271 lines
8.8 KiB
CoffeeScript
271 lines
8.8 KiB
CoffeeScript
# node libraries
|
|
bcrypt = (require 'bcrypt')
|
|
logger = (require 'logging').default 'db'
|
|
path = (require 'path')
|
|
sqlite3 = (require 'sqlite3').verbose()
|
|
|
|
# bruteforce countermeasure
|
|
saltRounds = 13
|
|
|
|
messages =
|
|
empty: 'Empty user name or password'
|
|
hash: 'Failed to process your data, try again later'
|
|
exists: 'User name is already taken'
|
|
noexists: 'Wrong user name or password'
|
|
password: 'Wrong user name or password'
|
|
db: 'Failed to access the database, try again later'
|
|
|
|
class FFTCGDB
|
|
constructor: (filename, truncate) ->
|
|
@db = new sqlite3.Database filename, (err) =>
|
|
if err
|
|
logger.error err.message
|
|
|
|
else
|
|
logger.info "OK opened '#{filename}'"
|
|
|
|
@db.run 'PRAGMA foreign_keys = ON;', (err) =>
|
|
logger.error err.message if err
|
|
|
|
if truncate == true
|
|
@db.run 'DROP TABLE IF EXISTS users;', (err) =>
|
|
logger.error err.message if err
|
|
@db.run '''
|
|
CREATE TABLE users (
|
|
user integer PRIMARY KEY,
|
|
login text NOT NULL COLLATE NOCASE,
|
|
pwdhash text NOT NULL,
|
|
settings text,
|
|
UNIQUE(login)
|
|
);
|
|
''', (err) =>
|
|
logger.error err.message if err
|
|
|
|
@db.run 'DROP TABLE IF EXISTS decks;', (err) =>
|
|
logger.error err.message if err
|
|
@db.run '''
|
|
CREATE TABLE decks (
|
|
deck integer PRIMARY KEY,
|
|
user integer NOT NULL,
|
|
json text,
|
|
FOREIGN KEY (user) REFERENCES users (user)
|
|
ON DELETE CASCADE
|
|
);
|
|
''', (err) =>
|
|
logger.error err.message if err
|
|
|
|
@db.run '''
|
|
INSERT INTO users VALUES (1,'jmm','$2b$13$jgDdHHDWqq1RV6PXxf7aOO6AbxqY6tbxIADyIO0FeXt2BlKQCCMzS',NULL);
|
|
'''
|
|
@db.run '''
|
|
INSERT INTO decks VALUES (1,1,'{
|
|
"name":"Antipode Bomb Version 6.0",
|
|
"note":"As Seen In Tournament: The North American Water Cup",
|
|
"cards":[
|
|
{"count":1,"serial":"1-192"},{"count":2,"serial":"7-132"},{"count":2,"serial":"8-037"},
|
|
{"count":2,"serial":"8-139"},{"count":1,"serial":"5-036"},{"count":3,"serial":"4-048"},
|
|
{"count":1,"serial":"2-026"},{"count":3,"serial":"8-043"},{"count":3,"serial":"4-021"},
|
|
{"count":3,"serial":"3-033"},{"count":1,"serial":"8-014"},{"count":2,"serial":"8-006"},
|
|
{"count":1,"serial":"8-042"},{"count":1,"serial":"6-027"},{"count":3,"serial":"5-019"},
|
|
{"count":2,"serial":"2-019"},{"count":2,"serial":"5-032"},{"count":3,"serial":"4-026"},
|
|
{"count":3,"serial":"1-057"},{"count":1,"serial":"1-048"},{"count":2,"serial":"8-036"},
|
|
{"count":3,"serial":"8-005"},{"count":3,"serial":"2-005"},{"count":1,"serial":"7-017"},
|
|
{"count":1,"serial":"8-007"}
|
|
]
|
|
}');
|
|
'''
|
|
|
|
logger.info 'OK clear'
|
|
|
|
close: ->
|
|
logger.debug 'shutting down'
|
|
new Promise (resolve, reject) =>
|
|
@db.close (err) ->
|
|
if err
|
|
logger.error "FAIL '#{err.message}'"
|
|
reject null
|
|
else
|
|
logger.info "OK closed"
|
|
resolve null
|
|
|
|
validate: (login, password) ->
|
|
defined = (value) -> value? and value isnt ''
|
|
|
|
new Promise (resolve, reject) ->
|
|
if (defined login) and (defined password)
|
|
# both are defined
|
|
resolve null
|
|
else
|
|
# no user name or password given
|
|
logger.info "validate: FAIL empty '#{login}' or password"
|
|
reject null
|
|
|
|
register: (login, password) ->
|
|
new Promise (resolve, reject) =>
|
|
# validate user input
|
|
@validate login, password
|
|
.then =>
|
|
# hash password
|
|
bcrypt.hash password, saltRounds, (err, hash) =>
|
|
if err
|
|
logger.warn "reg: FAIL hash for '#{login}'"
|
|
reject messages.hash
|
|
|
|
else
|
|
# try creating row in users table
|
|
stmt = @db.prepare '''
|
|
INSERT INTO users (login, pwdhash)
|
|
VALUES (?, ?)
