diff --git a/app.js b/app.js index 7e86b97..0d698f6 100644 --- a/app.js +++ b/app.js @@ -67,7 +67,7 @@ app.use("/", express.static(__dirname + '/static')); app.use("/session", function(req, res) { res.setHeader("Content-Type", "application/json"); - //refresh session + //refresh session and return login status if(req.method == "GET") { if(req.session.data.login == true) { if(new Date() - req.session.data.lastActivity < 5 * 60 * 1000) { @@ -77,37 +77,77 @@ app.use("/session", function(req, res) { } } res.send(200, JSON.stringify({ + "success": true, "login": req.session.data.login })); } //check user credentials, update session data if(req.method == "PUT") { + //already logged in? if(req.session.data.login == true) { res.send(200, JSON.stringify({ - "success": false - })); - } - var params = req.body; - if(tools.reqParamsGiven() == false) { - res.send(200, JSON.stringify({ - "login": req.session.data.login + "success": false, + "error": "You are already logged in!" })); return; } - req.session.data.login = true; - req.session.data.lastActivity = new Date(); - res.send(200, JSON.stringify({ - "login": req.session.data.login - })); + + var params = req.body; + //username or password missing? + if(tools.reqParamsGiven(["username", "password"], params) == false) { + res.send(200, JSON.stringify({ + "success": false, + "error": "Insufficient parameters given! Need: username, password" + })); + return; + } + //check if user exists + db.get(params.username, function (err, doc) { + if(!err && doc.type == "user") { + //user exists, verify password + scrypt.verifyHash(user.auth, params.password, function(err, match) { + if(err || match == false) { + res.send(200, JSON.stringify({ + "success": false, + "error": "Invalid login credentials!" + })); + return; + } + if(!err && match == true) { + req.session.data.login = true; + req.session.data.lastActivity = new Date(); + res.send(200, JSON.stringify({ + "success": true + })); + return; + } + }); + } else { + //user does not exist. + res.send(200, JSON.stringify({ + "success": false, + "error": "Invalid login credentials!" + })); + return; + } + }); } //destroy the session if(req.method == "DELETE") { - req.session.data.login = false; - res.send(200, JSON.stringify({ - "login": req.session.data.login - })); + //only do logout if login exists + if(req.session.data.login == false) { + res.send(200, JSON.stringify({ + "success": false, + "error": "Cannot log you out, you are not logged in!" + })); + } else { + req.session.data.login = false; + res.send(200, JSON.stringify({ + "success": true + })); + } } });