SvenHerr · SvenHerr · Oct 12, 2022 · Oct 11, 2022 · Oct 12, 2022 · Oct 12, 2022
diff --git a/.env.default b/.env.default
@@ -0,0 +1,8 @@
+DB_PORT=3306
+FORWARD_DB_PORT=3306
+DB_SERVER=127.0.0.1
+DB_DATABASE=pwmanager
+DB_USERNAME=pwmanager
+DB_PASSWORD=test
+SECRET=test
+HTTPS=false
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ there is a table installscript provided.
 
 The design template comes from Bootstrapdash, some adjustments were made by me.
 Template link: Bootstrapdash.com/demo/corona-free/jquery/template/index.html
-The main focus of the project is the logic and function of the Pw Tressor.
+The main focus of the project is the logic and function of the Pw Tresor.
 
 Updates that will follow are:
 - Generate secure pw automatic function.
@@ -32,7 +32,7 @@ im open to suggestions and happy to hear from you
 [message me](mailto:githubprojects@herrmannsven.de?subject=[GitHub]%20Source%20Han%20Sans)
 
 # German
-Dieser Pw Tressor wurde von mir in NodeJs erstellt. Das ist mein erstes Projekt mit NodeJs, Express und Crypto.
+Dieser Pw Tresor wurde von mir in NodeJs erstellt. Das ist mein erstes Projekt mit NodeJs, Express und Crypto.
 Außerdem wird eine mysql Db benötigt.
 
 Was kann der Password- Manager?
@@ -46,7 +46,7 @@ Was kann der Password- Manager?
 
 Das Design Template stammt von Bootstrapdash einige Anpassungen wurden von mir durchgeführt. 
 Template-Link: Bootstrapdash.com/demo/corona-free/jquery/template/index.html
-Der schwerpunkt des Projektes liegt mir aber an der Logik und funktion des Pw Tressores.
+Der schwerpunkt des Projektes liegt mir aber an der Logik und funktion des Pw Tresores.
 
 Updates die folgen werden sind:
 - generate secure pw automatic function.

diff --git a/administration.js b/administration.js
@@ -13,7 +13,7 @@ let encryptArray = []; // Darf nicht in die function rein.
 async function loadData(req, res) {
     try {
         if (!req.session.loggedIn) {
-            return res.render('login', { errormsg: '' });
+            return;//res.render('login', { errormsg: '' });
         }
 
         console.log('LoadDate Username= ' + req.session.username);
@@ -40,13 +40,18 @@ async function loadData(req, res) {
 
             return res.render('index', { errormsg, pwDatas: pwItemList, userData: customer.getUserFromSession(req), moment: moment });
         } else {
-            return res.render('login', { errormsg: '' });
+            return; //res.render('login', { errormsg: '' });
         }
     } catch (err) {
         console.log('Error on load: ' + err);
     }
 }
 
+/** Returns customers list to ajax call
+ * 
+ * @param {*} req 
+ * @param {*} res 
+ */
 async function getCustomers(req,res) {
     try {
         res.send(await connection.getCustomers());

diff --git a/customer.js b/customer.js
@@ -15,40 +15,48 @@ async function signUp(req) {
     let pw = req.body.pw;
     let pw1 = req.body.pw1;
 
+    if (pw === null || pw1 === null) {
+        sessionHandler.setErrormsgToSession(req, 'signup.pwNotFound');
+        return false;
+    }
+
     if (pw !== pw1) {
-        return 'pw missmatch';
+        sessionHandler.setErrormsgToSession(req, 'signup.pwMissmage'); 
+        return false;
     }
 
     let hashedPw = encrypt1.hashPw(pw);
     if (hashedPw === null) {
-        return 'error: Pw hash problem!';
-    }
-
-    if (pw === null || pw1 === null) {
-        return 'error: Pw not found!';
-    }
+        sessionHandler.setErrormsgToSession(req, 'signup.pwHashProblem'); 
+        return false;
+    }    
 
     let user = new User(null, req.body.username, req.body.firstname, req.body.lastname, hashedPw, null);
 
     if (user.username === null || user.firstname === null || user.lastname === null) {
-        return 'error: User data not found!';
+        sessionHandler.setErrormsgToSession(req, 'signup.pwHashProblem'); 
+        return false;
     }
 
-    try {
-        let userExists = await connection.getUserExists(user.username);
-
-        if (userExists) {
-            return 'User already exists!';
+    try{
+        if (await connection.getUserExists(user.username)) {
+            sessionHandler.setErrormsgToSession(req, 'signup.userAlreadyExists');
+            return false;
         }
-
+    }catch(err){
+        console.log('Error on signUp: ' + err);
+        return err;
+    }
+
+    try{
         await connection.insertUser(user);
+    }catch(err){
+        return err;
+    }
 
-        await sessionHandler.updteUserPwFromSession(req.session.pw);
+    await sessionHandler.updteUserPwFromSession(req.session.pw);  
 
-        return 'ok';
-    } catch (e) {
-        return e;
-    }
+    return true;
 }
 
 /** Signin user and store to session
@@ -66,10 +74,13 @@ async function signIn(req, res) {
         let user = await connection.getUser(req, res);
 
         if (user === null) {
-            return res.render('login', { errormsg: req.t('loginError') });
+            return res.render('login', { errormsg: req.t('login.generalError') });
         }
+
         try{
-            await sessionHandler.setUserToSession(req, res, user);
+            if(user.pw === encrypt1.hashPw(req.body.pw)){
+                await sessionHandler.setUserToSession(req,res, user);
+            }
         }catch(err){
             return res.render('login', { errormsg: req.t('loginError') });
         }

diff --git a/index.js b/index.js
@@ -46,7 +46,9 @@ app.use(
 
 app.use(cache());
 
-app.use(helmet());
+app.use(helmet({
+    contentSecurityPolicy: process.env.HTTPS === 'true' || process.env.HTTPS === true ? true : false,
+}));
 
 // Why do i need extended false and not true?
 // https://stackoverflow.com/questions/35931135/cannot-post-error-using-express

diff --git a/locales/de/translation.json b/locales/de/translation.json
@@ -21,6 +21,11 @@
     "passwordRepeat": "Passwort wiederholen",
     "register": "Registrieren",
     "login": "Anmelden",
-    "generalError": "Registrierung fehlgeschlagen!"
+    "generalError": "Registrierung fehlgeschlagen!",
+    "userAlreadyExists": "Benutzer existiert bereits!",
+    "pwMissmatch":"Die beiden Passwörter stimmen nicht überein",
+    "pwNotFound": "Error: Pw wurde nicht gefunden!",
+    "pwHashProblem": "Pw Hash Problem",
+    "userDataNotFound": "Error: User Daten nicht gefunden!"
   }
 }
diff --git a/locales/en/translation.json b/locales/en/translation.json
@@ -21,6 +21,11 @@
     "passwordRepeat": "Repeat password",
     "register": "Signup",
     "login": "Login",
-    "generalError": "Sign up error!"
+    "generalError": "Sign up error!",
+    "userAlreadyExists": "User already exists!",
+    "pwMissmatch":"Pw missmage",
+    "pwNotFound": "Error: Pw not found!",
+    "pwHashProblem": "pw hash problem",
+    "userDataNotFound": "Error: User data not found!"
   }
 }
diff --git a/migrations/package.json b/migrations/package.json
@@ -1,7 +1,7 @@
 {
   "name": "mysql-migrate",
   "version": "1.0.0",
-  "description": "Local pw tressor for raspberry",
+  "description": "Local pw tresor for raspberry",
   "main": "index.js",
   "type": "commonjs"
 }