Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: Yavook.de:59b5f68b8b35cb8da292d19893494fbc3d83bc08
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:feature/vue
..
compare: Yavook.de:7221dd31af5f9c476b7932dea0fd00a8e165bec4
Branches Tags
Yavook.de:develop
Yavook.de:feature/vue
Yavook.de:master

No commits in common. "59b5f68b8b35cb8da292d19893494fbc3d83bc08" and "7221dd31af5f9c476b7932dea0fd00a8e165bec4" have entirely different histories.
59b5f68b8b ... 7221dd31af

11 changed files with 262 additions and 219 deletions
Show stats Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1 @@
**/node_modules **/node_modules
**/fftcg.db

357
backend/db.coffee
View file

@ -1,181 +1,224 @@
# node libraries # node libraries
bcrypt = (require 'bcrypt') bcrypt = (require 'bcrypt')
logger = (require 'logging').default 'db'
path = (require 'path')
sqlite3 = (require 'sqlite3').verbose() sqlite3 = (require 'sqlite3').verbose()
logger = (require 'logging').default 'db'
# bruteforce countermeasure # bruteforce countermeasure
saltRounds = 13 saltRounds = 13
class FFTCGDB FFTCGDB = (filename, truncate) ->
constructor: (filename, truncate) -> that = @
@filename = filename @filename = filename
@db = new sqlite3.Database @filename, (err) => @db = new sqlite3.Database @filename, (err) ->
if err
logger.error err.message
else
logger.info "Connected to '#{that.filename}'"
that.db.run 'PRAGMA foreign_keys = ON;', (err) ->
logger.error err.message if err
if truncate == true
that.db.run 'DROP TABLE IF EXISTS users;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) ->
logger.error err.message if err
that.db.run 'DROP TABLE IF EXISTS decks;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) ->
logger.error err.message if err
logger.info 'recreated sqlite3 db'
return
FFTCGDB::close = ->
logger.info 'shutting down'
new Promise (resolve, reject) ->
@db.close (err) ->
if err if err
logger.error err.message logger.error "Error closing: '#{err.message}'"
reject 'db'
else
logger.warn "Closed '#{@filename}'"
resolve 'ok'
FFTCGDB::register = (login, password) ->
that = @
new Promise (resolve, reject) ->
# validate user input
if login == '' or password == ''
# no user name or password given
logger.info "reg: user name '#{login}' or password empty"
reject 'invalid'
# hash password
bcrypt.hash password, saltRounds, (err, hash) ->
if err
logger.warn "reg: hash fail for name '#{login}'"
reject 'hash'
# try creating row in users table
stmt = that.db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
if err
logger.warn "reg: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'db' # user already exists
else
logger.info "reg: OK '#{login}'"
stmt.finalize()
# registration successful
resolve
user: @lastID
login: login
FFTCGDB::login = (login, password) ->
that = @
new Promise (resolve, reject) ->
# get users table row
stmt = that.db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) ->
if err
logger.warn "login: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
reject 'db'
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: nonexistent '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else else
logger.info "OK open '#{@filename}'" bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: hash fail for name '#{login}'"
reject 'hash'
@db.run 'PRAGMA foreign_keys = ON;', (err) => if res == true
logger.error err.message if err logger.debug "login: OK '#{row.login}'"
if truncate == true
@db.run 'DROP TABLE IF EXISTS users;', (err) =>
logger.error err.message if err
@db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) =>
logger.error err.message if err
@db.run 'DROP TABLE IF EXISTS decks;', (err) =>
logger.error err.message if err
@db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) =>
logger.error err.message if err
logger.info 'OK clear'
close: ->
logger.info 'shutting down'
new Promise (resolve, reject) =>
@db.close (err) ->
if err
logger.error "FAIL '#{err.message}'"
reject 'db'
else
logger.warn "OK close '#{@filename}'"
resolve 'ok'
register: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
if login == '' or password == ''
# no user name or password given
logger.info "reg: FAIL empty '#{login}' or password"
reject 'invalid'
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject 'hash'
else
