Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: Yavook.de:1505667e1eab619f012610bc8b292c87412595cb
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:feature/vue
..
compare: Yavook.de:366339fc9a511af0061fb6f6320197fb3c751b66
Branches Tags
Yavook.de:develop
Yavook.de:feature/vue
Yavook.de:master

8 commits
1505667e1e ... 366339fc9a

Author SHA1 Message Date
Jörn-Michael Miehe
366339fc9a login form rules 2019-05-09 03:31:56 +02:00
Jörn-Michael Miehe
0a61d2750b snackbar with colors, close button text 2019-05-09 03:31:43 +02:00
Jörn-Michael Miehe
066073fa54 rename validated event 2019-05-08 22:55:15 +02:00
Jörn-Michael Miehe
eee3ed96ac db: input validation and error messages 2019-05-08 21:35:11 +02:00
Jörn-Michael Miehe
4b6b5f339f generic reusable header 2019-05-08 21:34:50 +02:00
Jörn-Michael Miehe
86a20f2982 FormDialog error message (snackbar) 2019-05-08 21:34:40 +02:00
Jörn-Michael Miehe
db53964007 cookie expiry data from backend 2019-05-08 18:45:24 +02:00
Jörn-Michael Miehe
7c41b94a38 no sqlite in logout 2019-05-07 22:42:29 +02:00
10 changed files with 167 additions and 92 deletions
Show stats Expand all files Collapse all files

61
backend/db.coffee
View file

@ -7,6 +7,14 @@ sqlite3 = (require 'sqlite3').verbose()
# bruteforce countermeasure # bruteforce countermeasure
saltRounds = 13 saltRounds = 13
messages =
empty: 'Empty user name or password'
hash: 'Failed to process your data, try again later'
exists: 'User name is already taken'
noexists: 'Wrong user name or password'
password: 'Wrong user name or password'
db: 'Failed to access the database, try again later'
class FFTCGDB class FFTCGDB
constructor: (filename, truncate) -> constructor: (filename, truncate) ->
@filename = filename @filename = filename
@ -56,24 +64,33 @@ class FFTCGDB
@db.close (err) -> @db.close (err) ->
if err if err
logger.error "FAIL '#{err.message}'" logger.error "FAIL '#{err.message}'"
reject 'db' reject null
else else
logger.warn "OK close '#{@filename}'" logger.warn "OK close '#{@filename}'"
resolve 'ok' resolve null
validate: (login, password) ->
defined = (value) -> value? and value isnt ''
new Promise (resolve, reject) =>
if (defined login) and (defined password)
# both are defined
resolve null
else
# no user name or password given
logger.info "validate: FAIL empty '#{login}' or password"
reject null
register: (login, password) -> register: (login, password) ->
new Promise (resolve, reject) => new Promise (resolve, reject) =>
# validate user input # validate user input
if login == '' or password == '' @validate login, password
# no user name or password given .then =>
logger.info "reg: FAIL empty '#{login}' or password"
reject 'invalid'
# hash password # hash password
bcrypt.hash password, saltRounds, (err, hash) => bcrypt.hash password, saltRounds, (err, hash) =>
if err if err
logger.warn "reg: FAIL hash for '#{login}'" logger.warn "reg: FAIL hash for '#{login}'"
reject 'hash' reject messages.hash
else else
# try creating row in users table # try creating row in users table
@ -82,7 +99,7 @@ class FFTCGDB
stmt.finalize() stmt.finalize()
if err if err
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'" logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
reject 'existence' # user already exists reject messages.exists # user already exists
