Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: Yavook.de:7221dd31af5f9c476b7932dea0fd00a8e165bec4
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:feature/vue
...
compare: Yavook.de:59b5f68b8b35cb8da292d19893494fbc3d83bc08
Branches Tags
Yavook.de:develop
Yavook.de:feature/vue
Yavook.de:master

3 commits
7221dd31af ... 59b5f68b8b

Author SHA1 Message Date
Jörn-Michael Miehe
59b5f68b8b routing cleanup 2019-02-19 21:50:29 +01:00
Jörn-Michael Miehe
c3fd13e358 classify db 2019-02-19 21:36:14 +01:00
Jörn-Michael Miehe
60edcf86b7 singletons 2019-02-19 19:58:09 +01:00
11 changed files with 214 additions and 257 deletions
Show stats Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
**/node_modules
**/fftcg.db

347
backend/db.coffee
View file

@ -1,224 +1,181 @@
# node libraries
bcrypt = (require 'bcrypt')
sqlite3 = (require 'sqlite3').verbose()
logger = (require 'logging').default 'db'
path = (require 'path')
sqlite3 = (require 'sqlite3').verbose()
# bruteforce countermeasure
saltRounds = 13
FFTCGDB = (filename, truncate) ->
that = @
@filename = filename
class FFTCGDB
constructor: (filename, truncate) ->
@filename = filename
@db = new sqlite3.Database @filename, (err) ->
if err
logger.error err.message
else
logger.info "Connected to '#{that.filename}'"
that.db.run 'PRAGMA foreign_keys = ON;', (err) ->
logger.error err.message if err
if truncate == true
that.db.run 'DROP TABLE IF EXISTS users;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) ->
logger.error err.message if err
that.db.run 'DROP TABLE IF EXISTS decks;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) ->
logger.error err.message if err
logger.info 'recreated sqlite3 db'
return
FFTCGDB::close = ->
logger.info 'shutting down'
new Promise (resolve, reject) ->
@db.close (err) ->
@db = new sqlite3.Database @filename, (err) =>
if err
logger.error "Error closing: '#{err.message}'"
reject 'db'
logger.error err.message
else
logger.warn "Closed '#{@filename}'"
resolve 'ok'
logger.info "OK open '#{@filename}'"
FFTCGDB::register = (login, password) ->
that = @
@db.run 'PRAGMA foreign_keys = ON;', (err) =>
logger.error err.message if err
new Promise (resolve, reject) ->
# validate user input
if login == '' or password == ''
# no user name or password given
logger.info "reg: user name '#{login}' or password empty"
reject 'invalid'
if truncate == true
@db.run 'DROP TABLE IF EXISTS users;', (err) =>
logger.error err.message if err
@db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) =>
logger.error err.message if err
# hash password
bcrypt.hash password, saltRounds, (err, hash) ->
if err
logger.warn "reg: hash fail for name '#{login}'"
reject 'hash'
@db.run 'DROP TABLE IF EXISTS decks;', (err) =>
logger.error err.message if err
@db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) =>
logger.error err.message if err
# try creating row in users table
stmt = that.db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
logger.info 'OK clear'
close: ->
logger.info 'shutting down'
new Promise (resolve, reject) =>
@db.close (err) ->
if err
logger.warn "reg: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'db' # user already exists
logger.error "FAIL '#{err.message}'"
reject 'db'
else
logger.warn "OK close '#{@filename}'"
resolve 'ok'
register: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
if login == '' or password == ''
# no user name or password given
logger.info "reg: FAIL empty '#{login}' or password"
reject 'invalid'
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject 'hash'
else
logger.info "reg: OK '#{login}'"
stmt.finalize()
# registration successful
resolve
user: @lastID
login: login
FFTCGDB::login = (login, password) ->
that = @
new Promise (resolve, reject) ->
# get users table row
stmt = that.db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) ->
if err
logger.warn "login: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
reject 'db'
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: nonexistent '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: hash fail for name '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
