notherbase-fs 4.1.3 → 4.2.0

package/controllers/user.js

@@ -11,6 +11,8 @@ export default class User {
 
         this.router.post("/logout", this.logout);
         this.router.post("/changePassword", this.changePassword);
+        this.router.post("/sendOTP", this.sendOneTimePassword);
+        this.router.post("/changeEmail", this.changeEmail);
         this.router.post("/register", this.register);
         this.router.post("/login", this.login);
         this.router.post("/deletePermanently", this.deletePermanently);
@@ -20,6 +22,7 @@ export default class User {
         this.router.post("/downloadData", this.downloadData);
         this.router.post("/deleteAlldata", this.deleteAlldata);
         this.router.post("/importData", this.importData);
+
     }
 
     /**
@@ -28,7 +31,7 @@ export default class User {
      * @param {Object} res An Express.js response.
      */
     logout = async (req, res) => {
-        await req.session.destroy();
+        await req.session?.destroy();
 
         success(res, "Logged out.");
     }
@@ -65,6 +68,86 @@ export default class User {
         }
     }
 
+    validatePassword = async (req, password, user) => {
+        if (password && user?.memory?.data?.otp) {
+            if (password == user.memory.data.otp.code) {
+                if (Date.now() < user.memory.data.otp.expires) {
+                    user.memory.data.otp.expires = 0;
+                    await user.commit();
+                    return "Authenticated.";
+                }
+                else return "One-time password expired.";
+            }
+            else {
+                let passResult = await bcrypt.compare(req.body.password, user.memory.data.password);
+                if (passResult) return "Authenticated.";
+                else return "Password doesn't match the username.";
+            }
+        }
+        else return "Password error.";
+    }
+
+    /**
+     * Change a user's email.
+     * @param {Object} req An Express.js request.
+     * @param {Object} res An Express.js response.
+     */
+    changeEmail = async (req, res) => {       
+        if (loginCheck(req, res)) {
+            let spirit = await req.db.Spirit.recallOne("user",  null, { username: req.session.currentUser });  
+
+            if (check(res, spirit, "User not found!") &&
+                check(res, req.body.email, "New email must be provided."))
+            {
+                let result = await this.validatePassword(req, req.body.password, spirit);
+                if (result == "Authenticated.") {
+                    let other = await req.db.Spirit.recallOne("user",  null, { email: req.body.email });
+         
+                    if (check(res, !other, "Email already in use!")) {
+                        spirit.addBackup({
+                            ...spirit.memory.data,
+                            email: req.body.email
+                        });
+                        
+                        await spirit.commit();
+                
+                        success(res, "Email changed successfully!");
+                    }
+                }
+                else fail(res, result);
+            }
+        }
+    }
+
+    /**
+     * Send a one-time password to the user's email.
+     * @param {Object} req An Express.js request.
+     * @param {Object} res An Express.js response.
+     */
+    sendOneTimePassword = async (req, res) => {
+        if (loginCheck(req, res)) {
+            let spirit = await req.db.Spirit.recallOne("user",  null, { username: req.session.currentUser });  
+
+            if (check(res, spirit, "User not found!")) {
+                let otp = Math.floor(100000 + Math.random() * 900000);
+                spirit.memory.data.otp = {
+                    code: otp,
+                    expires: Date.now() + 1000 * 60 * 15
+                }
+                
+                await spirit.commit();
+
+                await req.db.SendMail.send(spirit.memory.data.email, 'One Time Password for NotherBase', 
+                    `<h1>Your One-Time Password:<h1>
+                    <h2>${otp}<h2>
+                    <p>Visit <a href="https://www.notherbase.com/the-front/keeper">notherbase.com/the-front/keeper</a> to use your one-time password.</p>
+                    <p>This one-time password expires in 15 minutes.<p>`);
+        
+                success(res, "One-time password sent.");
+            }
+        }
+    }
+
     /**
      * Register a new user account.
      * @param {Object} req An Express.js request.
@@ -84,7 +167,13 @@ export default class User {
                     username: req.body.username, 
                     password: hash,
                     authLevels: [ "Basic" ],
-                    view: "compact"
+                    view: "compact",
+                    email: "",
+                    otp: {
+                        code: "",
+                        expires: 0
+                    },
+                    sessions: []
                 });
         
                 success(res, "Registration successful!");
@@ -99,15 +188,30 @@ export default class User {
      */
     login = async (req, res) => {
         let spirit = await req.db.Spirit.recallOne("user",  null, { username: req.body.username });
-
         if (check(res, spirit, "User not found.")) {
-            let passResult = await bcrypt.compare(req.body.password, spirit.memory.data.password);
+            spirit.memory.data = {
+                username: "", 
+                password: "",
+                authLevels: [ "Basic" ],
+                view: "compact",
+                email: "",
+                otp: {
+                    code: "",
+                    expires: 0
+                },
+                sessions: {},
+                ...spirit.memory.data
+            }
+            await spirit.commit();
             
-            if (check(res, passResult, "Password doesn't match the username.")) {
+            let result = await this.validatePassword(req, req.body.password, spirit);
+            if (result === "Authenticated.") {
                 req.session.currentUser = req.body.username;
-                
-                success(res, "Logged in.", req.body.username);
+                spirit.memory.data.sessions[req.session.id] = Date.now() + 1000 * 60 * 60 * 24 * 28; // 28 days 
+                await spirit.commit();
+                success(res, "Login successful!", req.body.username);
             }
+            else fail(res, result);
         }
     }
 

package/models/send-mail.js

@@ -7,19 +7,6 @@ const OAuth2 = google.auth.OAuth2;
 const OAuth2Client = new OAuth2(process.env.CLIENTID, process.env.CLIENTSECRET);
 OAuth2Client.setCredentials({ refresh_token: process.env.CLIENTREFRESH });
 
