/* * user.js * * routing handlers for a user * */ var util = require('util'); var crypto = require('crypto') var db = require('../mydb.js'); var driver = require('./driver.js'); var auth = require('../auth.js'); var connected_clients = {}; function create_get(req, res, next) { driver.create_get(req, res, next); } /* how much input sanitazion do we want? */ function create_post(req, res, next) { /* would need to be in the if statement */ //crypto.createHash('md5').update(req.param('secret') + req.param('id') + '0xdeadbeef').digest('hex') var secret_hash = '0xdeadbeef'; /* grant creation */ if (req.param('secret') == undefined || req.param('secret').length < 1 || !(req.param('secret') === secret_hash)) { util.log('[create] unauthorized creation attempt'); return res.send(403, 'creation aborted, invalid secret\n'); /* return could be after this statement for clarity */ } else if (req.param('tag') == undefined || req.param('tag').length < 2 || req.param('tag').length > 16 || /* tag */ req.param('id') == undefined || req.param('id').length < 8 || req.param('id').length > 30) /* pass */ { util.log('[create] client input sanitazation failed'); return res.send(400, 'invalid registration attributes\n'); } var user_record = { tag: req.param('tag'), /* really an id */ //id: req.param('id'), /* this is evil */ salt: '', hash: '', status: "offline", vehicle: {make: req.param('make'), model: req.param('model'), year: req.param('year'), desc: req.param('desc')}, userinfo: {sig: req.param('sig')}, location: {loc: req.param('loc')}, stats: {matches: 0, won: 0, lost: 0} }; /* not sure how this fits the async routine */ /* yep, had to move code into the callback */ auth.hash(req.param('id'), function(err, salt, hash) { if (err) { next(new Error('failed to compute hash')); } else { user_record.salt = salt; user_record.hash = hash; db.users.save(user_record, function(err, thing) { if (err || !thing) util.log('[create] error saving'); else util.log('[create] successfully saved'); }); res.redirect('/'); } }); } function login_get(req, res, next) { /* todo: jade page for this? */ /* res.send('just use curl to login'); */ res.render('login', { title: 'Challenger 2.0', /* might use app.locals */ }); } /* * test drive: curl -d 'tag=unclescotty&id=brotato' localhost:8081/login * */ function login_post(req, res, next) { auth.auth_user(req.param('tag'), req.param('id'), function(err, user, code) { if (err) return next(err); switch (code) { case 200: { /* util.log('[login] retrived user: ' + util.inspect(user)); */ util.log('[login] ' + user.tag + ' authenticated'); db.users.update({tag: user.tag}, {$set: {status: 'online'}}, function(err, updated) { if (err || !updated) { util.log('[login] failed to set status to online'); return next(new Error('failed to set status to online')); } /* real deal? */ connected_clients[user.tag] = {ip: res.connection.myip, port: res.connection.myport}; /* req.session.regenerate(function() { */ req.session.user = user.tag; /* keep track of auth'ed user */ res.send(200, 'successfully logged in\n'); }); break; } case 401: util.log('[login] could not authenticate'); res.send(401, 'could not authenticate\n'); break; case 403: util.log('[login] user does not exist'); res.send(403, 'user does not exist\n'); break; } }); } module.exports = { create_get: create_get, create_post: create_post, login_get: login_get, login_post: login_post };