115 lines
3.1 KiB
JavaScript
115 lines
3.1 KiB
JavaScript
var crypto = require('crypto')
|
|
|
|
let db = require('@config/database')
|
|
let Auth = require('@helpers/Auth')
|
|
|
|
let User = module.exports = {}
|
|
|
|
//Login a user, if that user does not exist create them
|
|
//Issues login token
|
|
User.login = (username, password) => {
|
|
return new Promise((resolve, reject) => {
|
|
|
|
const lowerName = username.toLowerCase();
|
|
|
|
db.promise()
|
|
.query('SELECT * FROM users WHERE username = ? LIMIT 1', [lowerName])
|
|
.then((rows, fields) => {
|
|
|
|
//Pull out user data from database results
|
|
const lookedUpUser = rows[0][0];
|
|
|
|
//User not found, create a new account with set data
|
|
if(rows[0].length == 0){
|
|
User.create(lowerName, password)
|
|
.then(loginToken => {
|
|
resolve(loginToken)
|
|
})
|
|
return
|
|
}
|
|
|
|
//hash the password and check for a match
|
|
const salt = new Buffer(lookedUpUser.salt, 'binary')
|
|
crypto.pbkdf2(password, salt, lookedUpUser.iterations, 512, 'sha512', function(err, delivered_key){
|
|
if(delivered_key.toString('hex') === lookedUpUser.password){
|
|
|
|
//Passback a json web token
|
|
const token = Auth.createToken(lookedUpUser.id)
|
|
resolve(token)
|
|
|
|
} else {
|
|
|
|
reject('Password does not match database')
|
|
}
|
|
})
|
|
})
|
|
.catch(console.log)
|
|
|
|
})
|
|
}
|
|
|
|
//Create user account
|
|
//Issues login token
|
|
User.create = (username, password) => {
|
|
|
|
//For some reason, username won't get into the promise. But password will @TODO figure this out
|
|
const lowerName = username.toLowerCase().trim()
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
db.promise()
|
|
.query('SELECT * FROM users WHERE username = ? LIMIT 1', [lowerName])
|
|
.then((rows, fields) => {
|
|
|
|
if(rows[0].length === 0){ //No users returned, create new one. Start with hashing password
|
|
|
|
//Params for hash function
|
|
let shasum = crypto.createHash('sha512') //Prepare Hash
|
|
const ran = parseInt(Date.now()) //Get current time in miliseconds
|
|
const semiRandomInt = Math.floor(Math.random()*11) //Grab a random number
|
|
const otherRandomInt = (ran*semiRandomInt+ran)*semiRandomInt-ran //Mix things up a bit
|
|
shasum.update(''+otherRandomInt) //Update Hasd
|
|
|
|
const saltString = shasum.digest('hex')
|
|
const salt = new Buffer(saltString, 'binary') //Generate Salt hash
|
|
const iterations = 25000
|
|
|
|
crypto.pbkdf2(password, salt, iterations, 512, 'sha512', function(err, delivered_key) {
|
|
|
|
//Create new user object with freshly salted password
|
|
var currentDate = new Date().toISOString().slice(0, 19).replace('T', ' ');
|
|
var new_user = {
|
|
username: lowerName,
|
|
password: delivered_key.toString('hex'),
|
|
salt: salt,
|
|
iterations: iterations,
|
|
last_login: currentDate,
|
|
created: currentDate
|
|
};
|
|
|
|
db.promise()
|
|
.query('INSERT INTO users SET ?', new_user)
|
|
.then((rows, fields) => {
|
|
|
|
if(rows[0].affectedRows == 1){
|
|
|
|
const newUserId = rows[0].insertId
|
|
const loginToken = Auth.createToken(newUserId)
|
|
resolve(loginToken)
|
|
|
|
} else {
|
|
//Emit Error to user
|
|
reject('New user could not be created')
|
|
}
|
|
})
|
|
.catch(console.log)
|
|
})
|
|
} else {
|
|
reject('Username already in use.')
|
|
}//END user create
|
|
})
|
|
.catch(console.log)
|
|
|
|
|
|
})
|
|
} |