207 lines
5.4 KiB
JavaScript
207 lines
5.4 KiB
JavaScript
import bcrypt from 'bcryptjs'
|
|
import jwt from 'jsonwebtoken'
|
|
import { promises as fs } from 'fs'
|
|
import path from 'path'
|
|
import { encryptObject, decryptObject } from './encryption.js'
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'harheimertc-secret-key-change-in-production'
|
|
|
|
// Handle both dev and production paths
|
|
const getDataPath = (filename) => {
|
|
const cwd = process.cwd()
|
|
|
|
// In production (.output/server), working dir is .output
|
|
if (cwd.endsWith('.output')) {
|
|
return path.join(cwd, '../server/data', filename)
|
|
}
|
|
|
|
// In development, working dir is project root
|
|
return path.join(cwd, 'server/data', filename)
|
|
}
|
|
|
|
const USERS_FILE = getDataPath('users.json')
|
|
const SESSIONS_FILE = getDataPath('sessions.json')
|
|
|
|
// Get encryption key from environment
|
|
function getEncryptionKey() {
|
|
return process.env.ENCRYPTION_KEY || 'local_development_encryption_key_change_in_production'
|
|
}
|
|
|
|
// Check if data is encrypted by trying to parse as JSON first
|
|
function isEncrypted(data) {
|
|
try {
|
|
const parsed = JSON.parse(data.trim())
|
|
if (Array.isArray(parsed)) {
|
|
return false // Unencrypted array
|
|
}
|
|
if (typeof parsed === 'object' && parsed !== null && !parsed.encryptedData) {
|
|
return false
|
|
}
|
|
return false
|
|
} catch (e) {
|
|
// JSON parsing failed - likely encrypted base64
|
|
return true
|
|
}
|
|
}
|
|
|
|
// Read users from file (with encryption support and migration)
|
|
export async function readUsers() {
|
|
try {
|
|
const data = await fs.readFile(USERS_FILE, 'utf-8')
|
|
|
|
const encrypted = isEncrypted(data)
|
|
|
|
if (encrypted) {
|
|
const encryptionKey = getEncryptionKey()
|
|
try {
|
|
return decryptObject(data, encryptionKey)
|
|
} catch (decryptError) {
|
|
console.error('Fehler beim Entschlüsseln der Benutzerdaten:', decryptError)
|
|
try {
|
|
const plainData = JSON.parse(data)
|
|
console.warn('Entschlüsselung fehlgeschlagen, versuche als unverschlüsseltes Format zu lesen')
|
|
return plainData
|
|
} catch (parseError) {
|
|
console.error('Konnte Benutzerdaten weder entschlüsseln noch als JSON lesen')
|
|
return []
|
|
}
|
|
}
|
|
} else {
|
|
// Plain JSON - migrate to encrypted format
|
|
const users = JSON.parse(data)
|
|
console.log('Migriere unverschlüsselte Benutzerdaten zu verschlüsselter Speicherung...')
|
|
|
|
// Write back encrypted
|
|
await writeUsers(users)
|
|
|
|
return users
|
|
}
|
|
} catch (error) {
|
|
if (error.code === 'ENOENT') {
|
|
return []
|
|
}
|
|
console.error('Fehler beim Lesen der Benutzerdaten:', error)
|
|
return []
|
|
}
|
|
}
|
|
|
|
// Write users to file (always encrypted)
|
|
export async function writeUsers(users) {
|
|
try {
|
|
const encryptionKey = getEncryptionKey()
|
|
const encryptedData = encryptObject(users, encryptionKey)
|
|
await fs.writeFile(USERS_FILE, encryptedData, 'utf-8')
|
|
return true
|
|
} catch (error) {
|
|
console.error('Fehler beim Schreiben der Benutzerdaten:', error)
|
|
return false
|
|
}
|
|
}
|
|
|
|
// Read sessions from file
|
|
export async function readSessions() {
|
|
try {
|
|
const data = await fs.readFile(SESSIONS_FILE, 'utf-8')
|
|
return JSON.parse(data)
|
|
} catch (error) {
|
|
console.error('Fehler beim Lesen der Sessions:', error)
|
|
return []
|
|
}
|
|
}
|
|
|
|
// Write sessions to file
|
|
export async function writeSessions(sessions) {
|
|
try {
|
|
await fs.writeFile(SESSIONS_FILE, JSON.stringify(sessions, null, 2), 'utf-8')
|
|
return true
|
|
} catch (error) {
|
|
console.error('Fehler beim Schreiben der Sessions:', error)
|
|
return false
|
|
}
|
|
}
|
|
|
|
// Hash password
|
|
export async function hashPassword(password) {
|
|
const salt = await bcrypt.genSalt(10)
|
|
return await bcrypt.hash(password, salt)
|
|
}
|
|
|
|
// Verify password
|
|
export async function verifyPassword(password, hash) {
|
|
return await bcrypt.compare(password, hash)
|
|
}
|
|
|
|
// Generate JWT token
|
|
export function generateToken(user) {
|
|
return jwt.sign(
|
|
{
|
|
id: user.id,
|
|
email: user.email,
|
|
role: user.role
|
|
},
|
|
JWT_SECRET,
|
|
{ expiresIn: '7d' }
|
|
)
|
|
}
|
|
|
|
// Verify JWT token
|
|
export function verifyToken(token) {
|
|
try {
|
|
return jwt.verify(token, JWT_SECRET)
|
|
} catch (error) {
|
|
return null
|
|
}
|
|
}
|
|
|
|
// Get user by ID
|
|
export async function getUserById(id) {
|
|
const users = await readUsers()
|
|
return users.find(u => u.id === id)
|
|
}
|
|
|
|
// Get user by email
|
|
export async function getUserByEmail(email) {
|
|
const users = await readUsers()
|
|
return users.find(u => u.email === email)
|
|
}
|
|
|
|
// Get user from token
|
|
export async function getUserFromToken(token) {
|
|
const decoded = verifyToken(token)
|
|
if (!decoded) return null
|
|
|
|
const users = await readUsers()
|
|
return users.find(u => u.id === decoded.id)
|
|
}
|
|
|
|
// Create session
|
|
export async function createSession(userId, token) {
|
|
const sessions = await readSessions()
|
|
const session = {
|
|
id: Date.now().toString(),
|
|
userId,
|
|
token,
|
|
createdAt: new Date().toISOString(),
|
|
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString() // 7 days
|
|
}
|
|
sessions.push(session)
|
|
await writeSessions(sessions)
|
|
return session
|
|
}
|
|
|
|
// Delete session
|
|
export async function deleteSession(token) {
|
|
const sessions = await readSessions()
|
|
const filtered = sessions.filter(s => s.token !== token)
|
|
await writeSessions(filtered)
|
|
}
|
|
|
|
// Clean expired sessions
|
|
export async function cleanExpiredSessions() {
|
|
const sessions = await readSessions()
|
|
const now = new Date()
|
|
const valid = sessions.filter(s => new Date(s.expiresAt) > now)
|
|
await writeSessions(valid)
|
|
}
|
|
|