Type-Style · Type-Style · Mar 21, 2024 · Mar 21, 2024 · Mar 21, 2024
diff --git a/src/app.ts b/src/app.ts
@@ -9,6 +9,7 @@ import cache from './middleware/cache';
 import * as error from "./middleware/error";
 import writeRouter from '@src/controller/write';
 import readRouter from '@src/controller/read';
+import loginRouter from '@src/controller/login';
 import path from 'path';
 import logger from '@src/scripts/logger';
 import { baseRateLimiter } from './middleware/limit';
@@ -57,6 +58,7 @@ app.get('/', (req, res) => {
 
 app.use('/write', writeRouter);
 app.use('/read', readRouter);
+app.use('/login', loginRouter);
 
 // use httpdocs as static folder
 app.use('/', express.static(path.join(__dirname, 'httpdocs'), {

diff --git a/src/controller/login.ts b/src/controller/login.ts
@@ -0,0 +1,58 @@
+import express, { Request, Response, NextFunction } from 'express';
+import { create as createError } from '@src/middleware/error';
+import logger from '@src/scripts/logger';
+import { crypt, compare } from '@src/scripts/crypt';
+import { loginSlowDown, loginLimiter, baseSlowDown, baseRateLimiter } from '@src/middleware/limit';
+import { createToken } from '@src/scripts/token';
+
+const router = express.Router();
+
+router.get("/", baseSlowDown, baseRateLimiter, async function login(req: Request, res: Response) {
+  res.locals.text = "start";
+  loginLimiter(req, res, () => {
+    res.render("login-form");
+  });
+});
+
+router.post("/", loginSlowDown, async function postLogin(req: Request, res: Response, next: NextFunction) {
+  logger.log(req.body);
+  loginLimiter(req, res, async () => {
+    let validLogin = false;
+    const user = req.body.user;
+    const password = req.body.password;
+    let userFound = false;
+    if (!user || !password) {
+      return createError(res, 422, "Body does not contain all expected information", next);
+    }
+
+    // Loop through all environment variables
+    for (const key in process.env) {
+      if (!key.startsWith('USER')) { continue; }
+      if (key.substring(5) == user) {
+        userFound = true;
+        const hash = process.env[key];
+        if (hash) {
+          validLogin = await compare(password, hash);
+        }
+      }
+    }
+
+    // only allow test user in test environment
+    if (user == "TEST" && validLogin && process.env.NODE_ENV == "production") {
+      validLogin = false;
+    }
+
+    if (validLogin) {
+      const token = createToken(req, res);
+      res.json({ "token": token });
+    } else {
+      if (!userFound) {
+        await crypt(password); // If no matching user is found, perform a dummy password comparison to prevent timing attacks
+      }
+      return createError(res, 403, `invalid login credentials`, next);
+    }
+  });
+});
+
+
+export default router;
diff --git a/src/controller/read.ts b/src/controller/read.ts
@@ -2,10 +2,7 @@ import express, { Request, Response, NextFunction } from 'express';
 import * as file from '@src/scripts/file';
 import { create as createError } from '@src/middleware/error';
 import { validationResult, query } from 'express-validator';
-import jwt from 'jsonwebtoken';
-import logger from '@src/scripts/logger';
-import { crypt, compare } from '@src/scripts/crypt';
-import { loginSlowDown, loginLimiter, baseSlowDown, baseRateLimiter } from '@src/middleware/limit';
+import { isLoggedIn } from '@src/middleware/logged-in';
 
 const router = express.Router();
 
@@ -35,105 +32,6 @@ router.get('/',
     res.json({ entries });
   });
 
-router.get("/login/", baseSlowDown, baseRateLimiter, async function login(req: Request, res: Response) {
-  res.locals.text = "start";
-  loginLimiter(req, res, () => {
-    res.render("login-form");
-  });
-});
-
-router.post("/login/", loginSlowDown, async function postLogin(req: Request, res: Response, next: NextFunction) {
-  logger.log(req.body);
-  loginLimiter(req, res, async () => {
-    let validLogin = false;
-    const user = req.body.user;
-    const password = req.body.password;
-    let userFound = false;
-    if (!user || !password) {
-      return createError(res, 422, "Body does not contain all expected information", next);
-    }
-
-    // Loop through all environment variables
-    for (const key in process.env) {
-      if (!key.startsWith('USER')) { continue; }
-      if (key.substring(5) == user) {
-        userFound = true;
-        const hash = process.env[key];
-        if (hash) {
-          validLogin = await compare(password, hash);
-        }
-      }
-    }
-
-    // only allow test user in test environment
-    if (user == "TEST" && validLogin && process.env.NODE_ENV == "production") {
-      validLogin = false;
-    }
-
-    if (validLogin) {
-      const token = createToken(req, res);
-      res.json({ "token": token });
-    } else {
-      if (!userFound) {
-        await crypt(password); // If no matching user is found, perform a dummy password comparison to prevent timing attacks
-      }
-      return createError(res, 403, `invalid login credentials`, next);
-    }
-  });
-});
-
-function isLoggedIn(req: Request, res: Response, next: NextFunction) {
-  const result = validateToken(req);
-  if (!result.success) {
-    createError(res, result.status, result.message || "", next)
-  } else {
-    next();
-  }
-}
-
-function validateToken(req: Request) {
-  const key = process.env.KEYA;
-  const header = req.header('Authorization');
-  const [type, token] = header ? header.split(' ') : "";
-  let payload: string | jwt.JwtPayload = "";
-
-  // Guard; aka early return for common failures before verifying authorization
-  if (!key) { return { success: false, status: 500, message: 'Wrong Configuration' }; }
-  if (!header) { return { success: false, status: 401, message: 'No Authorization header' }; }
-  if (type !== 'Bearer' || !token) { return { success: false, status: 400, message: 'Invalid Authorization header' }; }
-
-  try {
-    payload = jwt.verify(token, key);
-  } catch (err) {
-    let message = "could not verify";
-    if (err instanceof Error) {
-      message = `${err.name} -  ${err.message}`;
-    }
-
-    return { success: false, status: 403, message: message };
-  }
-
-  // don't allow test user in production environment
-  if (typeof payload == "object" && payload.user == "TEST" && process.env.NODE_ENV == "production") {
-    return { success: false, status: 403, message: 'test user not allowed on production' };
-  }
-
-  return { success: true };
-}
 
