Skip to content
Snippets Groups Projects
Select Git revision
  • 2c28f08593f53c9c40ddbfab2e1ae5df9771ce6b
  • master default protected
2 results

hyperdrive-rest.js

Blame
  • Forked from Développement Web Avancé / 2019_TP2
    Source project has a limited visibility.
    hyperdrive-rest.js 6.06 KiB
    const CryptoJS = require("crypto-js")
    
    const express = require('express')
    const app = express()
    const port = 8080
    const sql = require('./sql-request');
    
    
    ///// JWT part /////
    
    var valid_tokens = [];
    
    String.prototype.hashCode = function() {
        var hash = 0, i, chr;
        if (this.length === 0) return hash;
        for (i = 0; i < this.length; i++) {
          chr   = this.charCodeAt(i);
          hash  = ((hash << 5) - hash) + chr;
          hash |= 0; // Convert to 32bit integer
        }
        return hash;
    };
    
    function tob64(elem){
        return Buffer.from(elem.toString()).toString('base64').slice(0, -2);
    }
    
    function Header(typ, alg){
        this.typ = typ;
        this.alg = alg;
    
        this.toString = function(){ return "{" + this.typ + "," + this.alg + "}"};
    }
    
    function Payload(user, pass_enc){
        this.user = user;
        this.pass_enc = pass_enc;
    
        this.toString = function(){ return "{" + this.user + "," + this.pass_enc + "}"};
    }
    
    function Signature(token){
        const secret = "our super hyperdrive secret";
        return CryptoJS.HmacSHA512(token, secret);
    }
    
    function JWT(pl_user, pl_pass){
        this.header = new Header("jwt", "HS512");
        this.payload = new Payload(pl_user, pl_pass.hashCode());
        token = tob64(this.header) + "." + tob64(this.payload);
        signature = new Signature("token");
        this.signedToken = token + "." + signature;
    }
    
    
    function add_token(token) {
    
        if (valid_tokens.indexOf(token) === -1) {
            valid_tokens.push(token.toString());
        }
        else {
            console.log("Unable to add token to valid_tokens. (token already present)");
        }
        
    }
    
    function remove_token(token) {
    
        if (valid_tokens.indexOf(token) != -1) {
            var index = valid_tokens.indexOf(token);
            valid_tokens.splice(index, 1);
        }
        else {
            console.log("Unable to remove token from valid_tokens. (Token not present)");
        }
    
    }
    
    function verify_token(token) {
        return (valid_tokens.indexOf(token) !== -1);
    }
    
    
    ///// End JWT part /////
    
    
    app.get('/', (req, res) => {
        res.sendFile(__dirname + '/front/index.html');
    });
    
    /* Login
     * param : pseudo
     * param : password
     */
    // resCode : [ 0: User now logged in, 1: False password, 2: Invalid username, 3: Empty user or pass ]
    app.get('/login', (req, res) => {
    
        const user = req.query['user'];
        const pass = req.query['pass'];
        userObject = sql.userExist(user, pass);
    
        if (!user || !pass) {
            res.send({
                "route": "/login",
                "resCode": 4,
                "comment": "Please enter a username and a password."
            })
        }
        else{
    
            // mock for a SQL query
            users = {
                "noe": { "pass_enc": "my_pass".hashCode() },
                "nicolas" : { "pass_enc": "your_pass".hashCode() } 
            }
            /*
            More like this : 
                    {
                        login: "a",
                        passwd: "test"
                    }
            */
    
            if (user in users){
                if (users[user].pass_enc == pass.hashCode()) {
    
                    jwt = new JWT(user, pass);
    
                    res.send({
                        "route": "/login",
                        "resCode": 0,
                        "signedToken": jwt.signedToken,
                        "comment": `Password for user '${ user }' true.`
                    })
    
                    add_token(jwt.signedToken);
    
                }
                else {
                    res.send({
                        "route": "/login",
                        "resCode": 1,
                        "comment": `Password for user '${ user }' false.`
                    })
                }
            }
            else {
                res.send({
                    "route": "/login",
                    "resCode": 2,
                    "comment": `Username '${ user }' don't exist.`
                })
            }
    
        }
    
    
    })
    
    
    // resCode : [ 0: Token is valid, 1: Token is not valid, 3: Empty token ]
    app.get('/testmytoken', (req, res) => {
    
        token = req.query['token'];
    
        if (!token) {
            res.send({
                "resCode": 3,
                "comment": "Please enter a token."
            })
        }
        
        if (verify_token(token)){
            res.send({
                "resCode": 0,
                "comment": "Your token is valid."
            })
        }
        else {
            res.send({
                "resCode": 1,
                "comment": "Your token is not valid."
            })
        }
    
    })
    
    // resCode : [ 0: Logout ok, 1: Already logged out, 3: Empty token ]
    app.get('/logout/', (req, res) => {
    
        token = req.query['token'];
    
        if (!token) {
            res.send({
                "resCode": 3,
                "comment": "Please enter a token."
            })
        }
    
        else {
            if (verify_token(token)){
                remove_token(token);
                res.send({
                    "resCode": 0,
                    "comment": "Your are now logged out."
                })
            }
            else {
                res.send({
                    "resCode": 1,
                    "comment": "Your are already logged out."
                })
            }
        }
        
    
    })
    
    /**
     * Request register
     * param : pseudo
     * param : password
     */
    app.get('/register/', (req, res) => {
        sql.addUser(req.query['login'], req.query['pass']);
        res.send(`Request for a register (${req.query['login']}, ${req.query['pass']})`);
    })
    
    /**
     * Request to share a file with a user
     * param : file_id
     * param : user1
     * param : user2
     * user1 share a file_id with user2
     */
    app.get('/share/:file_id', (req, res) => {
        res.send(`Request for a file sharing (id: ${req.params['file_id']})`)
    })
    
    /**
     * Request to upload a file
     */
    app.get('/upload/', (req, res) => {
        res.send(`Request for an upload (${req.query['file']})`)
    })
    
    app.get('/download/:file_id', (req, res) => {
        res.send(`Request for a download (${req.params['file_id']})`)
    })
    
    /**
     * This function return the content of a new path
     * param 
     */
    app.get('/change-path*', (req, res) => {
    
        content = sql.changeDirectory('a', req.params['0'],
        (content) => {
            res.send(content);
        });
        // res.send(`Request for a change path (${req.params['0']})`)
    })
    
    app.get('/create-path*', (req, res) => {
        res.send(`Request for a create path (${req.params['0']})`)
    })
    
    app.use(express.static('front'));
    app.listen(port, () => console.log(`Hyperdrive listening on port ${port}!`))