
FFTCGDB::close = ->
2019-02-07 16:03:20 +00:00
logger.info 'shutting down'
new Promise (resolve, reject) ->
@db.close (err) ->
if err
2019-02-07 16:03:20 +00:00
logger.error "Error closing: '#{err.message}'"
2018-12-27 12:03:58 +00:00
resolve 'ok'
else
2019-02-07 16:03:20 +00:00
logger.warn "Closed '#{@filename}'"
2018-12-27 12:03:58 +00:00
reject 'db'
2018-12-14 06:03:03 +00:00
FFTCGDB::register = (login, password) ->
that = @
new Promise (resolve, reject) ->
# validate user input
if login == '' or password == ''
# no user name or password given
2019-02-07 16:03:20 +00:00
logger.info "reg: user name '#{login}' or password empty"
reject 'invalid'
2018-12-14 06:03:03 +00:00
# hash password
2018-12-07 09:38:46 +00:00
bcrypt.hash password, saltRounds, (err, hash) ->
if err
logger.warn "reg: hash fail for name '#{login}'"
reject 'hash'
2018-12-14 06:03:03 +00:00
# try creating row in users table
stmt = that.db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
if err
2019-02-07 16:03:20 +00:00
logger.warn "reg: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'db' # user already exists
else
2019-02-07 16:03:20 +00:00
logger.info "reg: OK '#{login}'"
stmt.finalize()
# registration successful
resolve
2018-12-27 02:03:22 +00:00
user: @lastID
login: login
2018-12-14 06:03:03 +00:00
FFTCGDB::login = (login, password) ->
that = @
new Promise (resolve, reject) ->
# get users table row
2018-12-27 02:03:22 +00:00
stmt = that.db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) ->
if err
2019-02-07 16:03:20 +00:00
logger.warn "login: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
reject 'db'
2018-12-07 09:38:46 +00:00
else if not row
# hash the password for timing attack reasons
2018-12-16 01:37:00 +00:00
bcrypt.hash password, saltRounds, (err, hash) ->
2019-02-07 16:03:20 +00:00
logger.debug "login: nonexistent '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
2018-12-07 09:38:46 +00:00
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: hash fail for name '#{login}'"
reject 'hash'
if res == true
2019-02-07 16:03:20 +00:00
logger.debug "login: OK '#{row.login}'"
stmt.finalize()
# login successful
resolve
2018-12-27 02:03:22 +00:00
user: row.user
login: row.login
else
2019-02-07 16:03:20 +00:00
logger.debug "login: wrong password for '#{login}'"
stmt.finalize()
# login failed
reject 'login'
2018-12-27 02:03:22 +00:00
FFTCGDB::addDeck = (user, deckCards) ->
that = @
new Promise (resolve, reject) ->
# try creating row in decks table
stmt = that.db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
2018-12-27 02:03:22 +00:00
if err
2019-02-07 16:03:20 +00:00
logger.warn "addDeck: DB fail '#{err.code}' for id '#{user}'"
2018-12-27 02:03:22 +00:00
stmt.finalize()
reject 'db'
else
stmt.finalize()
2018-12-27 12:19:52 +00:00
# deck added successfully, now add cards
that.modDeck(@lastID, deckCards)
.then (deckID) ->
resolve deckID
.catch (error) ->
reject error
FFTCGDB::modDeck = (deckID, deckCards) ->
that = @
new Promise (resolve, reject) ->
# delete old deck cards
stmt = that.db.prepare 'DELETE FROM decks_cards WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
2019-02-07 16:03:20 +00:00
logger.warn "modDeck: DB fail '#{err.code}' for deck '#{deckID}'"
2018-12-27 12:19:52 +00:00
reject 'db'
else
2018-12-27 02:03:22 +00:00
stmt = that.db.prepare 'INSERT INTO decks_cards (deck, card, quant) VALUES (?, ?, ?)'
2018-12-27 12:19:52 +00:00
# add new cards
2018-12-27 02:03:22 +00:00
that.db.parallelize ->
# needs to be done in several queries
promiseCount = deckCards.length
deckCards.forEach (card) ->
stmt.run [deckID, card.id, card.quant], (err) ->
if err
2019-02-07 16:03:20 +00:00
logger.warn "modDeck: DB fail '#{err.code}' for card '#{deckID}', '#{card.id}', '#{card.quant}'"
2018-12-27 02:03:22 +00:00
stmt.finalize()
reject 'db'
else
# check if all queries are done
promiseCount -= 1
if promiseCount == 0
2019-02-07 16:03:20 +00:00
logger.debug "modDeck: OK '#{deckID}'"
2018-12-27 02:03:22 +00:00
stmt.finalize()
resolve deckID
FFTCGDB::getDecks = (user) ->
that = @
new Promise (resolve, reject) ->
# try deleting correct row in decks table
decks = {}
stmt = that.db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [user], (err, rows) ->
stmt.finalize()
if err
2019-02-07 16:03:20 +00:00
logger.warn "getDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
2019-02-07 16:03:20 +00:00
logger.debug "getDeck: OK '#{deckID}'"
for row in rows
decks[row.deck] = JSON.parse row.json
resolve decks
2018-12-27 12:19:52 +00:00
FFTCGDB::delDeck = (deckID) ->
2018-12-27 02:03:22 +00:00
that = @
new Promise (resolve, reject) ->
2018-12-27 12:19:52 +00:00
# try deleting correct row in decks table
2018-12-27 02:03:22 +00:00
stmt = that.db.prepare 'DELETE FROM decks WHERE deck = ?'
2018-12-27 12:19:52 +00:00
stmt.run [deckID], (err) ->
stmt.finalize()
if err
2019-02-07 16:03:20 +00:00
logger.warn "delDeck: DB fail '#{err.code}' for deck '#{deckID}'"
2018-12-27 12:19:52 +00:00
reject 'db'
else
2019-02-07 16:03:20 +00:00
logger.debug "delDeck: OK '#{deckID}'"
2018-12-27 12:19:52 +00:00
resolve deckID
2018-12-27 02:03:22 +00:00
module.exports = FFTCGDB