110 lines
2.7 KiB
JavaScript
110 lines
2.7 KiB
JavaScript
const express = require("express");
|
||
const router = express.Router();
|
||
const db = require("../database/database");
|
||
const bcrypt = require("bcrypt");
|
||
const crypto = require("crypto");
|
||
|
||
/* ================================
|
||
Login verarbeiten
|
||
================================ */
|
||
|
||
router.post("/", async (req, res) => {
|
||
const { username, password } = req.body;
|
||
|
||
try {
|
||
/* Server laden (für index.ejs) */
|
||
const [servers] = await db.query("SELECT * FROM servers");
|
||
|
||
/* User laden */
|
||
const [rows] = await db.query(
|
||
"SELECT * FROM accounts WHERE username = ? AND verified = 1",
|
||
[username],
|
||
);
|
||
|
||
if (rows.length === 0) {
|
||
return res.render("index", {
|
||
error: "Login fehlgeschlagen",
|
||
servers,
|
||
extraServers: [],
|
||
});
|
||
}
|
||
|
||
const user = rows[0];
|
||
|
||
/* Passwort prüfen */
|
||
const passwordMatch = await bcrypt.compare(password, user.password);
|
||
|
||
if (!passwordMatch) {
|
||
return res.render("index", {
|
||
error: "Login fehlgeschlagen",
|
||
servers,
|
||
extraServers: [],
|
||
});
|
||
}
|
||
|
||
/* ================================
|
||
Lösung 1: Session regenerieren
|
||
Alte Session wird IMMER zerstört
|
||
und eine neue erstellt – egal ob
|
||
der Spieler noch "eingeloggt" ist.
|
||
Kein Blockieren mehr.
|
||
================================ */
|
||
|
||
await new Promise((resolve, reject) => {
|
||
req.session.regenerate((err) => {
|
||
if (err) return reject(err);
|
||
resolve();
|
||
});
|
||
});
|
||
|
||
/* ================================
|
||
Session Token erstellen
|
||
================================= */
|
||
|
||
const sessionToken = crypto.randomBytes(64).toString("hex");
|
||
|
||
/* Token in DB speichern (überschreibt alten Login) */
|
||
await db.query("UPDATE accounts SET session_token = ? WHERE id = ?", [
|
||
sessionToken,
|
||
user.id,
|
||
]);
|
||
|
||
/* ================================
|
||
Session speichern
|
||
================================== */
|
||
|
||
req.session.user = {
|
||
id: user.id,
|
||
username: user.username,
|
||
token: sessionToken,
|
||
};
|
||
|
||
/* ================================
|
||
Session explizit speichern
|
||
bevor weitergeleitet wird
|
||
================================= */
|
||
|
||
await new Promise((resolve, reject) => {
|
||
req.session.save((err) => {
|
||
if (err) return reject(err);
|
||
resolve();
|
||
});
|
||
});
|
||
|
||
/* ================================
|
||
Weiterleitung
|
||
================================= */
|
||
|
||
if (!user.ingame_name) {
|
||
return res.redirect("/create-character");
|
||
}
|
||
|
||
return res.redirect("/launcher");
|
||
} catch (error) {
|
||
console.error("Login Fehler:", error);
|
||
res.status(500).send("Serverfehler beim Login");
|
||
}
|
||
});
|
||
|
||
module.exports = router;
|