initial upload

2025-05-17 16:40:38 +02:00 · 2025-05-17 16:40:38 +02:00 · 2a9bd4e81b
commit 2a9bd4e81b
parent 4c2141d89d
33 changed files with 1238 additions and 0 deletions
--- a/routes/login.mjs
+++ b/routes/login.mjs
@ -0,0 +1,78 @@
+
+import crypto from "crypto";
+
+import {
+    login,
+    getUser,
+    getUserMFA
+} from "../lib/mysql.mjs";
+
+import {
+    validateOTPCode
+} from "../lib/otp.mjs";
+
+export const get = async function(request, response) {
+    if (typeof request.session.userid != 'string') {
+        response.render(`ui/login.njk`, {
+            step: 'login'
+        });
+        return;
+    }
+    if (request.session.otpVerified != true) {
+        response.render(`ui/login.njk`, {
+            step: 'otp'
+        });
+        return;
+    }
+}
+
+export const post = async function(request, response) {
+    if (typeof request.body.username == 'string' && typeof request.body.password == 'string') {
+        let username = request.body.username;
+        let password = crypto.createHash('sha256').update(request.body.password).digest('hex')
+
+        let loginResult = await login(username, password)
+
+        if (loginResult == null) {
+            response.render(`ui/login.njk`, {
+                step: 'login',
+                error: 'login failed'
+            });
+            return;
+        }
+
+        request.session.userid = loginResult.id;
+        request.session.login = {
+            completed: false,
+            otpVerified: false
+        }
+        request.session.save();
+    
+        if (loginResult.otpsecret != '' && loginResult.yubikey != '') {
+            response.render(`ui/login.njk`, {
+                step: 'otp'
+            });
+            return;
+        } else {
+            request.session.login.completed = true;
+            response.redirect('/profile')
+        }
+    } else if (typeof request.body.otpToken == 'string') {
+        let otpToken = request.body.otpToken;
+        let userData = await getUser(request.session.userid);
+        let mfaData = await getUserMFA(request.session.userid);
+
+        let validationResult = await validateOTPCode(userData.mail, mfaData.otpsecret, otpToken);
+
+        if (validationResult != null) {
+            request.session.login.completed = true;
+            response.redirect('/profile');
+        } else {
+            request.session.destroy();
+            response.render(`ui/login.njk`, {
+                step: 'login',
+                error: 'otp failed'
+            });
+        }
+    }
+}