Implement session-based authentication and add logout functionality

Fix #15

middleware/auth.js

@@ -1,15 +1,10 @@
 const basicAuth = require('basic-auth');
 
 const auth = (req, res, next) => {
-    const user = basicAuth(req);
+    if (req.session && req.session.user) {
-    const username = process.env.AUTH_USERNAME; // Use environment variables
-    const password = process.env.AUTH_PASSWORD; // Use environment variables
-
-    if (user && user.name === username && user.pass === password) {
         return next();
     } else {
-        res.set('WWW-Authenticate', 'Basic realm="401"');
+        res.status(401).send('Authentication required.');
-        return res.status(401).send('Authentication required.');
     }
 };
 

package-lock.json

@@ -14,6 +14,7 @@
         "debug": "^4.4.0",
         "dotenv": "^16.4.7",
         "express": "^4.21.2",
+        "express-session": "^1.18.1",
         "fs": "^0.0.1-security"
       }
     },
@@ -308,6 +309,50 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express-session": {
+      "version": "1.18.1",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.1.tgz",
+      "integrity": "sha512-a5mtTqEaZvBCL9A9aqkrtfz+3SMDhOVUnjafjo+s7A9Txkq+SVX2DLvSp1Zrv4uCXa3lMSK3viWnh9Gg07PBUA==",
+      "dependencies": {
+        "cookie": "0.7.2",
+        "cookie-signature": "1.0.7",
+        "debug": "2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.0.2",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "5.2.1",
+        "uid-safe": "~2.1.5"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/express-session/node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/express-session/node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="
+    },
+    "node_modules/express-session/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/express-session/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
     "node_modules/express/node_modules/debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -584,6 +629,14 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/on-headers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
+      "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/parseurl": {
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
@@ -623,6 +676,14 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -828,6 +889,17 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "dependencies": {
+        "random-bytes": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/unpipe": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",

package.json

@@ -15,6 +15,7 @@
     "debug": "^4.4.0",
     "dotenv": "^16.4.7",
     "express": "^4.21.2",
+    "express-session": "^1.18.1",
     "fs": "^0.0.1-security"
   }
 }

public/app.js

@@ -17,11 +17,15 @@ document.addEventListener('DOMContentLoaded', function() {
     const loginMessage = document.getElementById('loginMessage');
 
     // Check if user is already logged in
-    if (sessionStorage.getItem('loggedIn') === 'true') {
+    fetch('/check-session')
+        .then(response => response.json())
+        .then(data => {
+            if (data.loggedIn) {
                 loginContainer.style.display = 'none';
                 appContainer.style.display = 'block';
                 loadTags();
             }
+        });
 
     loginForm.addEventListener('submit', function(e) {
         e.preventDefault();
@@ -29,8 +33,16 @@ document.addEventListener('DOMContentLoaded', function() {
         const username = document.getElementById('username').value;
         const password = document.getElementById('password').value;
 
-        // Simple authentication check (replace with your own logic)
+        // Send credentials to the server for validation
-        if (username === 'fredrik' && password === 'apa') {
+        fetch('/login', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': 'Basic ' + btoa(username + ':' + password)
+            }
+        })
+        .then(response => {
+            if (response.ok) {
                 sessionStorage.setItem('loggedIn', 'true');
                 loginContainer.style.display = 'none';
                 appContainer.style.display = 'block';
@@ -38,6 +50,10 @@ document.addEventListener('DOMContentLoaded', function() {
             } else {
                 loginMessage.textContent = 'Invalid username or password';
             }
+        })
+        .catch(error => {
+            loginMessage.textContent = 'Error logging in';
+        });
     });
 
     document.getElementById('taskForm').addEventListener('submit', function(e) {
@@ -52,7 +68,7 @@ document.addEventListener('DOMContentLoaded', function() {
 
         // Structure data for Org mode
         const taskData = {
-            subject: `${subject} :${tags}:`,
+            subject: tags ? `${subject} :${tags}:` : subject,
             description,
             scheduled
         };

public/index.html

@@ -14,14 +14,14 @@
 </head>
 <body>
     <div id="loginContainer" class="container">
-        <h1 class="center-align">Login</h1>
+        <h1 class="center-align">Logga in</h1>
         <form id="loginForm">
             <div class="input-field">
-                <label for="username">Username:</label>
+                <label for="username">Användarnamn:</label>
                 <input type="text" id="username" required>
             </div>
             <div class="input-field">
-                <label for="password">Password:</label>
+                <label for="password">Lösenord:</label>
                 <input type="password" id="password" required>
             </div>
             <button class="btn waves-effect waves-light" type="submit">Login</button>
@@ -48,7 +48,7 @@
             </div>
 
             <div class="input-field">
-                <label for="tags">Tags (separated by commas):</label>
+                <label for="tags">Taggar (separera med komma):</label>
                 <input type="text" id="tags" class="autocomplete">
             </div>
 

routes/auth.js

@@ -0,0 +1,27 @@
+const express = require('express');
+const basicAuth = require('basic-auth');
+const router = express.Router();
+
+router.post('/login', (req, res) => {
+    const user = basicAuth(req);
+    const username = process.env.AUTH_USERNAME;
+    const password = process.env.AUTH_PASSWORD;
+
+    if (user && user.name === username && user.pass === password) {
+        req.session.user = user.name;
+        res.status(200).send('Login successful');
+    } else {
+        res.status(401).send('Authentication required');
+    }
+});
+
+router.post('/logout', (req, res) => {
+    req.session.destroy((err) => {
+        if (err) {
+            return res.status(500).send('Error logging out');
+        }
+        res.status(200).send('Logout successful');
+    });
+});
+
+module.exports = router;

server.js

@@ -1,15 +1,27 @@
 require('dotenv').config();
 const express = require('express');
 const bodyParser = require('body-parser');
+const session = require('express-session');
 const debug = require('debug')('app');
 const tasksRouter = require('./routes/tasks');
+const authRouter = require('./routes/auth');
 
 const app = express();
 const port = 3044;
 
 app.use(bodyParser.json());
 app.use(express.static('public'));
+
+// Configure session middleware
+app.use(session({
+    secret: process.env.SESSION_SECRET || 'default_secret', // Use a strong secret in production
+    resave: false,
+    saveUninitialized: true,
+    cookie: { secure: false } // Set to true if using HTTPS
+}));
+
 app.use('/', tasksRouter);
+app.use('/', authRouter);
 
 app.listen(port, () => {
     debug(`Server running at http://localhost:${port}`);