LetsEncrypt
This commit is contained in:
47
auth/auth.js
47
auth/auth.js
@@ -1,35 +1,50 @@
|
||||
import express from "express";
|
||||
import cookieParser from "cookie-parser";
|
||||
import bcrypt from "bcrypt";
|
||||
import fs from "fs";
|
||||
import crypto from "crypto";
|
||||
|
||||
const USERS = JSON.parse(fs.readFileSync("./users.json"));
|
||||
const SESSIONS = {}; // in-memory session store
|
||||
|
||||
const app = express();
|
||||
app.use(express.json());
|
||||
app.use(cookieParser());
|
||||
|
||||
const USERS = { "admin":"test123" }; // mocked
|
||||
|
||||
app.post("/api/login", (req,res)=>{
|
||||
app.post("/api/login", async (req,res)=>{
|
||||
const { user, pass } = req.body;
|
||||
|
||||
console.log(`Auth-Service login attempt for ${user}`);
|
||||
if(USERS[user] && USERS[user] === pass){
|
||||
// Set Session Cookie
|
||||
res.cookie("SESSIONID", "dummy-session-"+user, {
|
||||
httpOnly: true,
|
||||
secure: true, // production: require HTTPS
|
||||
domain: ".server.schooltech.ch", // allow cookie for subdomains
|
||||
sameSite: "None", // required for third-party iframes over HTTPS
|
||||
path: "/"
|
||||
});
|
||||
res.status(200).send({ ok:true });
|
||||
} else {
|
||||
res.status(401).send({ ok:false });
|
||||
}
|
||||
|
||||
const hash = USERS[user];
|
||||
if(!hash) return res.status(401).send({ ok:false });
|
||||
|
||||
const valid = await bcrypt.compare(pass, hash);
|
||||
if(!valid) return res.status(401).send({ ok:false });
|
||||
|
||||
// create secure random session
|
||||
const sessionID = crypto.randomBytes(32).toString("hex");
|
||||
SESSIONS[sessionID] = {
|
||||
user,
|
||||
created: Date.now()
|
||||
};
|
||||
|
||||
res.cookie("SESSIONID", sessionID, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
domain: ".server.schooltech.ch",
|
||||
sameSite: "None",
|
||||
path: "/"
|
||||
});
|
||||
|
||||
res.status(200).send({ ok:true });
|
||||
});
|
||||
|
||||
// Event logging endpoint for frontend button presses
|
||||
app.post('/api/event', (req,res)=>{
|
||||
const svc = req.body.service || req.body.action || 'unknown';
|
||||
const user = req.cookies.SESSIONID || 'anonymous';
|
||||
|
||||
console.log(`Event: user=${user} service=${svc} payload=${JSON.stringify(req.body)}`);
|
||||
res.status(200).send({ ok:true });
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user