classify db
This commit is contained in:
parent
60edcf86b7
commit
c3fd13e358
2 changed files with 150 additions and 194 deletions
|
|
@ -7,24 +7,24 @@ sqlite3 = (require 'sqlite3').verbose()
|
||||||
# bruteforce countermeasure
|
# bruteforce countermeasure
|
||||||
saltRounds = 13
|
saltRounds = 13
|
||||||
|
|
||||||
FFTCGDB = (filename, truncate) ->
|
class FFTCGDB
|
||||||
that = @
|
constructor: (filename, truncate) ->
|
||||||
@filename = filename
|
@filename = filename
|
||||||
|
|
||||||
@db = new sqlite3.Database @filename, (err) ->
|
@db = new sqlite3.Database @filename, (err) =>
|
||||||
if err
|
if err
|
||||||
logger.error err.message
|
logger.error err.message
|
||||||
|
|
||||||
else
|
else
|
||||||
logger.info "Connected to '#{that.filename}'"
|
logger.info "OK open '#{@filename}'"
|
||||||
|
|
||||||
that.db.run 'PRAGMA foreign_keys = ON;', (err) ->
|
@db.run 'PRAGMA foreign_keys = ON;', (err) =>
|
||||||
logger.error err.message if err
|
logger.error err.message if err
|
||||||
|
|
||||||
if truncate == true
|
if truncate == true
|
||||||
that.db.run 'DROP TABLE IF EXISTS users;', (err) ->
|
@db.run 'DROP TABLE IF EXISTS users;', (err) =>
|
||||||
logger.error err.message if err
|
logger.error err.message if err
|
||||||
that.db.run '''
|
@db.run '''
|
||||||
CREATE TABLE users (
|
CREATE TABLE users (
|
||||||
user integer PRIMARY KEY,
|
user integer PRIMARY KEY,
|
||||||
login text NOT NULL COLLATE NOCASE,
|
login text NOT NULL COLLATE NOCASE,
|
||||||
|
|
@ -32,12 +32,12 @@ FFTCGDB = (filename, truncate) ->
|
||||||
settings text,
|
settings text,
|
||||||
UNIQUE(login)
|
UNIQUE(login)
|
||||||
);
|
);
|
||||||
''', (err) ->
|
''', (err) =>
|
||||||
logger.error err.message if err
|
logger.error err.message if err
|
||||||
|
|
||||||
that.db.run 'DROP TABLE IF EXISTS decks;', (err) ->
|
@db.run 'DROP TABLE IF EXISTS decks;', (err) =>
|
||||||
logger.error err.message if err
|
logger.error err.message if err
|
||||||
that.db.run '''
|
@db.run '''
|
||||||
CREATE TABLE decks (
|
CREATE TABLE decks (
|
||||||
deck integer PRIMARY KEY,
|
deck integer PRIMARY KEY,
|
||||||
user integer NOT NULL,
|
user integer NOT NULL,
|
||||||
|
|
@ -45,177 +45,133 @@ FFTCGDB = (filename, truncate) ->
|
||||||
FOREIGN KEY (user) REFERENCES users (user)
|
FOREIGN KEY (user) REFERENCES users (user)
|
||||||
ON DELETE CASCADE
|
ON DELETE CASCADE
|
||||||
);
|
);
|
||||||
''', (err) ->
|
''', (err) =>
|
||||||
logger.error err.message if err
|
logger.error err.message if err
|
||||||
|
|
||||||
logger.info 'recreated sqlite3 db'
|
logger.info 'OK clear'
|
||||||
|
|
||||||
return
|
close: ->
|
||||||
|
|
||||||
FFTCGDB::close = ->
|
|
||||||
logger.info 'shutting down'
|
logger.info 'shutting down'
|
||||||
new Promise (resolve, reject) ->
|
new Promise (resolve, reject) =>
|
||||||
@db.close (err) ->
|
@db.close (err) ->
|
||||||
if err
|
if err
|
||||||
logger.error "Error closing: '#{err.message}'"
|
logger.error "FAIL '#{err.message}'"
|
||||||
reject 'db'
|
reject 'db'
|
||||||
else
|
else
|
||||||
logger.warn "Closed '#{@filename}'"
|
logger.warn "OK close '#{@filename}'"
|
||||||
resolve 'ok'
|
resolve 'ok'
|
||||||
|
|
||||||
FFTCGDB::register = (login, password) ->
|
register: (login, password) ->
|
||||||
that = @
|
new Promise (resolve, reject) =>
|
||||||
|
|
||||||
new Promise (resolve, reject) ->
|
|
||||||
# validate user input
|
# validate user input
|
||||||
if login == '' or password == ''
|
if login == '' or password == ''
|
||||||
# no user name or password given
|
# no user name or password given
|
||||||
logger.info "reg: user name '#{login}' or password empty"
|
logger.info "reg: FAIL empty '#{login}' or password"
|
||||||
reject 'invalid'
|
reject 'invalid'
|
||||||
|
|
||||||
# hash password
|
# hash password
|
||||||
bcrypt.hash password, saltRounds, (err, hash) ->
|
bcrypt.hash password, saltRounds, (err, hash) =>
|
||||||
if err
|
if err
|
||||||
logger.warn "reg: hash fail for name '#{login}'"
|
logger.warn "reg: FAIL hash for '#{login}'"
|
||||||
reject 'hash'
|
reject 'hash'
|
||||||
|
|
||||||
|
else
|
||||||
# try creating row in users table
|
# try creating row in users table
|
||||||
stmt = that.db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
|
stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
|
||||||
