package.json

@@ -44,6 +44,7 @@
 		"@sveltejs/adapter-node": "^5.2.12",
 		"@tailwindcss/forms": "^0.5.10",
 		"autoprefixer": "^10.4.21",
+		"better-sqlite3": "^12.2.0",
 		"crypto": "^1.0.1",
 		"jsonwebtoken": "^9.0.2",
 		"jssha": "^3.3.1",

src/init/init_db.js

@@ -1,16 +1,13 @@
-import sqlite3 from 'sqlite3';
+import Database from 'better-sqlite3';
 import jsSHA from 'jssha';
 
-const db = new sqlite3.Database('./src/lib/data/tatort.db');
-
-db.serialize(() => {
-    // users table
+const db = new Database('./src/lib/data/tatort.db');
 
 let create_stmt = `CREATE TABLE IF NOT EXISTS users
         (id INTEGER PRIMARY KEY AUTOINCREMENT,
             name TEXT NOT NULL,
             pw TEXT NOT NULL)`;
-    db.run(create_stmt);
+db.exec(create_stmt);
 
 // check if there are any users; if not add one default admin one
 let pw = 'pass-123';
@@ -19,12 +16,13 @@ db.serialize(() => {
 let check_ins_stmt = `INSERT INTO users (name, pw) SELECT 'admin', '${hashed_pw}'
                     WHERE NOT EXISTS (SELECT * FROM users);`;
 
-    db.run(check_ins_stmt);
+db.exec(check_ins_stmt);
 
 let users_stmt = `SELECT * FROM USERS`;
-    db.each(users_stmt, (err, row) => {
-        console.log(`xxx ${row.name} + ${row.pw}`)
-    });
+const stmt = db.prepare(users_stmt);
+for (const usr of stmt.iterate()) {
+    console.log(`xxx ${usr.name} + ${usr.pw}`)
+};
 
 // cases table
 
@@ -36,7 +34,6 @@ db.serialize(() => {
             created_by INTEGER NOT NULL,
             FOREIGN KEY(created_by) REFERENCES users(id))`;
 
-    db.run(create_stmt);
-});
+db.exec(create_stmt);
 
 db.close();

src/lib/auth.ts

@@ -1,6 +1,12 @@
 import jwt from 'jsonwebtoken';
+import jsSHA from 'jssha';
+import Database from 'better-sqlite3';
+import process from 'process';
 
 import config from '$lib/config';
+// import db from '../init/init_db';
+
+let db = new Database('./src/lib/data/tatort.db');
 
 const SECRET = config.jwt.secret;
 const EXPIRES_IN = config.jwt.expiresIn;
@@ -16,14 +22,46 @@ export function decryptToken(token: string) {
 }
 
 export function authenticate(user, pass) {
-	let userData = null;
+	// let userData = null;
 
-	if (AUTH[user]) {
-		const { password, ...data } = AUTH[user];
-		if (password && password === pass) userData = data;
+	// if (AUTH[user]) {
+	// 	const { password, ...data } = AUTH[user];
+	//
+	// 	// fetch user password from db;
+	// 	db.get(get_usr_stmt, [user], (err, row) => {
+	// 		console.log(`[row] ${row.name} + ${row.pw}`);
+	// 		let stored_pw = row.pw;
+	// 		// hash user password
+	// 		let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
+	//
+	// 		console.log(`+++ ${stored_pw} || ${hashed_pw} || ${pass}`);
+	//
+	// 		if (hashed_pw && hashed_pw === stored_pw) {
+	// 			console.log(`--- SUCCESS`);
+	// 			userData = data;
+	// 		}
+	// 		if (userData == null) return null;
+	// 		console.log(`^^^ ${userData}`);
+	// 		return createToken({ id: user, ...userData });
+	// 	});
+	// }
+	//
+	// if (userData == null) return null;
+
+	let token;
+
+	// hash user password
+	let hashed_pw = new jsSHA('SHA-512', 'TEXT').update(pass).getHash('HEX');
+
+	let get_usr_stmt = 'SELECT name, pw FROM users WHERE name = ?';
+	const row = db.prepare(get_usr_stmt).get(user);
+	let stored_pw = row.pw;
+
+	console.log(`+++ ${pass} || ${stored_pw} || ${hashed_pw}`);
+
+	if (hashed_pw && hashed_pw === stored_pw) {
+		token = createToken({ id: user, admin: true });
 	}
 
-	if (userData == null) return null;
-
-	return createToken({ id: user, ...userData });
+	return token;
 }