Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

classify db

Browse source
This commit is contained in:
Jörn-Michael Miehe 2019-02-19 21:36:14 +01:00
parent 60edcf86b7
commit c3fd13e358
2 changed files with 150 additions and 194 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

342
backend/db.coffee
View file

@ -7,219 +7,175 @@ sqlite3 = (require 'sqlite3').verbose()
# bruteforce countermeasure # bruteforce countermeasure
saltRounds = 13 saltRounds = 13
FFTCGDB = (filename, truncate) -> class FFTCGDB
that = @ constructor: (filename, truncate) ->
@filename = filename @filename = filename
@db = new sqlite3.Database @filename, (err) -> @db = new sqlite3.Database @filename, (err) =>
if err
logger.error err.message
else
logger.info "Connected to '#{that.filename}'"
that.db.run 'PRAGMA foreign_keys = ON;', (err) ->
logger.error err.message if err
if truncate == true
that.db.run 'DROP TABLE IF EXISTS users;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) ->
logger.error err.message if err
that.db.run 'DROP TABLE IF EXISTS decks;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) ->
logger.error err.message if err
logger.info 'recreated sqlite3 db'
return
FFTCGDB::close = ->
logger.info 'shutting down'
new Promise (resolve, reject) ->
@db.close (err) ->
if err if err
logger.error "Error closing: '#{err.message}'" logger.error err.message
reject 'db'
else else
logger.warn "Closed '#{@filename}'" logger.info "OK open '#{@filename}'"
resolve 'ok'
FFTCGDB::register = (login, password) -> @db.run 'PRAGMA foreign_keys = ON;', (err) =>
that = @ logger.error err.message if err
new Promise (resolve, reject) -> if truncate == true
# validate user input @db.run 'DROP TABLE IF EXISTS users;', (err) =>
if login == '' or password == '' logger.error err.message if err
# no user name or password given @db.run '''
logger.info "reg: user name '#{login}' or password empty" CREATE TABLE users (
reject 'invalid' user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) =>
logger.error err.message if err
# hash password @db.run 'DROP TABLE IF EXISTS decks;', (err) =>
bcrypt.hash password, saltRounds, (err, hash) -> logger.error err.message if err
if err @db.run '''
logger.warn "reg: hash fail for name '#{login}'" CREATE TABLE decks (
reject 'hash' deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) =>
logger.error err.message if err
# try creating row in users table logger.info 'OK clear'
stmt = that.db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) -> close: ->
logger.info 'shutting down'
new Promise (resolve, reject) =>
@db.close (err) ->
if err if err
logger.warn "reg: DB fail '#{err.code}' for name '#{login}'" logger.error "FAIL '#{err.message}'"
stmt.finalize() reject 'db'
# reduce attack surface, don't disclose user names else
reject 'db' # user already exists logger.warn "OK close '#{@filename}'"
resolve 'ok'
register: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
if login == '' or password == ''
# no user name or password given
logger.info "reg: FAIL empty '#{login}' or password"
reject 'invalid'
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject 'hash'
else else
logger.info "reg: OK '#{login}'" # try creating row in users table
stmt.finalize() stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
# registration successful stmt.run [login, hash], (err) ->
resolve
user: @lastID
login: login
FFTCGDB::login = (login, password) ->
that = @
new Promise (resolve, reject) ->
# get users table row
stmt = that.db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) ->
if err
logger.warn "login: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
reject 'db'
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: nonexistent '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: hash fail for name '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
stmt.finalize() stmt.finalize()
# login successful if err
resolve logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
user: row.user # reduce attack surface, don't disclose user names
login: row.login reject 'db' # user already exists
else else
logger.debug "login: wrong password for '#{login}'" logger.info "reg: OK '#{login}'"
stmt.finalize() # registration successful
# login failed resolve
reject 'login' user: @lastID
login: login
FFTCGDB::addDeck = (user, deckCards) -> login: (login, password) ->
that = @ new Promise (resolve, reject) =>
# get users table row
new Promise (resolve, reject) -> stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
# try creating row in decks table stmt.get [login], (err, row) =>
stmt = that.db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
if err
logger.warn "addDeck: DB fail '#{err.code}' for id '#{user}'"
stmt.finalize() stmt.finalize()
reject 'db' if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject 'db'
else else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve
user: row.user
login: row.login
else
logger.debug "login: FAIL password for '#{login}'"
# login failed
reject 'login'
addDeck: (user, deckCards) ->
new Promise (resolve, reject) =>
# try creating row in decks table
stmt = @db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
stmt.finalize() stmt.finalize()
# deck added successfully, now add cards if err
that.modDeck(@lastID, deckCards) logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'"
.then (deckID) -> reject 'db'
resolve deckID
.catch (error) ->
reject error
FFTCGDB::modDeck = (deckID, deckCards) -> else
that = @ logger.debug "addDeck: OK '#{@lastID}'"
resolve @lastID
new Promise (resolve, reject) -> modDeck: (deckID, deckCards) ->
# delete old deck cards new Promise (resolve, reject) =>
stmt = that.db.prepare 'DELETE FROM decks_cards WHERE deck = ?' stmt = @db.prepare 'UPDATE decks SET json = ? WHERE deck = ?'
stmt.run [deckID], (err) -> stmt.run [deckCards, deckID], (err) ->
stmt.finalize() stmt.finalize()
if err if err
logger.warn "modDeck: DB fail '#{err.code}' for deck '#{deckID}'" logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db' reject 'db'
else else
stmt = that.db.prepare 'INSERT INTO decks_cards (deck, card, quant) VALUES (?, ?, ?)' logger.debug "modDeck: OK '#{deckID}'"
# add new cards resolve deckID
that.db.parallelize ->
# needs to be done in several queries
promiseCount = deckCards.length
deckCards.forEach (card) ->
stmt.run [deckID, card.id, card.quant], (err) ->
if err
logger.warn "modDeck: DB fail '#{err.code}' for card '#{deckID}', '#{card.id}', '#{card.quant}'"
stmt.finalize()
reject 'db'
else
# check if all queries are done
promiseCount -= 1
if promiseCount == 0
logger.debug "modDeck: OK '#{deckID}'"
stmt.finalize()
resolve deckID
FFTCGDB::getDecks = (user) -> getDecks: (user) ->
that = @ new Promise (resolve, reject) =>
stmt = @db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [user], (err, rows) ->
stmt.finalize()
if err
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db'
else
logger.debug "getDeck: OK '#{deckID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
new Promise (resolve, reject) -> delDeck: (deckID) ->
# try deleting correct row in decks table new Promise (resolve, reject) =>
decks = {} stmt = @db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt = that.db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?' stmt.run [deckID], (err) ->
stmt.all [user], (err, rows) -> stmt.finalize()
stmt.finalize() if err
if err logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
logger.warn "getDeck: DB fail '#{err.code}' for deck '#{deckID}'" reject 'db'
reject 'db' else
else logger.debug "delDeck: OK '#{deckID}'"
logger.debug "getDeck: OK '#{deckID}'" resolve deckID
for row in rows
decks[row.deck] = JSON.parse row.json
resolve decks
FFTCGDB::delDeck = (deckID) ->
that = @
new Promise (resolve, reject) ->
# try deleting correct row in decks table
stmt = that.db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
logger.warn "delDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID
module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true

2
backend/session.coffee
View file

@ -17,7 +17,7 @@ class FFTCGSESSION
host: 'redis' host: 'redis'
port: 6379 port: 6379
@db.on 'error', (err) -> @db.on 'error', (err) =>
logger.error err.message logger.error err.message
start: (data) -> start: (data) ->