stmt.run [login, hash], (err) ->
|
stmt.run [login, hash], (err) ->
|
||||||
if err
|
|
||||||
logger.warn "reg: DB fail '#{err.code}' for name '#{login}'"
|
|
||||||
stmt.finalize()
|
stmt.finalize()
|
||||||
|
if err
|
||||||
|
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
|
||||||
# reduce attack surface, don't disclose user names
|
# reduce attack surface, don't disclose user names
|
||||||
reject 'db' # user already exists
|
reject 'db' # user already exists
|
||||||
|
|
||||||
else
|
else
|
||||||
logger.info "reg: OK '#{login}'"
|
logger.info "reg: OK '#{login}'"
|
||||||
stmt.finalize()
|
|
||||||
# registration successful
|
# registration successful
|
||||||
resolve
|
resolve
|
||||||
user: @lastID
|
user: @lastID
|
||||||
login: login
|
login: login
|
||||||
|
|
||||||
FFTCGDB::login = (login, password) ->
|
login: (login, password) ->
|
||||||
that = @
|
new Promise (resolve, reject) =>
|
||||||
|
|
||||||
new Promise (resolve, reject) ->
|
|
||||||
# get users table row
|
# get users table row
|
||||||
stmt = that.db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
|
stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
|
||||||
stmt.get [login], (err, row) ->
|
stmt.get [login], (err, row) =>
|
||||||
if err
|
|
||||||
logger.warn "login: DB fail '#{err.code}' for name '#{login}'"
|
|
||||||
stmt.finalize()
|
stmt.finalize()
|
||||||
|
if err
|
||||||
|
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
|
||||||
reject 'db'
|
reject 'db'
|
||||||
|
|
||||||
else if not row
|
else if not row
|
||||||
# hash the password for timing attack reasons
|
# hash the password for timing attack reasons
|
||||||
bcrypt.hash password, saltRounds, (err, hash) ->
|
bcrypt.hash password, saltRounds, (err, hash) ->
|
||||||
logger.debug "login: nonexistent '#{login}'"
|
logger.debug "login: FAIL nonexistent '#{login}'"
|
||||||
stmt.finalize()
|
|
||||||
# reduce attack surface, don't disclose user names
|
# reduce attack surface, don't disclose user names
|
||||||
reject 'login' # user doesnt exist
|
reject 'login' # user doesnt exist
|
||||||
|
|
||||||
else
|
else
|
||||||
bcrypt.compare password, row.pwdhash, (err, res) ->
|
bcrypt.compare password, row.pwdhash, (err, res) ->
|
||||||
if err
|
if err
|
||||||
logger.warn "login: hash fail for name '#{login}'"
|
logger.warn "login: FAIL hash for '#{login}'"
|
||||||
reject 'hash'
|
reject 'hash'
|
||||||
|
|
||||||
if res == true
|
if res == true
|
||||||
logger.debug "login: OK '#{row.login}'"
|
logger.debug "login: OK '#{row.login}'"
|
||||||
stmt.finalize()
|
|
||||||
# login successful
|
# login successful
|
||||||
resolve
|
resolve
|
||||||
user: row.user
|
user: row.user
|
||||||
login: row.login
|
login: row.login
|
||||||
|
|
||||||
else
|
else
|
||||||
logger.debug "login: wrong password for '#{login}'"
|
logger.debug "login: FAIL password for '#{login}'"
|
||||||
stmt.finalize()
|
|
||||||
# login failed
|
# login failed
|
||||||
reject 'login'
|
reject 'login'
|
||||||
|
|
||||||
FFTCGDB::addDeck = (user, deckCards) ->
|
addDeck: (user, deckCards) ->
|
||||||
that = @
|
new Promise (resolve, reject) =>
|
||||||
|
|
||||||
new Promise (resolve, reject) ->
|
|
||||||
# try creating row in decks table
|
# try creating row in decks table
|
||||||
stmt = that.db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
|
stmt = @db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
|
||||||
stmt.run [user, JSON.stringify deckCards], (err) ->
|
stmt.run [user, JSON.stringify deckCards], (err) ->
|
||||||
if err
|
|
||||||
logger.warn "addDeck: DB fail '#{err.code}' for id '#{user}'"
|
|
||||||
stmt.finalize()
|
stmt.finalize()
|
||||||
|
if err
|
||||||
|
logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'"
|
||||||
reject 'db'
|
reject 'db'
|
||||||
|
|
||||||
else
|
else
|
||||||
stmt.finalize()
|
logger.debug "addDeck: OK '#{@lastID}'"
|
||||||
# deck added successfully, now add cards
|
resolve @lastID
|
||||||
that.modDeck(@lastID, deckCards)
|
|
||||||
.then (deckID) ->
|
|
||||||
resolve deckID
|
|
||||||
.catch (error) ->
|
|
||||||
reject error
|
|
||||||
|
|
||||||
FFTCGDB::modDeck = (deckID, deckCards) ->
|
modDeck: (deckID, deckCards) ->
|
||||||
that = @
|
new Promise (resolve, reject) =>
|
||||||
|
stmt = @db.prepare 'UPDATE decks SET json = ? WHERE deck = ?'
