diff --git a/index.js b/index.js index fde2ad8..41a96fc 100644 --- a/index.js +++ b/index.js @@ -129,6 +129,7 @@ app.get('/BankF', ensureAuthenticated, async function(req, res){ } let logsent let logrec + console.log('start '+Date.now()) try{ logsent = await got.post(process.env.BANKAPIURL+'BankF/'+req.session.user+'/log',{ json:{ @@ -149,15 +150,16 @@ app.get('/BankF', ensureAuthenticated, async function(req, res){ } catch(e) { console.log(e) } - + console.log(logrec.timings) + console.log("query finished "+Date.now()) logsent = logsent.body.value - if(logsent == 1 || logsent == -1){ + if(logsent == 1 || logsent == -1 || logrec == null){ logsent = undefined }else{ logsent = logsent.filter(({ from }) => from === req.session.user) } logrec = logrec.body.value - if(logrec == 1 || logrec == -1){ + if(logrec == 1 || logrec == -1 || logrec == null){ logrec = undefined } else{ logrec = logrec.filter(({ to }) => to === req.session.user) @@ -168,6 +170,7 @@ app.get('/BankF', ensureAuthenticated, async function(req, res){ for( i in logsent){ logsent[i].time = Date(logsent[i].time) } + console.log("begin render " + Date.now()) res.render('bankf',{ logrec:logrec, logsent:logsent, @@ -211,6 +214,7 @@ app.post('/sendfunds', async function(req, res){ let logsent let logrec + try{ logsent = await got.post(process.env.BANKAPIURL+'BankF/'+req.session.user+'/log',{ json:{ @@ -233,28 +237,25 @@ app.post('/sendfunds', async function(req, res){ } logsent = logsent.body.value - if(logsent == 1){ + console.log(logsent) + if(logsent == 1|| logrec == -1 || logrec == null){ logsent = undefined - }else if (logsent == -1){ - logsent = undefined - } else{ - logsent = logsent.filter(({ from }) => from === req.session.user) + }else{ + logsent = await logsent.filter(({ from }) => from === req.session.user) } logrec = logrec.body.value - if(logrec == 1 || logrec == -1){ + if(logrec == 1 || logrec == -1 || logrec == null){ logrec = undefined } else{ - logrec = logrec.filter(({ to }) => to === req.session.user) + logrec = await logrec.filter(({ to }) => to === req.session.user) } for( i in logrec){ let d = new Date(logrec[i].time) logrec[i].time = d - console.log(logrec[i].time) } for( i in logsent){ let d = new Date(logsent[i].time) logsent[i].time = d - console.log(logsent[i].time) } res.render("bankf",{ @@ -324,41 +325,47 @@ app.post('/login', async function(req, res){ } catch(err){ console.log(err) } - req.session.admin = adminTest.body.value - req.session.adminp = password - let verified - try{ - verified = await got.post(process.env.BANKAPIURL+'BankF/vpass', { - json:{ - name: name, - attempt: password - }, - responseType:'json' + if(adminTest.body.value == undefined){ + res.redirect('/') + }else{ + req.session.admin = adminTest.body.value + req.session.adminp = password + let verified + try{ + verified = await got.post(process.env.BANKAPIURL+'BankF/vpass', { + json:{ + name: name, + attempt: password + }, + responseType:'json' - }) - - - } catch(err){ - console.log(err) - } finally { - console.log(verified.body.value) - if(verified.body.value == 0){ - errors.push({msg: 'Password wrong'}) - res.render('login',{ - errors:errors - }) - }else if(verified.body.value == 1){ - req.session.user = name; - req.session.password = password - res.redirect('/BankF') - } else { - errors.push({msg: 'User not found'}) - res.render('login',{ - errors:errors }) + + + } catch(err){ + console.log(err) + } finally { + console.log(verified.body.value) + if(verified.body.value == 0){ + errors.push({msg: 'Password wrong'}) + res.render('login',{ + errors:errors + }) + }else