# try creating row in users table
stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
stmt.finalize() stmt.finalize()
if err # login successful
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'" resolve
# reduce attack surface, don't disclose user names user: row.user
reject 'db' # user already exists login: row.login
else else
logger.info "reg: OK '#{login}'" logger.debug "login: wrong password for '#{login}'"
# registration successful stmt.finalize()
resolve # login failed
user: @lastID reject 'login'
login: login
login: (login, password) -> FFTCGDB::addDeck = (user, deckCards) ->
new Promise (resolve, reject) => that = @
# get users table row
stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?' new Promise (resolve, reject) ->
stmt.get [login], (err, row) => # try creating row in decks table
stmt = that.db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
if err
logger.warn "addDeck: DB fail '#{err.code}' for id '#{user}'"
stmt.finalize() stmt.finalize()
if err reject 'db'
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject 'db'
else if not row else
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve
user: row.user
login: row.login
else
logger.debug "login: FAIL password for '#{login}'"
# login failed
reject 'login'
addDeck: (user, deckCards) ->
new Promise (resolve, reject) =>
# try creating row in decks table
stmt = @db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
stmt.finalize() stmt.finalize()
if err # deck added successfully, now add cards
logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'" that.modDeck(@lastID, deckCards)
reject 'db' .then (deckID) ->
resolve deckID
.catch (error) ->
reject error
else FFTCGDB::modDeck = (deckID, deckCards) ->
logger.debug "addDeck: OK '#{@lastID}'" that = @
resolve @lastID
modDeck: (deckID, deckCards) -> new Promise (resolve, reject) ->
new Promise (resolve, reject) => # delete old deck cards
stmt = @db.prepare 'UPDATE decks SET json = ? WHERE deck = ?' stmt = that.db.prepare 'DELETE FROM decks_cards WHERE deck = ?'
stmt.run [deckCards, deckID], (err) -> stmt.run [deckID], (err) ->
stmt.finalize() stmt.finalize()
if err if err
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'" logger.warn "modDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db' reject 'db'
else else
logger.debug "modDeck: OK '#{deckID}'" stmt = that.db.prepare 'INSERT INTO decks_cards (deck, card, quant) VALUES (?, ?, ?)'
resolve deckID # add new cards
that.db.parallelize ->
# needs to be done in several queries
promiseCount = deckCards.length
deckCards.forEach (card) ->
stmt.run [deckID, card.id, card.quant], (err) ->
if err
logger.warn "modDeck: DB fail '#{err.code}' for card '#{deckID}', '#{card.id}', '#{card.quant}'"
stmt.finalize()
reject 'db'
else
# check if all queries are done
promiseCount -= 1
if promiseCount == 0
logger.debug "modDeck: OK '#{deckID}'"
stmt.finalize()
resolve deckID
getDecks: (user) -> FFTCGDB::getDecks = (user) ->
new Promise (resolve, reject) => that = @
stmt = @db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [user], (err, rows) ->
stmt.finalize()
if err
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db'
else
logger.debug "getDeck: OK '#{deckID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
delDeck: (deckID) -> new Promise (resolve, reject) ->
new Promise (resolve, reject) => # try deleting correct row in decks table
stmt = @db.prepare 'DELETE FROM decks WHERE deck = ?' decks = {}
stmt.run [deckID], (err) -> stmt = that.db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.finalize() stmt.all [user], (err, rows) ->
if err stmt.finalize()
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'" if err
reject 'db' logger.warn "getDeck: DB fail '#{err.code}' for deck '#{deckID}'"
else reject 'db'
logger.debug "delDeck: OK '#{deckID}'" else
resolve deckID logger.debug "getDeck: OK '#{deckID}'"
for row in rows
decks[row.deck] = JSON.parse row.json
resolve decks
FFTCGDB::delDeck = (deckID) ->
that = @
new Promise (resolve, reject) ->
# try deleting correct row in decks table
stmt = that.db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
logger.warn "delDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID
module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true module.exports = FFTCGDB

