X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=lmno.js;h=175fe6300472cd914c562d7271131d8024cf6281;hb=de78893aec1d5a4a0ae84610f2f01f78e9455f18;hp=fbef78f208a7decfd46300b094c29ce554b22515;hpb=cb2a7a1bb519b307a671dbe9310dbf95665ff63d;p=empires-server diff --git a/lmno.js b/lmno.js index fbef78f..175fe63 100644 --- a/lmno.js +++ b/lmno.js @@ -2,6 +2,9 @@ const express = require("express"); const cors = require("cors"); const body_parser = require("body-parser"); const session = require("express-session"); +const bcrypt = require("bcrypt"); +const path = require("path"); +const nunjucks = require("nunjucks"); try { var lmno_config = require("./lmno-config.json"); @@ -16,23 +19,38 @@ function config_usage() { Please create a file named lmno-config.json that looks as follows: { - "session_secret": ""; + "session_secret": "", + "users": { + "username": "", + "password_hash_bcrypt": "" + } } -Note: Don't use the exact text above, but instead replace the string -with what it describes: a long string of random characters.`); +Note: Of course, change all of to actual values desired. + +The "node lmno-passwd.js" command can help generate password hashes.`); } const app = express(); app.use(cors()); +app.use(body_parser.urlencoded({ extended: false })); +app.use(body_parser.json()); app.use(session({ secret: lmno_config.session_secret, resave: false, saveUninitialized: false })); +nunjucks.configure("templates", { + autoescape: true, + express: app +}); + /* Load each of our game mini-apps. */ -var empires = require("./empires"); +const engines = { + empires: require("./empires"), + tictactoe: require("./tictactoe") +}; class LMNO { constructor() { @@ -40,20 +58,22 @@ class LMNO { } generate_id() { - return [null,null,null,null].map(() => LMNO.letters.charAt(Math.floor(Math.random() * LMNO.letters.length))).join(''); + return Array(4).fill(null).map(() => LMNO.letters.charAt(Math.floor(Math.random() * LMNO.letters.length))).join(''); } - create_game(engine) { + create_game(engine_name) { do { var id = this.generate_id(); } while (id in this.ids); - const game = new empires.Game(); + const engine = engines[engine_name]; + + const game = new engine.Game(); this.ids[id] = { - id: id, - engine: engine, - game: game + id: id, + engine: engine.name, + game: game }; return id; @@ -121,28 +141,118 @@ app.get('/[a-zA-Z0-9]{4}', (request, response) => { }); /* LMNO middleware to lookup the game. */ -app.use('/empires/:game_id([a-zA-Z0-9]{4})', (request, response, next) => { +app.use('/:engine([^/]+)/:game_id([a-zA-Z0-9]{4})', (request, response, next) => { + const engine = request.params.engine; const game_id = request.params.game_id; const canon_id = lmno_canonize(game_id); - /* Redirect user to page with the canonical ID in it. */ - if (game_id !== canon_id) { - const new_url = request.originalUrl.replace("/empires/" + game_id, - "/empires/" + canon_id); + /* Redirect user to page with the canonical ID in it, also ensuring + * that the game ID is _always_ followed by a slash. */ + const has_slash = new RegExp(`^/${engine}/${game_id}/`); + if (game_id !== canon_id || + ! has_slash.test(request.originalUrl)) + { + const old_path = new RegExp(`/${engine}/${game_id}/?`); + const new_path = `/${engine}/${canon_id}/`; + const new_url = request.originalUrl.replace(old_path, new_path); response.redirect(301, new_url); return; } - request.game = lmno.ids[game_id].game; - if (request.game === undefined) { + /* See if there is any game with this ID. */ + const game = lmno.ids[game_id]; + if (game === undefined) { response.sendStatus(404); return; } + + /* Stash the game onto the request to be used by the game-specific code. */ + request.game = game.game; + next(); +}); + +function auth_admin(request, response, next) { + /* If there is no user associated with this session, redirect to the login + * page (and set a "next" query parameter so we can come back here). + */ + if (! request.session.user) { + response.redirect(302, "/login?next=" + request.path); + return; + } + + /* If the user is logged in but not authorized to view the page then + * we return that error. */ + if (request.session.user.role !== "admin") { + response.status(401).send("Unauthorized"); + return; + } next(); +} + +app.get('/logout', (request, response) => { + request.session.user = undefined; + request.session.destroy(); + + response.send("You are now logged out."); }); +app.get('/login', (request, response) => { + if (request.session.user) { + response.send("Welcome, " + request.session.user + "."); + return; + } + + response.render('login.html'); +}); + +app.post('/login', async (request, response) => { + const username = request.body.username; + const password = request.body.password; + const user = lmno_config.users[username]; + if (! user) { + response.sendStatus(404); + return; + } + const match = await bcrypt.compare(password, user.password_hash_bcrypt); + if (! match) { + response.sendStatus(404); + return; + } + request.session.user = { username: user.username, role: user.role }; + response.sendStatus(200); + return; +}); + +/* API to set uer profile information */ +app.put('/profile', (request, response) => { + const nickname = request.body.nickname; + if (nickname) { + request.session.nickname = nickname; + request.session.save(); + } + response.send(); +}); + +/* An admin page (only available to admin users, of course) */ +app.get('/admin/', auth_admin, (request, response) => { + let active = []; + let idle = []; + + for (let id in lmno.ids) { + if (lmno.ids[id].game.clients.length) + active.push(lmno.ids[id]); + else + idle.push(lmno.ids[id]); + } + response.render('admin.html', { test: "foobar", games: { active: active, idle: idle}}); +}); + + /* Mount sub apps. only _after_ we have done all the middleware we need. */ -app.use('/empires/[a-zA-Z0-9]{4}/', empires.app); +for (let key in engines) { + const engine = engines[key]; + app.use(`/${engine.name}/[a-zA-Z0-9]{4}/`, engine.router); +} app.listen(4000, function () { console.log('LMNO server listening on localhost:4000');