diff --git a/README.md b/README.md index 5952a7a..cc0d784 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,9 @@ use blog_name; create table users( user_id mediumint unsigned not null AUTO_INCREMENT, -first_name varchar(20) not null, -last_name varchar(40) not null, user_name varchar(60) not null, -pass char(40) not null, -registration_date datetime not null, -admin boolean not null, +password char(64) not null, +salt char(64) not null, primary key(user_id) ); @@ -49,11 +46,12 @@ grant all on blog_name.* to blog_user@localhost identified by "password"; ## Node Dependencies ```bash npm install express -npm install client-sessions +npm install express-sessions npm install mysql npm install sanitizer npm install promise npm install markdown npm install markdown-to-html -g npm install highlight +npm install crypto ``` diff --git a/admin/admin.js b/admin/admin.js index 2eb011b..56bf32e 100644 --- a/admin/admin.js +++ b/admin/admin.js @@ -1,5 +1,6 @@ const utils = require('../utils/utils.js'); var Promise = require('promise'); +var session = require('client-sessions'); module.exports= { @@ -18,7 +19,7 @@ module.exports= { if(request.session && request.session.user) { - + console.log("user logged in"); utils.getPostData(request).then(function (postData) { return require("../admin/newPost.js").main(result, postData); @@ -34,7 +35,13 @@ module.exports= else { //login page - return require("../admin/login.js").main(result, request); + require("../admin/login.js").main(result, request).then(function() + { + resolve(); + }).catch(function(err) + { + console.log(err); + }) } }); diff --git a/admin/login.html b/admin/login.html index ca9d9df..996a747 100644 --- a/admin/login.html +++ b/admin/login.html @@ -1,14 +1,19 @@ -
-

Login

-
+
+
+
+

Login

+
-
-

- -

-

- -

-

-

-
\ No newline at end of file +
+

+ +

+

+ +

+

+

+
+
+
+ \ No newline at end of file diff --git a/admin/login.js b/admin/login.js index 11b8d00..15a5112 100644 --- a/admin/login.js +++ b/admin/login.js @@ -1,18 +1,48 @@ const utils = require('../utils/utils.js'); const Promise = require('promise'); +const sql = require('../utils/sql'); + +var processLogin = function(result, request) +{ + return new Promise(function(resolve, reject) + { + utils.getPostData(request).then(function(postData) + { + return sql.checkLogin(postData); + }).then(function(loginResult) + { + if(loginResult.pass) + { + request.session.user = loginResult.user; + result.write(""); + } + resolve(); + }).catch(function(err) + { + console.log(err); + resolve(); + }) + }); +}; + module.exports= { main: function(result, request) { - utils.include(result, './admin/login.html'); - return this.processLogin(result, request); - }, - processLogin: function(result, request) - { + result.write("
"); return new Promise(function(resolve, reject) { - resolve(); + utils.include(result, './admin/login.html').then(function() + { + return require("../sidebar/sidebar.js").main(result); + }).then(function() + { + return processLogin(result, request); + }).then(function() + { + resolve(); + }) }); - } + }, }; \ No newline at end of file diff --git a/includes/404.html b/includes/404.html index a13576e..9cf76ea 100644 --- a/includes/404.html +++ b/includes/404.html @@ -1,2 +1,4 @@