0
backend/fftcg.db Normal file
View file

24
backend/routes.coffee Normal file
View file

@ -0,0 +1,24 @@
# local libraries
# (require 'debug').enable 'routes'
path = (require 'path')
# shared libraries
SHARE =
logger: (require 'logging').default 'routes'
jsonschemas:
user: (require './routes/schema/user.schema')()
# fftcg.db (persistent data)
fftcgdb: new (require './db') path.resolve(__dirname, 'fftcg.db'), true
# session storage (volatile data)
session: new (require './session')
module.exports = [
# test
(require './routes/test') SHARE
# register user
(require './routes/user/register') SHARE
# log in user
(require './routes/user/login') SHARE
]

2
backend/routes/user/user.schema.coffee → backend/routes/schema/user.schema.coffee
View file

@ -1,4 +1,4 @@
module.exports = module.exports = ->
body: body:
login: type: 'string' login: type: 'string'
password: type: 'string' password: type: 'string'

2
backend/routes/test.coffee
View file

@ -1,4 +1,4 @@
module.exports = module.exports = (SHARE) ->
url: '/test' url: '/test'
method: 'POST' method: 'POST'
handler: (request, reply) -> handler: (request, reply) ->

26
backend/routes/user/login.coffee
View file

@ -1,37 +1,31 @@
logger = (require 'logging').default 'login' module.exports = (SHARE) ->
# session storage (volatile data)
session = (require '../../session')
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/login' url: '/user/login'
method: 'POST' method: 'POST'
schema: (require './user.schema') schema: SHARE.jsonschemas.user
handler: (request, reply) -> handler: (request, reply) ->
session_id = request.cookies.session ? ''
new Promise (resolve) -> new Promise (resolve) ->
session_id = request.cookies.session ? '' SHARE.session.check session_id
session.check session_id
.then (user) -> .then (user) ->
# active session found # active session found
logger.debug "OK '#{user.login}' resumed session '#{session_id}'" SHARE.logger.debug "OK '#{user.login}' resumed session '#{session_id}'"
resolve user resolve user
.catch -> .catch ->
fftcgdb.login request.body.login, request.body.password SHARE.fftcgdb.login request.body.login, request.body.password
.then (user) -> .then (user) ->
# login successful: start new session # login successful: start new session
logger.info "OK '#{request.body.login}'" SHARE.session.start user
session.start user
.then (session_id) -> .then (session_id) ->
logger.info "OK '#{user.login}' created session '#{session_id}'"
reply.setCookie 'session', session_id reply.setCookie 'session', session_id
resolve user resolve user
.catch (err) -> .catch (err) ->
# login failed # login failed
logger.info "FAIL '#{request.body.login}'" SHARE.logger.info "FAIL login for '#{request.body.login}'"
reply.send reply.send
success: false success: false
err: err err: err

15
backend/routes/user/register.coffee
View file

@ -1,24 +1,19 @@
logger = (require 'logging').default 'register' module.exports = (SHARE) ->
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/register' url: '/user/register'
method: 'POST' method: 'POST'
schema: (require './user.schema') schema: SHARE.jsonschemas.user
handler: (request, reply) -> handler: (request, reply) ->
fftcgdb.register(request.body.login, request.body.password) SHARE.fftcgdb.register(request.body.login, request.body.password)
.then (user) -> .then (user) ->
logger.info "OK '#{request.body.login}'" SHARE.logger.info "OK registration '#{request.body.login}'"
reply.send reply.send
success: true success: true
user: user user: user
return return
.catch (err) -> .catch (err) ->
logger.debug "FAIL '#{request.body.login}'" SHARE.logger.debug "FAIL registration '#{request.body.login}'"
reply.send reply.send
success: false success: false
err: err err: err

