summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--connect-better-sqlite3.js14
-rw-r--r--package.json2
-rw-r--r--server.js94
3 files changed, 58 insertions, 52 deletions
diff --git a/connect-better-sqlite3.js b/connect-better-sqlite3.js
index 6574346..1f5c9f4 100644
--- a/connect-better-sqlite3.js
+++ b/connect-better-sqlite3.js
@@ -31,15 +31,15 @@ module.exports = function (session) {
let db = new SQLite(db_path, options.mode);
db.pragma("journal_mode = WAL");
db.pragma("synchronous = OFF");
- db.exec("CREATE TABLE IF NOT EXISTS "+table+" (sid PRIMARY KEY, expires INTEGER, sess TEXT) WITHOUT ROWID");
- db.exec("DELETE FROM "+table+" WHERE "+now()+" > expires");
+ db.exec(`CREATE TABLE IF NOT EXISTS ${table} (sid PRIMARY KEY, expires INTEGER, sess TEXT) WITHOUT ROWID`);
+ db.exec(`DELETE FROM ${table} WHERE ${now()} > expires`);
db.exec("VACUUM");
db.exec("PRAGMA wal_checkpoint(TRUNCATE)");
- this.sql_destroy = db.prepare("DELETE FROM "+table+" WHERE sid = ?");
- this.sql_get = db.prepare("SELECT sess FROM "+table+" WHERE sid = ? AND ? <= expires");
- this.sql_set = db.prepare("INSERT OR REPLACE INTO "+table+" VALUES (?,?,?)");
- this.sql_touch = db.prepare("UPDATE "+table+" SET expires = ? WHERE sid = ? AND expires < ?");
+ this.sql_destroy = db.prepare(`DELETE FROM ${table} WHERE sid = ?`);
+ this.sql_get = db.prepare(`SELECT sess FROM ${table} WHERE sid = ? AND ? <= expires`).pluck();
+ this.sql_set = db.prepare(`INSERT OR REPLACE INTO ${table} VALUES (?,?,?)`);
+ this.sql_touch = db.prepare(`UPDATE ${table} SET expires = ? WHERE sid = ? AND expires < ?`);
}
destroy(sid, cb = noop) {
@@ -55,7 +55,7 @@ module.exports = function (session) {
try {
let sess = this.sql_get.get(sid, now());
if (sess)
- return cb(null, JSON.parse(sess.sess));
+ return cb(null, JSON.parse(sess));
return cb(null, null);
} catch (err) {
return cb(err, null);
diff --git a/package.json b/package.json
index 52a3190..969a103 100644
--- a/package.json
+++ b/package.json
@@ -4,8 +4,6 @@
"description": "Rally the Troops!",
"dependencies": {
"better-sqlite3": "^7.4.4",
- "connect": "^3.7.0",
- "connect-flash": "^0.1.1",
"dotenv": "^10.0.0",
"express": "^4.17.1",
"express-session": "^1.17.1",
diff --git a/server.js b/server.js
index a8682cd..7b252c1 100644
--- a/server.js
+++ b/server.js
@@ -9,7 +9,6 @@ const express_session = require('express-session');
const passport = require('passport');
const passport_local = require('passport-local');
const body_parser = require('body-parser');
-const connect_flash = require('connect-flash');
const crypto = require('crypto');
const sqlite3 = require('better-sqlite3');
const SQLiteStore = require('./connect-better-sqlite3')(express_session);
@@ -20,7 +19,7 @@ function random_seed() {
return crypto.randomInt(1, 0x7ffffffe);
}
-const SESSION_SECRET = "Caesar has a big head!";
+const SESSION_SECRET = process.env.SECRET || "Caesar has a big head!";
const MAX_OPEN_GAMES = 5;
@@ -84,7 +83,6 @@ app.set('view engine', 'pug');
app.use(body_parser.urlencoded({extended:false}));
app.use(session);
-app.use(connect_flash());
const socket_wrap = middleware => (socket, next) => middleware(socket.request, {}, next);
io.use(socket_wrap(session));
@@ -125,6 +123,18 @@ function SLOG(socket, ...msg) {
socket.title_id + "/" + socket.game_id + "/" + socket.role, ...msg);
}
+function flash(req, msg) {
+ if (req.session) {
+ if (msg === undefined) {
+ msg = req.session.flash;
+ delete req.session.flash;
+ } else {
+ req.session.flash = msg;
+ }
+ }
+ return msg;
+}
+
function human_date(time) {
var date = time ? new Date(time + " UTC") : new Date(0);
