96 lines
2.7 KiB
JavaScript
96 lines
2.7 KiB
JavaScript
/**
|
|
* Authentication Middleware for Weight Tracker
|
|
* Handles password protection and session management
|
|
*/
|
|
|
|
const bcrypt = require('bcryptjs');
|
|
const session = require('express-session');
|
|
const cookieParser = require('cookie-parser');
|
|
|
|
// Default session configuration
|
|
const sessionConfig = {
|
|
secret: process.env.SESSION_SECRET || 'weight-tracker-secret',
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
cookie: {
|
|
secure: process.env.COOKIE_SECURE === 'true',
|
|
httpOnly: true,
|
|
maxAge: 24 * 60 * 60 * 1000 // 24 hours
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Initialize authentication middleware
|
|
* @param {Object} app - Express app
|
|
*/
|
|
function initAuth(app) {
|
|
// Parse cookies
|
|
app.use(cookieParser());
|
|
|
|
// Session management
|
|
app.use(session(sessionConfig));
|
|
|
|
// Serve login page
|
|
app.get('/login', (req, res) => {
|
|
if (req.session.authenticated) {
|
|
return res.redirect('/');
|
|
}
|
|
res.sendFile('login.html', { root: __dirname });
|
|
});
|
|
|
|
// Handle login form submission
|
|
app.post('/auth/login', (req, res) => {
|
|
// This server-side authentication middleware (auth-middleware.js) has been deprecated.
|
|
// Authentication for data access was tied to the server-side data API, which is now removed.
|
|
// Client-side data encryption could be an alternative if data protection is required.
|
|
res.redirect('/login?error=deprecated');
|
|
});
|
|
|
|
// Logout endpoint
|
|
app.get('/auth/logout', (req, res) => {
|
|
req.session.destroy();
|
|
res.redirect('/login');
|
|
});
|
|
|
|
// Authentication check endpoint for Nginx auth_request
|
|
app.get('/auth/check', (req, res) => {
|
|
// This server-side authentication middleware (auth-middleware.js) has been deprecated.
|
|
// Authentication for data access was tied to the server-side data API, which is now removed.
|
|
// Client-side data encryption could be an alternative if data protection is required.
|
|
return res.status(401).send('Unauthorized');
|
|
});
|
|
|
|
// Authentication middleware for all other routes
|
|
app.use((req, res, next) => {
|
|
// Skip auth for login-related routes and static assets
|
|
if (req.path === '/login' ||
|
|
req.path === '/auth/login' ||
|
|
req.path === '/auth/check' ||
|
|
req.path.match(/\.(css|js|png|jpg|jpeg|gif|ico|svg)$/)) {
|
|
return next();
|
|
}
|
|
|
|
// Check if user is authenticated
|
|
if (req.session.authenticated) {
|
|
return next();
|
|
}
|
|
|
|
// Redirect to login page
|
|
res.redirect('/login');
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Generate a password hash (utility function)
|
|
* @param {string} password - Plain text password
|
|
* @returns {Promise<string>} - Hashed password
|
|
*/
|
|
function generateHash(password) {
|
|
return bcrypt.hash(password, 10);
|
|
}
|
|
|
|
module.exports = {
|
|
initAuth,
|
|
generateHash
|
|
};
|