42
backend/server.coffee
View file

@ -3,47 +3,37 @@
logger = (require 'logging').default 'FFTCG' logger = (require 'logging').default 'FFTCG'
fastify = (require 'fastify') fastify = (require 'fastify')
logger: level: 'warn' logger: level: 'warn'
path = (require 'path')
# fastify and plugin framework # my libraries
socket = (require './socket')
# FFTCGSESSION = (require './session')
routes = (require './routes')
# fastify framework
fastify.register (require 'fastify-cookie') fastify.register (require 'fastify-cookie')
fastify.register (require 'fastify-ws'), library: 'uws' fastify.register (require 'fastify-ws'), library: 'uws'
# temporary dev frontend; to be uninstalled
path = (require 'path')
fastify.register (require 'fastify-static'), root: (path.join __dirname, 'tmpfront') fastify.register (require 'fastify-static'), root: (path.join __dirname, 'tmpfront')
# API routes fastify.ready()
fastify.route (require "./routes/#{route}") for route in [ .then ->
# test route fastify.ws.on 'connection', socket
'test'
# log in user .catch (err) ->
'user/login' logger.error err
# register user process.exit 1
'user/register'
]
# request logging
fastify.addHook 'onRequest', (req, res, next) -> fastify.addHook 'onRequest', (req, res, next) ->
logger.debug 'requested', req.url logger.debug 'requested', req.url
next() next()
# finalize loadup fastify.route route for route in routes
fastify.ready()
.then ->
# create websocket on successful load
socket = (require './socket')
fastify.ws.on 'connection', socket
.catch (err) ->
# abort on load failure
logger.error err
process.exit 1
# start server
fastify.listen 3001, '0.0.0.0' fastify.listen 3001, '0.0.0.0'
.catch (err) -> .catch (err) ->
logger.error err logger.error err
# Handle termination # Handle termination
process.on 'SIGINT', -> process.on 'SIGINT', ->
socket.close() socket.close()

6
backend/session.coffee
View file

@ -17,7 +17,7 @@ class FFTCGSESSION
host: 'redis' host: 'redis'
port: 6379 port: 6379
@db.on 'error', (err) => @db.on 'error', (err) ->
logger.error err.message logger.error err.message
start: (data) -> start: (data) ->
@ -30,7 +30,6 @@ class FFTCGSESSION
# push (hash, data) into DB for the configured timespan # push (hash, data) into DB for the configured timespan
@db.setex digest, EXPIRY.login, (JSON.stringify data), (err) -> @db.setex digest, EXPIRY.login, (JSON.stringify data), (err) ->
logger.info "OK '#{digest}' created"
resolve digest resolve digest
check: (digest) -> check: (digest) ->
@ -42,7 +41,6 @@ class FFTCGSESSION
else else
@db.get digest, (err, res) -> @db.get digest, (err, res) ->
logger.info "OK '#{digest}' resumed"
resolve JSON.parse res resolve JSON.parse res
module.exports = new FFTCGSESSION module.exports = FFTCGSESSION

6
backend/socket.coffee
View file

@ -5,15 +5,15 @@ logger = (require 'logging').default 'socket'
# my libraries # my libraries
module.exports = (socket) -> module.exports = (socket) ->
logger.info 'OK connect' logger.info 'Client connected.'
socket.on 'message', (msg) -> socket.on 'message', (msg) ->
# echo server # echo server
logger.info "OK received '#{msg}'" logger.info "Echo '#{msg}'."
socket.send "Re: #{msg}" socket.send "Re: #{msg}"
socket.on 'close', -> socket.on 'close', ->
logger.info 'OK disconnect' logger.info 'Client disconnected.'
# FFTCGSOCKET = (http, session) -> # FFTCGSOCKET = (http, session) ->
# that = @ # that = @