else else
logger.info "reg: OK '#{login}'" logger.info "reg: OK '#{login}'"
@ -91,27 +108,33 @@ class FFTCGDB
user: @lastID user: @lastID
login: login login: login
.catch ->
reject messages.empty
login: (login, password) -> login: (login, password) ->
new Promise (resolve, reject) => new Promise (resolve, reject) =>
# validate user input
@validate login, password
.then =>
# get users table row # get users table row
stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?' stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) => stmt.get [login], (err, row) =>
stmt.finalize() stmt.finalize()
if err if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'" logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject 'db' reject messages.db
else if not row else if not row
# hash the password for timing attack reasons # hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) -> bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'" logger.debug "login: FAIL nonexistent '#{login}'"
reject 'existence' # user doesnt exist reject messages.noexists # user doesnt exist
else else
bcrypt.compare password, row.pwdhash, (err, res) -> bcrypt.compare password, row.pwdhash, (err, res) ->
if err if err
logger.warn "login: FAIL hash for '#{login}'" logger.warn "login: FAIL hash for '#{login}'"
reject 'hash' reject messages.hash
if res == true if res == true
logger.debug "login: OK '#{row.login}'" logger.debug "login: OK '#{row.login}'"
@ -122,8 +145,10 @@ class FFTCGDB
else else
logger.debug "login: FAIL password for '#{login}'" logger.debug "login: FAIL password for '#{login}'"
# login failed reject messages.password # login failed
reject 'login'
.catch ->
reject messages.empty
addDeck: (user, deckCards) -> addDeck: (user, deckCards) ->
new Promise (resolve, reject) => new Promise (resolve, reject) =>
@ -133,7 +158,7 @@ class FFTCGDB
stmt.finalize() stmt.finalize()
if err if err
logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'" logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'"
reject 'db' reject messages.db
else else
logger.debug "addDeck: OK '#{@lastID}'" logger.debug "addDeck: OK '#{@lastID}'"
@ -146,7 +171,7 @@ class FFTCGDB
stmt.finalize() stmt.finalize()
if err if err
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'" logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db' reject messages.db
else else
logger.debug "modDeck: OK '#{deckID}'" logger.debug "modDeck: OK '#{deckID}'"
resolve deckID resolve deckID
@ -158,7 +183,7 @@ class FFTCGDB
stmt.finalize() stmt.finalize()
if err if err
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'" logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db' reject messages.db
else else
logger.debug "getDeck: OK '#{deckID}'" logger.debug "getDeck: OK '#{deckID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows) resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
@ -170,7 +195,7 @@ class FFTCGDB
stmt.finalize() stmt.finalize()
if err if err
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'" logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db' reject messages.db
else else
logger.debug "delDeck: OK '#{deckID}'" logger.debug "delDeck: OK '#{deckID}'"
resolve deckID resolve deckID

