Yavook.de/node-fftcg
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2024-04-29. You can view files and clone it, but cannot push or open issues or pull requests.
node-fftcg/backend/db.coffee
Jörn-Michael Miehe 9616a2fe97 Delete deck
2019-05-24 13:41:48 +02:00

226 lines
8.2 KiB
CoffeeScript
Raw Blame History

# node libraries
bcrypt = (require 'bcrypt')
logger = (require 'logging').default 'db'
path = (require 'path')
sqlite3 = (require 'sqlite3').verbose()
# bruteforce countermeasure
saltRounds = 13
messages =
empty: 'Empty user name or password'
hash: 'Failed to process your data, try again later'
exists: 'User name is already taken'
noexists: 'Wrong user name or password'
password: 'Wrong user name or password'
db: 'Failed to access the database, try again later'
class FFTCGDB
constructor: (filename, truncate) ->
@filename = filename
@db = new sqlite3.Database @filename, (err) =>
if err
logger.error err.message
else
logger.info "OK open '#{@filename}'"
@db.run 'PRAGMA foreign_keys = ON;', (err) =>
logger.error err.message if err
if truncate == true
@db.run 'DROP TABLE IF EXISTS users;', (err) =>
logger.error err.message if err
@db.run '''
CREATE TABLE users (
user integer PRIMARY KEY,
login text NOT NULL COLLATE NOCASE,
pwdhash text NOT NULL,
settings text,
UNIQUE(login)
);
''', (err) =>
logger.error err.message if err
@db.run 'DROP TABLE IF EXISTS decks;', (err) =>
logger.error err.message if err
@db.run '''
CREATE TABLE decks (
deck integer PRIMARY KEY,
user integer NOT NULL,
json text,
FOREIGN KEY (user) REFERENCES users (user)
ON DELETE CASCADE
);
''', (err) =>
logger.error err.message if err
@db.run '''INSERT INTO users VALUES(1,'jmm','$2b$13$jgDdHHDWqq1RV6PXxf7aOO6AbxqY6tbxIADyIO0FeXt2BlKQCCMzS',NULL);'''
@db.run '''INSERT INTO decks VALUES(1,1,'{"name":"Antipode Bomb Version 6.0","note":"As Seen In Tournament: The North American Water Cup","cards":[{"count":1,"serial":"1-192"},{"count":2,"serial":"7-132"},{"count":2,"serial":"8-037"},{"count":2,"serial":"8-139"},{"count":1,"serial":"5-036"},{"count":3,"serial":"4-048"},{"count":1,"serial":"2-026"},{"count":3,"serial":"8-043"},{"count":3,"serial":"4-021"},{"count":3,"serial":"3-033"},{"count":1,"serial":"8-014"},{"count":2,"serial":"8-006"},{"count":1,"serial":"8-042"},{"count":1,"serial":"6-027"},{"count":3,"serial":"5-019"},{"count":2,"serial":"2-019"},{"count":2,"serial":"5-032"},{"count":3,"serial":"4-026"},{"count":3,"serial":"1-057"},{"count":1,"serial":"1-048"},{"count":2,"serial":"8-036"},{"count":3,"serial":"8-005"},{"count":3,"serial":"2-005"},{"count":1,"serial":"7-017"},{"count":1,"serial":"8-007"}]}');'''
logger.info 'OK clear'
close: ->
logger.info 'shutting down'
new Promise (resolve, reject) =>
@db.close (err) ->
if err
logger.error "FAIL '#{err.message}'"
reject null
else
logger.warn "OK close '#{@filename}'"
resolve null
validate: (login, password) ->
defined = (value) -> value? and value isnt ''
new Promise (resolve, reject) =>
if (defined login) and (defined password)
# both are defined
resolve null
else
# no user name or password given
logger.info "validate: FAIL empty '#{login}' or password"
reject null
register: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
@validate login, password
.then =>
# hash password
bcrypt.hash password, saltRounds, (err, hash) =>
if err
logger.warn "reg: FAIL hash for '#{login}'"
reject messages.hash
else
# try creating row in users table
stmt = @db.prepare 'INSERT INTO users (login, pwdhash) VALUES (?, ?)'
stmt.run [login, hash], (err) ->
stmt.finalize()
if err
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
# user already exists
reject messages.exists
else
logger.info "reg: OK '#{login}'"
# registration successful
resolve null
.catch ->
reject messages.empty
login: (login, password) ->
new Promise (resolve, reject) =>
# validate user input
@validate login, password
.then =>
# get users table row
stmt = @db.prepare 'SELECT * FROM users WHERE login = ?'
stmt.get [login], (err, row) =>
stmt.finalize()
if err
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
reject messages.db
else if not row
# hash the password for timing attack reasons
bcrypt.hash password, saltRounds, (err, hash) ->
logger.debug "login: FAIL nonexistent '#{login}'"
reject messages.noexists # user doesnt exist
else
bcrypt.compare password, row.pwdhash, (err, res) ->
if err
logger.warn "login: FAIL hash for '#{login}'"
reject messages.hash
if res == true
logger.debug "login: OK '#{row.login}'"
# login successful
resolve row.user
else
logger.debug "login: FAIL password for '#{login}'"
reject messages.password # login failed
.catch ->
reject messages.empty
getUser: (userID) ->
new Promise (resolve, reject) =>
# get users table row
stmt = @db.prepare 'SELECT * FROM users WHERE user = ?'
stmt.get [userID], (err, row) =>
stmt.finalize()
if err
logger.warn "get: FAIL db '#{err.code}' for '#{userID}'"
reject messages.db
else if not row
logger.debug "get: FAIL nonexistent '#{userID}'"
reject messages.noexists # user doesnt exist
else
resolve
user: row.user
login: row.login
settings: row.settings
addDeck: (userID, deckCards) ->
new Promise (resolve, reject) =>
# try creating row in decks table
stmt = @db.prepare 'INSERT INTO decks (user, json) VALUES (?, ?)'
stmt.run [userID, JSON.stringify deckCards], (err) ->
stmt.finalize()
if err
logger.warn "addDeck: FAIL db '#{err.code}' for '#{userID}'"
reject messages.db
else
logger.debug "addDeck: OK '#{@lastID}'"
resolve @lastID
modDeck: (userID, deckID, deckCards) ->
new Promise (resolve, reject) =>
stmt = @db.prepare 'UPDATE decks SET json = ? WHERE deck = ? AND user = ?'
stmt.run [(JSON.stringify deckCards), deckID, userID], (err) ->
stmt.finalize()
if err
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject messages.db
else if @changes == 0
logger.warn "no changes for input (#{userID}, #{deckID}, #{JSON.stringify deckCards})!"
reject messages.db
else
resolve deckID
getDecks: (userID) ->
new Promise (resolve, reject) =>
stmt = @db.prepare 'SELECT decks.deck, decks.json FROM decks INNER JOIN users ON decks.user = users.user WHERE users.user = ?'
stmt.all [userID], (err, rows) ->
stmt.finalize()
if err
logger.warn "getDecks: FAIL db '#{err.code}' for '#{userID}'"
reject messages.db
else
logger.debug "getDecks: OK '#{userID}'"
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
delDeck: (userID, deckID) ->
new Promise (resolve, reject) =>
stmt = @db.prepare 'DELETE FROM decks WHERE deck = ? AND user = ?'
stmt.run [deckID, userID], (err) ->
stmt.finalize()
if err
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
reject messages.db
else
logger.debug "delDeck: OK '#{deckID}'"
resolve deckID
module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true
Reference in a new issue View git blame Copy permalink