Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: Yavook.de:7221dd31af5f9c476b7932dea0fd00a8e165bec4
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:feature/vue
...
compare: Yavook.de:59b5f68b8b35cb8da292d19893494fbc3d83bc08
Branches Tags
Yavook.de:develop
Yavook.de:feature/vue
Yavook.de:master

3 commits
7221dd31af ... 59b5f68b8b

Author SHA1 Message Date
Jörn-Michael Miehe
59b5f68b8b routing cleanup 2019-02-19 21:50:29 +01:00
Jörn-Michael Miehe
c3fd13e358 classify db 2019-02-19 21:36:14 +01:00
Jörn-Michael Miehe
60edcf86b7 singletons 2019-02-19 19:58:09 +01:00
11 changed files with 214 additions and 257 deletions
Show stats Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
**/node_modules **/node_modules
**/fftcg.db

347
backend/db.coffee
View file

@ -1,224 +1,181 @@
# node libraries # node libraries
bcrypt = (require 'bcrypt') bcrypt = (require 'bcrypt')
sqlite3 = (require 'sqlite3').verbose()
logger = (require 'logging').default 'db' logger = (require 'logging').default 'db'
path = (require 'path')
sqlite3 = (require 'sqlite3').verbose()
# bruteforce countermeasure # bruteforce countermeasure
saltRounds = 13 saltRounds = 13
FFTCGDB = (filename, truncate) -> class FFTCGDB
that = @ constructor: (filename, truncate) ->
@filename = filename @filename = filename
@db = new sqlite3.Database @filename, (err) -> @db = new sqlite3.Database @filename, (err) =>
if err
logger.error err.message
else
logger.info "Connected to '#{that.filename}'"
that.db.run 'PRAGMA foreign_keys = ON;', (err) ->
logger.error err.message if err
if truncate == true
that.db.run 'DROP TABLE IF EXISTS users;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) ->
logger.error err.message if err
that.db.run 'DROP TABLE IF EXISTS decks;', (err) ->
logger.error err.message if err
that.db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) ->
logger.error err.message if err
logger.info 'recreated sqlite3 db'
return
FFTCGDB::close = ->
logger.info 'shutting down'
new Promise (resolve, reject) ->
@db.close (err) ->
if err if err
logger.error "Error closing: '#{err.message}'" logger.error err.message
reject 'db'
else else
logger.warn "Closed '#{@filename}'" logger.info "OK open '#{@filename}'"
resolve 'ok'
FFTCGDB::register = (login, password) -> @db.run 'PRAGMA foreign_keys = ON;', (err) =>
that = @ logger.error err.message if err
new Promise (resolve, reject) -> if truncate == true
# validate user input @db.run 'DROP TABLE IF EXISTS users;', (err) =>
if login == '' or password == '' logger.error err.message if err
# no user name or password given @db.run '''
logger.info "reg: user name '#{login}' or password empty" CREATE TABLE users (
reject 'invalid' user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) =>
logger.error err.message if err
# hash password @db.run 'DROP TABLE IF EXISTS decks;', (err) =>
bcrypt.hash password, saltRounds, (err, hash) -> logger.error err.message if err
if err @db.run '''
logger.warn "reg: hash fail for name '#{login}'" CREATE TABLE decks (
reject 'hash' deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) =>
logger.error err.message if err
# try creating row in users table logger.info 'OK clear'
stmt = that.db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) -> close: ->
logger.info 'shutting down'
new Promise (resolve, reject) =>
@db.close (err) ->
if err if err
logger.warn "reg: DB fail '#{err.code}' for name '#{login}'" logger.error "FAIL '#{err.message}'"
stmt.finalize() reject 'db'
# reduce attack surface, don't disclose user names else
reject 'db' # user already exists logger.warn "OK close '#{@filename}'"
resolve 'ok'
register: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
if login == '' or password == ''
# no user name or password given
logger.info "reg: FAIL empty '#{login}' or password"
reject 'invalid'
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject 'hash'
else else
logger.info "reg: OK '#{login}'" # try creating row in users table
stmt.finalize() stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
# registration successful stmt.run [login, hash], (err) ->
resolve
user: @lastID
login: login
FFTCGDB::login = (login, password) ->
that = @
new Promise (resolve, reject) ->
# get users table row
stmt = that.db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
stmt.get [login], (err, row) ->
if err
logger.warn "login: DB fail '#{err.code}' for name '#{login}'"
stmt.finalize()
reject 'db'
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: nonexistent '#{login}'"
stmt.finalize()
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: hash fail for name '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
