From 5c03632ff4a1f491fc41faf1c85d1d8638bfea32 Mon Sep 17 00:00:00 2001 From: "hugo.pradier2" Date: Wed, 29 May 2024 14:34:39 +0200 Subject: [PATCH 1/9] verif si login pas deja present avant ajout user --- src/database.ts | 21 ++++++++++++++++++--- src/server.ts | 10 ++++++---- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/src/database.ts b/src/database.ts index 3aa61be..989483f 100644 --- a/src/database.ts +++ b/src/database.ts @@ -4,6 +4,11 @@ import sqlite3 from "sqlite3"; const dbDirectory = "./src/db"; const dbFilePath = `${dbDirectory}/database.db`; +export type error = { + errno: number; + code: string; +}; + /* Fonction pour exécuter une requête sur la base de données */ /* Fonction pour exécuter une requête de modification de la base de données (INSERT, UPDATE, DELETE) */ @@ -112,15 +117,25 @@ export function createRegisteredUserTable(db: sqlite3.Database): Promise { } /* Insérer un utilisateur dans la table registered_user */ -export function insertUser( +export async function insertUser( db: sqlite3.Database, login: string, password: string, permissions: number, -) { +): Promise { const insertUserQuery = `INSERT INTO registered_user (login, password, permissions) VALUES (?, ?, ?)`; - return runDB(db, insertUserQuery, [login, password, permissions]); + try { + await runDB(db, insertUserQuery, [login, password, permissions]); + return true; + } catch (e) { + const error = e as error; + if (error.code === "SQLITE_CONSTRAINT") { + return false; + } else { + throw e; + } + } } /* Modifier le login d'un utilisateur dans la table registered_user */ diff --git a/src/server.ts b/src/server.ts index f859d62..e4557de 100644 --- a/src/server.ts +++ b/src/server.ts @@ -41,7 +41,6 @@ await fastify.register(cors, { origin: process.env.ALLOW_ORIGIN || "*", }); fastify.register(websocket); - fastify.register(async function(fastify: Fastify) { fastify.get( "/live/:roomId", @@ -180,9 +179,12 @@ fastify.post( }, async (request, reply) => { const { login, password, permissions } = request.body; - db.insertUser(database, login, password, permissions); - reply.send({ success: true }); - }, + if (!(await db.insertUser(database, login, password, permissions))) { + reply.send({ success: false }); + } else { + reply.send({ success: true }); + } + } ); /* Route pour mettre à jour le login d'un utilisateur */ -- 2.36.3 From 2ced946d16f715c0692ec84d92a9b2997fecab31 Mon Sep 17 00:00:00 2001 From: "hugo.pradier2" Date: Fri, 31 May 2024 11:47:20 +0200 Subject: [PATCH 2/9] ajout login verif si login et password correspondent a un compte --- src/database.ts | 25 +++++++++++++++++++++++-- src/server.ts | 23 +++++++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/src/database.ts b/src/database.ts index 989483f..f33f9f6 100644 --- a/src/database.ts +++ b/src/database.ts @@ -49,9 +49,9 @@ export function getDB( db: sqlite3.Database, query: string, params: any[], -): Promise { +): Promise { return new Promise((resolve, reject) => { - db.get(query, params, (err, row: any) => { + db.get(query, params, (err, row: T) => { if (err) { reject(err); } else { @@ -138,6 +138,27 @@ export async function insertUser( } } +/* Vérifier si un utilisateur existe dans la table registered_user */ +export async function verifyUser( + db: sqlite3.Database, + login: string +): Promise { + const verifyUserQuery = `SELECT login, password FROM registered_user WHERE login = ?