8
backend/routes/user/login.coffee
View file

@ -24,8 +24,8 @@ module.exports =
# login successful: start new session # login successful: start new session
logger.info "OK '#{request.body.login}'" logger.info "OK '#{request.body.login}'"
session.start user session.start user
.then (session_id) -> .then (cookie_data) ->
resolve session_id resolve cookie_data
.catch (err) -> .catch (err) ->
# login failed # login failed
@ -34,8 +34,8 @@ module.exports =
success: false success: false
message: err message: err
.then (session_id) -> .then (cookie_data) ->
# login or resume successful # login or resume successful
reply.send reply.send
success: true success: true
message: session_id message: JSON.stringify cookie_data

2
backend/routes/user/logout.coffee
View file

@ -2,8 +2,6 @@ logger = (require 'logging').default 'logout'
# session storage (volatile data) # session storage (volatile data)
session = (require '../../session') session = (require '../../session')
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports = module.exports =
url: '/user/logout' url: '/user/logout'

16
backend/session.coffee
View file

@ -3,12 +3,12 @@ redis = (require 'redis')
crypto = (require 'crypto') crypto = (require 'crypto')
logger = (require 'logging').default 'session' logger = (require 'logging').default 'session'
# expiry times in seconds # expiry times in days
EXPIRY = EXPIRY =
# games expire 1 week after creation # games expire 1 week after creation
game: 1 * 60 * 60 * 24 * 7 game: 7
# logins expire 1 month after last action # logins expire 1 month after last action
login: 1 * 60 * 60 * 24 * 30 login: 30
class FFTCGSESSION class FFTCGSESSION
@ -29,9 +29,13 @@ class FFTCGSESSION
logger.debug 'digest', digest logger.debug 'digest', digest
# push (hash, data) into DB for the configured timespan # push (hash, data) into DB for the configured timespan
@db.setex digest, EXPIRY.login, (JSON.stringify data), (err) -> @db.setex digest, EXPIRY.login * 86400, (JSON.stringify data), (err) ->
logger.info "OK '#{digest}' created" logger.info "OK '#{digest}' created"
resolve digest # return cookie data
resolve
value: digest
properties:
expires: EXPIRY.login
destroy: (digest) -> destroy: (digest) ->
new Promise (resolve, reject) => new Promise (resolve, reject) =>
@ -46,7 +50,7 @@ class FFTCGSESSION
check: (digest) -> check: (digest) ->
new Promise (resolve, reject) => new Promise (resolve, reject) =>
# refresh expiry timer on digest # refresh expiry timer on digest
@db.expire digest, EXPIRY.login, (err, res) => @db.expire digest, EXPIRY.login * 86400, (err, res) =>
if res == 0 if res == 0
reject null reject null

16
frontend/src/components/Header.vue Normal file
View file

@ -0,0 +1,16 @@
<template>
<v-flex mb-4>
<h1 class="display-2 font-weight-bold mb-3">
Hello World!
</h1>
<p class="subheading font-weight-regular">
App under development, please don't submit any valuable data!
</p>
</v-flex>
</template>
<script>
export default {
name: "Header"
}
</script>

30
frontend/src/components/forms/FormDialog.vue
View file

@ -5,6 +5,13 @@
</v-btn> </v-btn>
<v-card> <v-card>
<v-snackbar v-model="snackbar.visible" :timeout="6000" :color="snackbar.color" absolute top>
{{ snackbar.text }}
<v-btn @click.native="snackbar.visible = false" fab flat icon>
<v-icon>close</v-icon>
</v-btn>
</v-snackbar>
<v-form <v-form
ref="form" ref="form"
v-model="valid" v-model="valid"
@ -23,7 +30,7 @@
</v-btn> </v-btn>
<v-btn color="error" @click.native="dialog = false"> <v-btn color="error" @click.native="dialog = false">
Cancel Close
</v-btn> </v-btn>
</v-card-actions> </v-card-actions>
</v-form> </v-form>
@ -36,7 +43,12 @@ export default {
name: 'FormDialog', name: 'FormDialog',
data: () => ({ data: () => ({
dialog: false, dialog: false,
valid: true valid: true,
snackbar: {
visible: false,
color: '',
text: ''
}
}), }),
props: { props: {
@ -46,8 +58,20 @@ export default {
methods: { methods: {
validate() { validate() {
if (this.$refs.form.validate()) { if (this.$refs.form.validate()) {
this.$emit('confirm') this.$emit('validated')
} }
},
showSnackbar(text, color) {
if (text == '') return
this.snackbar.visible = false
window.setTimeout(() => {
this.snackbar.text = text
this.snackbar.color = color
this.snackbar.visible = true
}, 100)
} }
}, },

