45 lines
1.8 KiB
JavaScript
45 lines
1.8 KiB
JavaScript
const express = require('express');
|
|
const db = global.db;
|
|
const router = express.Router();
|
|
|
|
const cannedErrors = {
|
|
1: 'Invalid username or password.',
|
|
2: 'Username and password are required.',
|
|
3: 'Internal server error.',
|
|
4: 'Please log in to continue.'
|
|
}
|
|
|
|
// GET /login
|
|
router.get('/', (req, res) => {
|
|
if (req.session.user) return res.redirect('/dashboard');
|
|
const err = cannedErrors[req.query.err];
|
|
res.render('login', { error: err }); // Assumes you have a 'login' view/template
|
|
});
|
|
|
|
// POST /login
|
|
router.post('/', (req, res) => {
|
|
if (req.session.user) return res.redirect('/dashboard');
|
|
const { username, password } = req.body;
|
|
//console.log(username, password)
|
|
//console.log(req.body)
|
|
if (!username || !password) return res.status(400).render('login', { error: 'Username and password are required.' });
|
|
db.query('SELECT * FROM users WHERE username = ?', [username]).then(async (user) => {
|
|
user = user[0];
|
|
//console.log(user);
|
|
//res.send("Test")
|
|
// This is the original code, commented out for debuggingw
|
|
if (!user) return res.status(401).render('login', { error: 'Invalid username or password.' });
|
|
//console.log(password, user.passwordHash);
|
|
const match = await global.comparePassword(password, user.passwordHash);
|
|
//console.log(match)
|
|
if (!match) return res.status(401).render('login', { error: 'Invalid username or password.' });
|
|
if (global.checkACL(req, 'login') == false) return res.status(403).render('error', { error: 'You do not have permission to log in.', button: {text:"Go back", action:"back"} });
|
|
req.session.user = user;;
|
|
res.redirect('/dashboard');
|
|
}).catch(err => {
|
|
global.log.error(`Database error during login: ${err.stack}`);
|
|
res.status(500).render('login', { error: 'Internal server error.' });
|
|
})
|
|
});
|
|
|
|
module.exports = router; |