API-9: PartyPlaner Login endpoint (#5)

Co-authored-by: Patrick Müller <patrick@mueller-patrick.tech>
Reviewed-on: #5
Co-authored-by: Patrick Müller <patrick@plutodev.de>
Co-committed-by: Patrick Müller <patrick@plutodev.de>

src/common/common.routes.config.ts

@@ -1,4 +1,5 @@
 import express from 'express';
+
 export abstract class CommonRoutesConfig {
     app: express.Application;
     name: string;
@@ -8,8 +9,10 @@ export abstract class CommonRoutesConfig {
         this.name = name;
         this.configureRoutes();
     }
+
     getName() {
         return this.name;
     }
+
     abstract configureRoutes(): express.Application;
 }

src/middleware/logger.ts

@@ -1,5 +1,5 @@
-import * as appRoot from "app-root-path";
-import * as winston from "winston";
+import * as appRoot from 'app-root-path';
+import * as winston from 'winston';
 
 const options = {
     file_info: {
@@ -34,7 +34,7 @@ const options = {
         handleExceptions: true,
         json: false,
         colorize: true
-    },
+    }
 };
 const logger: winston.Logger = winston.createLogger({
     format: winston.format.combine(
@@ -47,6 +47,6 @@ const logger: winston.Logger = winston.createLogger({
         new winston.transports.File(options.file_debug),
         new winston.transports.Console(options.console)
     ],
-    exitOnError: false, // do not exit on handled exceptions
+    exitOnError: false // do not exit on handled exceptions
 });
 export default logger;

src/models/dhbw-service/DHBWService.router.ts

@@ -3,7 +3,7 @@
  */
 import express, {Request, Response} from 'express';
 import {generalInfoRouter} from './generalInfo/GeneralInfo.router';
-import logger from "../../middleware/logger";
+import logger from '../../middleware/logger';
 
 /**
  * Router Definition
@@ -20,4 +20,4 @@ dhbwServiceRouter.get('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/dhbw-service/generalInfo/GeneralInfo.router.ts

@@ -2,7 +2,7 @@
  * Required External Modules and Interfaces
  */
 import express, {Request, Response} from 'express';
-import logger from "../../../middleware/logger";
+import logger from '../../../middleware/logger';
 
 /**
  * Router Definition
@@ -16,7 +16,7 @@ generalInfoRouter.get('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});
 
 generalInfoRouter.post('/', async (req: Request, res: Response) => {
     try {
@@ -25,4 +25,4 @@ generalInfoRouter.post('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/partyplaner/PartyPlaner.router.ts

@@ -4,7 +4,8 @@
 import express, {Request, Response} from 'express';
 import {dataRouter} from './data/Data.router';
 import {registerRouter} from './register/Register.router';
-import logger from "../../middleware/logger";
+import logger from '../../middleware/logger';
+import {loginRouter} from './login/Login.router';
 
 /**
  * Router Definition
@@ -14,6 +15,7 @@ export const partyPlanerRouter = express.Router();
 // Sub-Endpoints
 partyPlanerRouter.use('/data', dataRouter);
 partyPlanerRouter.use('/register', registerRouter);
+partyPlanerRouter.use('/login', loginRouter);
 
 partyPlanerRouter.get('/', async (req: Request, res: Response) => {
     try {
@@ -22,4 +24,4 @@ partyPlanerRouter.get('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/partyplaner/data/Data.router.ts

@@ -2,7 +2,7 @@
  * Required External Modules and Interfaces
  */
 import express, {Request, Response} from 'express';
-import logger from "../../../middleware/logger";
+import logger from '../../../middleware/logger';
 
 /**
  * Router Definition
@@ -16,7 +16,7 @@ dataRouter.get('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});
 
 dataRouter.post('/', async (req: Request, res: Response) => {
     try {
@@ -25,4 +25,4 @@ dataRouter.post('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/partyplaner/login/Login.router.ts