`; + + const res = await getDB(db, verifyUserQuery, [login]); + + if (!res) { + return null; + } else { + return res; + } +} + +export type User = { + login: string; + password: string; +}; + /* Modifier le login d'un utilisateur dans la table registered_user */ export function updateUserLogin( db: sqlite3.Database, diff --git a/src/server.ts b/src/server.ts index e4557de..cde13b7 100644 --- a/src/server.ts +++ b/src/server.ts @@ -187,6 +187,29 @@ fastify.post( } ); +/* Route pour vérifier si un utilisateur existe */ +fastify.post( + "/users/login", + { + schema: { + body: Type.Object({ + login: Type.String(), + password: Type.String(), + }), + }, + }, + async (request, reply) => { + const { login, password } = request.body; + const user = await db.verifyUser(database, login); + + if (user === null || user.password !== password) { + reply.send({ success: false }); + } else { + reply.send({ success: true }); + } + } +); + /* Route pour mettre à jour le login d'un utilisateur */ fastify.put( "/users/:id/login", -- 2.36.3 From 689d1c894435269b669f47bbb089f450bdf5722a Mon Sep 17 00:00:00 2001 From: "hugo.pradier2" Date: Tue, 11 Jun 2024 11:15:52 +0200 Subject: [PATCH 3/9] =?UTF-8?q?d=C3=A9but=20hashage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- package.json | 2 ++ src/bcrypt.ts | 18 ++++++++++++++++++ src/server.ts | 5 ++++- 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 src/bcrypt.ts diff --git a/package.json b/package.json index d2e192b..8459110 100644 --- a/package.json +++ b/package.json @@ -7,6 +7,7 @@ "start": "tsx src/server.ts" }, "devDependencies": { + "@types/bcryptjs": "^2.4.6", "@types/bun": "^1.0.4", "tsx": "^4.7.0", "typescript": "^5.3.3" @@ -19,6 +20,7 @@ "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", "dprint": "^0.46.1", + "bcryptjs": "^2.4.3", "fastify": "^4.27.0", "nanoid": "^5.0.4", "sqlite3": "^5.1.7", diff --git a/src/bcrypt.ts b/src/bcrypt.ts new file mode 100644 index 0000000..9ba20a6 --- /dev/null +++ b/src/bcrypt.ts @@ -0,0 +1,18 @@ +import * as bcrypt from "bcryptjs"; + +const saltRounds = 10; // Le nombre de tours de salage + +/* Fonction pour hasher le mot de passe */ +export async function hashPassword(password: string): Promise { + const hashedPassword = await bcrypt.hash(password, saltRounds); + return hashedPassword; +} + +/* Fonction pour vérifier le mot de passe */ +export async function comparePassword( + plainPassword: string, + hashedPassword: string +): Promise { + const isMatch = await bcrypt.compare(plainPassword, hashedPassword); + return isMatch; +} diff --git a/src/server.ts b/src/server.ts index cde13b7..c5cd60a 100644 --- a/src/server.ts +++ b/src/server.ts @@ -8,6 +8,7 @@ import { nanoid } from "nanoid"; import { allocateBuffer, getRunner } from "runner"; import { Pull, Push } from "zeromq"; import * as db from "./database"; +import { hashPassword } from "bcrypt"; const sender = new Push(); await sender.bind(`tcp://127.0.0.1:5557`); @@ -179,7 +180,9 @@ fastify.post( }, async (request, reply) => { const { login, password, permissions } = request.body; - if (!(await db.insertUser(database, login, password, permissions))) { + // Hasher le mot de passe avant de l'insérer dans la base de données (en type string) + const hashedPassword = (await hashPassword(password)) as string; + if (!(await db.insertUser(database, login, hashedPassword, permissions))) { reply.send({ success: false }); } else { reply.send({ success: true }); -- 2.36.3 From d1544f17738e436c8bdec550bb93bc3de80d5d51 Mon Sep 17 00:00:00 2001 From: bastien ollier Date: Tue, 11 Jun 2024 16:37:17 +0200 Subject: [PATCH 4/9] add hash --- package.json | 5 ++++- src/bcrypt.ts | 18 ------------------ src/database.ts | 2 +- src/server.ts | 34 +++++++++++++++++++--------------- 4 files changed, 24 insertions(+), 35 deletions(-) delete mode 100644 src/bcrypt.ts diff --git a/package.json b/package.json index 8459110..9b07611 100644 --- a/package.json +++ b/package.json @@ -4,11 +4,13 @@ "type": "module", "scripts": { "build": "tsc", - "start": "tsx src/server.ts" + "start": "tsx src/server.ts", + "fmt": "dprint fmt" }, "devDependencies": { "@types/bcryptjs": "^2.4.6", "@types/bun": "^1.0.4", + "dprint": "^0.46.2", "tsx": "^4.7.0", "typescript": "^5.3.3" }, @@ -20,6 +22,7 @@ "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", "dprint": "^0.46.1", + "bcrypt": "^5.1.1", "bcryptjs": "^2.4.3", "fastify": "^4.27.0", "nanoid": "^5.0.4", diff --git a/src/bcrypt.ts b/src/bcrypt.ts deleted file mode 100644 index 9ba20a6..0000000 --- a/src/bcrypt.ts +++ /dev/null @@ -1,18 +0,0 @@ -import * as bcrypt from "bcryptjs"; - -const saltRounds = 10; // Le nombre de tours de salage - -/* Fonction pour hasher le mot de passe */ -export async function hashPassword(password: string): Promise { - const hashedPassword = await bcrypt.hash(password, saltRounds); - return hashedPassword; -} - -/* Fonction pour vérifier le mot de passe */ -export async function comparePassword( - plainPassword: string, - hashedPassword: string -): Promise { - const isMatch = await bcrypt.compare(plainPassword, hashedPassword); - return isMatch; -} diff --git a/src/database.ts b/src/database.ts index f33f9f6..79f02d4 100644 --- a/src/database.ts +++ b/src/database.ts @@ -141,7 +141,7 @@ export async function insertUser( /* Vérifier si un utilisateur existe dans la table registered_user */ export async function verifyUser( db: sqlite3.Database, - login: string + login: string, ): Promise { const verifyUserQuery = `SELECT login, password FROM registered_user WHERE login = ?`; diff --git a/src/server.ts b/src/server.ts index c5cd60a..90f144e 100644 --- a/src/server.ts +++ b/src/server.ts @@ -3,12 +3,12 @@ import { ChangeSet, Text } from "@codemirror/state"; import cors from "@fastify/cors"; import { Type, TypeBoxTypeProvider } from "@fastify/type-provider-typebox"; import websocket, { WebSocket } from "@fastify/websocket"; +import bcrypt from "bcrypt"; import Fastify, { FastifyReply } from "fastify"; import { nanoid } from "nanoid"; import { allocateBuffer, getRunner } from "runner"; import { Pull, Push } from "zeromq"; import * as db from "./database"; -import { hashPassword } from "bcrypt"; const sender = new Push(); await sender.bind(`tcp://127.0.0.1:5557`); @@ -166,6 +166,8 @@ const database = db.openDatabase(); /* Créer les tables si elles n'existent pas */ db.createTables(database); +const salt = 10; + /* Route pour créer un utilisateur */ fastify.post( "/users", @@ -180,14 +182,18 @@ fastify.post( }, async (request, reply) => { const { login, password, permissions } = request.body; - // Hasher le mot de passe avant de l'insérer dans la base de données (en type string) - const hashedPassword = (await hashPassword(password)) as string; - if (!(await db.insertUser(database, login, hashedPassword, permissions))) { - reply.send({ success: false }); - } else { - reply.send({ success: true }); - } - } + + bcrypt.hash(password, salt, async (err, hash) => { + if (err) { + reply.send({ success: false }); + } + if (!(await db.insertUser(database, login, hash, permissions))) { + reply.send({ success: false }); + } else { + reply.send({ success: true }); + } + }); + }, ); /* Route pour vérifier si un utilisateur existe */ @@ -205,12 +211,10 @@ fastify.post( const { login, password } = request.body; const user = await db.verifyUser(database, login); - if (user === null || user.password !== password) { - reply.send({ success: false }); - } else { - reply.send({ success: true }); - } - } + bcrypt.compare(password, user!.password) + .then(res => reply.send({ sucess: res })) + .catch(err => reply.send({ sucess: false })); + }, ); /* Route pour mettre à jour le login d'un utilisateur */ -- 2.36.3 From 4ab0407bb897f27169a27e533abe12f6268d42d8 Mon Sep 17 00:00:00 2001 From: bastien ollier Date: Tue, 11 Jun 2024 17:31:06 +0200 Subject: [PATCH 5/9] debut jwt auth --- package.json | 3 +++ src/server.ts | 19 ++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 9b07611..6c57406 100644 --- a/package.json +++ b/package.json @@ -18,13 +18,16 @@ "@codemirror/collab": "^6.1.1", "@codemirror/state": "^6.4.1", "@fastify/cors": "^9.0.0", + "@fastify/jwt": "^5.0.0", "@fastify/type-provider-typebox": "^4.0.0", "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", "dprint": "^0.46.1", + "@types/bcrypt": "^5.0.2", "bcrypt": "^5.1.1", "bcryptjs": "^2.4.3", "fastify": "^4.27.0", + "fastify-jwt": "^4.2.0", "nanoid": "^5.0.4", "sqlite3": "^5.1.7", "zeromq": "6.0.0-beta.19" diff --git a/src/server.ts b/src/server.ts index 90f144e..f57826f 100644 --- a/src/server.ts +++ b/src/server.ts @@ -5,6 +5,7 @@ import { Type, TypeBoxTypeProvider } from "@fastify/type-provider-typebox"; import websocket, { WebSocket } from "@fastify/websocket"; import bcrypt from "bcrypt"; import Fastify, { FastifyReply } from "fastify"; +import fastifyJwt from "@fastify/jwt"; import { nanoid } from "nanoid"; import { allocateBuffer, getRunner } from "runner"; import { Pull, Push } from "zeromq"; @@ -166,6 +167,11 @@ const database = db.openDatabase(); /* Créer les tables si elles n'existent pas */ db.createTables(database); +fastify.register(fastifyJwt, { + secret: 'supersecret' // Utilisez une clé secrète sécurisée en production +}); + + const salt = 10; /* Route pour créer un utilisateur */ @@ -190,7 +196,7 @@ fastify.post( if (!(await db.insertUser(database, login, hash, permissions))) { reply.send({ success: false }); } else { - reply.send({ success: true }); + return reply.send({ success: true }); } }); }, @@ -210,6 +216,17 @@ fastify.post( async (request, reply) => { const { login, password } = request.body; const user = await db.verifyUser(database, login); + if (!user) { + return reply.code(401).send({ error: 'Invalid username or password' }); + } + + const isPasswordValid = await bcrypt.compare(password, user.password); + if(isPasswordValid){ + const token = fastify.jwt.sign({ login }); + reply.send({ token: token }); + } else { + reply.code(401).send({ error: 'Invalid username or password' }); + } bcrypt.compare(password, user!.password) .then(res => reply.send({ sucess: res })) -- 2.36.3 From d7fc1e80627f644dd712489f3ae254be2b19badd Mon Sep 17 00:00:00 2001 From: "hugo.pradier2" Date: Sat, 15 Jun 2024 16:45:39 +0200 Subject: [PATCH 6/9] ajout de jwt fonctionnel --- package.json | 2 +- src/server.ts | 84 +++++++++++++++++++++++---------------------------- 2 files changed, 38 insertions(+), 48 deletions(-) diff --git a/package.json b/package.json index 6c57406..4da5fa9 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "@codemirror/collab": "^6.1.1", "@codemirror/state": "^6.4.1", "@fastify/cors": "^9.0.0", - "@fastify/jwt": "^5.0.0", + "@fastify/jwt": "^5.0.1", "@fastify/type-provider-typebox": "^4.0.0", "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", diff --git a/src/server.ts b/src/server.ts index f57826f..8a3692f 100644 --- a/src/server.ts +++ b/src/server.ts @@ -1,15 +1,14 @@ -import { rebaseUpdates, Update } from "@codemirror/collab"; -import { ChangeSet, Text } from "@codemirror/state"; import cors from "@fastify/cors"; -import { Type, TypeBoxTypeProvider } from "@fastify/type-provider-typebox"; import websocket, { WebSocket } from "@fastify/websocket"; -import bcrypt from "bcrypt"; +import { Type, TypeBoxTypeProvider } from "@fastify/type-provider-typebox"; import Fastify, { FastifyReply } from "fastify"; -import fastifyJwt from "@fastify/jwt"; import { nanoid } from "nanoid"; import { allocateBuffer, getRunner } from "runner"; import { Pull, Push } from "zeromq"; +import { ChangeSet, Text } from "@codemirror/state"; +import { Update, rebaseUpdates } from "@codemirror/collab"; import * as db from "./database"; +import bcrypt from "bcrypt"; const sender = new Push(); await sender.bind(`tcp://127.0.0.1:5557`); @@ -167,13 +166,6 @@ const database = db.openDatabase(); /* Créer les tables si elles n'existent pas */ db.createTables(database); -fastify.register(fastifyJwt, { - secret: 'supersecret' // Utilisez une clé secrète sécurisée en production -}); - - -const salt = 10; - /* Route pour créer un utilisateur */ fastify.post( "/users", @@ -189,17 +181,16 @@ fastify.post( async (request, reply) => { const { login, password, permissions } = request.body; - bcrypt.hash(password, salt, async (err, hash) => { - if (err) { - reply.send({ success: false }); - } - if (!