first commit

2025-12-30 13:53:13 -06:00
commit f0e8d9400a
31 changed files with 12464 additions and 0 deletions
--- a/Backend/routes/auth.js
+++ b/Backend/routes/auth.js
@@ -0,0 +1,80 @@
+const express = require('express');
+const router = express.Router();
+const db = require('../db');
+const crypto = require('crypto');
+
+// Helper to generate fake salt for user privacy
+function generateFakeSalt(username) {
+    return crypto.createHmac('sha256', 'SERVER_SECRET_KEY') // In prod, use env var
+        .update(username)
+        .digest('hex');
+}
+
+router.post('/register', async (req, res) => {
+    const { username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys } = req.body;
+    try {
+        const result = await db.query(
+            `INSERT INTO users (username, client_salt, encrypted_master_key, hashed_auth_key, public_identity_key, public_signing_key, encrypted_private_keys)
+             VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING id`,
+            [username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys]
+        );
+        res.json({ success: true, userId: result.rows[0].id });
+    } catch (err) {
+        console.error(err);
+        if (err.code === '23505') { // Unique violation
+            res.status(400).json({ error: 'Username taken' });
+        } else {
+            res.status(500).json({ error: 'Server error' });
+        }
+    }
+});
+
+router.post('/login/salt', async (req, res) => {
+    const { username } = req.body;
+    try {
+        const result = await db.query('SELECT client_salt FROM users WHERE username = $1', [username]);
+        if (result.rows.length > 0) {
+            res.json({ salt: result.rows[0].client_salt });
+        } else {
+            // Return fake salt to prevent enumeration
+            res.json({ salt: generateFakeSalt(username) });
+        }
+    } catch (err) {
+        console.error(err);
+        res.status(500).json({ error: 'Server error' });
+    }
+});
+
+router.post('/login/verify', async (req, res) => {
+    const { username, dak } = req.body;
+
+    try {
+        const result = await db.query(
+            'SELECT hashed_auth_key, encrypted_master_key, encrypted_private_keys FROM users WHERE username = $1',
+            [username]
+        );
+
+        if (result.rows.length === 0) {
+            return res.status(401).json({ error: 'Invalid credentials' });
+        }
+
+        const user = result.rows[0];
+        const hashedDAK = crypto.createHash('sha256').update(dak).digest('hex');
+
+        if (hashedDAK === user.hashed_auth_key) {
+            res.json({
+                success: true,
+                userId: user.id,
+                encryptedMK: user.encrypted_master_key,
+                encryptedPrivateKeys: user.encrypted_private_keys
+            });
+        } else {
+            res.status(401).json({ error: 'Invalid credentials' });
+        }
+    } catch (err) {
+        console.error(err);
+        res.status(500).json({ error: 'Server error' });
+    }
+});
+
+module.exports = router;