auth middleware, pm2, fixed missing session data

CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.09 (dev)
+* Added authentication middleware to router.
+* Added gzip compression.
+* Added PM2 to dockerfile.
+
 ## v0.08 (Dec 15th 2023)
 * Updates to compose file and instructions from [steveiliop56](https://github.com/steveiliop56)
 * Added SECRET field to compose file as a basic security measure.

Dockerfile

@@ -2,19 +2,22 @@
 
 FROM node:21-alpine
 
+ENV NODE_ENV=production
 
 WORKDIR /app
 
+RUN npm install pm2 -g
 
 RUN --mount=type=bind,source=package.json,target=package.json \
     --mount=type=bind,source=package-lock.json,target=package-lock.json \
     --mount=type=cache,target=/root/.npm \
     npm ci --omit=dev
 
+
 USER root
 
 COPY . .
 
 EXPOSE 8000
 
-CMD node app.js
+CMD ["pm2-runtime", "app.js"]

README.md

@@ -1,7 +1,7 @@
 # DweebUI
 DweebUI is a simple Docker web interface created using Javascript, Node.JS, and Express.
 
-Pre-Pre-Pre-Pre-Pre Alpha v0.08 ( :fire: Experimental. Don't install on any servers you care about :fire: )
+Pre-Pre-Pre-Pre-Pre Alpha v0.09 ( :fire: Experimental. Don't install on any servers you care about :fire: )
 
 [![GitHub Stars](https://img.shields.io/github/stars/lllllllillllllillll/DweebUI)](https://github.com/lllllllillllllillll)
 [![GitHub Activity](https://img.shields.io/github/commit-activity/y/lllllllillllllillll/DweebUI)](https://github.com/lllllllillllllillll)
@@ -45,7 +45,7 @@ services:
 
   dweebui:
     container_name: dweebui
-    image: lllllllillllllillll/dweebui:v0.08
+    image: lllllllillllllillll/dweebui:v0.09-dev
     # build:
     #   context: .
     environment:
@@ -98,3 +98,6 @@ sudo ./setup.sh
 * UI was built using HTML and CSS elements from https://tabler.io/
 * Apps template based on Portainer template provided by Lissy93: https://github.com/Lissy93/portainer-templates
 * Icons from Walkxcode with some renames and additions: https://github.com/walkxcode/dashboard-icons
+
+
+## Supporters

app.js

@@ -2,6 +2,7 @@
 const express = require("express");
 const app = express();
 const session = require("express-session");
+const compression = require('compression');
 const PORT = process.env.PORT || 8000;
 
 // Router
@@ -30,6 +31,7 @@ const sessionMiddleware = session({
 // Middleware
 app.set('view engine', 'ejs');
 app.use([
+    compression(),
     express.static("public"),
     express.json(),
     express.urlencoded({ extended: true }),

controllers/auth.js

@@ -29,11 +29,13 @@ exports.processLogin = async function(req,res){
             // compare the password.
             let match = await bcrypt.compare(password,existingUser.password);
             if(match){
+
                 // set the session.
                 req.session.user = existingUser.username;
                 req.session.UUID = existingUser.UUID;
                 req.session.role = existingUser.role;
 
+
                 // Redirect to the home page.
                 res.redirect("/");
             }else{
@@ -118,10 +120,16 @@ exports.processRegister = async function(req,res){
                     avatar: `<img src="./static/avatars/${avatar}">`
                  });
 
-                // set the session.
+                let newUser = await User.findOne({ where: {email:email}});
-                req.session.user = user.username;
+
-                req.session.UUID = user.UUID;
+                let match = await bcrypt.compare(password,newUser.password);
-                req.session.role = user.role;
+                if(match){  
+                    console.log(`User session created for ${newUser.username}`) 
+                    req.session.user = newUser.username;
+                    req.session.UUID = newUser.UUID;
+                    req.session.role = newUser.role;
+                }
+
                 // Redirect to the home page.
                 res.redirect("/");
             }

