adminflsu/PengLogin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PengLogin/index.js
florian b8c05105fa change code db and add env variable
2025-06-14 12:27:14 +02:00

205 lines
5.9 KiB
JavaScript
Raw Blame History

import express from 'express';
import sqlite3 from 'sqlite3';
import { open } from 'sqlite';
import bcrypt from 'bcrypt';
import nodemailer from 'nodemailer';
import dotenv from 'dotenv';
import fs, { stat } from 'fs';
import { verify } from 'crypto';
dotenv.config();
const transporter = nodemailer.createTransport({
host: process.env.SMTP_HOST,
port: process.env.SMTP_PORT,
secure: process.env.SMTP_SECURE === 'true', // false for 587, true for 465
auth: {
user: process.env.EMAIL_USER,
pass: process.env.EMAIL_PASS,
},
});
function sendMail(to, subject, html) {
const mailOptions = {
from: process.env.EMAIL_USER,
to: to,
subject: subject,
html: html
};
return transporter.sendMail(mailOptions)
.then(() => console.log('Email sent successfully'))
.catch(error => console.error('Error sending email:', error));
}
const db = await open({
filename: './db/database.db',
driver: sqlite3.Database
});
function initializeDatabase() {
db.exec(`
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL UNIQUE,
email TEXT NOT NULL UNIQUE,
password TEXT NOT NULL,
historyToDefault INTEGER DEFAULT 0
);
`);
db.exec(`
CREATE TABLE IF NOT EXISTS verify (
id INTEGER PRIMARY KEY,
token TEXT NOT NULL UNIQUE,
username TEXT NOT NULL UNIQUE,
email TEXT NOT NULL UNIQUE,
password TEXT NOT NULL,
createdAt DATETIME DEFAULT CURRENT_TIMESTAMP
);
`);
}
initializeDatabase();
const app = express();
const port = 20909;
app.use(express.json());
app.use(express.static('public'));
app.get('/login', (req, res) => {
res.sendFile('index.html', { root: 'public' });
}
);
app.get('/register', (req, res) => {
res.sendFile('register.html', { root: 'public' });
}
);
app.get('/', (req, res) => {
// redirect to login page
res.redirect('/login');
}
);
app.post('/api/login', async (req, res) => {
const { username, password } = req.body;
if (!username || !password) {
return res.status(400).json({ message: 'Username and password are required' });
}
try {
const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username]);
if (!user) {
return res.status(401).json({ message: 'Invalid username or password' });
}
// Check password (replace with real password check logic)
const isPasswordValid = bcrypt.compareSync(password, user.password);
if (!isPasswordValid) {
return res.status(401).json({ message: 'Invalid username or password' });
}
res.status(200).json({ message: 'Login successful' });
} catch (err) {
console.error('Database error:', err);
res.status(500).json({ message: 'Internal server error' });
}
}
);
app.post('/api/register', async (req, res) => {
const { username, email, password } = req.body;
if (!username || !email || !password) {
return res.status(400).json({ message: 'Username, email, and password are required' });
}
const hashedPassword = bcrypt.hashSync(password, 10);
try {
// Check if user already exists in users table
const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email]);
if (user) {
return res.status(409).json({ message: 'Username or email already exists' });
}
// Check if user is already in verify table
const verify = await db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email]);
if (verify) {
// If token is still valid
if (Date.now() - new Date(verify.createdAt).getTime() < 24 * 60 * 60 * 1000) {
return res.status(409).json({ message: 'Verification already sent, please check your email' });
} else {
// If token is expired, delete it
await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
}
}
// Insert new verification token
const verificationToken = Math.random().toString(36).substring(2, 15);
await db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword]);
// read the email template
const emailTemplate = fs.readFileSync('mailFile/mail.html', 'utf8');
const emailContent = emailTemplate.replace('{{verification_link}}', `${process.env.URL}/verify?token=${verificationToken}`);
sendMail(email, 'Welcome to Our Service', emailContent);
return res.status(201).json({ message: 'email send' });
} catch (err) {
await db.run('DELETE FROM verify WHERE username = ? OR email = ?', [username, email]);
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
}
});
app.get('/verify', (req, res) => {
const { token } = req.query;
if (!token) {
return res.status(400).json({ message: 'Token is required' });
}
res.sendFile('verify.html', { root: 'public' });
}
);
app.post('/api/verify', async (req, res) => {
const { token } = req.body;
if (!token) {
return res.status(400).json({ message: 'Token is required' });
}
try {
const verify = await db.get('SELECT * FROM verify WHERE token = ?', [token]);
if (!verify) {
return res.status(404).json({ message: 'Invalid or expired token' });
}
// Check if the token is still valid (24 hours)
if (Date.now() - new Date(verify.createdAt).getTime() > 24 * 60 * 60 * 1000) {
return res.status(410).json({ message: 'Token has expired' });
}
// Insert user into users table
await db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password])
await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
} catch (err) {
console.error('Database error:', err);
return res.status(500).json({ message: 'Internal server error' });
}
}
);
app.listen(port, "127.0.0.1", () => {
console.log(`Server is running on localhost:${port}`);
}
);
Reference in New Issue View Git Blame Copy Permalink