jrtechs
/
jrtechs-NodeJSBlog
mirror of https://github.com/jrtechs/NodeJSBlog.git


								//file io

								const utils = require('../utils/utils.js');


								//update db

								const sql = require('../utils/sql');


								const qs = require('querystring');


								const DEBUG = false;


								/**

								 * Processes post data to see if the user has successfully

								 * logged in. If the user has logged in successfully, a session

								 * variable is set and the page is refreshed.

								 *

								 * @param request

								 * @returns {Promise}

								 */

								const processLogin = function(request, clientAddress, templateContext)

								{

								    return new Promise(function(resolve, reject)

								    {

								        if(DEBUG)

								        {

								            //logs in as first user in DB

								            request.session.user = 1;

								            console.log("user has logged in");

								            templateContext.goodLoginAttempt = true;

								            resolve();

								        }


								        utils.getPostData(request).then(function(postData)

								        {

								            const post = qs.parse(postData);

								            if(!post.username && !post.password)

								            {

								                resolve("");

								                return(false); // no login attempted

								            }

								            return sql.checkLogin(postData);

								        }).then(function(loginResult)

								        {

								            if(loginResult !== false)

								            {

								                if(loginResult.pass)

								                {

								                    //what actually logs in the user

								                    request.session.user = loginResult.user;

								                    console.log("user has logged in");

								                    templateContext.goodLoginAttempt = true;

								                    resolve();

								                }

								                else

								                {

								                    templateContext.invalid = true;

								                    banIP(clientAddress);

								                    console.log("Invader!");

								                    resolve("Wrong!");

								                }

								            }

								        }).catch(function(err)

								        {

								            reject(err);

								        })

								    });

								};


								/** Global Containing Ban Data **/

								var banData = {};


								/** Number of incorrect login attempts permitted per ip */

								const LOGIN_LIMIT = 5;


								/**

								 * Determines if a client is banned from the server

								 * or not.

								 *

								 * @param clientAddress

								 */

								const isBanned = function(clientAddress)

								{

								    if(clientAddress in banData)

								    {

								        user = banData[clientAddress];


								        return user.incorrectLogins > LOGIN_LIMIT;

								    }

								    return false;


								};


								/**

								 * Increments the user's incorrect login attempt

								 * counter.

								 *

								 * @param clientAddress

								 */

								const banIP = function(clientAddress)

								{

								    if(clientAddress in banData)

								    {

								        user = banData[clientAddress];

								        user.incorrectLogins++;

								    }

								    else

								    {

								        var newUser = new Object();

								        newUser.incorrectLogins = 1;

								        banData[clientAddress] = newUser;

								    }

								};


								module.exports=

								    {

								        /**

								         * Renders the contents of the login page of the website

								         *

								         * @param request express request containing post data

								         * @returns {Promise} resolves html of login page

								         */

								        main: function(request, clientAddress, templateContext)

								        {

								            return new Promise(function(resolve, reject)

								            {

								                if(isBanned(clientAddress))

								                {

								                    templateContext.banned = true;

								                    resolve();

								                }

								                else

								                {

								                    processLogin(request, clientAddress, templateContext).then(function()

								                    {

								                        resolve();

								                    }).catch(function(err)

								                    {

								                        reject(err);

								                    })

								                }

								            });


								        },

								    };