adminflsu/PengLogin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change code db and add env variable

Browse Source
This commit is contained in:
florian 2025-06-14 12:27:14 +02:00
parent 91999b0699
commit b8c05105fa
1 changed files with 80 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
index.js
View File

@ -5,17 +5,18 @@ import bcrypt from 'bcrypt';
import nodemailer from 'nodemailer'; import nodemailer from 'nodemailer';
import dotenv from 'dotenv'; import dotenv from 'dotenv';
import fs, { stat } from 'fs'; import fs, { stat } from 'fs';
import { verify } from 'crypto';
dotenv.config(); dotenv.config();
const transporter = nodemailer.createTransport({ const transporter = nodemailer.createTransport({
host: 'email.thepenguinontheweb.tech', host: process.env.SMTP_HOST,
port: 587, port: process.env.SMTP_PORT,
secure: false, // false pour STARTTLS secure: process.env.SMTP_SECURE === 'true', // false for 587, true for 465
auth: { auth: {
user: process.env.EMAIL_USER, user: process.env.EMAIL_USER,
pass: process.env.EMAIL_PASS pass: process.env.EMAIL_PASS,
} },
}); });
function sendMail(to, subject, html) { function sendMail(to, subject, html) {
@ -81,35 +82,36 @@ app.get('/', (req, res) => {
} }
); );
app.post('/api/login', (req, res) => { app.post('/api/login', async (req, res) => {
const { username, password } = req.body; const { username, password } = req.body;
if (!username || !password) { if (!username || !password) {
return res.status(400).json({ message: 'Username and password are required' }); return res.status(400).json({ message: 'Username and password are required' });
} }
db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username]) try {
.then(user => { const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username]);
if (!user) {
return res.status(401).json({ message: 'Invalid username or password' });
}
// Check password (replace with real password check logic) if (!user) {
const isPasswordValid = bcrypt.compareSync(password, user.password); return res.status(401).json({ message: 'Invalid username or password' });
if (!isPasswordValid) { }
return res.status(401).json({ message: 'Invalid username or password' });
}
res.status(200).json({ message: 'Login successful' });
}) // Check password (replace with real password check logic)
.catch(err => { const isPasswordValid = bcrypt.compareSync(password, user.password);
console.error('Database error:', err); if (!isPasswordValid) {
res.status(500).json({ message: 'Internal server error' }); return res.status(401).json({ message: 'Invalid username or password' });
}); }
res.status(200).json({ message: 'Login successful' });
} catch (err) {
console.error('Database error:', err);
res.status(500).json({ message: 'Internal server error' });
}
} }
); );
app.post('/api/register', (req, res) => { app.post('/api/register', async (req, res) => {
const { username, email, password } = req.body; const { username, email, password } = req.body;
if (!username || !email || !password) { if (!username || !email || !password) {
@ -118,68 +120,43 @@ app.post('/api/register', (req, res) => {
const hashedPassword = bcrypt.hashSync(password, 10); const hashedPassword = bcrypt.hashSync(password, 10);
let isAlreadyRegistered = false; try {
db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email]) // Check if user already exists in users table
.then(user => { const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email]);
if (user) { if (user) {
isAlreadyRegistered = true; return res.status(409).json({ message: 'Username or email already exists' });
return res.status(409).json({ message: 'Username or email already exists' }); }
// Check if user is already in verify table
const verify = await db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email]);
if (verify) {
// If token is still valid
if (Date.now() - new Date(verify.createdAt).getTime() < 24 * 60 * 60 * 1000) {
return res.status(409).json({ message: 'Verification already sent, please check your email' });
} else {
// If token is expired, delete it
await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
} }
}) }
.catch(err => {
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
});
if (isAlreadyRegistered) { // Insert new verification token
return; const verificationToken = Math.random().toString(36).substring(2, 15);
await db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword]);
// read the email template
const emailTemplate = fs.readFileSync('mailFile/mail.html', 'utf8');
const emailContent = emailTemplate.replace('{{verification_link}}', `${process.env.URL}/verify?token=${verificationToken}`);
sendMail(email, 'Welcome to Our Service', emailContent);
return res.status(201).json({ message: 'email send' });
} catch (err) {
await db.run('DELETE FROM verify WHERE username = ? OR email = ?', [username, email]);
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
} }
});
db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email])
.then(verify => {
if (verify) {
// Verify if the last verification token is still valid
if (Date.now() - new Date(verify.createdAt).getTime() < 24 * 60 * 60 * 1000) {
isAlreadyRegistered = true;
return res.status(409).json({ message: 'Verification already sent, please check your email' });
}
else {
// If the token is expired, delete it
db.run('DELETE FROM verify WHERE id = ?', [verify.id])
.catch(err => {
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
});
}
}
})
.catch(err => {
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
});
if (isAlreadyRegistered) {
return;
}
const verificationToken = Math.random().toString(36).substring(2, 15);
db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword])
.then(() => {
// read the email template
const emailTemplate = fs.readFileSync('mailFile/mail.html', 'utf8');
// replace placeholders in the email template
const emailContent = emailTemplate.replace('{{verification_link}}', `${process.env.URL}/verify?token=${verificationToken}`);
sendMail(email, 'Welcome to Our Service', emailContent);
res.status(201).json({ message: 'email send' });
})
.catch(err => {
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
});
}
);
app.get('/verify', (req, res) => { app.get('/verify', (req, res) => {
const { token } = req.query; const { token } = req.query;
@ -188,45 +165,37 @@ app.get('/verify', (req, res) => {
return res.status(400).json({ message: 'Token is required' }); return res.status(400).json({ message: 'Token is required' });
} }
res.sendFile('verify.html', { root: 'public' }); res.sendFile('verify.html', { root: 'public' });
} }
); );
app.post('/api/verify', (req, res) => { app.post('/api/verify', async (req, res) => {
const { token } = req.body; const { token } = req.body;
if (!token) { if (!token) {
return res.status(400).json({ message: 'Token is required' }); return res.status(400).json({ message: 'Token is required' });
} }
db.get('SELECT * FROM verify WHERE token = ?', [token]) try {
.then(verify => { const verify = await db.get('SELECT * FROM verify WHERE token = ?', [token]);
if (!verify) {
return res.status(404).json({ message: 'Invalid or expired token' });
}
// Insert user into users table if (!verify) {
db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password]) return res.status(404).json({ message: 'Invalid or expired token' });
.then(() => { }
// Delete the verification record
db.run('DELETE FROM verify WHERE id = ?', [verify.id]) // Check if the token is still valid (24 hours)
.then(() => { if (Date.now() - new Date(verify.createdAt).getTime() > 24 * 60 * 60 * 1000) {
res.status(200).json({ message: 'Email verified successfully' }); return res.status(410).json({ message: 'Token has expired' });
}) }
.catch(err => {
console.error('Database error:', err); // Insert user into users table
res.status(500).json({ message: 'Internal server error' }); await db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password])
});
}) await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
.catch(err => { } catch (err) {
console.error('Database error:', err); console.error('Database error:', err);
res.status(500).json({ message: 'Internal server error' }); return res.status(500).json({ message: 'Internal server error' });
}); }
})
.catch(err => {
console.error('Database error:', err);
res.status(500).json({ message: 'Internal server error' });
});
} }
); );