var seconds = (Date.now() - date.getTime()) / 1000;
@@ -250,15 +260,15 @@ function local_login(req, name_or_mail, password, done) {
if (!user)
user = SQL_SELECT_LOGIN_BY_MAIL.get(name_or_mail);
if (!user)
- return setTimeout(() => done(null, false, req.flash('message', "User not found.")), 1000);
+ return setTimeout(() => done(null, false, flash(req, "User not found.")), 1000);
if (is_blacklisted(user.mail))
- return setTimeout(() => done(null, false, req.flash('message', "Sorry, but this IP or account has been banned.")), 1000);
+ return setTimeout(() => done(null, false, flash(req, "Sorry, but this mail account has been banned.")), 1000);
let hash = hash_password(password, user.salt);
if (hash !== user.password)
- return setTimeout(() => done(null, false, req.flash('message', "Wrong password.")), 1000);
+ return setTimeout(() => done(null, false, flash(req, "Wrong password.")), 1000);
done(null, user);
} catch (err) {
- done(null, false, req.flash('message', err.toString()));
+ done(null, false, flash(req, err.toString()));
}
}
@@ -267,26 +277,26 @@ function local_signup(req, name, password, done) {
let mail = req.body.mail;
name = clean_user_name(name);
if (!is_valid_user_name(name))
- return done(null, false, req.flash('message', "Invalid user name!"));
+ return done(null, false, flash(req, "Invalid user name!"));
LOG(req, "POST /signup", name, mail);
if (is_blacklisted(mail))
- return setTimeout(() => done(null, false, req.flash('message', "Sorry, but this IP or account has been banned.")), 1000);
+ return setTimeout(() => done(null, false, flash(req, "Sorry, but this mail account has been banned.")), 1000);
if (password.length < 4)
- return done(null, false, req.flash('message', "Password is too short!"));
+ return done(null, false, flash(req, "Password is too short!"));
if (password.length > 100)
- return done(null, false, req.flash('message', "Password is too long!"));
+ return done(null, false, flash(req, "Password is too long!"));
if (!is_email(mail))
- return done(null, false, req.flash('message', "Invalid mail address!"));
+ return done(null, false, flash(req, "Invalid mail address!"));
if (SQL_EXISTS_USER_NAME.get(name))
- return done(null, false, req.flash('message', "That name is already taken."));
+ return done(null, false, flash(req, "That name is already taken."));
if (SQL_EXISTS_USER_MAIL.get(mail))
- return done(null, false, req.flash('message', "That mail is already taken."));
+ return done(null, false, flash(req, "That mail is already taken."));
let salt = crypto.randomBytes(32).toString('hex');
let hash = hash_password(password, salt);
let user = SQL_INSERT_USER.get(name, mail, hash, salt);
done(null, user);
} catch (err) {
- done(null, false, req.flash('message', err.toString()));
+ done(null, false, flash(req, err.toString()));
}
}
@@ -315,7 +325,7 @@ function must_be_logged_in(req, res, next) {
}
app.get('/', function (req, res) {
- res.render('index.pug', { user: req.user, titles: TITLES, flash: req.flash('message') });
+ res.render('index.pug', { user: req.user, titles: TITLES, flash: flash(req) });
});
app.get('/about', function (req, res) {
@@ -332,20 +342,19 @@ app.get('/login', function (req, res) {
if (req.user)
return res.redirect('/');
LOG(req, "GET /login");
- res.render('login.pug', { user: req.user, flash: req.flash('message') });
+ res.render('login.pug', { user: req.user, flash: flash(req) });
});
app.get('/signup', function (req, res) {
if (req.user)
return res.redirect('/');
LOG(req, "GET /signup");
- res.render('signup.pug', { user: req.user, flash: req.flash('message') });
+ res.render('signup.pug', { user: req.user, flash: flash(req) });
