Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: Yavook.de:366339fc9a511af0061fb6f6320197fb3c751b66
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:feature/vue
..
compare: Yavook.de:1505667e1eab619f012610bc8b292c87412595cb
Branches Tags
Yavook.de:develop
Yavook.de:feature/vue
Yavook.de:master

No commits in common. "366339fc9a511af0061fb6f6320197fb3c751b66" and "1505667e1eab619f012610bc8b292c87412595cb" have entirely different histories.
366339fc9a ... 1505667e1e

10 changed files with 92 additions and 167 deletions
Show stats Expand all files Collapse all files

137
backend/db.coffee
View file

@ -7,14 +7,6 @@ sqlite3 = (require 'sqlite3').verbose()
# bruteforce countermeasure
saltRounds = 13
messages =
empty: 'Empty user name or password'
hash: 'Failed to process your data, try again later'
exists: 'User name is already taken'
noexists: 'Wrong user name or password'
password: 'Wrong user name or password'
db: 'Failed to access the database, try again later'
class FFTCGDB
constructor: (filename, truncate) ->
@filename = filename
@ -64,91 +56,74 @@ class FFTCGDB
@db.close (err) ->
if err
logger.error "FAIL '#{err.message}'"
reject null
reject 'db'
else
logger.warn "OK close '#{@filename}'"
resolve null
validate: (login, password) ->
defined = (value) -> value? and value isnt ''
new Promise (resolve, reject) =>
if (defined login) and (defined password)
# both are defined
resolve null
else
# no user name or password given
logger.info "validate: FAIL empty '#{login}' or password"
reject null
resolve 'ok'
register: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
@validate login, password
.then =>
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject messages.hash
if login == '' or password == ''
# no user name or password given
logger.info "reg: FAIL empty '#{login}' or password"
reject 'invalid'
else
# try creating row in users table
stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
stmt.finalize()
if err
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
reject messages.exists # user already exists
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject 'hash'
else
logger.info "reg: OK '#{login}'"
# registration successful
resolve
user: @lastID
login: login
else
# try creating row in users table
stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
stmt.finalize()
if err
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
reject 'existence' # user already exists
.catch ->
reject messages.empty
else
logger.info "reg: OK '#{login}'"
# registration successful
resolve
user: @lastID
login: login
login: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
@validate login, password
.then =>
# get users table row
stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) =>
stmt.finalize()
if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject messages.db
# get users table row
stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) =>
stmt.finalize()
if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject 'db'
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
reject messages.noexists # user doesnt exist
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
reject 'existence' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject messages.hash
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve
user: row.user
login: row.login
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve
user: row.user
login: row.login
else
logger.debug "login: FAIL password for '#{login}'"
reject messages.password # login failed
.catch ->
reject messages.empty
else
logger.debug "login: FAIL password for '#{login}'"
# login failed
reject 'login'
addDeck: (user, deckCards) ->
new Promise (resolve, reject) =>
@ -158,7 +133,7 @@ class FFTCGDB
stmt.finalize()
if err
logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'"
reject messages.db
reject 'db'
else
logger.debug "addDeck: OK '#{@lastID}'"
@ -171,7 +146,7 @@ class FFTCGDB
stmt.finalize()
if err
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject messages.db
reject 'db'
else
logger.debug "modDeck: OK '#{deckID}'"
resolve deckID
@ -183,7 +158,7 @@ class FFTCGDB
stmt.finalize()
if err
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject messages.db
reject 'db'
else
logger.debug "getDeck: OK '#{deckID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
@ -195,7 +170,7 @@ class FFTCGDB
stmt.finalize()
if err
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject messages.db
reject 'db'
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID

8
backend/routes/user/login.coffee
View file

@ -24,8 +24,8 @@ module.exports =
# login successful: start new session
logger.info "OK '#{request.body.login}'"
session.start user
.then (cookie_data) ->
resolve cookie_data
.then (session_id) ->
resolve session_id
.catch (err) ->
# login failed
@ -34,8 +34,8 @@ module.exports =
success: false
message: err
.then (cookie_data) ->
.then (session_id) ->
# login or resume successful
reply.send
success: true
message: JSON.stringify cookie_data
message: session_id

2
backend/routes/user/logout.coffee
View file

@ -2,6 +2,8 @@ logger = (require 'logging').default 'logout'
# session storage (volatile data)
session = (require '../../session')
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/logout'

16
backend/session.coffee
View file

@ -3,12 +3,12 @@ redis = (require 'redis')
crypto = (require 'crypto')
logger = (require 'logging').default 'session'
# expiry times in days
# expiry times in seconds
EXPIRY =
# games expire 1 week after creation
game: 7
game: 1 * 60 * 60 * 24 * 7
# logins expire 1 month after last action
login: 30
login: 1 * 60 * 60 * 24 * 30
class FFTCGSESSION
@ -29,13 +29,9 @@ class FFTCGSESSION
logger.debug 'digest', digest
# push (hash, data) into DB for the configured timespan
@db.setex digest, EXPIRY.login * 86400, (JSON.stringify data), (err) ->
@db.setex digest, EXPIRY.login, (JSON.stringify data), (err) ->
logger.info "OK '#{digest}' created"
# return cookie data
resolve
value: digest
properties:
expires: EXPIRY.login
resolve digest
destroy: (digest) ->
new Promise (resolve, reject) =>
@ -50,7 +46,7 @@ class FFTCGSESSION
check: (digest) ->
new Promise (resolve, reject) =>
# refresh expiry timer on digest
@db.expire digest, EXPIRY.login * 86400, (err, res) =>
@db.expire digest, EXPIRY.login, (err, res) =>
if res == 0
reject null

