jrtechs-NodeJSBlog/admin/login.js

//file io
const utils = require('../utils/utils.js');

//update db
const sql = require('../utils/sql');

const qs = require('querystring');

const DEBUG = false;


/**
 * Processes post data to see if the user has successfully
 * logged in. If the user has logged in successfully, a session
 * variable is set and the page is refreshed.
 *
 * @param request
 * @returns {Promise}
 */
const processLogin = function(request, clientAddress, templateContext)
{
    return new Promise(function(resolve, reject)
    {
        if(DEBUG)
        {
            //logs in as first user in DB
            request.session.user = 1;
            console.log("user has logged in");
            templateContext.goodLoginAttempt = true;
            resolve();
        }

        utils.getPostData(request).then(function(postData)
        {
            const post = qs.parse(postData);
            if(!post.username && !post.password)
            {
                resolve("");
                return(false); // no login attempted
            }
            return sql.checkLogin(postData);
        }).then(function(loginResult)
        {
            if(loginResult !== false)
            {
                if(loginResult.pass)
                {
                    //what actually logs in the user
                    request.session.user = loginResult.user;
                    console.log("user has logged in");
                    templateContext.goodLoginAttempt = true;
                    resolve();
                }
                else
                {
                    templateContext.invalid = true;
                    banIP(clientAddress);
                    console.log("Invader!");
                    resolve("Wrong!");
                }
            }
        }).catch(function(err)
        {
            reject(err);
        })
    });
};


/** Global Containing Ban Data **/
var banData = {};

/** Number of incorrect login attempts permitted per ip */
const LOGIN_LIMIT = 5;


/**
 * Determines if a client is banned from the server
 * or not.
 *
 * @param clientAddress
 */
const isBanned = function(clientAddress)
{
    if(clientAddress in banData)
    {
        user = banData[clientAddress];

        return user.incorrectLogins > LOGIN_LIMIT;
    }
    return false;

};


/**
 * Increments the user's incorrect login attempt
 * counter.
 *
 * @param clientAddress
 */
const banIP = function(clientAddress)
{
    if(clientAddress in banData)
    {
        user = banData[clientAddress];
        user.incorrectLogins++;
    }
    else
    {
        var newUser = new Object();
        newUser.incorrectLogins = 1;
        banData[clientAddress] = newUser;
    }
};


module.exports=
    {
        /**
         * Renders the contents of the login page of the website
         *
         * @param request express request containing post data
         * @returns {Promise} resolves html of login page
         */
        main: function(request, clientAddress, templateContext)
        {
            return new Promise(function(resolve, reject)
            {
                if(isBanned(clientAddress))
                {
                    templateContext.banned = true;
                    resolve();
                }
                else
                {
                    processLogin(request, clientAddress, templateContext).then(function()
                    {
                        resolve();
                    }).catch(function(err)
                    {
                        reject(err);
                    })
                }
            });

        },
    };