sync/lib/web/auth.js

/**
 * web/auth.js - Webserver functions for user authentication and registration
 *
 * @author Calvin Montgomery <cyzon@cyzon.us>
 */

var jade = require("jade");
var fs = require("fs");
var path = require("path");
var webserver = require("./webserver");
var sendJade = require("./jade").sendJade;
var Logger = require("../logger");
var $util = require("../utilities");
var db = require("../database");

/**
 * Processes a login request.  Sets a cookie upon successful authentication
 */
function handleLogin(req, res) {
    var name = req.body.name;
    var password = req.body.password;

    if (typeof name !== "string" || typeof password !== "string") {
        res.send(400);
        return;
    }

    password = password.substring(0, 100);

    db.users.verifyLogin(name, password, function (err, user) {
        if (err) {
            if (err === "Invalid username/password combination") {
                Logger.eventlog.log("[loginfail] Login failed (bad password): " + name
                                  + "@" + webserver.ipForRequest(req));
            }
            sendJade(res, "login", {
                loggedIn: false,
                loginError: err
            });
        } else {
            res.cookie("auth", user.name + ":" + user.hash, {
                expires: new Date(Date.now() + 7*24*60*60*1000),
                httpOnly: true
            });

            // Try to find an appropriate redirect
            var ref = req.header("referrer");
            if (!ref) {
                ref = req.body.redirect;
            }

            if (typeof ref !== "string") {
                ref = "";
            }

            if (ref.match(/login|logout/)) {
                ref = "";
            }

            if (ref) {
                res.redirect(ref);
            } else {
                sendJade(res, "login", {
                    loggedIn: true,
                    loginName: user.name
                });
            }
        }
    });
}

/**
 * Handles a GET request for /login
 */
function handleLoginPage(req, res) {
    if (webserver.redirectHttps(req, res)) {
        return;
    }

    if (req.cookies.auth) {
        var split = req.cookies.auth.split(":");
        if (split.length === 2) {
            sendJade(res, "login", {
                wasAlreadyLoggedIn: true,
                loggedIn: true,
                loginName: split[0]
            });
            return;
        }
    }
    sendJade(res, "login", {
        loggedIn: false,
        redirect: req.header("Referrer")
    });
}

/**
 * Handles a request for /logout.  Clears auth cookie
 */
function handleLogout(req, res) {
    res.clearCookie("auth");
    // Try to find an appropriate redirect
    var ref = req.header("referrer");
    if (!ref) {
        ref = req.body.redirect;
    }

    if (typeof ref !== "string") {
        ref = "";
    }

    if (ref.match(/login|logout/)) {
        ref = "";
    }

    if (ref) {
        res.redirect(ref);
    } else {
        sendJade(res, "logout", {});
    }
}

/**
 * Handles a GET request for /register
 */
function handleRegisterPage(req, res) {
    if (webserver.redirectHttps(req, res)) {
        return;
    }

    if (req.cookies.auth) {
        var split = req.cookies.auth.split(":");
        if (split.length === 2) {
            sendJade(res, "register", {
                loggedIn: true,
                loginName: split[0]
            });
            return;
        }
    }
    sendJade(res, "register", {
        registered: false,
        registerError: false
    });
}

/**
 * Processes a registration request.
 */
function handleRegister(req, res) {
    var name = req.body.name;
    var password = req.body.password;
    var email = req.body.email;
    if (typeof email !== "string") {
        email = "";
    }
    var ip = webserver.ipForRequest(req);

    if (typeof name !== "string" || typeof password !== "string") {
        res.send(400);
        return;
    }

    if (name.length === 0) {
        sendJade(res, "register", {
            registerError: "Username must not be empty"
        });
        return;
    }

    if (password.length === 0) {
        sendJade(res, "register", {
            registerError: "Password must not be empty"
        });
        return;
    }

    password = password.substring(0, 100);

    if (email.length > 0 && !$util.isValidEmail(email)) {
        sendJade(res, "register", {
            registerError: "Invalid email address"
        });
        return;
    }

    db.users.register(name, password, email, ip, function (err) {
        if (err) {
            sendJade(res, "register", {
                registerError: err
            });
        } else {
            Logger.eventlog.log("[register] " + ip + " registered account: " + name +
                             (email.length > 0 ? " <" + email + ">" : ""));
            sendJade(res, "register", {
                registered: true,
                registerName: name,
                redirect: req.body.redirect
            });
        }
    });
}

module.exports = {
    /**
     * Initializes auth callbacks
     */
    init: function (app) {
        app.get("/login", handleLoginPage);
        app.post("/login", handleLogin);
        app.get("/logout", handleLogout);
        app.get("/register", handleRegisterPage);
        app.post("/register", handleRegister);
    }
};
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`/**`
			`* web/auth.js - Webserver functions for user authentication and registration`
			`*`
			`* @author Calvin Montgomery <cyzon@cyzon.us>`
			`*/`

Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`var jade = require("jade");`
			`var fs = require("fs");`
			`var path = require("path");`
			`var webserver = require("./webserver");`
			`var sendJade = require("./jade").sendJade;`
			`var Logger = require("../logger");`
			`var $util = require("../utilities");`
			`var db = require("../database");`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00
			`/**`
			`* Processes a login request. Sets a cookie upon successful authentication`
			`*/`
			`function handleLogin(req, res) {`
			`var name = req.body.name;`
			`var password = req.body.password;`

Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`if (typeof name !== "string" \|\| typeof password !== "string") {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`res.send(400);`
			`return;`
			`}`

			`password = password.substring(0, 100);`

More refactoring 2013-12-12 23:09:49 +00:00			`db.users.verifyLogin(name, password, function (err, user) {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`if (err) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`if (err === "Invalid username/password combination") {`
Start working on event log 2014-01-28 00:37:48 +00:00			`Logger.eventlog.log("[loginfail] Login failed (bad password): " + name`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`+ "@" + webserver.ipForRequest(req));`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`}`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "login", {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`loggedIn: false,`
			`loginError: err`
			`});`
			`} else {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`res.cookie("auth", user.name + ":" + user.hash, {`
Change login timeout 2014-01-25 22:39:16 +00:00			`expires: new Date(Date.now() + 72460601000),`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`httpOnly: true`
			`});`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00
			`// Try to find an appropriate redirect`
			`var ref = req.header("referrer");`
			`if (!ref) {`
			`ref = req.body.redirect;`
			`}`

			`if (typeof ref !== "string") {`
			`ref = "";`
			`}`

			`if (ref.match(/login\|logout/)) {`
			`ref = "";`
			`}`

			`if (ref) {`
			`res.redirect(ref);`
			`} else {`
			`sendJade(res, "login", {`
			`loggedIn: true,`
			`loginName: user.name`
			`});`
			`}`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`}`
			`});`
			`}`

			`/**`
			`* Handles a GET request for /login`
			`*/`
			`function handleLoginPage(req, res) {`
Work on SIO and SSL 2014-01-23 03:12:43 +00:00			`if (webserver.redirectHttps(req, res)) {`
			`return;`
			`}`

Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`if (req.cookies.auth) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`var split = req.cookies.auth.split(":");`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`if (split.length === 2) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "login", {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`wasAlreadyLoggedIn: true,`
			`loggedIn: true,`
			`loginName: split[0]`
			`});`
			`return;`
			`}`
			`}`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "login", {`
Start rewriting channel.js 2013-12-27 16:08:03 +00:00			`loggedIn: false,`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`redirect: req.header("Referrer")`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`});`
			`}`

			`/**`
			`* Handles a request for /logout. Clears auth cookie`
			`*/`
			`function handleLogout(req, res) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`res.clearCookie("auth");`
			`// Try to find an appropriate redirect`
			`var ref = req.header("referrer");`
			`if (!ref) {`
			`ref = req.body.redirect;`
			`}`

			`if (typeof ref !== "string") {`
			`ref = "";`
			`}`

			`if (ref.match(/login\|logout/)) {`
			`ref = "";`
			`}`

			`if (ref) {`
			`res.redirect(ref);`
			`} else {`
			`sendJade(res, "logout", {});`
			`}`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`}`

			`/**`
			`* Handles a GET request for /register`
			`*/`
			`function handleRegisterPage(req, res) {`
Work on SIO and SSL 2014-01-23 03:12:43 +00:00			`if (webserver.redirectHttps(req, res)) {`
			`return;`
			`}`

Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`if (req.cookies.auth) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`var split = req.cookies.auth.split(":");`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`if (split.length === 2) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "register", {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`loggedIn: true,`
			`loginName: split[0]`
			`});`
			`return;`
			`}`
			`}`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "register", {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`registered: false,`
			`registerError: false`
			`});`
			`}`

			`/**`
			`* Processes a registration request.`
			`*/`
			`function handleRegister(req, res) {`
			`var name = req.body.name;`
			`var password = req.body.password;`
			`var email = req.body.email;`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`if (typeof email !== "string") {`
			`email = "";`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`}`
			`var ip = webserver.ipForRequest(req);`

Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`if (typeof name !== "string" \|\| typeof password !== "string") {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`res.send(400);`
			`return;`
			`}`

			`if (name.length === 0) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "register", {`
			`registerError: "Username must not be empty"`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`});`
			`return;`
			`}`

			`if (password.length === 0) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "register", {`
			`registerError: "Password must not be empty"`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`});`
			`return;`
			`}`

			`password = password.substring(0, 100);`

Initialize global database tables 2013-12-27 03:15:54 +00:00			`if (email.length > 0 && !$util.isValidEmail(email)) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "register", {`
			`registerError: "Invalid email address"`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`});`
			`return;`
			`}`

Fix registration 2013-12-26 03:30:24 +00:00			`db.users.register(name, password, email, ip, function (err) {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`if (err) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`sendJade(res, "register", {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`registerError: err`
			`});`
			`} else {`
Start working on event log 2014-01-28 00:37:48 +00:00			`Logger.eventlog.log("[register] " + ip + " registered account: " + name +`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`(email.length > 0 ? " <" + email + ">" : ""));`
			`sendJade(res, "register", {`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`registered: true,`
			`registerName: name,`
			`redirect: req.body.redirect`
			`});`
			`}`
			`});`
			`}`

			`module.exports = {`
			`/**`
			`* Initializes auth callbacks`
			`*/`
			`init: function (app) {`
Add profile page, fix some redirects 2014-01-20 18:42:20 +00:00			`app.get("/login", handleLoginPage);`
			`app.post("/login", handleLogin);`
			`app.get("/logout", handleLogout);`
			`app.get("/register", handleRegisterPage);`
			`app.post("/register", handleRegister);`
Start merging cytube3 account management 2013-12-12 20:48:23 +00:00			`}`
			`};`