17
frontend/src/components/forms/Login.vue
View file

@ -1,5 +1,5 @@
<template> <template>
<FormDialog buttonText="Login" @confirm="doLogin"> <FormDialog ref="main" buttonText="Login" @validated="doLogin">
<v-card-title class="headline"> <v-card-title class="headline">
Log In Log In
</v-card-title> </v-card-title>
@ -8,12 +8,14 @@
<v-text-field <v-text-field
ref="autofocus" ref="autofocus"
v-model="login" v-model="login"
:rules="loginRules"
label="User name" label="User name"
required required
></v-text-field> ></v-text-field>
<v-text-field <v-text-field
v-model="password" v-model="password"
:rules="passwordRules"
:append-icon="showPassword ? 'visibility' : 'visibility_off'" :append-icon="showPassword ? 'visibility' : 'visibility_off'"
@click:append="showPassword = !showPassword" @click:append="showPassword = !showPassword"
:type="showPassword ? 'text' : 'password'" :type="showPassword ? 'text' : 'password'"
@ -38,8 +40,11 @@ export default {
data: () => ({ data: () => ({
login: '', login: '',
loginRules: [v => !!v || 'Please enter user name'],
password: '', password: '',
showPassword: false showPassword: false,
passwordRules: [v => !!v || 'Please enter password'],
}), }),
methods: { methods: {
@ -51,12 +56,14 @@ export default {
password: this.password password: this.password
}) })
.then(response => { .then(response => {
// this.$refs.form.reset()
console.log('login', response.data) console.log('login', response.data)
if (response.data.success) { if (response.data.success) {
Cookies.set('session', response.data.message, { expires: 30 }) let cookie_data = JSON.parse(response.data.message)
console.log('cookie', Cookies.get()) Cookies.set('session', cookie_data.value, cookie_data.properties)
this.$refs.main.showSnackbar("Login successful!", 'success')
this.$router.push('about') this.$router.push('about')
} else {
this.$refs.main.showSnackbar(response.data.message, 'error')
} }
}) })
} }

8
frontend/src/components/forms/Register.vue
View file

@ -1,5 +1,5 @@
<template> <template>
<FormDialog buttonText="Register" @confirm="doRegister"> <FormDialog ref="main" buttonText="Register" @validated="doRegister">
<v-card-title class="headline"> <v-card-title class="headline">
Register Register
</v-card-title> </v-card-title>
@ -75,8 +75,12 @@ export default {
password: this.password password: this.password
}) })
.then(response => { .then(response => {
// this.$refs.form.reset()
console.log('register', response.data) console.log('register', response.data)
if (response.data.success) {
this.$refs.main.showSnackbar("Registration successful!", 'success')
} else {
this.$refs.main.showSnackbar(response.data.message, 'error')
}
}) })
} }
} }

14
frontend/src/views/About.vue
View file

@ -1,11 +1,7 @@
<template> <template>
<v-container> <v-container>
<v-flex mb-4> <Header />
<h1 class="display-2 font-weight-bold mb-3">Hello World!</h1>
<p class="subheading font-weight-regular">
App under development, please don't submit any valuable data!
</p>
</v-flex>
<p>user session: {{ sessionID }}</p> <p>user session: {{ sessionID }}</p>
<v-btn @click.native="logout">Logout</v-btn> <v-btn @click.native="logout">Logout</v-btn>
</v-container> </v-container>
@ -15,9 +11,15 @@
import * as Cookies from 'js-cookie' import * as Cookies from 'js-cookie'
import axios from '@/plugins/axios' import axios from '@/plugins/axios'
import Header from '@/components/Header.vue'
export default { export default {
name: 'About', name: 'About',
components: {
Header
},
data: () => ({ data: () => ({
sessionID: '' sessionID: ''
}), }),

11
frontend/src/views/Home.vue
View file

@ -1,13 +1,6 @@
<template> <template>
<v-container> <v-container>
<v-flex mb-4> <Header />
<h1 class="display-2 font-weight-bold mb-3">
Hello World!
</h1>
<p class="subheading font-weight-regular">
App under development, please don't submit any valuable data!
</p>
</v-flex>
<LoginForm /> <LoginForm />
<RegisterForm /> <RegisterForm />
@ -18,6 +11,7 @@
import * as Cookies from 'js-cookie' import * as Cookies from 'js-cookie'
import axios from '@/plugins/axios' import axios from '@/plugins/axios'
import Header from '@/components/Header.vue'
import LoginForm from '@/components/forms/Login.vue' import LoginForm from '@/components/forms/Login.vue'
import RegisterForm from '@/components/forms/Register.vue' import RegisterForm from '@/components/forms/Register.vue'
@ -31,6 +25,7 @@ export default {
}, },
components: { components: {
Header,
LoginForm, LoginForm,
RegisterForm RegisterForm
}, },