X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=lmno.js;h=61c7f5cce5eed2f4cb84c1dd75d4e779ff9888b1;hb=ee078f73ebf00c2bb769de5e7502824b37b96535;hp=65c317d05f37bb1b964781dd84b1b6d0f3b0f1ab;hpb=4d1242c9bcd831fa3333c3e9c73a08759741734c;p=lmno-server

diff --git a/lmno.js b/lmno.js
index 65c317d..61c7f5c 100644
--- a/lmno.js
+++ b/lmno.js
@@ -2,6 +2,9 @@ const express = require("express");
 const cors = require("cors");
 const body_parser = require("body-parser");
 const session = require("express-session");
+const bcrypt = require("bcrypt");
+const path = require("path");
+const nunjucks = require("nunjucks");
 
 try {
   var lmno_config = require("./lmno-config.json");
@@ -16,21 +19,33 @@ function config_usage() {
 Please create a file named lmno-config.json that looks as follows:
 
 {
-  "session_secret": "<this should be a long string of true-random characters>";
+  "session_secret": "<this should be a long string of true-random characters>",
+  "users": {
+    "username": "<username>",
+    "password_hash_bcrypt": "<password_hash_made_by_bcrypt>"
+  }
 }
 
-Note: Don't use the exact text above, but instead replace the string
-with what it describes: a long string of random characters.`);
+Note: Of course, change all of <these-parts> to actual values desired.
+
+The "node lmno-passwd.js" command can help generate password hashes.`);
 }
 
 const app = express();
 app.use(cors());
+app.use(body_parser.urlencoded({ extended: false }));
+app.use(body_parser.json());
 app.use(session({
   secret: lmno_config.session_secret,
   resave: false,
   saveUninitialized: false
 }));
 
+nunjucks.configure("templates", {
+  autoescape: true,
+  express: app
+});
+
 /* Load each of our game mini-apps. */
 var empires = require("./empires");
 
@@ -121,14 +136,15 @@ app.get('/[a-zA-Z0-9]{4}', (request, response) => {
 });
 
 /* LMNO middleware to lookup the game. */
-app.use('/empires/:game_id([a-zA-Z0-9]{4})', (request, response, next) => {
+app.use('/:engine([^/]+)/:game_id([a-zA-Z0-9]{4})', (request, response, next) => {
+  const engine = request.params.engine;
   const game_id = request.params.game_id;
   const canon_id = lmno_canonize(game_id);
 
   /* Redirect user to page with the canonical ID in it. */
   if (game_id !== canon_id) {
-    const new_url = request.originalUrl.replace("/empires/" + game_id,
-                                                "/empires/" + canon_id);
+    const new_url = request.originalUrl.replace(`/${engine}/${game_id}`,
+                                                `/${engine}/${canon_id}`);
     response.redirect(301, new_url);
     return;
   }
@@ -145,6 +161,83 @@ app.use('/empires/:game_id([a-zA-Z0-9]{4})', (request, response, next) => {
   next();
 });
 
+function auth_admin(request, response, next) {
+  /* If there is no user associated with this session, redirect to the login
+   * page (and set a "next" query parameter so we can come back here).
+   */
+  if (! request.session.user) {
+    response.redirect(302, "/login?next=" + request.path);
+    return;
+  }
+
+  /* If the user is logged in but not authorized to view the page then 
+   * we return that error. */
+  if (request.session.user.role !== "admin") {
+    response.status(401).send("Unauthorized");
+    return;
+  }
+  next();
+}
+
+app.get('/logout', (request, response) => {
+  request.session.user = undefined;
+  request.session.destroy();
+
+  response.send("You are now logged out.");
+});
+
+app.get('/login', (request, response) => {
+  if (request.session.user) {
+    response.send("Welcome, " + request.session.user + ".");
+    return;
+  }
+
+  response.render('login.html');
+});
+
+app.post('/login', async (request, response) => {
+  const username = request.body.username;
+  const password = request.body.password;
+  const user = lmno_config.users[username];
+  if (! user) {
+    response.sendStatus(404);
+    return;
+  }
+  const match = await bcrypt.compare(password, user.password_hash_bcrypt);
+  if (! match) {
+    response.sendStatus(404);
+    return;
+  }
+  request.session.user = { username: user.username, role: user.role };
+  response.sendStatus(200);
+  return;
+});
+
+/* API to set uer profile information */
+app.put('/profile', (request, response) => {
+  const nickname = request.body.nickname;
+  if (nickname) {
+    request.session.nickname = nickname;
+    request.session.save();
+  }
+  response.send();
+});
+
+/* An admin page (only available to admin users, of course) */
+app.get('/admin/', auth_admin, (request, response) => {
+  let active = [];
+  let idle = [];
+
+  for (let id in lmno.ids) {
+    if (lmno.ids[id].game.clients.length)
+      active.push(lmno.ids[id]);
+    else
+      idle.push(lmno.ids[id]);
+  }
+  response.render('admin.html', { test: "foobar", games: { active: active, idle: idle}});
+});
+
+
 /* Mount sub apps. only _after_ we have done all the middleware we need. */
 app.use('/empires/[a-zA-Z0-9]{4}/', empires.app);