wmantly/mp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added secure session token (will add csrf protection next)d

Browse Source
This commit is contained in:
BIG2EYEZ 2024-01-11 19:19:59 +08:00
parent c06ca3bc79
commit 4f73ecd808
3 changed files with 618 additions and 1620 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
Sean/server.js
View File

@ -24,6 +24,11 @@ app.use(
secret: process.env.key, secret: process.env.key,
resave: false, resave: false,
saveUninitialized: true, saveUninitialized: true,
cookie: {
secure: false, // Make sure to set this to true in a production environment with HTTPS
httpOnly: true,
maxAge: 24 * 60 * 60 * 1000, // Session duration in milliseconds (here set to 1 day)
},
}) })
); );
app.set("view engine", "ejs"); app.set("view engine", "ejs");
@ -68,7 +73,7 @@ const sendOTPByEmail = async (email, otp) => {
app.get("/login", (req, res) => { app.get("/login", (req, res) => {
// Pass an initial value for the error variable
res.render("login", { error: null }); res.render("login", { error: null });
}); });
@ -98,6 +103,31 @@ const logActivity = async (username, success, message) => {
} }
}; };
const logLogoutActivity = async (username, success, message) => {
try {
if (!username) {
console.error("Error logging activity: Username is null or undefined");
return;
}
const activity = success ? `successful logout: ${message}` : `unsuccessful logout: ${message}`;
const logSql =
"INSERT INTO user_logs (username, activity, timestamp) VALUES (?, ?, CURRENT_TIMESTAMP)";
const logParams = [username, activity];
connection.query(logSql, logParams, (error, results) => {
if (error) {
console.error("Error executing logSql:", error);
// Handle error (you may want to log it or take other appropriate actions)
} else {
console.log("Activity logged successfully");
}
});
} catch (error) {
console.error("Error in logActivity function:", error);
// Handle error (you may want to log it or take other appropriate actions)
}
};
// Login route // Login route
@ -118,7 +148,6 @@ const logActivity = async (username, success, message) => {
username = username.trim(); username = username.trim();
const loginSql = "SELECT * FROM users WHERE username = ?"; const loginSql = "SELECT * FROM users WHERE username = ?";
const updateLastLoginSql = "UPDATE users SET lastLogin = CURRENT_TIMESTAMP WHERE username = ?";
connection.query(loginSql, [username], async (error, results) => { connection.query(loginSql, [username], async (error, results) => {
if (error) { if (error) {
@ -182,18 +211,23 @@ const logActivity = async (username, success, message) => {
// Log successful OTP entry and login // Log successful OTP entry and login
if (req.body.username) { if (req.body.username) {
await logActivity(req.body.username, true, "OTP entered correctly. Successful login"); await logActivity(req.body.username, true, "OTP entered correctly. Successful login");
} }
// Correct OTP, redirect to home page // Correct OTP, generate a session token
const sessionToken = crypto.randomBytes(32).toString('hex');
// Store the session token in the session
req.session.authenticated = true; req.session.authenticated = true;
req.session.username = req.body.username; req.session.username = req.body.username;
req.session.sessionToken = sessionToken;
console.log(`Generated Session Token: ${sessionToken}`);
// Redirect to home page with session token
res.redirect("/home"); res.redirect("/home");
} else { } else {
// Log unsuccessful OTP entry // Log unsuccessful OTP entry
if (req.body.username) { if (req.body.username) {
await logActivity(req.body.username, false, "Incorrect OTP entered"); await logActivity(req.body.username, false, "Incorrect OTP entered");
} }
// Incorrect OTP, render login page with error // Incorrect OTP, render login page with error
@ -205,6 +239,33 @@ const logActivity = async (username, success, message) => {
} }
}); });
app.get("/logout", (req, res) => {
try {
const username = req.session.username || "Unknown User";
// Log the user out by clearing the session
req.session.destroy(async (err) => {
if (err) {
console.error("Error destroying session:", err);
await logLogoutActivity(username, false, "User logged out unsucessfully. Session not destroyed.");
} else {
console.log(`Session destroyed.`);
// Log the logout activity using a separate async function
await logLogoutActivity(username, true, "User logged out. Session destroyed.");
}
// Redirect to the login page after logout
res.redirect("/login");
});
} catch (error) {
console.error("Error in logout route:", error);
res.status(500).send("Internal Server Error");
}
});
app.get("/home", isAuthenticated, (req, res) => { app.get("/home", isAuthenticated, (req, res) => {
@ -219,10 +280,6 @@ const logActivity = async (username, success, message) => {
res.status(500).send("Internal Server Error"); res.status(500).send("Internal Server Error");
return; return;
} }
// Log the results on the server side
// Render the home page with sensor data // Render the home page with sensor data
res.render("home", { res.render("home", {
username: req.session.username, username: req.session.username,

2
Sean/views/home.ejs
View File

@ -88,7 +88,7 @@
<a href="/inusers">In-House Users</a> <a href="/inusers">In-House Users</a>
<a href="#">Users</a> <a href="#">Users</a>
<a href="#">Data Analysis</a> <a href="#">Data Analysis</a>
<a href="#">Logout</a> <a href="/logout">Logout</a>
</div> </div>
<div id="content"> <div id="content">

2161
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff