Skip to content

Authentication stub

Andrew Figueroa edited this page Nov 21, 2018 · 1 revision

The following is a stub of the proposed login scheme for all users. This is not being added to the middleware code file(s) yet because it would break compatibility with the current UI.

   //Decrypt the password recieved from the client.  This is a temporary development
   //feature, since we don't have ssl set up yet
   var passwordText = sjcl.decrypt(superSecret, JSON.parse(request.query.password));

   //Connnection parameters for the Postgres client recieved in the request
   var config = createConnectionParams(request.query.user, request.query.database,
      passwordText, request.query.host, request.query.port);

   //Set the query text
   var queryText;
   var queryParams;
   
   if (request.query.role == 'instructor') {
      queryText = "SELECT getInstructorIDByIssuedID($1)";
      queryParams = [request.query.user];
   }
   else if (request.query.role == 'student') {
      queryText = "SELECT getMyStudentID();"; //causes a 500 error rather 401
   }
   else {
      response.status(400).send('400 - Unknown user role');
   }
   

   //Execute the query
   executeQuery(response, config, queryText, queryParams, function(result) {
      //Check if any rows are returned.  No rows implies that the provided
      //user does not match a known user
      if(result.rows.length == 0) {
         response.status(401).send('401 - Login failed');
      }
      else {
         var jsonReturn = {
            "user": result.rows[0] //getInstructors should return at most one row
         };
         response.send(JSON.stringify(jsonReturn));
      }
   });

Clone this wiki locally