-function createToken(req: Request, res: Response) {
-  const key = process.env.KEYA;
-  if (!key) { throw new Error('Configuration is wrong'); }
-  const today = new Date();
-  const dateString = today.toLocaleDateString("de-DE", { weekday: "short", year: 'numeric', month: 'numeric', day: 'numeric', hour: '2-digit', minute: '2-digit', second: '2-digit' });
-  const payload = {
-    date: dateString,
-    user: req.body.user
-  };
-  const token = jwt.sign(payload, key, { expiresIn: 60 * 2 });
-  res.locals.token = token;
-  logger.log(JSON.stringify(payload), true);
-  return token;
-}
 
 export default router;
diff --git a/src/middleware/logged-in.ts b/src/middleware/logged-in.ts
@@ -0,0 +1,13 @@
+import { Request, Response, NextFunction } from 'express';
+import { validateToken } from '@src/scripts/token';
+import { create as createError } from '@src/middleware/error';
+
+
+export function isLoggedIn(req: Request, res: Response, next: NextFunction) {
+  const result = validateToken(req);
+  if (!result.success) {
+    createError(res, result.status, result.message || "", next)
+  } else {
+    next();
+  }
+}
diff --git a/src/scripts/token.ts b/src/scripts/token.ts
@@ -0,0 +1,49 @@
+import jwt from 'jsonwebtoken';
+import logger from '@src/scripts/logger';
+import {Request, Response } from 'express';
+
+
+export function validateToken(req: Request) {
+  const key = process.env.KEYA;
+  const header = req.header('Authorization');
+  const [type, token] = header ? header.split(' ') : "";
+  let payload: string | jwt.JwtPayload = "";
+
+  // Guard; aka early return for common failures before verifying authorization
+  if (!key) { return { success: false, status: 500, message: 'Wrong Configuration' }; }
+  if (!header) { return { success: false, status: 401, message: 'No Authorization header' }; }
+  if (type !== 'Bearer' || !token) { return { success: false, status: 400, message: 'Invalid Authorization header' }; }
+
+  try {
+    payload = jwt.verify(token, key);
+  } catch (err) {
+    let message = "could not verify";
+    if (err instanceof Error) {
+      message = `${err.name} -  ${err.message}`;
+    }
+
+    return { success: false, status: 403, message: message };
+  }
+
+  // don't allow test user in production environment
+  if (typeof payload == "object" && payload.user == "TEST" && process.env.NODE_ENV == "production") {
+    return { success: false, status: 403, message: 'test user not allowed on production' };
+  }
+
+  return { success: true };
+}
+
+export function createToken(req: Request, res: Response) {
+  const key = process.env.KEYA;
+  if (!key) { throw new Error('Configuration is wrong'); }
+  const today = new Date();
+  const dateString = today.toLocaleDateString("de-DE", { weekday: "short", year: 'numeric', month: 'numeric', day: 'numeric', hour: '2-digit', minute: '2-digit', second: '2-digit' });
+  const payload = {
+    date: dateString,
+    user: req.body.user
+  };
+  const token = jwt.sign(payload, key, { expiresIn: 60 * 2 });
+  res.locals.token = token;
+  logger.log(JSON.stringify(payload), true);
+  return token;
+}
diff --git a/src/tests/integration.test.ts b/src/tests/integration.test.ts
@@ -249,7 +249,7 @@
    });
 
   it('test user can login', async () => {
-    const response = await axios.post('http://localhost:80/read/login', testData);
+    const response = await axios.post('http://localhost:80/login', testData);
 
     expect(response.status).toBe(200);
     expect(response.headers['content-type']).toEqual(expect.stringContaining('application/json'));

diff --git a/src/tests/login.test.ts b/src/tests/login.test.ts
@@ -16,7 +16,7 @@
     let serverStatus = {};
     let response = { data: "", status: "" };
     try {
-      response = await axios.get('http://localhost:80/read/login');
+      response = await axios.get('http://localhost:80/login');
       serverStatus = response.status;
     } catch (error) {
       console.error(error);
@@ -28,7 +28,7 @@
 
   it('server is blocking requests with large body', async () => {
     try {
-      await axios.post('http://localhost:80/read/login', userDataLarge);
+      await axios.post('http://localhost:80/login', userDataLarge);
     } catch (error) {
       const axiosError = error as AxiosError;
       if (axiosError.response) {
@@ -41,7 +41,7 @@
 
   it('invalid login verification test', async () => {
     try {
-      await axios.post('http://localhost:80/read/login', userData);
+      await axios.post('http://localhost:80/login', userData);
     } catch (error) {
       const axiosError = error as AxiosError;
       if (axiosError.response) {

diff --git a/views/login-form.ejs b/views/login-form.ejs
@@ -20,7 +20,10 @@
 			Password:
 			<input name="password" type="password" class="login__input" placeholder="Password">
 		</label>
-		<button type="submit">Submit</button>
+		<label>
+			Submit:
+			<button type="submit">Submit</button>
+		</label>
 		<textarea name="text"></textarea>
 		<input type="hidden" name="token" value="<%= locals.token %>">
 		<p>Token: <%= locals.token %></p>