-
-/**
- * Sends an email with a password reset code. WIP
- * @param {String} toEmail Email address to send to.
- * @param {Number} resetToken Token to reset by.
- */
-const passwordReset = async (toEmail, resetToken) => {
-    return await send(toEmail, 'Password Reset for NotherBase', 
-        `<h1>Your One-Time Password Reset Code:<h1>
-        <h2>${resetToken}<h2>
-        <p>Visit <a href="https://www.notherbase.com/the-front/keeper">notherbase.com/the-front/keeper</a> to finish changing your password.</p>`);
-};
-
 /**
  * Sends an email. WIP
  * @param {String} toEmail Email Address to send to.
@@ -56,4 +43,4 @@ const send = async (toEmail, subject, html, name = "NotherBase") => {
     return sent;
 }
 
-export default { passwordReset, send };
+export default { send };

package/notherbase-fs.js

@@ -36,7 +36,8 @@ class NotherBaseFS {
         this.app.use(express.json({
             extended: true,
             inflate: true,
-            type: 'application/x-www-form-urlencoded'
+            type: 'application/x-www-form-urlencoded',
+            limit: '50mb'
         }));
 
         //be safe, needs to be before session
@@ -80,8 +81,8 @@ class NotherBaseFS {
         //enable cookies
         this.app.use((req, res, next) => {
             this.bases[req.hosting].session(req, res, next);
-        });       
-
+        });  
+        
         // allows us to get static files like css
         this.app.use((req, res, next) => {
             this.bases[req.hosting].static(req, res, next);
@@ -89,15 +90,32 @@ class NotherBaseFS {
         this.app.use(express.static(`${__dirname}/public`));
 
         //provide database access and etc to use in routes
-        this.app.use((req, res, next) => {
+        this.app.use(async (req, res, next) => {
             req.globals = globals;
             req.db = Models;
+            req.user = req.session?.currentUser ? await req.db.Spirit.recallOne("user", null, { username: req.session.currentUser }) : null;
             req.lock = false;
             // enables sessions only if the protocol is https and we are in production, or if we are in development
             req.sessionsEnabled = (process.env.PRODUCTION == "true" && req.secure) || process.env.PRODUCTION == "false";
             next();
         });
 
+        //destroy session if it is not authorized
+        this.app.use(async (req, res, next) => {
+            if (req.session.currentUser) {
+                if (req.user?.memory?.data?.sessions?.[req.session.id]) {
+                    if (req.user.memory.data.sessions[req.session.id] < Date.now()) {
+                        req.session.regenerate(() => {});
+                        delete req.user.memory.data.sessions[req.session.id];
+                        await req.user.memory.save();
+                    }
+                }
+                else req.session.regenerate(() => {});
+            }
+
+            next();
+        });
+
         //spirit world routes
         this.app.use("/s", this.spiritWorld.router);
         

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "notherbase-fs",
-  "version": "4.1.3",
+  "version": "4.2.0",
   "description": "Functions to help make developing for NotherBase easier.",
   "exports": "./notherbase-fs.js",
   "scripts": {

package/public/js/base.js

@@ -220,4 +220,16 @@ class Base {
         let response = await Base.commune("importData", { password, data: text });
         return response;
     }
+
+    sendOTP = async (email) => {
+        let response = await Base.commune("sendOTP");
+
+        return response;
+    }
+
+    changeEmail = async (password, email) => {
+        let response = await Base.commune("changeEmail", { password, email });
+
+        return response;
+    }
 }

package/test/the-front/check/_preprocess/saved.js

@@ -2,7 +2,7 @@ export default async (req, user, io) => {
     if (user) {
         let spirit = await req.db.Spirit.recallOne("test-save3", user.memory._id);
     
-        return spirit.memory.data.text;
+        return spirit?.memory?.data?.text;
     }
 
     return "Not Logged In";

package/test/the-front/index.ejs

@@ -25,6 +25,9 @@
 <input type="file" id="fileInput">
 <!-- password input -->
 <input type="test" id="password" placeholder="pass">
+<button onclick="sendOTP()">Get OTP</button>
+<input type="text" id="email">
+<button onclick="changeEmail()">Change Email</button>
 
 <hr>
 
@@ -99,12 +102,12 @@
     let test = new Test();
 
     let downloadData = async () => {
-        let res = base.downloadData();
+        let res = await base.downloadData();
         console.log(res.message);
     }
 
     let deleteData = async () => {
-        let res = base.deleteData($('#password').val());
+        let res = await base.deleteData($('#password').val());
         console.log(res.message);
     }
 
@@ -114,4 +117,16 @@
         let res = await base.importData(pass, file);
         console.log(res.message);
     }
+
+    let sendOTP = async () => {
+        let res = await base.sendOTP();
+        console.log(res.message);
+    }
+
+    let changeEmail = async () => {
+        let pass = $('#password').val();
+        let email = $('#email').val();
+        let res = await base.changeEmail(pass, email);
+        console.log(res.message);
+    }
 </script>