|
|
'''
|
|
stmt.run [login, hash], (err) ->
|
|
stmt.finalize()
|
|
if err
|
|
logger.warn "reg: FAIL db '#{err.code}' for '#{login}'"
|
|
# user already exists
|
|
reject messages.exists
|
|
|
|
else
|
|
logger.info "reg: OK '#{login}'"
|
|
# registration successful
|
|
resolve null
|
|
|
|
.catch ->
|
|
reject messages.empty
|
|
|
|
login: (login, password) ->
|
|
new Promise (resolve, reject) =>
|
|
# validate user input
|
|
@validate login, password
|
|
.then =>
|
|
# get users table row
|
|
stmt = @db.prepare '''
|
|
SELECT *
|
|
FROM users
|
|
WHERE login = ?
|
|
'''
|
|
stmt.get [login], (err, row) ->
|
|
stmt.finalize()
|
|
if err
|
|
logger.warn "login: FAIL db '#{err.code}' for '#{login}'"
|
|
reject messages.db
|
|
|
|
else if not row
|
|
# hash the password for timing attack reasons
|
|
bcrypt.hash password, saltRounds, (err, hash) ->
|
|
logger.debug "login: FAIL nonexistent '#{login}'"
|
|
reject messages.noexists # user doesnt exist
|
|
|
|
else
|
|
bcrypt.compare password, row.pwdhash, (err, res) ->
|
|
if err
|
|
logger.warn "login: FAIL hash for '#{login}'"
|
|
reject messages.hash
|
|
|
|
if res == true
|
|
logger.debug "login: OK '#{row.login}'"
|
|
# login successful
|
|
resolve row.user
|
|
|
|
else
|
|
logger.debug "login: FAIL password for '#{login}'"
|
|
reject messages.password # login failed
|
|
|
|
.catch ->
|
|
reject messages.empty
|
|
|
|
getUser: (userID) ->
|
|
new Promise (resolve, reject) =>
|
|
# get users table row
|
|
stmt = @db.prepare '''
|
|
SELECT *
|
|
FROM users
|
|
WHERE user = ?
|
|
'''
|
|
stmt.get [userID], (err, row) ->
|
|
stmt.finalize()
|
|
if err
|
|
logger.warn "get: FAIL db '#{err.code}' for '#{userID}'"
|
|
reject messages.db
|
|
|
|
else if not row
|
|
logger.debug "get: FAIL nonexistent '#{userID}'"
|
|
reject messages.noexists # user doesnt exist
|
|
|
|
else
|
|
resolve
|
|
user: row.user
|
|
login: row.login
|
|
settings: row.settings
|
|
|
|
addDeck: (userID, deckCards) ->
|
|
new Promise (resolve, reject) =>
|
|
# try creating row in decks table
|
|
stmt = @db.prepare '''
|
|
INSERT INTO decks (user, json)
|
|
VALUES (?, ?)
|
|
'''
|
|
stmt.run [userID, (JSON.stringify deckCards)], (err) ->
|
|
stmt.finalize()
|
|
if err
|
|
logger.warn "addDeck: FAIL db '#{err.code}' for '#{userID}'"
|
|
reject messages.db
|
|
|
|
else
|
|
# eslint-disable-next-line @fellow/coffee/missing-fat-arrows
|
|
logger.debug "addDeck: OK '#{@lastID}'"
|
|
resolve @lastID
|
|
|
|
modDeck: (userID, deckID, deckCards) ->
|
|
new Promise (resolve, reject) =>
|
|
stmt = @db.prepare '''
|
|
UPDATE decks
|
|
SET json = ?
|
|
WHERE deck = ? AND user = ?
|
|
'''
|
|
stmt.run [(JSON.stringify deckCards), deckID, userID], (err) ->
|
|
stmt.finalize()
|
|
isUnchanged =
|
|
if err
|
|
logger.warn "modDeck: FAIL db '#{err.code}' for '#{deckID}'"
|
|
reject messages.db
|
|
# eslint-disable-next-line
|
|
else if @changes == 0
|
|
logger.warn "no changes for input (#{userID}, #{deckID}, #{JSON.stringify deckCards})!"
|
|
reject messages.db
|
|
else
|
|
resolve deckID
|
|
|
|
getDecks: (userID) ->
|
|
new Promise (resolve, reject) =>
|
|
stmt = @db.prepare '''
|
|
SELECT decks.deck, decks.json
|
|
FROM decks
|
|
INNER JOIN users ON decks.user = users.user
|
|
WHERE users.user = ?
|
|
'''
|
|
stmt.all [userID], (err, rows) ->
|
|
stmt.finalize()
|
|
if err
|
|
logger.warn "getDecks: FAIL db '#{err.code}' for '#{userID}'"
|
|
reject messages.db
|
|
else
|
|
logger.debug "getDecks: OK '#{userID}'"
|
|
resolve (id: row.deck, content: JSON.parse row.json for row, i in rows)
|
|
|
|
delDeck: (userID, deckID) ->
|
|
new Promise (resolve, reject) =>
|
|
stmt = @db.prepare '''
|
|
DELETE FROM decks
|
|
WHERE deck = ? AND user = ?
|
|
'''
|
|
stmt.run [deckID, userID], (err) ->
|
|
stmt.finalize()
|
|
if err
|
|
logger.warn "delDeck: FAIL db '#{err.code}' for '#{deckID}'"
|
|
reject messages.db
|
|
else
|
|
logger.debug "delDeck: OK '#{deckID}'"
|
|
resolve deckID
|
|
|
|
|
|
module.exports = new FFTCGDB path.resolve(__dirname, 'fftcg.db'), true
|