|
||||||
new Promise (resolve, reject) ->
|
stmt.run [deckCards, deckID], (err) ->
|
||||||
# delete old deck cards
|
|
||||||
stmt = that.db.prepare 'DELETE FROM decks_cards WHERE deck = ?'
|
|
||||||
stmt.run [deckID], (err) ->
|
|
||||||
stmt.finalize()
|
stmt.finalize()
|
||||||
if err
|
if err
|
||||||
logger.warn "modDeck: DB fail '#{err.code}' for deck '#{deckID}'"
|
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
|
||||||
reject 'db'
|
reject 'db'
|
||||||
else
|
else
|
||||||
stmt = that.db.prepare 'INSERT INTO decks_cards (deck, card, quant) VALUES (?, ?, ?)'
|
|
||||||
# add new cards
|
|
||||||
that.db.parallelize ->
|
|
||||||
# needs to be done in several queries
|
|
||||||
promiseCount = deckCards.length
|
|
||||||
deckCards.forEach (card) ->
|
|
||||||
stmt.run [deckID, card.id, card.quant], (err) ->
|
|
||||||
if err
|
|
||||||
logger.warn "modDeck: DB fail '#{err.code}' for card '#{deckID}', '#{card.id}', '#{card.quant}'"
|
|
||||||
stmt.finalize()
|
|
||||||
reject 'db'
|
|
||||||
else
|
|
||||||
# check if all queries are done
|
|
||||||
promiseCount -= 1
|
|
||||||
if promiseCount == 0
|
|
||||||
logger.debug "modDeck: OK '#{deckID}'"
|
logger.debug "modDeck: OK '#{deckID}'"
|
||||||
stmt.finalize()
|
|
||||||
resolve deckID
|
resolve deckID
|
||||||
|
|
||||||
FFTCGDB::getDecks = (user) ->
|
getDecks: (user) ->
|
||||||
that = @
|
new Promise (resolve, reject) =>
|
||||||
|
stmt = @db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
|
||||||
new Promise (resolve, reject) ->
|
|
||||||
# try deleting correct row in decks table
|
|
||||||
decks = {}
|
|
||||||
stmt = that.db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
|
|
||||||
stmt.all [user], (err, rows) ->
|
stmt.all [user], (err, rows) ->
|
||||||
stmt.finalize()
|
stmt.finalize()
|
||||||
if err
|
if err
|
||||||
logger.warn "getDeck: DB fail '#{err.code}' for deck '#{deckID}'"
|
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
|
||||||
reject 'db'
|
reject 'db'
|
||||||
else
|
else
|
||||||
logger.debug "getDeck: OK '#{deckID}'"
|
logger.debug "getDeck: OK '#{deckID}'"
|
||||||
for row in rows
|
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
|
||||||
decks[row.deck] = JSON.parse row.json
|
|
||||||
resolve decks
|
|
||||||
|
|
||||||
FFTCGDB::delDeck = (deckID) ->
|
delDeck: (deckID) ->
|
||||||
that = @
|
new Promise (resolve, reject) =>
|
||||||
|
stmt = @db.prepare 'DELETE FROM decks WHERE deck = ?'
|
||||||
new Promise (resolve, reject) ->
|
|
||||||
# try deleting correct row in decks table
|
|
||||||
stmt = that.db.prepare 'DELETE FROM decks WHERE deck = ?'
|
|
||||||
stmt.run [deckID], (err) ->
|
stmt.run [deckID], (err) ->
|
||||||
stmt.finalize()
|
stmt.finalize()
|
||||||
if err
|
if err
|
||||||
logger.warn "delDeck: DB fail '#{err.code}' for deck '#{deckID}'"
|
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
|
||||||
reject 'db'
|
reject 'db'
|
||||||
else
|
else
|
||||||
logger.debug "delDeck: OK '#{deckID}'"
|
logger.debug "delDeck: OK '#{deckID}'"
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ class FFTCGSESSION
|
||||||
host: 'redis'
|
host: 'redis'
|
||||||
port: 6379
|
port: 6379
|
||||||
|
|
||||||
@db.on 'error', (err) ->
|
@db.on 'error', (err) =>
|
||||||
logger.error err.message
|
logger.error err.message
|
||||||
|
|
||||||
start: (data) ->
|
start: (data) ->
|
||||||
|
|
|
||||||
Reference in a new issue