(await db.insertUser(database, login, hash, permissions))) { - reply.send({ success: false }); - } else { - return reply.send({ success: true }); - } - }); - }, + // Hashage du mot de passe + const saltRounds = 10; + const hashedPassword = await bcrypt.hash(password, saltRounds); + + if (!(await db.insertUser(database, login, hashedPassword, permissions))) { + reply.send({ success: false }); + } else { + reply.send({ success: true }); + } + } ); /* Route pour vérifier si un utilisateur existe */ @@ -216,16 +207,11 @@ fastify.post( async (request, reply) => { const { login, password } = request.body; const user = await db.verifyUser(database, login); - if (!user) { - return reply.code(401).send({ error: 'Invalid username or password' }); - } - const isPasswordValid = await bcrypt.compare(password, user.password); - if(isPasswordValid){ - const token = fastify.jwt.sign({ login }); - reply.send({ token: token }); + if (user === null || !(await bcrypt.compare(password, user.password))) { + reply.send({ success: false }); } else { - reply.code(401).send({ error: 'Invalid username or password' }); + reply.send({ success: true }); } bcrypt.compare(password, user!.password) @@ -254,7 +240,7 @@ fastify.put( const { newLogin } = request.body; db.updateUserLogin(database, id, newLogin); reply.send({ success: true }); - }, + } ); /* Route pour mettre à jour le mot de passe d'un utilisateur */ @@ -275,9 +261,13 @@ fastify.put( async (request, reply) => { const { id } = request.params; const { newPassword } = request.body; - db.updateUserPassword(database, id, newPassword); + + const saltRounds = 10; + const hashedPassword = await bcrypt.hash(newPassword, saltRounds); + + await db.updateUserPassword(database, id, hashedPassword); reply.send({ success: true }); - }, + } ); /* Route pour mettre à jour les permissions d'un utilisateur */ @@ -300,7 +290,7 @@ fastify.put( const { newPermissions } = request.body; await db.updateUserPermissions(database, id, newPermissions); reply.send({ success: true }); - }, + } ); /* Route pour supprimer un utilisateur par son ID */ @@ -319,7 +309,7 @@ fastify.delete( const { id } = request.params; await db.deleteUserById(database, id); reply.send({ success: true }); - }, + } ); /* Route pour supprimer un utilisateur par son login */ @@ -336,7 +326,7 @@ fastify.delete( const { login } = request.params; await db.deleteUserByLogin(database, login); reply.send({ success: true }); - }, + } ); /* Route pour supprimer tous les utilisateurs */ @@ -367,7 +357,7 @@ fastify.get( const { id } = request.params; const user = await db.selectUserById(database, id); reply.send(user); - }, + } ); /* Route pour récupérer un utilisateur par son login */ @@ -384,7 +374,7 @@ fastify.get( const { login } = request.params; const user = await db.selectUserByLogin(database, login); reply.send(user); - }, + } ); /* Route pour créer un language */ @@ -402,7 +392,7 @@ fastify.post( const { designation, version } = request.body; db.insertLanguage(database, designation, version); reply.send({ success: true }); - }, + } ); /* Route pour mettre à jour la désignation d'un language */ @@ -425,7 +415,7 @@ fastify.put( const { newDesignation } = request.body; db.updateLanguageDesignation(database, id, newDesignation); reply.send({ success: true }); - }, + } ); /* Route pour mettre à jour la version d'un language */ @@ -448,7 +438,7 @@ fastify.put( const { newVersion } = request.body; db.updateLanguageVersion(database, id, newVersion); reply.send({ success: true }); - }, + } ); /* Route pour supprimer un language */ @@ -467,7 +457,7 @@ fastify.delete( const { id } = request.params; db.deleteLanguage(database, id); reply.send({ success: true }); - }, + } ); /* Route pour supprimer tous les languages */ @@ -492,7 +482,7 @@ fastify.get( const { id } = request.params; const language = await db.selectLanguageById(database, id); reply.send(language); - }, + } ); /* Route pour récupérer tous les languages */ @@ -518,7 +508,7 @@ fastify.post( const { id_user, link, id_language, code } = request.body; db.insertWork(database, link, id_user, id_language, code); reply.send({ success: true }); - }, + } ); /* Route pour récupérer tous les works */ @@ -549,7 +539,7 @@ fastify.delete( const { id } = request.params; db.deleteWork(database, id); reply.send({ success: true }); - }, + } ); /* Route pour récupérer un work par son ID */ @@ -568,7 +558,7 @@ fastify.get( const { id } = request.params; const work = await db.selectWorkById(database, id); reply.send(work); - }, + } ); /* Forward output est une fonction asynchrone qui permet de récupérer les messages envoyés par le container et de les renvoyer au client */ -- 2.36.3 From f95011f3afd823c63568039046252b8c38ee1f24 Mon Sep 17 00:00:00 2001 From: "hugo.pradier2" Date: Mon, 17 Jun 2024 10:30:32 +0200 Subject: [PATCH 7/9] debut session --- package.json | 4 ++-- src/server.ts | 42 ++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 4da5fa9..5d734f5 100644 --- a/package.json +++ b/package.json @@ -17,8 +17,9 @@ "dependencies": { "@codemirror/collab": "^6.1.1", "@codemirror/state": "^6.4.1", + "@fastify/cookie": "^9.3.1", "@fastify/cors": "^9.0.0", - "@fastify/jwt": "^5.0.1", + "@fastify/session": "^10.9.0", "@fastify/type-provider-typebox": "^4.0.0", "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", @@ -27,7 +28,6 @@ "bcrypt": "^5.1.1", "bcryptjs": "^2.4.3", "fastify": "^4.27.0", - "fastify-jwt": "^4.2.0", "nanoid": "^5.0.4", "sqlite3": "^5.1.7", "zeromq": "6.0.0-beta.19" diff --git a/src/server.ts b/src/server.ts index 8a3692f..9d4feba 100644 --- a/src/server.ts +++ b/src/server.ts @@ -9,6 +9,8 @@ import { ChangeSet, Text } from "@codemirror/state"; import { Update, rebaseUpdates } from "@codemirror/collab"; import * as db from "./database"; import bcrypt from "bcrypt"; +import { fastifySession } from "@fastify/session"; +import { fastifyCookie } from "@fastify/cookie"; const sender = new Push(); await sender.bind(`tcp://127.0.0.1:5557`); @@ -40,7 +42,27 @@ const fastify = Fastify({ type Fastify = typeof fastify; await fastify.register(cors, { origin: process.env.ALLOW_ORIGIN || "*", + credentials: true, + methods: ["GET", "POST", "PUT", "DELETE"], }); +fastify.register(fastifyCookie); +fastify.register(fastifySession, { + secret: "8jYuS75JZuxb6C72nDtH2cY6hnV4B7i35r5c39gQ3h9G9DApAweBsQ47dU9DGpk5", + cookie: { + secure: false, + sameSite: "none", + partitioned: true, + }, + saveUninitialized: false, + cookieName: "session-id", +}); + +declare module "fastify" { + interface Session { + userKey: string | null; + } +} + fastify.register(websocket); fastify.register(async function(fastify: Fastify) { fastify.get( @@ -211,6 +233,8 @@ fastify.post( if (user === null || !