Moyettes/DiscordClone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
b26a1d0b4bd73ff3b5faf761daf2af165a099436
DiscordClone/Backend/routes/auth.js

81 lines
2.8 KiB
JavaScript
Raw Blame History

const express = require('express');
const router = express.Router();
const db = require('../db');
const crypto = require('crypto');
// Helper to generate fake salt for user privacy
function generateFakeSalt(username) {
return crypto.createHmac('sha256', 'SERVER_SECRET_KEY') // In prod, use env var
.update(username)
.digest('hex');
}
router.post('/register', async (req, res) => {
const { username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys } = req.body;
try {
const result = await db.query(
`INSERT INTO users (username, client_salt, encrypted_master_key, hashed_auth_key, public_identity_key, public_signing_key, encrypted_private_keys)
VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING id`,
[username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys]
);
res.json({ success: true, userId: result.rows[0].id });
} catch (err) {
console.error(err);
if (err.code === '23505') { // Unique violation
res.status(400).json({ error: 'Username taken' });
} else {
res.status(500).json({ error: 'Server error' });
}
}
});
router.post('/login/salt', async (req, res) => {
const { username } = req.body;
try {
const result = await db.query('SELECT client_salt FROM users WHERE username = $1', [username]);
if (result.rows.length > 0) {
res.json({ salt: result.rows[0].client_salt });
} else {
// Return fake salt to prevent enumeration
res.json({ salt: generateFakeSalt(username) });
}
} catch (err) {
console.error(err);
res.status(500).json({ error: 'Server error' });
}
});
router.post('/login/verify', async (req, res) => {
const { username, dak } = req.body;
try {
const result = await db.query(
'SELECT id, hashed_auth_key, encrypted_master_key, encrypted_private_keys FROM users WHERE username = $1',
[username]
);
if (result.rows.length === 0) {
return res.status(401).json({ error: 'Invalid credentials' });
}
const user = result.rows[0];
const hashedDAK = crypto.createHash('sha256').update(dak).digest('hex');
if (hashedDAK === user.hashed_auth_key) {
res.json({
success: true,
userId: user.id,
encryptedMK: user.encrypted_master_key,
encryptedPrivateKeys: user.encrypted_private_keys
});
} else {
res.status(401).json({ error: 'Invalid credentials' });
}
} catch (err) {
console.error(err);
res.status(500).json({ error: 'Server error' });
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink