Unam3dd/index.js

## index.js
const express = require('express');
const session = require('express-session');
const path = require('path');
const bodyParser = require('body-parser');

const app = express();
const port = 8989;

let id = 1

// DISABLE

app.disable('x-powered-by');

// MIDLEWARES

app.use(session({
	name: 'sid',
	secret: 'thisismysuperkey',
	cookie: {
		sameSite: 'strict', // protect to csrf
		secure: false, // only cookie on https when is true
		maxAge: 3600000,
		expires: new Date(Date.now() + 3600000),
		httpOnly: true,
	},
	saveUninitialized: true, // true le session ID ne bouge jamais meme si rien est ecris dedans
	resave: false,
}));

app.use(express.static(path.join(__dirname, '.')))
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
	extended: true
}));

// ROUTES

app.get('/already', (req, res) => {
	res.status(401).send(`<h1>You are already logged as ${req.session.user} </h1>`);
});

app.post('/login', (req, res) => {
	console.log(`POST /login - ${req.sessionID}`);

	if (req.session.authenticated) {
		res.status(301).redirect('/already');
		return ;
	}

	const { user, password } = req.body;

	if (user === 'admin' && password === 'admin') {
		req.session.authenticated = true;
		req.session._id = 0;
		req.session.user = 'admin';
		res.status(301).redirect('/');
		return ;
	}
	else if (user === 'test' && password === 'test') {
		req.session.authenticated = true;
		req.session._id = id++;
		req.session.user = user;
		res.status(301).redirect('/');
		return ;
	}

	req.session.authenticated = false;
	req.session._id = -1;
	req.session.user = '';

	res.status(401).send("<h1>You are not authorized</h1>");
});

app.get('/login', (req, res) => {

	console.log(`GET /login - ${req.sessionID}`);

	if (req.session.authenticated) {
		res.redirect('/already');
		return ;
	}

	console.log("ACCESS login page !");
	res.status(200).sendFile(__dirname + "/post.html");
})

app.get('/logout', (req, res) => {
	console.log(`GET /logout - ${req.sessionID}`);

	if (!req.session.authenticated) {
		res.status(301).redirect("/");
		return ;
	}

	req.session.authenticated = false;

	console.log(`Removing ${req.sessionID} - ${req.session.user}`);

	req.session.destroy((err) => {
		console.log(err);
	})

	// Removing client cookie
	res.clearCookie('sid');
	res.status(301).redirect('/');
});

// Routes
app.get('/', (req, res) => {
	console.log(`GET / - ${req.sessionID}`)

	if (req.session.authenticated == undefined || req.session.authenticated == false) {
		res.status(301).redirect('/login');
		return ;
	}

	if (req.session.hits)
		req.session.hits++;
	else
		req.session.hits = 1;

	res.status(200).send(`<h1>Hello ${req.session.user} you have for id ${req.session._id} and ${req.session.hits} Hits points</h1>`);
});

// Start the server
app.listen(port, () => {
  console.log(`Server is listening on port ${port}`);
});

## package.json
{
  "name": "test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "nodemon index.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "body-parser": "^1.20.2",
    "connect-redis": "^7.1.0",
    "express": "^4.18.2",
    "express-session": "^1.17.3",
    "ioredis": "^5.3.2",
    "nodemon": "^2.0.22",
    "redis": "^4.6.7"
  }
}

## post.html
<!DOCTYPE html>
<html>
	<head>
		<title>Login Page</title>
		<meta charset="utf-8">
	</head>
	<body>
		<h1>Welcome to the Login Page</h1>
		<form action="/login" method="POST">
			Username<input type="text" name="user" required/>
			Password<input type="password" name="password" required/>
			<button>submit</button>
		</form>
	</body>
</html>
	const express = require('express');
	const session = require('express-session');
	const path = require('path');
	const bodyParser = require('body-parser');

	const app = express();
	const port = 8989;

	let id = 1

	// DISABLE

	app.disable('x-powered-by');

