Backend: Users can now log in.

2022-12-16 01:56:31 +00:00 · 2022-12-16 01:56:31 +00:00 · 9d2e26299d
commit 9d2e26299d
parent 81d586e520
3 changed files with 71 additions and 9 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -20,6 +20,7 @@
        "express": "^4.17.1",
        "express-async-errors": "^3.1.1",
        "express-rate-limit": "^5.2.6",
+        "express-session": "^1.17.3",
        "faker": "^5.4.0",
        "got": "^11.7.0",
        "helmet": "^4.4.1",
@ -3272,6 +3273,32 @@
      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-5.5.1.tgz",
      "integrity": "sha512-MTjE2eIbHv5DyfuFz4zLYWxpqVhEhkTiwFGuB74Q9CSou2WHO52nlE5y3Zlg6SIsiYUIPj6ifFxnkPz6O3sIUg=="
    },
+    "node_modules/express-session": {
+      "version": "1.17.3",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.3.tgz",
+      "integrity": "sha512-4+otWXlShYlG1Ma+2Jnn+xgKUZTMJ5QD3YvfilX3AcocOAbIkVylSWEklzALe/+Pu4qV6TYBj5GwOBFfdKqLBw==",
+      "dependencies": {
+        "cookie": "0.4.2",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.0.2",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "5.2.1",
+        "uid-safe": "~2.1.5"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/express-session/node_modules/cookie": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
+      "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
    "node_modules/faker": {
      "version": "5.5.3",
      "resolved": "https://registry.npmjs.org/faker/-/faker-5.5.3.tgz",
@ -5321,6 +5348,14 @@
        "node": ">= 0.8"
      }
    },
+    "node_modules/on-headers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
+      "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
    "node_modules/once": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@ -5802,6 +5837,14 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
+    "node_modules/random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
    "node_modules/randombytes": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
@ -7202,6 +7245,17 @@
        "node": ">=4.2.0"
      }
    },
+    "node_modules/uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "dependencies": {
+        "random-bytes": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
    "node_modules/undefsafe": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@ -25,6 +25,7 @@
    "express": "^4.17.1",
    "express-async-errors": "^3.1.1",
    "express-rate-limit": "^5.2.6",
+    "express-session": "^1.17.3",
    "faker": "^5.4.0",
    "got": "^11.7.0",
    "helmet": "^4.4.1",
--- a/backend/src/rest/functions/apply-middleware.ts
+++ b/backend/src/rest/functions/apply-middleware.ts
@ -6,23 +6,24 @@ import cors from 'cors';
 import { User } from '../../data/models/user';
 import rateLimiter, { extraRateLimit } from '../modules/rate-limiter';
 import multer from 'multer';
-import { extname, resolve } from 'path';  
+import { extname, resolve } from 'path';
 import crypto from 'crypto';
 import { promisify } from 'util';
 import { readFile, rename } from 'fs';
 import validateUser from '../middleware/validate-user';
 import updateUser from '../middleware/update-user';
 import { execSync } from 'child_process';
+import expressSession from 'express-session';

-const renameAsync = promisify(rename); 
-const readFileAsync = promisify(readFile); 
+const renameAsync = promisify(rename);
+const readFileAsync = promisify(readFile);

 function setupMulter(app: Application) {
  const uploadDir = resolve('./assets/upload');
  try {
    execSync(`mkdir -p ${uploadDir} 2>> /dev/null`);
-  } catch {}
-  
+  } catch { }
+
  // uses storage rather than memory - 2 file operations per file upload
  const storage = multer.diskStorage({
    destination: (req, file, cb) => cb(null, uploadDir),
@ -42,18 +43,18 @@ function setupMulter(app: Application) {
  });

  app.post('/v2/upload', updateUser, validateUser, extraRateLimit(10), upload.single('file'), async (req, res) => {
-    const file = req.file!;   
-  
+    const file = req.file!;
+
    const buffer = await readFileAsync(file.path);
    const hash = crypto
      .createHash('md5')
      .update(buffer)
-      .digest('hex'); 
+      .digest('hex');

    const newFileName = hash + extname(file.originalname);
    await renameAsync(file.path, `${uploadDir}/${newFileName}`);
    log.silly(`Uploaded ${newFileName}`);
-    
+
    const url = `/upload/${newFileName}`;
    res.status(201).json({ hash, url });
  });
@ -71,6 +72,12 @@ export default (app: Application) => {
  app.use(cors());
  app.use(bodyParser.json());
  app.use(passport.initialize());
+  app.use(expressSession({
+    secret: 'keyboard cat',
+    resave: false,
+    saveUninitialized: true,
+    cookie: { secure: true }
+  }));
  app.use(rateLimiter);

  setupPassport(app);