Add project files.

2026-05-07 06:01:44 -04:00 · 2023-05-12 17:44:41 -03:00 · 2023-05-12 17:44:41 -03:00 · 0a12c6baa0
commit 0a12c6baa0
41 changed files with 2698 additions and 0 deletions
--- a/src/routes/launcher/login.js
+++ b/src/routes/launcher/login.js
@ -0,0 +1,100 @@
+const sql = require('mssql');
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+const express = require('express');
+const router = express.Router();
+const { logger, accountLogger } = require('../../utils/logger');
+const Joi = require('joi');
+
+// Set up database connection
+const { connAccount } = require('../../utils/dbConfig');
+
+// Define the validation schema for the request body
+const schema = Joi.object({
+  account: Joi.string().required(),
+  password: Joi.string().required(),
+});
+
+router.post('/', async (req, res) => {
+  try {
+    // Validate the request body against the schema
+    const { error, value } = schema.validate(req.body);
+    if (error) {
+      return res.status(400).send(error.details[0].message);
+    }
+
+    const account = value.account;
+    const password = value.password;
+    const userIp = req.ip;
+
+    // Check the format of the account identifier
+	if (
+	  !/^[A-Za-z0-9_-]{6,50}$/.test(account) &&
+	  !/^[\w\d._%+-]+@[\w\d.-]+\.[\w]{2,}$/i.test(account)
+	) {
+	  return res.status(400).json({ Result: 'InvalidUsernameFormat' });
+	}
+
+    // Use a prepared statement to retrieve the account information
+    const pool = await connAccount;
+    const request = pool.request();
+    request.input('Identifier', sql.VarChar, account);
+    const result = await request.execute('GetAccount');
+    const row = result.recordset[0];
+
+    if (row && row.Result === 'AccountExists') {
+      const windyCode = row.WindyCode;
+      const hash = row.AccountPwd;
+
+      // Verify the password
+      const md5_password = crypto
+        .createHash('md5')
+        .update(windyCode + password)
+        .digest('hex');
+      const password_verify_result = await bcrypt.compare(
+        md5_password,
+        hash
+      );
+
+      const authRequest = pool.request();
+      authRequest.input('Identifier', sql.VarChar, account);
+      authRequest.input(
+        'password_verify_result',
+        sql.Bit,
+        password_verify_result
+      );
+      authRequest.input('LastLoginIP', sql.VarChar, userIp);
+      const authResult = await authRequest.execute('AuthenticateUser');
+      const authRow = authResult.recordset[0];
+
+      if (authRow && authRow.Result === 'LoginSuccess') {
+        accountLogger.info(
+          `[Account] Launcher Login: Account [${windyCode}] successfully logged in from [${userIp}]`
+        );
+        return res.status(200).json({
+          Result: authRow.Result,
+          Token: authRow.Token,
+          WindyCode: authRow.WindyCode,
+        });
+      } else {
+        accountLogger.info(
+          `[Account] Launcher Login: Account [${windyCode}] login failed: ${authRow.Result} `
+        );
+        return res.status(400).json({
+          Result: authRow.Result,
+        });
+      }
+    } else {
+       return res.status(400).json({ Result: 'AccountNotFound' });
+    }
+  } catch (error) {
+    logger.error(
+      '[Account] Launcher Login: Database query failed: ' + error.message
+    );
+    return res
+      .status(500)
+      .send('Database query failed: ' + error.message);
+  }
+});
+
+module.exports = router;