# try creating row in users table
stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
stmt.finalize()
# login successful
resolve
user: row.user
login: row.login
if err
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
# reduce attack surface, don't disclose user names
reject 'db' # user already exists
else
logger.debug "login: wrong password for '#{login}'"
stmt.finalize()
# login failed
reject 'login'
else
logger.info "reg: OK '#{login}'"
# registration successful
resolve
user: @lastID
login: login
FFTCGDB::addDeck = (user, deckCards) ->
that = @
new Promise (resolve, reject) ->
# try creating row in decks table
stmt = that.db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
if err
logger.warn "addDeck: DB fail '#{err.code}' for id '#{user}'"
login: (login, password) ->
new Promise (resolve, reject) =>
# get users table row
stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) =>
stmt.finalize()
reject 'db'
if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject 'db'
else
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve
user: row.user
login: row.login
else
logger.debug "login: FAIL password for '#{login}'"
# login failed
reject 'login'
addDeck: (user, deckCards) ->
new Promise (resolve, reject) =>
# try creating row in decks table
stmt = @db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
stmt.finalize()
# deck added successfully, now add cards
that.modDeck(@lastID, deckCards)
.then (deckID) ->
resolve deckID
.catch (error) ->
reject error
if err
logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'"
reject 'db'
FFTCGDB::modDeck = (deckID, deckCards) ->
that = @
else
logger.debug "addDeck: OK '#{@lastID}'"
resolve @lastID
new Promise (resolve, reject) ->
# delete old deck cards
stmt = that.db.prepare 'DELETE FROM decks_cards WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
logger.warn "modDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
stmt = that.db.prepare 'INSERT INTO decks_cards (deck, card, quant) VALUES (?, ?, ?)'
# add new cards
that.db.parallelize ->
# needs to be done in several queries
promiseCount = deckCards.length
deckCards.forEach (card) ->
stmt.run [deckID, card.id, card.quant], (err) ->
if err
logger.warn "modDeck: DB fail '#{err.code}' for card '#{deckID}', '#{card.id}', '#{card.quant}'"
stmt.finalize()
reject 'db'
else
# check if all queries are done
promiseCount -= 1
if promiseCount == 0
logger.debug "modDeck: OK '#{deckID}'"
stmt.finalize()
resolve deckID
modDeck: (deckID, deckCards) ->
new Promise (resolve, reject) =>
stmt = @db.prepare 'UPDATE decks SET json = ? WHERE deck = ?'
stmt.run [deckCards, deckID], (err) ->
stmt.finalize()
if err
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db'
else
logger.debug "modDeck: OK '#{deckID}'"
resolve deckID
FFTCGDB::getDecks = (user) ->
that = @
getDecks: (user) ->
new Promise (resolve, reject) =>
stmt = @db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [user], (err, rows) ->
stmt.finalize()
if err
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db'
else
logger.debug "getDeck: OK '#{deckID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
new Promise (resolve, reject) ->
# try deleting correct row in decks table
decks = {}
stmt = that.db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [user], (err, rows) ->
stmt.finalize()
if err
logger.warn "getDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
logger.debug "getDeck: OK '#{deckID}'"
for row in rows
decks[row.deck] = JSON.parse row.json
resolve decks
FFTCGDB::delDeck = (deckID) ->
that = @
new Promise (resolve, reject) ->
# try deleting correct row in decks table
stmt = that.db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
logger.warn "delDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID
delDeck: (deckID) ->
new Promise (resolve, reject) =>
stmt = @db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db'
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID
module.exports = FFTCGDB
module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true