if(verified.body.value == 1){ + req.session.user = name; + req.session.password = password + res.redirect('/BankF') + } else { + errors.push({msg: 'User not found'}) + res.render('login',{ + errors:errors + }) + } } + } + //res.redirect('/login') }) diff --git a/public/CCashLogo3.png b/public/CCashLogo3.png new file mode 100644 index 0000000..2c8f7f5 Binary files /dev/null and b/public/CCashLogo3.png differ diff --git a/routes/admin.js b/routes/admin.js index 7e9d447..1fb355b 100644 --- a/routes/admin.js +++ b/routes/admin.js @@ -9,7 +9,10 @@ const expressValidator = require('express-validator'); const session = require('express-session'); const {postUser} = require('../helpers/functions.js') const got = require('got') +const MemoryStore = require('memorystore')(session) console.log('Sen was here') + + router.get('/', checkAdmin, function(req, res){ res.render('adminsettings', { user: req.session.user, @@ -151,6 +154,36 @@ router.post('/userdelete', checkAdmin, async function(req,res){ errors: errors, }) }) +router.post('/destroyallsessions', checkAdmin, async function(req,res) { + let {attempt} = req.body; + let adminTest + let errors = [] + try{ + adminTest = await got.post(process.env.BANKAPIURL+'BankF/admin/vpass',{ + json:{ + attempt: attempt, + }, + responseType:'json' + }) + } catch(err){ + console.log(err) + } + console.log(adminTest.body.value) + if(adminTest){ + req.sessionStore.clear(function(err){ + console.log(err) + }) + res.redirect('/') + }else{ + errors.push({msg: "failed admin password check"}) + res.render("adminsettings",{ + user: req.session.user, + admin: req.session.admin, + errors: errors, + }) + } + +}) router.post('/close', checkAdmin, async function(req,res){ let {attempt} = req.body; let close; diff --git a/views/adminsettings.pug b/views/adminsettings.pug index fda251a..9d77978 100644 --- a/views/adminsettings.pug +++ b/views/adminsettings.pug @@ -57,6 +57,16 @@ block content br input.btn.btn-primary(type='submit',value='Submit') br + .card.shadow-lg + h4 Destroy All Sessions + form(method='POST', action='/admin/destroyallsessions') + #form-group + p WARNING THIS WILL DESTROY ALL LOGIN SESSIONS, EVERYONE WILL HAVE TO LOG IN AGAIN + label Confirm admin password to DESTROY + input.form-control(name='attempt', type='password') + br + input.btn.btn-danger(type='submit',value='Destroy') + br .card.shadow-lg h4 Close Server form(method='POST', action='/admin/close') diff --git a/views/layout.pug b/views/layout.pug index 443724b..654731e 100644 --- a/views/layout.pug +++ b/views/layout.pug @@ -2,7 +2,6 @@ doctype html html head title CCashBank - link(href="https://fonts.googleapis.com/css2?family=Josefin+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;1,100;1,200;1,300;1,400;1,500;1,600;1,700&display=swap" rel="stylesheet") link(rel="stylesheet", href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css", integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z", crossorigin="anonymous") link(rel="preconnect" href="https://fonts.gstatic.com") link(href="https://fonts.googleapis.com/css2?family=Lato&family=Montserrat&display=swap" rel="stylesheet") @@ -12,7 +11,7 @@ html nav.navbar.navbar-expand-lg.navbar-light.navbarrr.shadow-lg .container a.navbar-brand(href='/') - img(src="../CCashLogo2.png" style="width:75px") + img(src="../CCashLogo3.png" style="width:75px; height:74px") button.navbar-toggler(type='button', data-toggle='collapse', data-target='#navbars', aria-controls='navbars', aria-expanded='false', aria-label='Toggle navigation') span.navbar-toggler-icon #navbars.collapse.navbar-collapse