@@ -0,0 +1,51 @@
+/**
+ * Required External Modules and Interfaces
+ */
+import express, {Request, Response} from 'express';
+import * as UserService from '../userService/user.service';
+import logger from '../../../middleware/logger';
+
+/**
+ * Router Definition
+ */
+export const loginRouter = express.Router();
+
+loginRouter.post('/:isDevCall', async (req: Request, res: Response) => {
+    try {
+        let username: string = '';
+        let email: string = '';
+        let firstName: string = '';
+        let lastName: string = '';
+        let password: string = '';
+        let useDev: boolean = (req.params.isDevCall ?? '') === 'dev'; // TBD
+
+        // API accepts both JSON in body and HTTP parameters
+        if (req.headers['content-type'] === 'application/json') {
+            username = req.body.username;
+            email = req.body.email;
+            password = req.body.password;
+        } else if (req.headers['content-type'] === 'application/x-www-form-urlencoded') {
+            username = (req.query.username ?? '').toString();
+            email = (req.query.email ?? '').toString();
+            password = (req.query.password ?? '').toString();
+        }
+        let userIP = req.socket.remoteAddress ?? '';
+        let deviceInfo = req.headers['user-agent'] ?? '';
+
+        if ((username === '' && email === '') || password === '') {
+            res.status(400).send({
+                'status': 'WRONG_PARAMS',
+                'message': 'Missing or wrong parameters'
+            });
+            return;
+        }
+
+        // Check password and create session
+        let session = await UserService.loginUser(useDev, username, email, password, userIP, deviceInfo);
+
+        res.status(200).send(session);
+    } catch (e) {
+        logger.error('Error handling a request: ' + e.message);
+        res.status(500).send({'message': 'Internal Server Error. Try again later.'});
+    }
+});

src/models/partyplaner/register/Register.router.ts

@@ -3,7 +3,7 @@
  */
 import express, {Request, Response} from 'express';
 import * as UserService from '../userService/user.service';
-import logger from "../../../middleware/logger";
+import logger from '../../../middleware/logger';
 
 /**
  * Router Definition
@@ -65,4 +65,4 @@ registerRouter.post('/:isDevCall', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/partyplaner/userService/user.service.ts

@@ -20,6 +20,11 @@ const dev_pool = mariadb.createPool({
     connectionLimit: 5
 });
 
+/**
+ * Fetches all usernames and emails from the database and returns them in an object
+ * @param useDev If the dev or prod database should be used
+ * @return any An object with a list of usernames and emails
+ */
 export const getExistingUsernamesAndEmails = async (useDev: boolean): Promise<any> => {
     let conn;
     try {
@@ -52,7 +57,7 @@ export const getExistingUsernamesAndEmails = async (useDev: boolean): Promise<an
             conn.end();
         }
     }
-}
+};
 
 /**
  * Used in the registerUser and loginUser methods as return value
@@ -63,6 +68,17 @@ export interface Session {
     sessionKey: string;
 }
 