	// MIDLEWARES

	app.use(session({
	name: 'sid',
	secret: 'thisismysuperkey',
	cookie: {
	sameSite: 'strict', // protect to csrf
	secure: false, // only cookie on https when is true
	maxAge: 3600000,
	expires: new Date(Date.now() + 3600000),
	httpOnly: true,
	},
	saveUninitialized: true, // true le session ID ne bouge jamais meme si rien est ecris dedans
	resave: false,
	}));

	app.use(express.static(path.join(__dirname, '.')))
	app.use(bodyParser.json());
	app.use(bodyParser.urlencoded({
	extended: true
	}));

	// ROUTES

	app.get('/already', (req, res) => {
	res.status(401).send(`<h1>You are already logged as ${req.session.user} </h1>`);
	});

	app.post('/login', (req, res) => {
	console.log(`POST /login - ${req.sessionID}`);

	if (req.session.authenticated) {
	res.status(301).redirect('/already');
	return ;
	}

	const { user, password } = req.body;

	if (user === 'admin' && password === 'admin') {
	req.session.authenticated = true;
	req.session._id = 0;
	req.session.user = 'admin';
	res.status(301).redirect('/');
	return ;
	}
	else if (user === 'test' && password === 'test') {
	req.session.authenticated = true;
	req.session._id = id++;
	req.session.user = user;
	res.status(301).redirect('/');
	return ;
	}

	req.session.authenticated = false;
	req.session._id = -1;
	req.session.user = '';

	res.status(401).send("<h1>You are not authorized</h1>");
	});

	app.get('/login', (req, res) => {

	console.log(`GET /login - ${req.sessionID}`);

	if (req.session.authenticated) {
	res.redirect('/already');
	return ;
	}

	console.log("ACCESS login page !");
	res.status(200).sendFile(__dirname + "/post.html");
	})

	app.get('/logout', (req, res) => {
	console.log(`GET /logout - ${req.sessionID}`);

	if (!req.session.authenticated) {
	res.status(301).redirect("/");
	return ;
	}

	req.session.authenticated = false;

	console.log(`Removing ${req.sessionID} - ${req.session.user}`);

	req.session.destroy((err) => {
	console.log(err);
	})

	// Removing client cookie
	res.clearCookie('sid');
	res.status(301).redirect('/');
	});

	// Routes
	app.get('/', (req, res) => {
	console.log(`GET / - ${req.sessionID}`)

	if (req.session.authenticated == undefined \|\| req.session.authenticated == false) {
	res.status(301).redirect('/login');
	return ;
	}

	if (req.session.hits)
	req.session.hits++;
	else
	req.session.hits = 1;

	res.status(200).send(`<h1>Hello ${req.session.user} you have for id ${req.session._id} and ${req.session.hits} Hits points</h1>`);
	});

	// Start the server
	app.listen(port, () => {
	console.log(`Server is listening on port ${port}`);
	});
	{
	"name": "test",
	"version": "1.0.0",
	"description": "",
	"main": "index.js",
	"scripts": {
	"test": "nodemon index.js"
	},
	"author": "",
	"license": "ISC",
	"dependencies": {
	"body-parser": "^1.20.2",
	"connect-redis": "^7.1.0",
	"express": "^4.18.2",
	"express-session": "^1.17.3",
	"ioredis": "^5.3.2",
	"nodemon": "^2.0.22",
	"redis": "^4.6.7"
	}
	}
	<!DOCTYPE html>
	<html>
	<head>
	<title>Login Page</title>
	<meta charset="utf-8">
	</head>
	<body>
	<h1>Welcome to the Login Page</h1>
	<form action="/login" method="POST">
	Username<input type="text" name="user" required/>
	Password<input type="password" name="password" required/>
	<button>submit</button>
	</form>
	</body>
	</html>