stmt.finalize() stmt.finalize()
# login successful if err
resolve logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
user: row.user # reduce attack surface, don't disclose user names
login: row.login reject 'db' # user already exists
else else
logger.debug "login: wrong password for '#{login}'" logger.info "reg: OK '#{login}'"
stmt.finalize() # registration successful
# login failed resolve
reject 'login' user: @lastID
login: login
FFTCGDB::addDeck = (user, deckCards) -> login: (login, password) ->
that = @ new Promise (resolve, reject) =>
# get users table row
new Promise (resolve, reject) -> stmt = @db.prepare 'SELECT user, login, pwdhash FROM users WHERE login = ?'
# try creating row in decks table stmt.get [login], (err, row) =>
stmt = that.db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
if err
logger.warn "addDeck: DB fail '#{err.code}' for id '#{user}'"
stmt.finalize() stmt.finalize()
reject 'db' if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject 'db'
else else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
# reduce attack surface, don't disclose user names
reject 'login' # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject 'hash'
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve
user: row.user
login: row.login
else
logger.debug "login: FAIL password for '#{login}'"
# login failed
reject 'login'
addDeck: (user, deckCards) ->
new Promise (resolve, reject) =>
# try creating row in decks table
stmt = @db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [user, JSON.stringify deckCards], (err) ->
stmt.finalize() stmt.finalize()
# deck added successfully, now add cards if err
that.modDeck(@lastID, deckCards) logger.warn "addDeck: FAIL db '#{err.code}' for '#{user}'"
.then (deckID) -> reject 'db'
resolve deckID
.catch (error) ->
reject error
FFTCGDB::modDeck = (deckID, deckCards) -> else
that = @ logger.debug "addDeck: OK '#{@lastID}'"
resolve @lastID
new Promise (resolve, reject) -> modDeck: (deckID, deckCards) ->
# delete old deck cards new Promise (resolve, reject) =>
stmt = that.db.prepare 'DELETE FROM decks_cards WHERE deck = ?' stmt = @db.prepare 'UPDATE decks SET json = ? WHERE deck = ?'
stmt.run [deckID], (err) -> stmt.run [deckCards, deckID], (err) ->
stmt.finalize() stmt.finalize()
if err if err
logger.warn "modDeck: DB fail '#{err.code}' for deck '#{deckID}'" logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db' reject 'db'
else else
stmt = that.db.prepare 'INSERT INTO decks_cards (deck, card, quant) VALUES (?, ?, ?)' logger.debug "modDeck: OK '#{deckID}'"
# add new cards resolve deckID
that.db.parallelize ->
# needs to be done in several queries
promiseCount = deckCards.length
deckCards.forEach (card) ->
stmt.run [deckID, card.id, card.quant], (err) ->
if err
logger.warn "modDeck: DB fail '#{err.code}' for card '#{deckID}', '#{card.id}', '#{card.quant}'"
stmt.finalize()
reject 'db'
else
# check if all queries are done
promiseCount -= 1
if promiseCount == 0
logger.debug "modDeck: OK '#{deckID}'"
stmt.finalize()
resolve deckID
FFTCGDB::getDecks = (user) -> getDecks: (user) ->
that = @ new Promise (resolve, reject) =>
stmt = @db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [user], (err, rows) ->
stmt.finalize()
if err
logger.warn "getDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject 'db'
else
logger.debug "getDeck: OK '#{deckID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
new Promise (resolve, reject) -> delDeck: (deckID) ->
# try deleting correct row in decks table new Promise (resolve, reject) =>
decks = {} stmt = @db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt = that.db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?' stmt.run [deckID], (err) ->
stmt.all [user], (err, rows) -> stmt.finalize()
stmt.finalize() if err
if err logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
logger.warn "getDeck: DB fail '#{err.code}' for deck '#{deckID}'" reject 'db'
reject 'db' else
else logger.debug "delDeck: OK '#{deckID}'"
logger.debug "getDeck: OK '#{deckID}'" resolve deckID
for row in rows
decks[row.deck] = JSON.parse row.json
resolve decks
FFTCGDB::delDeck = (deckID) ->
that = @
new Promise (resolve, reject) ->
# try deleting correct row in decks table
stmt = that.db.prepare 'DELETE FROM decks WHERE deck = ?'
stmt.run [deckID], (err) ->
stmt.finalize()
if err
logger.warn "delDeck: DB fail '#{err.code}' for deck '#{deckID}'"
reject 'db'
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID
module.exports = FFTCGDB module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true