0
backend/fftcg.db
View file

24
backend/routes.coffee
View file

@ -1,24 +0,0 @@
# local libraries
# (require 'debug').enable 'routes'
path = (require 'path')
# shared libraries
SHARE =
logger: (require 'logging').default 'routes'
jsonschemas:
user: (require './routes/schema/user.schema')()
# fftcg.db (persistent data)
fftcgdb: new (require './db') path.resolve(__dirname, 'fftcg.db'), true
# session storage (volatile data)
session: new (require './session')
module.exports = [
# test
(require './routes/test') SHARE
# register user
(require './routes/user/register') SHARE
# log in user
(require './routes/user/login') SHARE
]

2
backend/routes/test.coffee
View file

@ -1,4 +1,4 @@
module.exports = (SHARE) ->
module.exports =
url: '/test'
method: 'POST'
handler: (request, reply) ->

26
backend/routes/user/login.coffee
View file

@ -1,31 +1,37 @@
module.exports = (SHARE) ->
logger = (require 'logging').default 'login'
# session storage (volatile data)
session = (require '../../session')
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/login'
method: 'POST'
schema: SHARE.jsonschemas.user
schema: (require './user.schema')
handler: (request, reply) ->
session_id = request.cookies.session ? ''
new Promise (resolve) ->
SHARE.session.check session_id
session_id = request.cookies.session ? ''
session.check session_id
.then (user) ->
# active session found
SHARE.logger.debug "OK '#{user.login}' resumed session '#{session_id}'"
logger.debug "OK '#{user.login}' resumed session '#{session_id}'"
resolve user
.catch ->
SHARE.fftcgdb.login request.body.login, request.body.password
fftcgdb.login request.body.login, request.body.password
.then (user) ->
# login successful: start new session
SHARE.session.start user
logger.info "OK '#{request.body.login}'"
session.start user
.then (session_id) ->
logger.info "OK '#{user.login}' created session '#{session_id}'"
reply.setCookie 'session', session_id
resolve user
.catch (err) ->
# login failed
SHARE.logger.info "FAIL login for '#{request.body.login}'"
logger.info "FAIL '#{request.body.login}'"
reply.send
success: false
err: err

15
backend/routes/user/register.coffee
View file

@ -1,19 +1,24 @@
module.exports = (SHARE) ->
logger = (require 'logging').default 'register'
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/register'
method: 'POST'
schema: SHARE.jsonschemas.user
schema: (require './user.schema')
handler: (request, reply) ->
SHARE.fftcgdb.register(request.body.login, request.body.password)
fftcgdb.register(request.body.login, request.body.password)
.then (user) ->
SHARE.logger.info "OK registration '#{request.body.login}'"
logger.info "OK '#{request.body.login}'"
reply.send
success: true
user: user
return
.catch (err) ->
SHARE.logger.debug "FAIL registration '#{request.body.login}'"
logger.debug "FAIL '#{request.body.login}'"
reply.send
success: false
err: err

2
backend/routes/schema/user.schema.coffee → backend/routes/user/user.schema.coffee
View file

@ -1,4 +1,4 @@
module.exports = ->
module.exports =
body:
login: type: 'string'
password: type: 'string'

42
backend/server.coffee
View file

@ -3,37 +3,47 @@
logger = (require 'logging').default 'FFTCG'
fastify = (require 'fastify')
logger: level: 'warn'
path = (require 'path')
# my libraries
socket = (require './socket')
# FFTCGSESSION = (require './session')
routes = (require './routes')
# fastify framework
# fastify and plugin framework
fastify.register (require 'fastify-cookie')
fastify.register (require 'fastify-ws'), library: 'uws'
# temporary dev frontend; to be uninstalled
path = (require 'path')
fastify.register (require 'fastify-static'), root: (path.join __dirname, 'tmpfront')
fastify.ready()
.then ->
fastify.ws.on 'connection', socket
.catch (err) ->
logger.error err
process.exit 1
# API routes
fastify.route (require "./routes/#{route}") for route in [
# test route
'test'
# log in user
'user/login'
# register user
'user/register'
]
# request logging
fastify.addHook 'onRequest', (req, res, next) ->
logger.debug 'requested', req.url
next()
fastify.route route for route in routes
# finalize loadup
fastify.ready()
.then ->
# create websocket on successful load
socket = (require './socket')
fastify.ws.on 'connection', socket
.catch (err) ->
# abort on load failure
logger.error err
process.exit 1
# start server
fastify.listen 3001, '0.0.0.0'
.catch (err) ->
logger.error err
# Handle termination
process.on 'SIGINT', ->
socket.close()

6
backend/session.coffee
View file

@ -17,7 +17,7 @@ class FFTCGSESSION
host: 'redis'
port: 6379
@db.on 'error', (err) ->
@db.on 'error', (err) =>
logger.error err.message
start: (data) ->
@ -30,6 +30,7 @@ class FFTCGSESSION
# push (hash, data) into DB for the configured timespan
@db.setex digest, EXPIRY.login, (JSON.stringify data), (err) ->
logger.info "OK '#{digest}' created"
resolve digest
check: (digest) ->
@ -41,6 +42,7 @@ class FFTCGSESSION
else
@db.get digest, (err, res) ->
logger.info "OK '#{digest}' resumed"
resolve JSON.parse res
module.exports = FFTCGSESSION
module.exports = new FFTCGSESSION

6
backend/socket.coffee
View file

@ -5,15 +5,15 @@ logger = (require 'logging').default 'socket'
# my libraries
module.exports = (socket) ->
logger.info 'Client connected.'
logger.info 'OK connect'
socket.on 'message', (msg) ->
# echo server
logger.info "Echo '#{msg}'."
logger.info "OK received '#{msg}'"
socket.send "Re: #{msg}"
socket.on 'close', ->
logger.info 'Client disconnected.'
logger.info 'OK disconnect'
# FFTCGSOCKET = (http, session) ->
# that = @