16
frontend/src/components/Header.vue
View file

@ -1,16 +0,0 @@
<template>
<v-flex mb-4>
<h1 class="display-2 font-weight-bold mb-3">
Hello World!
</h1>
<p class="subheading font-weight-regular">
App under development, please don't submit any valuable data!
</p>
</v-flex>
</template>
<script>
export default {
name: "Header"
}
</script>

30
frontend/src/components/forms/FormDialog.vue
View file

@ -5,13 +5,6 @@
</v-btn>
<v-card>
<v-snackbar v-model="snackbar.visible" :timeout="6000" :color="snackbar.color" absolute top>
{{ snackbar.text }}
<v-btn @click.native="snackbar.visible = false" fab flat icon>
<v-icon>close</v-icon>
</v-btn>
</v-snackbar>
<v-form
ref="form"
v-model="valid"
@ -30,7 +23,7 @@
</v-btn>
<v-btn color="error" @click.native="dialog = false">
Close
Cancel
</v-btn>
</v-card-actions>
</v-form>
@ -43,12 +36,7 @@ export default {
name: 'FormDialog',
data: () => ({
dialog: false,
valid: true,
snackbar: {
visible: false,
color: '',
text: ''
}
valid: true
}),
props: {
@ -58,20 +46,8 @@ export default {
methods: {
validate() {
if (this.$refs.form.validate()) {
this.$emit('validated')
this.$emit('confirm')
}
},
showSnackbar(text, color) {
if (text == '') return
this.snackbar.visible = false
window.setTimeout(() => {
this.snackbar.text = text
this.snackbar.color = color
this.snackbar.visible = true
}, 100)
}
},

17
frontend/src/components/forms/Login.vue
View file

@ -1,5 +1,5 @@
<template>
<FormDialog ref="main" buttonText="Login" @validated="doLogin">
<FormDialog buttonText="Login" @confirm="doLogin">
<v-card-title class="headline">
Log In
</v-card-title>
@ -8,14 +8,12 @@
<v-text-field
ref="autofocus"
v-model="login"
:rules="loginRules"
label="User name"
required
></v-text-field>
<v-text-field
v-model="password"
:rules="passwordRules"
:append-icon="showPassword ? 'visibility' : 'visibility_off'"
@click:append="showPassword = !showPassword"
:type="showPassword ? 'text' : 'password'"
@ -40,11 +38,8 @@ export default {
data: () => ({
login: '',
loginRules: [v => !!v || 'Please enter user name'],
password: '',
showPassword: false,
passwordRules: [v => !!v || 'Please enter password'],
showPassword: false
}),
methods: {
@ -56,14 +51,12 @@ export default {
password: this.password
})
.then(response => {
// this.$refs.form.reset()
console.log('login', response.data)
if (response.data.success) {
let cookie_data = JSON.parse(response.data.message)
Cookies.set('session', cookie_data.value, cookie_data.properties)
this.$refs.main.showSnackbar("Login successful!", 'success')
Cookies.set('session', response.data.message, { expires: 30 })
console.log('cookie', Cookies.get())
this.$router.push('about')
} else {
this.$refs.main.showSnackbar(response.data.message, 'error')
}
})
}

8
frontend/src/components/forms/Register.vue
View file

@ -1,5 +1,5 @@
<template>
<FormDialog ref="main" buttonText="Register" @validated="doRegister">
<FormDialog buttonText="Register" @confirm="doRegister">
<v-card-title class="headline">
Register
</v-card-title>
@ -75,12 +75,8 @@ export default {
password: this.password
})
.then(response => {
// this.$refs.form.reset()
console.log('register', response.data)
if (response.data.success) {
this.$refs.main.showSnackbar("Registration successful!", 'success')
} else {
this.$refs.main.showSnackbar(response.data.message, 'error')
}
})
}
}

14
frontend/src/views/About.vue
View file

@ -1,7 +1,11 @@
<template>
<v-container>
<Header />
<v-flex mb-4>
<h1 class="display-2 font-weight-bold mb-3">Hello World!</h1>
<p class="subheading font-weight-regular">
App under development, please don't submit any valuable data!
</p>
</v-flex>
<p>user session: {{ sessionID }}</p>
<v-btn @click.native="logout">Logout</v-btn>
</v-container>
@ -11,15 +15,9 @@
import * as Cookies from 'js-cookie'
import axios from '@/plugins/axios'
import Header from '@/components/Header.vue'
export default {
name: 'About',
components: {
Header
},
data: () => ({
sessionID: ''
}),

11
frontend/src/views/Home.vue
View file

@ -1,6 +1,13 @@
<template>
<v-container>
<Header />
<v-flex mb-4>
<h1 class="display-2 font-weight-bold mb-3">
Hello World!
</h1>
<p class="subheading font-weight-regular">
App under development, please don't submit any valuable data!
</p>
</v-flex>
<LoginForm />
<RegisterForm />
@ -11,7 +18,6 @@
import * as Cookies from 'js-cookie'
import axios from '@/plugins/axios'
import Header from '@/components/Header.vue'
import LoginForm from '@/components/forms/Login.vue'
import RegisterForm from '@/components/forms/Register.vue'
@ -25,7 +31,6 @@ export default {
},
components: {
Header,
LoginForm,
RegisterForm
},