From 8e1179bc9a6fff674b3d6ee9db94ef90d3a4c966 Mon Sep 17 00:00:00 2001 From: Bram van der Veen <96aa48@gmail.com> Date: Tue, 21 Jul 2015 15:01:11 +0200 Subject: [PATCH] Added a logging in system with cookies. --- auth.js | 84 ++++++++++++++++++++++++++++++++++++ crypt.js | 35 +++++++++++++++ package.json | 3 +- resources/jade/homepage.jade | 2 + resources/jade/login.jade | 14 ++++++ web.js | 15 +++++-- 6 files changed, 148 insertions(+), 5 deletions(-) create mode 100644 auth.js create mode 100644 crypt.js create mode 100644 resources/jade/login.jade diff --git a/auth.js b/auth.js new file mode 100644 index 0000000..a16a294 --- /dev/null +++ b/auth.js @@ -0,0 +1,84 @@ +//authv2.js +var qs = require('querystring'); +var https = require('socks5-https-client'); + +var crypt = require('./crypt'); +var config = require('./configuration'); + +function get_login(username, password, callback) { + var login = qs.stringify({ + GebruikersNaam : username, + Wachtwoord : password + }); + + https.request({ + host : 'werkman.magister.net', + port : 443, + path : '/api/sessie', + method : 'POST', + headers : { + 'Content-Type' : 'application/x-www-form-urlencoded', + 'Content-Length' : login.length + }, + socksPort: config().tor_port, + socksHost: config().tor_host + }, function (res) { + if (res.statusCode == 201 || res.statusCode == 200) callback(true); + else callback(false); + }).write(login); +} + +function login(req, res, next) { + var _data = ''; + + req.on('data', function (data) { + _data += data; + }); + + req.on('end', function () { + var login_information = qs.parse(_data) + + get_login(login_information.username, login_information.password, function (legit) { + var username = crypt.encrypt(login_information.username); + var password = crypt.encrypt(login_information.password); + if (legit) { + res.cookie('username', username); + res.cookie('password', password); + res.redirect('/'); + } + else {res.end('Er is wat mis, misschien je wachtwoord?')} + }); + }); +} + +function logout(req, res) { + res.cookie('username', ''); + res.cookie('password', ''); + res.redirect('/'); +} + +function is(req, res, next) { + var cookies = qs.parse(req.headers.cookie.replace(/\s/g, ''), ';', '='); + console.log(cookies); + if (!cookies.username || !cookies.password) {next(); return;} + + var username = crypt.decrypt(cookies.username), + password = crypt.decrypt(cookies.password); + console.log(username, password); + + get_login(username, password, function (legit) { + if (legit) { + console.log('Username and password were legit'); + req.headers.username = username; + // req.headers.password = password; + } + + next(); + }); +} + +module.exports = { + 'login' : login, + 'logout' : logout, + 'is' : is +} diff --git a/crypt.js b/crypt.js new file mode 100644 index 0000000..553db26 --- /dev/null +++ b/crypt.js @@ -0,0 +1,35 @@ +var crypto = require('crypto'); + +var clearEncoding = 'utf8'; +var cipherEncoding = 'hex'; +var algo = 'aes192'; +var passwd = 'thisaintnosensitivedataatalldontreadthisorillgetmadatyourfaceyoumofo'; + +module.exports = { + encrypt : function (str) { + var cipher = crypto.createCipher(algo, passwd); + var cipherChunks = []; + + cipherChunks.push(cipher.update(str, clearEncoding, cipherEncoding)); + cipherChunks.push(cipher.final(cipherEncoding)); + + return cipherChunks[1]; + }, + decrypt : function (str) { + str = [str]; + var plainChunks = []; + try { + var decipher = crypto.createDecipher(algo, passwd); + + for (var i = 0;i < str.length;i++) { + plainChunks.push(decipher.update(str[i], cipherEncoding, clearEncoding)); + } + + plainChunks.push(decipher.final(clearEncoding)); + return plainChunks.join(''); + } + catch (err) { + return str.join(''); + } + } +} diff --git a/package.json b/package.json index 39e5b20..60e42da 100644 --- a/package.json +++ b/package.json @@ -17,6 +17,7 @@ "jade": "^1.11.0", "mongodb": "^1.4.38", "mongoskin": "^1.4.13", - "socks5-http-client": "^1.0.1" + "socks5-http-client": "^1.0.1", + "socks5-https-client": "^1.1.1" } } diff --git a/resources/jade/homepage.jade b/resources/jade/homepage.jade index 06c5779..5c2d80d 100644 --- a/resources/jade/homepage.jade +++ b/resources/jade/homepage.jade @@ -4,4 +4,6 @@ div.homepage input.search(type="text", name="searchterm", placeholder="Je naam, id, klassennaam, docentencode, lokaalcode") button.search Zoeken + div=JSON.stringify(headers, null, 2) + include links diff --git a/resources/jade/login.jade b/resources/jade/login.jade new file mode 100644 index 0000000..4228a17 --- /dev/null +++ b/resources/jade/login.jade @@ -0,0 +1,14 @@ +//- login.jade +include header + +form(action="/login", method="post") + div + label Username + input(type="text", name="username") + div + label Password + input(type="password", name="password") + div + input(type="submit", value="Log In") + +div=user diff --git a/web.js b/web.js index 7e34736..5a62cea 100644 --- a/web.js +++ b/web.js @@ -8,6 +8,7 @@ var api = require('./api'); var config = require('./configuration'); var lookup = require('./lookup'); var schedule = require('./schedule'); +var auth = require('./auth'); var app = express(); @@ -21,18 +22,24 @@ app.use('/css', less(__dirname + '/resources/less')); app.use('/js', express.static(__dirname + '/resources/js')); app.use('/other', express.static(__dirname + '/resources/other')); -app.get('/', function (req, res) { +//Other things that need to be setup +// app.use(body_parser); + +app.get('/', auth.is, function (req, res) { req.links = config().links; res.render('homepage', req); }); -app.get('/api/:api', function (req, res) { - +app.get('/login', function (req, res) { + res.render('login'); }); +app.post('/login', auth.login); + +app.get('/api/:api', function (req, res, next) { next(); }); app.param('api', api); -app.get('/rooster/:search', function (req, res) { +app.get('/rooster/:search', function (req, res, next) { next(); });