Web session implemented

lib/webserver/index.js

@@ -5,14 +5,27 @@ const { WEB_USE_CF_CONNECTING_IP } = process.env;
 const express = require('express');
 const nunjucks = require('nunjucks');
 const uniqid = require('uniqid');
+const { default: RedisStore } = require('connect-redis');
+const session = require('express-session');
+const redis = require('redis');
 const logger = require('../logger');
 const targetLookup = require('./target-lookup');
 const composeTrustProxy = require('./compose-trust-proxies');
 
+const routerDashboard = require('./routers/dasboard');
 const routerLogin = require('./routers/login');
 
 const listenPort = Number(process.env.WEB_PORT) || 8080;
 
+const validateSession = (req, res, next) => {
+  if (!req.session?.email) {
+    res.redirect('/login');
+    return;
+  }
+
+  next();
+};
+
 module.exports = async () => {
   logger.verbose(`${MODULE_NAME} 8DC78BEA: Starting`);
 
@@ -27,6 +40,23 @@ module.exports = async () => {
 
   const app = express();
 
+  logger.verbose(`${MODULE_NAME} A3F66C95: Creating redis client for sesssion store`);
+  const redisClient = redis.createClient();
+  await redisClient.connect();
+
+  const redisStore = new RedisStore({
+    client: redisClient,
+    prefix: 'redirector_8727BC88',
+  });
+
+  app.use(session({
+    name: process.env.WEB_SESSION_NAME || 'redirector',
+    store: redisStore,
+    resave: false,
+    saveUninitialized: false,
+    secret: process.env.WEB_SESSION_SECRET || uniqid(),
+  }));
+
   app.use(express.static('./node_modules/bootstrap/dist'));
   app.use(express.static('./public/'));
 
@@ -70,6 +100,7 @@ module.exports = async () => {
   });
 
   app.use('/login', routerLogin);
+  app.use('/dashboard', validateSession, routerDashboard);
 
   app.use(targetLookup);
 

lib/webserver/routers/dasboard/index.js

@@ -0,0 +1,10 @@
+const express = require('express');
+
+const router = express.Router();
+module.exports = router;
+
+const pageMain = (req, res) => {
+  res.end('OK');
+};
+
+router.all('/', pageMain);

lib/webserver/routers/login/index.js

@@ -36,6 +36,11 @@ const onInvalidLogin = (req, res) => {
 };
 
 const pageLogin = (req, res) => {
+  if (req.session?.email) {
+    res.redirect('/dashboard');
+    return;
+  }
+
   res.render('login.html.njk', {
     msg: req.query.msg,
     email: req.query.email,
@@ -85,7 +90,8 @@ const pageLoginVerification = async (req, res) => {
       return;
     }
 
-    res.end('OK');
+    req.session.email = email;
+    res.redirect('/dashboard');
   } catch (e) {
     const newE = new Error(`${MODULE_NAME} CFB34BC8: Exception on pageLoginVerification`);
     logger.warn(newE.message, {
@@ -102,5 +108,12 @@ const pageLoginVerification = async (req, res) => {
   }
 };
 
+const pageLogout = (req, res) => {
+  delete req.session.email;
+
+  res.redirect('/login');
+};
+
 router.get('/', pageLogin);
 router.post('/', express.urlencoded({ extended: false }), pageLoginVerification);
+router.get('/out', pageLogout);

package.json

@@ -37,13 +37,16 @@
   "dependencies": {
     "bcrypt": "^5.1.1",
     "bootstrap": "^5.3.2",
+    "connect-redis": "^7.1.0",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
+    "express-session": "^1.17.3",
     "geoip-lite": "^1.4.8",
     "ip-toolkit": "^1.0.10",
     "mysql2": "^3.6.5",
     "nunjucks": "^3.2.4",
     "prompt": "^1.3.0",
+    "redis": "^4.6.11",
     "sd-notify": "^2.8.0",
     "uniqid": "^5.4.0",
     "url-join": "^4.0.1",

views/login.html.njk

@@ -202,7 +202,7 @@
         </div> #}
         <button class="btn btn-primary w-100 py-2" type="submit">Sign in</button>
 
-        {# <p class="mt-5 mb-3 text-body-secondary">&copy; 2017–2023</p> #}
+        {# <p class="mt-5 mb-3 text-body-secondary">&copy; 2017-2023</p> #}
 
       </form>
     </main>