0
backend/fftcg.db
View file

24
backend/routes.coffee
View file

@ -1,24 +0,0 @@
# local libraries
# (require 'debug').enable 'routes'
path = (require 'path')
# shared libraries
SHARE =
logger: (require 'logging').default 'routes'
jsonschemas:
user: (require './routes/schema/user.schema')()
# fftcg.db (persistent data)
fftcgdb: new (require './db') path.resolve(__dirname, 'fftcg.db'), true
# session storage (volatile data)
session: new (require './session')
module.exports = [
# test
(require './routes/test') SHARE
# register user
(require './routes/user/register') SHARE
# log in user
(require './routes/user/login') SHARE
]

2
backend/routes/test.coffee
View file

@ -1,4 +1,4 @@
module.exports = (SHARE) -> module.exports =
url: '/test' url: '/test'
method: 'POST' method: 'POST'
handler: (request, reply) -> handler: (request, reply) ->

26
backend/routes/user/login.coffee
View file

@ -1,31 +1,37 @@
module.exports = (SHARE) -> logger = (require 'logging').default 'login'
# session storage (volatile data)
session = (require '../../session')
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/login' url: '/user/login'
method: 'POST' method: 'POST'
schema: SHARE.jsonschemas.user schema: (require './user.schema')
handler: (request, reply) -> handler: (request, reply) ->
session_id = request.cookies.session ? ''
new Promise (resolve) -> new Promise (resolve) ->
SHARE.session.check session_id session_id = request.cookies.session ? ''
session.check session_id
.then (user) -> .then (user) ->
# active session found # active session found
SHARE.logger.debug "OK '#{user.login}' resumed session '#{session_id}'" logger.debug "OK '#{user.login}' resumed session '#{session_id}'"
resolve user resolve user
.catch -> .catch ->
SHARE.fftcgdb.login request.body.login, request.body.password fftcgdb.login request.body.login, request.body.password
.then (user) -> .then (user) ->
# login successful: start new session # login successful: start new session
SHARE.session.start user logger.info "OK '#{request.body.login}'"
session.start user
.then (session_id) -> .then (session_id) ->
logger.info "OK '#{user.login}' created session '#{session_id}'"
reply.setCookie 'session', session_id reply.setCookie 'session', session_id
resolve user resolve user
.catch (err) -> .catch (err) ->
# login failed # login failed
SHARE.logger.info "FAIL login for '#{request.body.login}'" logger.info "FAIL '#{request.body.login}'"
reply.send reply.send
success: false success: false
err: err err: err

15
backend/routes/user/register.coffee
View file

@ -1,19 +1,24 @@
module.exports = (SHARE) -> logger = (require 'logging').default 'register'
# fftcg.db (persistent data)
fftcgdb = (require '../../db')
module.exports =
url: '/user/register' url: '/user/register'
method: 'POST' method: 'POST'
schema: SHARE.jsonschemas.user schema: (require './user.schema')
handler: (request, reply) -> handler: (request, reply) ->
SHARE.fftcgdb.register(request.body.login, request.body.password) fftcgdb.register(request.body.login, request.body.password)
.then (user) -> .then (user) ->
SHARE.logger.info "OK registration '#{request.body.login}'" logger.info "OK '#{request.body.login}'"
reply.send reply.send
success: true success: true
user: user user: user
return return
.catch (err) -> .catch (err) ->
SHARE.logger.debug "FAIL registration '#{request.body.login}'" logger.debug "FAIL '#{request.body.login}'"
reply.send reply.send
success: false success: false
err: err err: err

