live-coding-http-authentication-module/app.js at master · GuildCrafts/live-coding-http-authentication-module · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
const express = require('express')
const cookie = require('cookie')
const bodyParser = require('body-parser')
const onHeaders = require('on-headers')
const app = express()
const port = process.env.PORT || 3000

app.set('view engine', 'pug')
app.use(bodyParser.urlencoded({ extended: false }))


app.use((request, response, next) => {
  console.log('A')
  request.cookies = cookie.parse(request.headers.cookie || '');

  try{
    request.session = JSON.parse(decrypt(request.cookies.session))
  }catch(error){
    console.log('ERROR DECRYPTING COOKIE')
    request.session = {}
  }


  onHeaders(response, () =>{
    console.log('setting session cookie')
    response.setHeader('Set-Cookie',
      cookie.serialize('session', encrypt(JSON.stringify(request.session)), {
        httpOnly: true,
        maxAge: 60 * 60 * 24 * 7 // 1 week
      })
    )
  })

  next()
})

app.use((request, response, next) => {
  if (request.session.userId){
    database.getUserById(request.session.userId, (user) => {
      request.user = user
      next()
    })
  }else{
    next()
  }
})


app.get('/', (request, response, next) => {
  console.log('B')
  let name = request.session.name
  response.render('index', {
    name,
    session: request.session
  })
})

app.post('/set-name', (request, response, next) => {
  console.log('B')
  const name = request.body.name
  request.session.name = name
  response.redirect('/')
})

app.post('/login', (request, response, next) => {
  const email = request.body.email
  const password = request.body.password

  // one-way hash the password
  // query the database for email and hashed_password
  database.queryForUser(email, password, (userId) => {
    if (userId){
      request.session.userId = userId
    }else{
      response.render('log-page', { error:  'bad email or password'})
    }
  })
})

app.listen(port, () => {
  console.log(`http://localhost:${port}`)
})


// Nodejs encryption with CTR
const crypto = require('crypto')
const algorithm = 'aes-256-ctr'
const password = 'd6F3Efeq'
// const password = process.env.ENCRUPTION_PASSWORD

function encrypt(text){
  var cipher = crypto.createCipher(algorithm,password)
  var crypted = cipher.update(text,'utf8','hex')
  crypted += cipher.final('hex');
  return crypted;
}

function decrypt(text){
  var decipher = crypto.createDecipher(algorithm,password)
  var dec = decipher.update(text,'hex','utf8')
  dec += decipher.final('utf8');
  return dec;
}