docker-compose.yaml

@@ -2,10 +2,11 @@ version: "3.9"
 services:
   dweebui:
     container_name: dweebui
-    image: lllllllillllllillll/dweebui:v0.08
+    image: lllllllillllllillll/dweebui:v0.09-dev
     # build:
     #   context: .
     environment:
+      NODE_ENV: production
       PORT: 8000
       SECRET: MrWiskers
       #Proxy_Manager: enabled

package-lock.json

@@ -11,6 +11,7 @@
       "dependencies": {
         "bcrypt": "^5.1.0",
         "child_process": "^1.0.2",
+        "compression": "^1.7.4",
         "dockerode": "^4.0.0",
         "dockerode-compose": "^1.4.0",
         "ejs": "^3.1.9",
@@ -496,6 +497,60 @@
         "color-support": "bin.js"
       }
     },
+    "node_modules/compressible": {
+      "version": "2.0.18",
+      "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz",
+      "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==",
+      "dependencies": {
+        "mime-db": ">= 1.43.0 < 2"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/compression": {
+      "version": "1.7.4",
+      "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.4.tgz",
+      "integrity": "sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==",
+      "dependencies": {
+        "accepts": "~1.3.5",
+        "bytes": "3.0.0",
+        "compressible": "~2.0.16",
+        "debug": "2.6.9",
+        "on-headers": "~1.0.2",
+        "safe-buffer": "5.1.2",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/compression/node_modules/bytes": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz",
+      "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/compression/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/compression/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/compression/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",

package.json

@@ -8,6 +8,7 @@
   "dependencies": {
     "bcrypt": "^5.1.0",
     "child_process": "^1.0.2",
+    "compression": "^1.7.4",
     "dockerode": "^4.0.0",
     "dockerode-compose": "^1.4.0",
     "ejs": "^3.1.9",

routes/index.js

@@ -9,14 +9,26 @@ const { Users } = require("../controllers/users");
 const { Account } = require("../controllers/account");
 const { Settings } = require("../controllers/settings");
 
+// Authentication middleware
+const authenticate = (req, res, next) => {
+    if (req.session && req.session.user) {
+        console.log("User:", req.session.user);
+        console.log("UUID:", req.session.UUID);
+        console.log("Role:", req.session.role);
+        console.log("Page:", req.originalUrl);
+        next();
+    } else {
+        res.redirect("/login");
+    }
+};
 
 // Dashboard
-router.get("/", Dashboard);
+router.get("/", authenticate, Dashboard);
-router.post("/addsite", AddSite)
+router.post("/addsite", authenticate, AddSite);
-router.post("/removesite", RemoveSite)
+router.post("/removesite", authenticate, RemoveSite);
-router.get("/refreshsites", RefreshSites)
+router.get("/refreshsites", authenticate, RefreshSites);
-router.post("/disablesite", DisableSite)
+router.post("/disablesite", authenticate, DisableSite);
-router.post("/enablesite", EnableSite)
+router.post("/enablesite", authenticate, EnableSite);
 
 // Auth
 router.get("/login", Login);
@@ -26,23 +38,18 @@ router.post("/register",processRegister);
 router.get("/logout", Logout);
 
 // Apps page
-router.get("/apps", Apps);
+router.get("/apps", authenticate, Apps);
-router.get("/apps/:page", Apps);
+router.get("/apps/:page", authenticate, Apps);
-router.get("/apps/:template/:page", Apps);
+router.get("/apps/:template/:page", authenticate, Apps);
-router.post("/apps", searchApps);
+router.post("/apps", authenticate, searchApps);
-
-
 
 // Settings page
-router.get("/settings", Settings);
+router.get("/settings", authenticate, Settings);
-router.get("/account", Account);
+router.get("/account", authenticate, Account);
 
+router.post("/install", authenticate, Install);
+router.post("/uninstall", authenticate, Uninstall);
 
-
+router.get("/users", authenticate, Users);
-router.post("/install", Install)
-router.post("/uninstall", Uninstall)
-
-router.get("/users", Users);
-
 
 module.exports = router;

views/partials/footer.ejs

@@ -24,7 +24,7 @@
           </li>
           <li class="list-inline-item">
             <a href="#" class="link-secondary" rel="noopener">
-              v0.08
+              v0.09
             </a>
           </li>
         </ul>