2
backend/routes/schema/user.schema.coffee → backend/routes/user/user.schema.coffee
View file

@ -1,4 +1,4 @@
module.exports = -> module.exports =
body: body:
login: type: 'string' login: type: 'string'
password: type: 'string' password: type: 'string'

42
backend/server.coffee
View file

@ -3,37 +3,47 @@
logger = (require 'logging').default 'FFTCG' logger = (require 'logging').default 'FFTCG'
fastify = (require 'fastify') fastify = (require 'fastify')
logger: level: 'warn' logger: level: 'warn'
path = (require 'path')
# my libraries # fastify and plugin framework
socket = (require './socket')
# FFTCGSESSION = (require './session')
routes = (require './routes')
# fastify framework
fastify.register (require 'fastify-cookie') fastify.register (require 'fastify-cookie')
fastify.register (require 'fastify-ws'), library: 'uws' fastify.register (require 'fastify-ws'), library: 'uws'
# temporary dev frontend; to be uninstalled
path = (require 'path')
fastify.register (require 'fastify-static'), root: (path.join __dirname, 'tmpfront') fastify.register (require 'fastify-static'), root: (path.join __dirname, 'tmpfront')
fastify.ready() # API routes
.then -> fastify.route (require "./routes/#{route}") for route in [
fastify.ws.on 'connection', socket # test route
'test'
.catch (err) -> # log in user
logger.error err 'user/login'
process.exit 1 # register user
'user/register'
]
# request logging
fastify.addHook 'onRequest', (req, res, next) -> fastify.addHook 'onRequest', (req, res, next) ->
logger.debug 'requested', req.url logger.debug 'requested', req.url
next() next()
fastify.route route for route in routes # finalize loadup
fastify.ready()
.then ->
# create websocket on successful load
socket = (require './socket')
fastify.ws.on 'connection', socket
.catch (err) ->
# abort on load failure
logger.error err
process.exit 1
# start server
fastify.listen 3001, '0.0.0.0' fastify.listen 3001, '0.0.0.0'
.catch (err) -> .catch (err) ->
logger.error err logger.error err
# Handle termination # Handle termination
process.on 'SIGINT', -> process.on 'SIGINT', ->
socket.close() socket.close()

6
backend/session.coffee
View file

@ -17,7 +17,7 @@ class FFTCGSESSION
host: 'redis' host: 'redis'
port: 6379 port: 6379
@db.on 'error', (err) -> @db.on 'error', (err) =>
logger.error err.message logger.error err.message
start: (data) -> start: (data) ->
@ -30,6 +30,7 @@ class FFTCGSESSION
# push (hash, data) into DB for the configured timespan # push (hash, data) into DB for the configured timespan
@db.setex digest, EXPIRY.login, (JSON.stringify data), (err) -> @db.setex digest, EXPIRY.login, (JSON.stringify data), (err) ->
logger.info "OK '#{digest}' created"
resolve digest resolve digest
check: (digest) -> check: (digest) ->
@ -41,6 +42,7 @@ class FFTCGSESSION
else else
@db.get digest, (err, res) -> @db.get digest, (err, res) ->
logger.info "OK '#{digest}' resumed"
resolve JSON.parse res resolve JSON.parse res
module.exports = FFTCGSESSION module.exports = new FFTCGSESSION

6
backend/socket.coffee
View file

@ -5,15 +5,15 @@ logger = (require 'logging').default 'socket'
# my libraries # my libraries
module.exports = (socket) -> module.exports = (socket) ->
logger.info 'Client connected.' logger.info 'OK connect'
socket.on 'message', (msg) -> socket.on 'message', (msg) ->
# echo server # echo server
logger.info "Echo '#{msg}'." logger.info "OK received '#{msg}'"
socket.send "Re: #{msg}" socket.send "Re: #{msg}"
socket.on 'close', -> socket.on 'close', ->
logger.info 'Client disconnected.' logger.info 'OK disconnect'
# FFTCGSOCKET = (http, session) -> # FFTCGSOCKET = (http, session) ->
# that = @ # that = @