+/**
+ * Creates a new user and a new session
+ * @param useDev If the dev or prod database should be used
+ * @param username The username of the new user
+ * @param email The email address of the new user
+ * @param firstName The first name of the new user
+ * @param lastName The last name of the new user
+ * @param password The password of the new user
+ * @param ip The IP Address of the new user
+ * @param deviceInfo The user agent of the new user
+ */
 export const registerUser = async (useDev: boolean, username: string, email: string, firstName: string, lastName: string, password: string, ip: string, deviceInfo: string): Promise<Session> => {
     let conn;
     try {
@@ -122,7 +138,91 @@ export const registerUser = async (useDev: boolean, username: string, email: str
             conn.end();
         }
     }
-}
+};
+
+/**
+ * Checks credentials of a user and creates a new session if they are correct
+ * @param useDev If the dev or prod database should be used
+ * @param username The username of the new user
+ * @param email The email address of the new user
+ * @param password The password of the new user
+ * @param ip The IP Address of the new user
+ * @param deviceInfo The user agent of the new user
+ */
+export const loginUser = async (useDev: boolean, username: string, email: string, password: string, ip: string, deviceInfo: string): Promise<Session> => {
+    let conn;
+    try {
+        if (useDev) {
+            conn = await dev_pool.getConnection();
+        } else {
+            conn = await prod_pool.getConnection();
+        }
+
+        let query_result;
+
+        // Get the saved hash
+        if (username !== '') {
+            query_result = await conn.query('SELECT user_id, password_hash FROM users WHERE username = ?', username);
+        } else {
+            query_result = await conn.query('SELECT user_id, password_hash FROM users WHERE email = ?', email);
+        }
+
+        let passwordHash: string = '';
+        let userId: string = '';
+
+        for (let row in query_result) {
+            if (row !== 'meta') {
+                passwordHash = query_result[row].password_hash;
+                userId = query_result[row].user_id;
+            }
+        }
+
+        // Wrong password
+        if (!bcrypt.compareSync(password, passwordHash)) {
+            return {} as Session;
+        }
+
+        // Update user last login
+        await conn.query('UPDATE users SET last_login = NOW() WHERE user_id = ?', userId);
+        await conn.commit();
+
+        // Create session
+        const sessionKey = Guid.create().toString();
+        const sessionKeyHash = bcrypt.hashSync(sessionKey, 10);
+
+        let deviceType = 'unknown';
+        if (deviceInfo.includes('PartyPlaner') || deviceInfo.includes('Dart')) {
+            deviceType = 'mobile';
+        } else {
+            deviceType = 'desktop';
+        }
+
+        const sessionQuery = 'INSERT INTO sessions (user_id, session_key_hash, created_Date, last_login, valid_until, valid_days, last_ip, device_info, type) VALUES (?,?,NOW(),NOW(),DATE_ADD(NOW(), INTERVAL 365 DAY),365,?, ?, ?) RETURNING session_id';
+        const sessionIdRes = await conn.query(sessionQuery, [userId, sessionKeyHash, ip, deviceInfo, deviceType]);
+        await conn.commit();
+
+        // Get session id of the created session
+        let sessionId: number = -1;
+        for (const row in sessionIdRes) {
+            if (row !== 'meta' && sessionIdRes[row].session_id != null) {
+                sessionId = sessionIdRes[row].session_id;
+            }
+        }
+
+        return {
+            'userId': userId.toString(),
+            'sessionId': sessionId.toString(),
+            'sessionKey': sessionKey
+        };
+
+    } catch (err) {
+        throw err;
+    } finally {
+        if (conn) {
+            conn.end();
+        }
+    }
+};
 
 /**
  * Used in the checkUsernameAndEmail method as return value

src/models/twitch-highlight-marker/HighlightMarker.router.ts

@@ -3,7 +3,7 @@
  */
 import express, {Request, Response} from 'express';
 import {addHighlightRouter} from './addHighlight/AddHighlight.router';
-import logger from "../../middleware/logger";
+import logger from '../../middleware/logger';
 
 /**
  * Router Definition
@@ -19,4 +19,4 @@ highlightMarkerRouter.get('/', async (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/twitch-highlight-marker/addHighlight/AddHighlight.router.ts

@@ -3,7 +3,7 @@
  */
 import express, {Request, Response} from 'express';
 import * as AddHighlightService from './addHighlights.service';
-import logger from "../../../middleware/logger";
+import logger from '../../../middleware/logger';
 
 /**
  * Router Definition
@@ -17,7 +17,7 @@ addHighlightRouter.get('/', (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});
 
 addHighlightRouter.post('/', (req: Request, res: Response) => {
     try {
@@ -43,4 +43,4 @@ addHighlightRouter.post('/', (req: Request, res: Response) => {
         logger.error('Error handling a request: ' + e.message);
         res.status(500).send({'message': 'Internal Server Error. Try again later.'});
     }
-})
+});

src/models/twitch-highlight-marker/addHighlight/addHighlights.service.ts

@@ -11,6 +11,10 @@ const pool = mariadb.createPool({
     connectionLimit: 5
 });
 
+/**
+ * Creates a new highlight entry in SQL
+ * @param req_body The request body
+ */
 export const createHighlightEntry = async (req_body: any) => {
     let conn;
     try {
@@ -35,4 +39,4 @@ export const createHighlightEntry = async (req_body: any) => {
             conn.end();
         }
     }
-}
+};