forked from DASSL/Gradebook
-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication stub
Andrew Figueroa edited this page Nov 21, 2018
·
1 revision
The following is a stub of the proposed login scheme for all users. This is not being added to the middleware code file(s) yet because it would break compatibility with the current UI.
//Decrypt the password recieved from the client. This is a temporary development
//feature, since we don't have ssl set up yet
var passwordText = sjcl.decrypt(superSecret, JSON.parse(request.query.password));
//Connnection parameters for the Postgres client recieved in the request
var config = createConnectionParams(request.query.user, request.query.database,
passwordText, request.query.host, request.query.port);
//Set the query text
var queryText;
var queryParams;
if (request.query.role == 'instructor') {
queryText = "SELECT getInstructorIDByIssuedID($1)";
queryParams = [request.query.user];
}
else if (request.query.role == 'student') {
queryText = "SELECT getMyStudentID();"; //causes a 500 error rather 401
}
else {
response.status(400).send('400 - Unknown user role');
}
//Execute the query
executeQuery(response, config, queryText, queryParams, function(result) {
//Check if any rows are returned. No rows implies that the provided
//user does not match a known user
if(result.rows.length == 0) {
response.status(401).send('401 - Login failed');
}
else {
var jsonReturn = {
"user": result.rows[0] //getInstructors should return at most one row
};
response.send(JSON.stringify(jsonReturn));
}
});