(await bcrypt.compare(password, user.password))) { reply.send({ success: false }); } else { + request.session.userKey = generateId(); + console.log(request.session.userKey); reply.send({ success: true }); } @@ -220,6 +244,13 @@ fastify.post( }, ); +/* Route pour se déconnecter */ +fastify.post("/users/logout", async (request, reply) => { + console.log(request.session.userKey); + request.session.destroy(); + reply.send({ success: true }); +}); + /* Route pour mettre à jour le login d'un utilisateur */ fastify.put( "/users/:id/login", @@ -337,6 +368,10 @@ fastify.delete("/users", async (request, reply) => { /* Route pour récupérer tous les utilisateurs */ fastify.get("/users", async (request, reply) => { + console.log(request.session.userKey); + + console.log(request.session.userKey); + const users = await db.selectAllUsers(database); reply.send(users); }); @@ -355,8 +390,11 @@ fastify.get( }, async (request, reply) => { const { id } = request.params; - const user = await db.selectUserById(database, id); - reply.send(user); + console.log(request.session.userKey); + if (request.session.userKey) { + const user = await db.selectUserById(database, id); + reply.send(user); + } } ); -- 2.36.3 From 7177638d9927a3ed9c9bf13e520cefbb5813736f Mon Sep 17 00:00:00 2001 From: "hugo.pradier2" Date: Sun, 16 Jun 2024 11:57:44 +0200 Subject: [PATCH 8/9] correctifs --- package.json | 4 +--- src/server.ts | 12 +++++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 5d734f5..aeba755 100644 --- a/package.json +++ b/package.json @@ -8,8 +8,8 @@ "fmt": "dprint fmt" }, "devDependencies": { - "@types/bcryptjs": "^2.4.6", "@types/bun": "^1.0.4", + "@types/bcrypt": "^5.0.2", "dprint": "^0.46.2", "tsx": "^4.7.0", "typescript": "^5.3.3" @@ -24,9 +24,7 @@ "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", "dprint": "^0.46.1", - "@types/bcrypt": "^5.0.2", "bcrypt": "^5.1.1", - "bcryptjs": "^2.4.3", "fastify": "^4.27.0", "nanoid": "^5.0.4", "sqlite3": "^5.1.7", diff --git a/src/server.ts b/src/server.ts index 9d4feba..30445f2 100644 --- a/src/server.ts +++ b/src/server.ts @@ -207,11 +207,13 @@ fastify.post( const saltRounds = 10; const hashedPassword = await bcrypt.hash(password, saltRounds); - if (!(await db.insertUser(database, login, hashedPassword, permissions))) { - reply.send({ success: false }); - } else { - reply.send({ success: true }); - } + const success = await db.insertUser( + database, + login, + hashedPassword, + permissions + ); + reply.send({ success }); } ); -- 2.36.3 From 15e29bdb569a86f2e5182e504dfed8785302b536 Mon Sep 17 00:00:00 2001 From: clfreville2 Date: Mon, 17 Jun 2024 12:48:03 +0200 Subject: [PATCH 9/9] Remove the cookie secure flag --- package.json | 1 + src/server.ts | 8 +------- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index aeba755..717f1d0 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "fmt": "dprint fmt" }, "devDependencies": { + "@types/bcrypt": "^5.0.2", "@types/bun": "^1.0.4", "@types/bcrypt": "^5.0.2", "dprint": "^0.46.2", diff --git a/src/server.ts b/src/server.ts index 30445f2..394d538 100644 --- a/src/server.ts +++ b/src/server.ts @@ -236,7 +236,6 @@ fastify.post( reply.send({ success: false }); } else { request.session.userKey = generateId(); - console.log(request.session.userKey); reply.send({ success: true }); } @@ -247,7 +246,7 @@ fastify.post( ); /* Route pour se déconnecter */ -fastify.post("/users/logout", async (request, reply) => { +fastify.get("/users/logout", async (request, reply) => { console.log(request.session.userKey); request.session.destroy(); reply.send({ success: true }); @@ -370,10 +369,6 @@ fastify.delete("/users", async (request, reply) => { /* Route pour récupérer tous les utilisateurs */ fastify.get("/users", async (request, reply) => { - console.log(request.session.userKey); - - console.log(request.session.userKey); - const users = await db.selectAllUsers(database); reply.send(users); }); @@ -392,7 +387,6 @@ fastify.get( }, async (request, reply) => { const { id } = request.params; - console.log(request.session.userKey); if (request.session.userKey) { const user = await db.selectUserById(database, id); reply.send(user); -- 2.36.3