Page Not Found

-
Page not found
+
+ Page not found +
diff --git a/includes/includes.js b/includes/includes.js index 27e7ce5..7bf2571 100644 --- a/includes/includes.js +++ b/includes/includes.js @@ -33,7 +33,6 @@ module.exports = { return new Promise(function(resolve, reject) { - console.log(FOOTER_FILE); utils.include(result, FOOTER_FILE).then(function() { result.end(); diff --git a/posts/singlePost.js b/posts/singlePost.js index 675cad9..9fe10d5 100644 --- a/posts/singlePost.js +++ b/posts/singlePost.js @@ -39,7 +39,6 @@ module.exports= html = html.split("").join("
");
                 html = html.split("").join("
"); res.write(html); - console.log(html); } catch(ex) { diff --git a/server.js b/server.js index cbd415e..816ef37 100644 --- a/server.js +++ b/server.js @@ -11,18 +11,13 @@ const url = require('url'); var express = require("express"); -var session = require('client-sessions'); +var session = require('express-session'); const includes = require('./includes/includes.js'); var app = express(); -app.use(session({ - cookieName: 'session', - secret: 'random_string_goes_here', - duration: 30 * 60 * 1000, - activeDuration: 5 * 60 * 1000, -})); +app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 6000000 }})); app.use(function(request, res) { @@ -44,8 +39,6 @@ app.use(function(request, res) var urlSplit = filename.split("/"); - console.log(urlSplit); - if(urlSplit.length >= 2 && urlSplit[1] === 'category') //single category page file = "./posts/category.js"; @@ -55,8 +48,6 @@ app.use(function(request, res) else file = "./posts/posts.js"; - console.log(file); - includes.printHeader(res).then(function() { return require(file).main(res, filename, request); @@ -65,7 +56,7 @@ app.use(function(request, res) return includes.printFooter(res); }).then(function() { - console.log("fin"); //for debugging + //console.log("fin"); //for debugging }) } diff --git a/sidebar/categoriesSideBar.js b/sidebar/categoriesSideBar.js index 4ed3e53..b9f4421 100644 --- a/sidebar/categoriesSideBar.js +++ b/sidebar/categoriesSideBar.js @@ -12,7 +12,6 @@ module.exports= */ main: function(res) { - console.log("sidebar called"); return new Promise(function(resolve, reject) { res.write("
"); @@ -23,18 +22,16 @@ module.exports= sql.getCategories().then(function(categories) { - console.log(categories[0].name); categories.forEach(function(cat) { //res.write(cat.name); - console.log(cat); res.write("
  • "); res.write("" + cat.name + "
    "); res.write("
    • "); }); - res.write(""); + res.write("
    "); resolve(); }) diff --git a/utils/sql.js b/utils/sql.js index 384602d..722c7c5 100644 --- a/utils/sql.js +++ b/utils/sql.js @@ -2,7 +2,11 @@ const mysql = require('mysql'); const sanitizer = require('sanitizer'); -var Promise = require('promise'); +const Promise = require('promise'); + +const crypto = require('crypto'); + +const qs = require('querystring'); const con = mysql.createConnection({ host: "localhost", @@ -13,7 +17,6 @@ const con = mysql.createConnection({ con.connect(function(err) { if (err) throw err; - console.log("Connected!"); }); /** @@ -139,6 +142,7 @@ module.exports= resolve(0); } }); + resolve(0); }); }, @@ -190,12 +194,61 @@ module.exports= }); }); }, - getPage: function(name) + /** + * Function which checks to see if a user successfully logged in based on + * the post data which they sent + * + * @param postData the post data + * @return {*|Promise} a json object with {pass: , user: } + * the pass is whether or not they logged in successfully and the user is + * the username they successfully logged in with + */ + checkLogin: function(postData) { + var post = qs.parse(postData); return new Promise(function(resolve, reject) { - var q = ""; - }); + var result = Object(); + result.pass = false; + + if(post.username && post.password) + { + var cleanName = sanitizer.sanitize(post.username); + var cleanPassword = sanitizer.sanitize(post.password); + var getSalt = "select * from users where user_name='" + cleanName + "'"; + fetch(getSalt).then(function(saltResult) + { + if(saltResult.length == 1) + { + var hashedPassword = crypto.createHash('sha256') + .update(cleanPassword + saltResult[0].salt) + .digest('hex'); + if(saltResult[0].password === hashedPassword) + { + //yay! + result.pass = true; + result.user = cleanName; + resolve(result); + } + else + { + //wrong password + resolve(result) + } + } + else + { + //incorrect username + resolve(result); + } + }) + } + else + { + //no login attempts were made + resolve(result); + } + }); } }; \ No newline at end of file diff --git a/utils/utils.js b/utils/utils.js index f139d8f..6e4573c 100644 --- a/utils/utils.js +++ b/utils/utils.js @@ -32,6 +32,11 @@ module.exports= }); }, + /** + * Method which return the contents of a file as a string + * @param fileName + * @return {*} + */ getFileContents: function(fileName) { try @@ -71,12 +76,10 @@ module.exports= req.connection.destroy(); reject(); } - }); req.on('end', function () { - console.log(body); resolve(body); }); }