Add login/logout middleware

lib/www/server/api/index.js

@@ -40,6 +40,7 @@ app.use((req, res, next) => {
 
 app.use(cookieParser());
 app.use(mw.auth.jwt);
+app.use(mw.auth.authentify);
 // app.use(mw.auth.access({path: {allow:["^/login", "^/user$"]}}));
 
 // Adds arbitrary information to the request object
@@ -165,7 +166,7 @@ app.map({
 		'gis/:featuretype(line|point)': {
 			get: [ mw.gis.navdata.get ]
 		}
-	}
+	},
 //
 // 	'/user': {
 // 		get: [ mw.user.get ],
@@ -177,12 +178,13 @@ app.map({
 // // 		delete: [ mw.user.delete ]
 // 	},
 //
-// 	'/login': {
+	'/login': {
-// 		post: [ mw.user.login ]
+		post: [ mw.user.login ]
-// 	},
+	},
-// 	'/logout': {
+	'/logout': {
-// 		post: [ mw.user.logout ]
+		get: [ mw.user.logout ],
-// 	}
+		post: [ mw.user.logout ]
+	}
 });
 
 // Generic error handler. Stops stack dumps

lib/www/server/api/middleware/user/index.js

@@ -0,0 +1,3 @@
+
+exports.login = require('./login');
+exports.logout = require('./logout');

lib/www/server/api/middleware/user/login.js

@@ -0,0 +1,28 @@
+const crypto = require('crypto');
+const cfg = require('../../../lib/config');
+const jwt = require('../../../lib/jwt');
+
+async function login (req, res, next) {
+	if (req.body) {
+		const {user, password} = req.body;
+		if (user && password) {
+			const hash = crypto
+				.pbkdf2Sync(password, 'Dougal'+user, 10712, 48, 'sha512')
+				.toString('base64');
+			for (const credentials of cfg.global.login.user) {
+				if (credentials.name == user && credentials.hash == hash) {
+					const payload = Object.assign({}, credentials);
+					delete payload.hash;
+					jwt.issue(payload, req, res);
+					res.status(204).send();
+					next();
+					return;
+				}
+			}
+			next({status: 401, message: "Unauthorised"});
+		}
+	}
+	next({status: 400, message: "Bad request"});
+}
+
+module.exports = login;

lib/www/server/api/middleware/user/logout.js

@@ -0,0 +1,8 @@
+
+async function logout (req, res, next) {
+	res.clearCookie("JWT");
+	res.status(204).send();
+	next();
+}
+
+module.exports = logout;