Register, Login, and Logout

2026-05-13 19:27:59 -04:00
parent f591bdffb5
commit 86f94b7bf3
23 changed files with 737 additions and 25 deletions
@@ -0,0 +1,9 @@
+const express = require('express');
+const router = express.Router();
+
+router.get('/', async (req, res) => {
+    console.log(`nonce: ${res.locals.globalScriptNonce}`);
+    res.render('index', {title: 'Domain Manager'});
+});
+
+module.exports = router;
@@ -0,0 +1,63 @@
+const express = require('express');
+const router = express.Router();
+const loginValidator = require('../validators/login');
+const authMw = require('../session');
+const pwMw = require('../password.js');
+const database = require('../database.js');
+const dbConnection = database.db;
+const Sequelize = require('sequelize');
+const pageTitle = 'Domain Manager | Login';
+
+router.get('/login', authMw.AllowIfNotAuthenticated, async (req, res) => {
+    res.render('login', { title: pageTitle, csrfToken: req.csrfToken() });
+});
+
+router.post('/login', authMw.AllowIfNotAuthenticated, async (req, res, next) => {
+    const reqBody = req.body;
+    const validationResult = loginValidator.test(reqBody);
+    const validationError = validationResult.error;
+    let errors = [];
+
+    if(validationError !== undefined)
+        errors = validationError.details;
+
+    try {
+        if(errors.length === 0) {
+            const result = await dbConnection.transaction(async(t) => {
+                const user = database.models.User.findOne({
+                    where: {
+                        username: reqBody.login_username
+                    },
+                    transaction: t
+                });
+
+                return user;
+            });
+
+            if(result) {
+                const doesPasswordMatch = await pwMw.TestPassword(reqBody.login_password, result.password);
+                if(doesPasswordMatch === true) {
+                    await authMw.CreateSession(req, result);
+                    return res.redirect('/');
+                } else {
+                    errors.push({message: 'Invalid username or password.'});
+                }
+            } else {
+                errors.push({message: 'Invalid username or password.'});
+            }
+        }
+    } catch(error) {
+        error.status = 500;
+        return next(error);
+    }
+
+    return res.render('login', {title: pageTitle, errors: errors, csrfToken: req.csrfToken(true) });
+});
+
+router.post('/logout', authMw.AllowIfAuthenticated, async (req, res, next) => {
+    // Just destroy the session
+    req.session.destroy();
+    return res.redirect('/');
+});
+
+module.exports = router;
@@ -0,0 +1,56 @@
+const express = require('express');
+const router = express.Router();
+const registerValidator = require('../validators/register');
+const authMw = require('../session');
+const pwMw = require('../password.js');
+const database = require('../database.js');
+const dbConnection = database.db;
+const Sequelize = require('sequelize');
+const pageTitle = 'Domain Manager | Register';
+
+router.get('/register', authMw.AllowIfNotAuthenticated, async (req, res) => {
+    res.render('register', { title: pageTitle, csrfToken: req.csrfToken() });
+});
+
+router.post('/register', authMw.AllowIfNotAuthenticated, async (req, res, next) => {
+    const reqBody = req.body;
+    const validationResult = registerValidator.test(reqBody);
+    const validationError = validationResult.error;
+    let errors = [];
+
+    if(validationError !== undefined)
+        errors = validationError.details;
+
+    try {
+        if(errors.length === 0) {
+            const hashedPassword = await pwMw.HashPassword(reqBody.register_password);
+            const result = await dbConnection.transaction(async(t) => {
+                const user = await database.models.User.create({
+                    username: reqBody.register_username,
+                    password: hashedPassword,
+                }, {transaction: t});
+
+                return user;
+            });
+
+            if(result !== undefined) {
+                await authMw.CreateSession(req, result);
+                return res.redirect('/');
+            } else {
+                errors.push({message: 'Failed to create user.'})
+            }
+        }
+    } catch(error) {
+        if(error instanceof Sequelize.UniqueConstraintError) {
+            errors.push({message: 'Username is in use.'});
+        } else {
+            error.status = 500;
+            return next(error);
+        }
+    }
+
+    // if we're here we failed, I specify true for csrfToken to force reset it
+    return res.render('register', {title: pageTitle, errors: errors, csrfToken: req.csrfToken(true) });
+});
+
+module.exports = router;