});
app.post('/login',
passport.authenticate('local-login', {
failureRedirect: '/login',
- failureFlash: true
}),
(req, res) => {
let redirect = req.session.redirect || '/profile';
@@ -358,13 +367,12 @@ app.post('/signup',
passport.authenticate('local-signup', {
successRedirect: '/profile',
failureRedirect: '/signup',
- failureFlash: true
})
);
app.get('/forgot-password', function (req, res) {
LOG(req, "GET /forgot-password");
- res.render('forgot_password.pug', { user: req.user, flash: req.flash('message') });
+ res.render('forgot_password.pug', { user: req.user, flash: flash(req) });
});
app.post('/forgot-password', function (req, res) {
@@ -377,29 +385,29 @@ app.post('/forgot-password', function (req, res) {
token = SQL_CREATE_TOKEN.run(user.user_id);
mail_password_reset_token(user, token);
}
- req.flash('message', "A password reset token has been sent to " + mail + ".");
+ flash(req, "A password reset token has been sent to " + mail + ".");
return res.redirect('/reset-password/' + mail);
}
- req.flash('message', "User not found.");
+ flash(req, "User not found.");
return res.redirect('/forgot-password');
});
app.get('/reset-password', function (req, res) {
LOG(req, "GET /reset-password");
- res.render('reset_password.pug', { user: null, mail: "", token: "", flash: req.flash('message') });
+ res.render('reset_password.pug', { user: null, mail: "", token: "", flash: flash(req) });
});
app.get('/reset-password/:mail', function (req, res) {
let mail = req.params.mail;
LOG(req, "GET /reset-password", mail);
- res.render('reset_password.pug', { user: null, mail: mail, token: "", flash: req.flash('message') });
+ res.render('reset_password.pug', { user: null, mail: mail, token: "", flash: flash(req) });
});
app.get('/reset-password/:mail/:token', function (req, res) {
let mail = req.params.mail;
let token = req.params.token;
LOG(req, "GET /reset-password", mail, token);
- res.render('reset_password.pug', { user: null, mail: mail, token: token, flash: req.flash('message') });
+ res.render('reset_password.pug', { user: null, mail: mail, token: token, flash: flash(req) });
});
app.post('/reset-password', function (req, res) {
@@ -409,15 +417,15 @@ app.post('/reset-password', function (req, res) {
LOG(req, "POST /reset-password", mail, token);
let user = SQL_SELECT_LOGIN_BY_MAIL.get(mail);
if (!user) {
- req.flash('message', "User not found.");
+ flash(req, "User not found.");
return res.redirect('/reset-password/'+mail+'/'+token);
}
if (password.length < 4) {
- req.flash('message', "Password is too short!");
+ flash(req, "Password is too short!");
return res.redirect('/reset-password/'+mail+'/'+token);
}
if (!SQL_VERIFY_TOKEN.get(user.user_id, token)) {
- req.flash('message', "Invalid or expired token!");
+ flash(req, "Invalid or expired token!");
return res.redirect('/reset-password/'+mail);
}
let salt = crypto.randomBytes(32).toString('hex');
@@ -428,7 +436,7 @@ app.post('/reset-password', function (req, res) {
app.get('/change-password', must_be_logged_in, function (req, res) {
LOG(req, "GET /change-password");
- res.render('change_password.pug', { user: req.user, flash: req.flash('message') });
+ res.render('change_password.pug', { user: req.user, flash: flash(req) });
});
app.post('/change-password', must_be_logged_in, function (req, res) {
@@ -438,18 +446,18 @@ app.post('/change-password', must_be_logged_in, function (req, res) {
// Get full user record including password and salt
let user = SQL_SELECT_LOGIN_BY_MAIL.get(req.user.mail);
if (newpass.length < 4) {
- req.flash('message', "Password is too short!");
