Password verification

kucingbasah737 · Nov 25, 2023 · 8168c42 · 8168c42
1 parent d20d877
commit 8168c42
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 9 deletions.
diff --git a/lib/webserver/routers/login/index.js b/lib/webserver/routers/login/index.js
@@ -1,10 +1,106 @@
+const MODULE_NAME = 'WEBSERVER.ROUTER-LOGIN';
+
+const querystring = require('node:querystring');
+const bcrypt = require('bcrypt');
 const express = require('express');
+const urlJoin = require('url-join');
+const logger = require('../../../logger');
+const getUserByEmail = require('../../../get-user-by-email');
 
 const router = express.Router();
 module.exports = router;
 
+/**
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
+ */
+const onInvalidLogin = (req, res) => {
+  const { xid, ip } = res.locals;
+  const { email } = req.body;
+
+  logger.verbose(`${MODULE_NAME} 850E0EAC: Invalid user`, {
+    xid,
+    ip,
+    email,
+  });
+
+  const qs = {
+    msg: 'Invalid login. Please check your username and/or password.',
+    email,
+  };
+
+  res.redirect(urlJoin(
+    req.baseUrl,
+    `?${querystring.stringify(qs)}`,
+  ));
+};
+
 const pageLogin = (req, res) => {
-  res.render('login.html.njk', {});
+  res.render('login.html.njk', {
+    msg: req.query.msg,
+    email: req.query.email,
+  });
+};
+
+/**
+ *
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
+ */
+const pageLoginVerification = async (req, res) => {
+  const { xid, ip } = res.locals;
+  const { email, password } = req.body;
+
+  res.locals.email = email;
+
+  if (!email || !password) {
+    onInvalidLogin(req, res);
+    return;
+  }
+
+  try {
+    const user = await getUserByEmail(xid, email);
+    if (!user) {
+      onInvalidLogin(req, res);
+      return;
+    }
+
+    logger.debug(`${MODULE_NAME} 72B400C0: Checking password`, {
+      xid,
+      email,
+      password: password.replace(/./g, '*'),
+      passwordFromDb: user.password,
+    });
+
+    const passwordMatched = await bcrypt.compare(password, user.password);
+
+    if (!passwordMatched) {
+      logger.debug(`${MODULE_NAME} 8AFB1430: Password does not match`, {
+        xid,
+        ip,
+        email,
+      });
+
+      onInvalidLogin(req, res);
+      return;
+    }
+
+    res.end('OK');
+  } catch (e) {
+    const newE = new Error(`${MODULE_NAME} CFB34BC8: Exception on pageLoginVerification`);
+    logger.warn(newE.message, {
+      xid,
+      eCode: e.code,
+      eMessage: e.message || e.toString(),
+    });
+
+    res.status(500).json({
+      status: 500,
+      message: 'Something wrong',
+      xid,
+    });
+  }
 };
 
 router.get('/', pageLogin);
+router.post('/', express.urlencoded({ extended: false }), pageLoginVerification);
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -46,6 +46,7 @@
     "prompt": "^1.3.0",
     "sd-notify": "^2.8.0",
     "uniqid": "^5.4.0",
+    "url-join": "^4.0.1",
     "winston": "^3.11.0",
     "winston-daily-rotate-file": "^4.7.1",
     "yargs": "^17.7.2"

diff --git a/views/login.html.njk b/views/login.html.njk
@@ -176,27 +176,34 @@
     </div>
 
     <main class="form-signin w-100 m-auto">
-      <form>
+      <form method="POST">
         {# <img class="mb-4" src="/vendors/bootstrap-signin/assets/brand/bootstrap-logo.svg" alt="" width="72" height="57"> #}
+
         <h1 class="h3 mb-3 fw-normal">Please sign in</h1>
 
+        {% if msg %}
+        <p>{{ msg }}</p>
+        {% endif %}
+
         <div class="form-floating">
-          <input type="email" class="form-control" id="floatingInput" placeholder="name@example.com">
+          <input name="email" type="text" class="form-control" id="floatingInput" placeholder="name@example.com" value="{{ email | default('') }}" required autofocus>
           <label for="floatingInput">Email address</label>
         </div>
         <div class="form-floating">
-          <input type="password" class="form-control" id="floatingPassword" placeholder="Password">
+          <input name="password" type="password" class="form-control" id="floatingPassword" placeholder="Password" required>
           <label for="floatingPassword">Password</label>
         </div>
 
-        <div class="form-check text-start my-3">
+        {# <div class="form-check text-start my-3">
           <input class="form-check-input" type="checkbox" value="remember-me" id="flexCheckDefault">
           <label class="form-check-label" for="flexCheckDefault">
-        Remember me
-      </label>
-        </div>
+            Remember me
+          </label>
+        </div> #}
         <button class="btn btn-primary w-100 py-2" type="submit">Sign in</button>
-        <p class="mt-5 mb-3 text-body-secondary">&copy; 2017–2023</p>
+
+        {# <p class="mt-5 mb-3 text-body-secondary">&copy; 2017–2023</p> #}
+
       </form>
     </main>
     <script src="/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>