mirror of
https://github.com/anatolykopyl/registration.git
synced 2026-03-26 12:55:25 +00:00
Switched sensetive requests to post
This commit is contained in:
@@ -9,14 +9,14 @@
|
|||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h1>Register</h1>
|
<h1>Register</h1>
|
||||||
<form action="http://localhost:3000/register" method="GET">
|
<form action="http://localhost:3000/register" method="POST">
|
||||||
<span class="input_row">Username: <input name="login" type="text"></span>
|
<span class="input_row">Username: <input name="login" type="text"></span>
|
||||||
<span class="input_row">Password: <input name="pass" type="password"></span>
|
<span class="input_row">Password: <input name="pass" type="password"></span>
|
||||||
<input type="submit" value="Register">
|
<input type="submit" value="Register">
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<h1>Login</h1>
|
<h1>Login</h1>
|
||||||
<form action="http://localhost:3000/login" method="GET">
|
<form action="http://localhost:3000/login" method="POST">
|
||||||
<span class="input_row">Username: <input name="login" type="text"></span>
|
<span class="input_row">Username: <input name="login" type="text"></span>
|
||||||
<span class="input_row">Password: <input name="pass" type="password"></span>
|
<span class="input_row">Password: <input name="pass" type="password"></span>
|
||||||
<input type="submit" value="Login">
|
<input type="submit" value="Login">
|
||||||
|
|||||||
23
server.js
23
server.js
@@ -2,12 +2,13 @@ const express = require('express')
|
|||||||
const session = require('express-session')
|
const session = require('express-session')
|
||||||
const app = express()
|
const app = express()
|
||||||
const {MongoClient} = require('mongodb')
|
const {MongoClient} = require('mongodb')
|
||||||
const MongoStore = require('connect-mongo');
|
const MongoStore = require('connect-mongo')
|
||||||
const bcrypt = require('bcrypt')
|
const bcrypt = require('bcrypt')
|
||||||
require('dotenv').config()
|
require('dotenv').config()
|
||||||
|
|
||||||
app.use(express.static("public"));
|
app.use(express.static("public"))
|
||||||
app.use(express.json())
|
app.use(express.json())
|
||||||
|
app.use(express.urlencoded({ extended: true }))
|
||||||
|
|
||||||
const client = new MongoClient(process.env.URI, { useUnifiedTopology: true })
|
const client = new MongoClient(process.env.URI, { useUnifiedTopology: true })
|
||||||
|
|
||||||
@@ -41,29 +42,29 @@ app.get('/get-users', async (_, res) => {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
app.get('/register', async (req, res) => {
|
app.post('/register', async (req, res) => {
|
||||||
const hashedPass = await bcrypt.hash(req.query.pass, 10)
|
const hashedPass = await bcrypt.hash(req.body.pass, 10)
|
||||||
try {
|
try {
|
||||||
await client.db('reg_example').collection('users').insertOne({
|
await client.db('reg_example').collection('users').insertOne({
|
||||||
login: req.query.login,
|
login: req.body.login,
|
||||||
pass: hashedPass
|
pass: hashedPass
|
||||||
})
|
})
|
||||||
req.session.loggedIn = true
|
req.session.loggedIn = true
|
||||||
res.status(201).send("Welcome aboard!")
|
res.status(201).sendFile(__dirname+'/public/personal.html')
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
console.log("Error: " + e)
|
console.log("Error: " + e)
|
||||||
res.status(500).send()
|
res.status(500).send()
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
app.get('/login', async (req, res) => {
|
app.post('/login', async (req, res) => {
|
||||||
try {
|
try {
|
||||||
const user = await client.db('reg_example').collection('users').findOne({
|
const user = await client.db('reg_example').collection('users').findOne({
|
||||||
login: req.query.login
|
login: req.body.login
|
||||||
})
|
})
|
||||||
if (user && bcrypt.compareSync(req.query.pass, user.pass)) {
|
if (user && bcrypt.compareSync(req.body.pass, user.pass)) {
|
||||||
req.session.loggedIn = true
|
req.session.loggedIn = true
|
||||||
res.status(200).send("Logged in!")
|
res.status(200).sendFile(__dirname+'/public/personal.html')
|
||||||
} else {
|
} else {
|
||||||
res.status(401).send("Invalid login credentials")
|
res.status(401).send("Invalid login credentials")
|
||||||
}
|
}
|
||||||
@@ -77,7 +78,7 @@ app.get('/logout', (req, res) => {
|
|||||||
if (req.session) {
|
if (req.session) {
|
||||||
req.session.destroy(function() {})
|
req.session.destroy(function() {})
|
||||||
}
|
}
|
||||||
res.send()
|
res.sendFile(__dirname+'/public/auth.html')
|
||||||
})
|
})
|
||||||
|
|
||||||
app.listen(3000)
|
app.listen(3000)
|
||||||
|
|||||||
Reference in New Issue
Block a user