const cors = require("cors");
const body_parser = require("body-parser");
const session = require("express-session");
+const bcrypt = require("bcrypt");
+const path = require("path");
try {
var lmno_config = require("./lmno-config.json");
Please create a file named lmno-config.json that looks as follows:
{
- "session_secret": "<this should be a long string of true-random characters>";
+ "session_secret": "<this should be a long string of true-random characters>",
+ "users": {
+ "username": "<username>",
+ "password_hash_bcrypt": "<password_hash_made_by_bcrypt>"
+ }
}
-Note: Don't use the exact text above, but instead replace the string
-with what it describes: a long string of random characters.`);
+Note: Of course, change all of <these-parts> to actual values desired.
+
+The "node lmno-passwd.js" command can help generate password hashes.`);
}
const app = express();
app.use(cors());
+app.use(body_parser.urlencoded({ extended: false }));
+app.use(body_parser.json());
app.use(session({
secret: lmno_config.session_secret,
resave: false,
next();
});
+function auth_admin(request, response, next) {
+ /* If there is no user associated with this session, redirect to the login
+ * page (and set a "next" query parameter so we can come back here).
+ */
+ if (! request.session.user) {
+ response.redirect(302, "/login?next=" + request.path);
+ return;
+ }
+
+ /* If the user is logged in but not authorized to view the page then
+ * we return that error. */
+ if (request.session.user.role !== "admin") {
+ response.status(401).send("Unauthorized");
+ return;
+ }
+ next();
+}
+
+app.get('/logout', (request, response) => {
+ request.session.user = undefined;
+
+ response.send("You are now logged out.");
+});
+
+app.get('/login', (request, response) => {
+ if (request.session.user) {
+ response.send("Welcome, " + request.session.user + ".");
+ return;
+ }
+
+ response.sendFile(path.join(__dirname, './login.html'));
+});
+
+app.post('/login', async (request, response) => {
+ const username = request.body.username;
+ const password = request.body.password;
+ const user = lmno_config.users[username];
+ if (! user) {
+ response.sendStatus(404);
+ return;
+ }
+ const match = await bcrypt.compare(password, user.password_hash_bcrypt);
+ if (! match) {
+ response.sendStatus(404);
+ return;
+ }
+ request.session.user = { username: user.username, role: user.role };
+ response.sendStatus(200);
+ return;
+});
+
+/* A stats page (only available to admin users) */
+app.get('/stats/', auth_admin, (request, response) => {
+ let active = 0;
+ let idle = 0;
+
+ for (let id in lmno.ids) {
+ if (lmno.ids[id].game.clients.length)
+ active++;
+ else
+ idle++;
+ }
+ response.send(`<html><body>Active games: ${active}.<br>
+Idle games: ${idle}</body></html>`);
+});
+
+
/* Mount sub apps. only _after_ we have done all the middleware we need. */
app.use('/empires/[a-zA-Z0-9]{4}/', empires.app);
--- /dev/null
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8"/>
+ <meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" />
+
+ <title>LMNO: Login</title>
+
+ <link rel="stylesheet" href="/reset.css" type="text/css" />
+ <link rel="stylesheet" href="/style.css" type="text/css" />
+ </head>
+ <body>
+
+ <script src="/lmno.js"></script>
+
+ <div id="page">
+
+ <div id="message-area">
+ </div>
+
+ <!-- The return false prevents the page from being reloaded -->
+ <form id="login-form" onsubmit="lmno_login(this); return false">
+ <div class="form-field large">
+ <label for="username">Username</label>
+ <input type="text" id="username" required>
+ </div>
+
+ <div class="form-field large">
+ <label for="Password">Password</label>
+ <input type="password" id="password" required>
+ </div>
+
+ <div class="form-field large">
+ <button type="submit">
+ Login
+ </button>
+ </div>
+ </form>
+
+ </div>
+ </body>
+</html>