+ flash(req, "Password is too short!");
return res.redirect('/change-password');
}
let oldhash = hash_password(oldpass, user.salt);
if (oldhash !== user.password) {
- req.flash('message', "Wrong password.");
+ flash(req, "Wrong password.");
return res.redirect('/change-password');
}
let salt = crypto.randomBytes(32).toString('hex');
let hash = hash_password(newpass, salt);
SQL_UPDATE_USER_PASSWORD.run(hash, salt, user.user_id);
- req.flash('message', "Your password has been updated.");
+ flash(req, "Your password has been updated.");
return res.redirect('/profile');
});
@@ -471,18 +479,18 @@ app.get('/unsubscribe', must_be_logged_in, function (req, res) {
app.get('/change-name', must_be_logged_in, function (req, res) {
LOG(req, "GET /change-name");
- res.render('change_name.pug', { user: req.user, flash: req.flash('message') });
+ res.render('change_name.pug', { user: req.user, flash: flash(req) });
});
app.post('/change-name', must_be_logged_in, function (req, res) {
let newname = clean_user_name(req.body.newname);
LOG(req, "POST /change-name", req.user, req.body, newname);
if (!is_valid_user_name(newname)) {
- req.flash('message', "Invalid user name!");
+ flash(req, "Invalid user name!");
return res.redirect('/change-name');
}
if (SQL_EXISTS_USER_NAME.get(newname)) {
- req.flash('message', "That name is already taken!");
+ flash(req, "That name is already taken!");
return res.redirect('/change-name');
}
SQL_UPDATE_USER_NAME.run(newname, req.user.user_id);
@@ -491,18 +499,18 @@ app.post('/change-name', must_be_logged_in, function (req, res) {
app.get('/change-mail', must_be_logged_in, function (req, res) {
LOG(req, "GET /change-mail");
- res.render('change_mail.pug', { user: req.user, flash: req.flash('message') });
+ res.render('change_mail.pug', { user: req.user, flash: flash(req) });
});
app.post('/change-mail', must_be_logged_in, function (req, res) {
let newmail = req.body.newmail;
LOG(req, "POST /change-mail", req.user, req.body);
if (!is_email(newmail)) {
- req.flash('message', "Invalid mail address!");
+ flash(req, "Invalid mail address!");
return res.redirect('/change-mail');
}
if (SQL_EXISTS_USER_MAIL.get(newmail)) {
- req.flash('message', "That mail address is already taken!");
+ flash(req, "That mail address is already taken!");
return res.redirect('/change-mail');
}
SQL_UPDATE_USER_MAIL.run(newmail, req.user.user_id);
@@ -1089,7 +1097,7 @@ app.get('/create/:title_id', must_be_logged_in, function (req, res) {
title: title,
scenarios: RULES[title_id].scenarios,
create_html: HTML_CREATE[title_id],
- flash: req.flash('message')
+ flash: flash(req)
});
});
@@ -1115,7 +1123,7 @@ app.post('/create/:title_id', must_be_logged_in, function (req, res) {
LOG(req, "POST /create/" + req.params.title_id, scenario, options, priv, JSON.stringify(descr));
let count = SQL_COUNT_OPEN_GAMES.get(user_id);
if (count >= MAX_OPEN_GAMES) {
- req.flash('message', "You have too many open games!");
+ flash(req, "You have too many open games!");
return res.redirect('/create/'+title_id);
}
if (!(title_id in RULES)) {
@@ -1172,7 +1180,7 @@ app.get('/rematch/:old_game_id/:role', must_be_logged_in, function (req, res) {
new_game_id = SQL_SELECT_REMATCH.get(magic);
if (new_game_id)
return join_rematch(req, res, new_game_id, role);
- req.flash('message', "Can't create or find rematch game!");
+ flash(req, "Can't create or find rematch game!");
return res.redirect('/join/'+old_game_id);
});
@@ -1233,7 +1241,7 @@ app.get('/join/:game_id', must_be_logged_in, function (req, res) {
roles: roles,
players: players,
ready: ready,
- flash: req.flash('message')
+ flash: flash(req)
});
});