Merge pull request #33 from kc3hack/Add-toaru/RoomList

Done

Author: toaru005

Backend/Workspace/Routes/CreateRoom.js

@@ -57,9 +57,10 @@ function createFileName(originalName) {
 router.post("/", VCM('LOGIN_TOKEN', process.env.LOGIN_SECRET), upload.fields([{ name: "RoomIcon", maxCount: 1 },{ name: "MosaicIcon", maxCount: 1 }]), async (req, res) => {
     try {
       const userID = req.auth.userId;
-      const { RoomName, MosaicName, Password } = req.body;
+    const { RoomName, MosaicName, Password, password } = req.body;
+    const inputPassword = Password ?? password;
       console.log("Received CreateRoom request:", { userID, RoomName, MosaicName, Password });
-      if (!userID || !RoomName || !MosaicName || !Password) {
+    if (!userID || !RoomName || !MosaicName || !inputPassword) {
           console.log("Missing required fields in CreateRoom request");
           return res.status(400).json({ message: "UserID, RoomName, MosaicName, and Password are required" });
       }
@@ -73,7 +74,7 @@ router.post("/", VCM('LOGIN_TOKEN', process.env.LOGIN_SECRET), upload.fields([{
         "Get Encrypted Private Key","SELECT PrivateKey FROM Identify WHERE userID = ?",[userID]
       );
       const encryptedPrivateKeyObj = JSON.parse(OwnerInfor[0].PrivateKey);
-      const privateKey = decrypt(Password + process.env.PEPPER, encryptedPrivateKeyObj);
+      const privateKey = decrypt(inputPassword + process.env.PEPPER, encryptedPrivateKeyObj);
 
       const { mosaicId, mosaicDefinitionTx, keyPair, facade } = CreateMosaicTx({
         networkType: 'testnet',

Backend/Workspace/Routes/Login.js

@@ -1,66 +1,127 @@
-const express = require('express');
-const path = require('path');
-const dotenv = require('dotenv');
+// ==========================
+// 標準モジュール読み込み
+// ==========================
+import express from 'express';               // Webサーバーフレームワーク
+import path from 'path';                     // パス操作用
+import { fileURLToPath } from 'url';         // ESMで __dirname を作るために必要
+
+// ==========================
+// 自作モジュール読み込み
+// ==========================
+import argon2 from 'argon2';                 // パスワードハッシュ検証用
+import DBPerf from '../Tools/DBPerf.js';     // DBラッパー
+import CreateCookie from '../Tools/CreateCookie.js'; // Cookie作成
+import InverseVCM from '../Tools/InverseVCM.js';     // ログイン状態チェックミドルウェア
+
+// ==========================
+// __dirname 再生成 (ESM対応)
+// ==========================
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// ==========================
+// Express Router 初期化
+// ==========================
 const router = express.Router();
-const argon2 = require('argon2');
-const DBPerf = require('../Tools/DBPerf');
-const CreateCookie = require('../Tools/CreateCookie');
 
-// use系
-dotenv.config({ path: path.join(__dirname, "..", ".env") });
+// JSONリクエストボディをパースできるようにする
 router.use(express.json());
 
-// ========== ブロックチェーンの準備 ==========
-//const symbolSdk = require('symbol-sdk');
-const InverseVCM = require('../Tools/InverseVCM');
-//const facade = new symbolSdk.facade.SymbolFacade('testnet');
+// ==========================
+// 画面表示ルート
+// ==========================
 
-// ========== 画面表示 ==========
-// /Login/へのアクセスでLogin画面表示
-router.get('/', InverseVCM('LOGIN_TOKEN', process.env.LOGIN_SECRET) ,(req, res) => {
+/**
+ * GET /Login/
+ * - ログイン済みの場合はアクセス拒否（InverseVCM）
+ * - ログイン画面を返却
+ */
+router.get(
+  '/',
+  InverseVCM('LOGIN_TOKEN', process.env.LOGIN_SECRET),
+  (req, res) => {
     console.log("/Login-API is running");
-    res.sendFile(path.join(__dirname, "..", "..", "..", "Frontend", "src", "index.html"));
-});
+    res.sendFile(
+      path.join(__dirname, "..", "..", "..", "Frontend", "dist", "index.html")
+    );
+  }
+);
 
+// ==========================
+// ログイン処理ルート
+// ==========================
 
-router.post("/Submit", async (req, res) => {
-    // 0. Startup Log
-    console.log("/Login/Submit-API is running!");
+/**
+ * POST /Login/Submit
+ * - フロントエンドから送信された UserID と Password を受け取る
+ * - DBからユーザー情報を取得
+ * - ハッシュ検証後にクッキーを発行
+ */
+router.post("/Submit", InverseVCM('LOGIN_TOKEN', process.env.LOGIN_SECRET), async (req, res) => {
 
-    // 1. Login情報を取得する
+  // 0. 処理開始ログ
+  console.log("/Login/Submit-API is running!");
+
+  try {
+    // 1. フロントエンド送信情報取得
     const { userId, password } = req.body;
-    //必要な情報が揃っているか確認
-    if( !userId || !password ){
-        return res.status(400).json({message: "Bad Request: UserIDかPasswordが不足しています。"}); 
+
+    // 1a. 必須情報のチェック
+    if (!userId || !password) {
+      return res.status(400).json({
+        message: "Bad Request: UserIDかPasswordが不足しています。"
+      });
     }
 
-    // 2. DB検索とサイドチャネル攻撃の対策
-    const userInfo = await DBPerf("Select From Identify To Login", "SELECT Address, Password FROM Identify WHERE UserID = ?;", [userId]);
-    const comparePassword = userInfo.length == 0 ? process.env.DUMMY_PASSWORD : userInfo[0].Password;
-    
-    // 3. Hashの検証
-    if (await argon2.verify(comparePassword, password + process.env.PEPPER)) {
-        // Verify Success Log
-        console.log("LoginToken is verified!");
-
-        CreateCookie({
-            res,
-            cookieName: 'LOGIN_TOKEN',
-            payload: { userId: userId, address: userInfo[0].Address },
-            secretKey: process.env.LOGIN_SECRET,
-            deadlineHours: 24, // 1日
-            httpOnly: true,
-            sameSite: 'strict'
-        });
-
-        // リダイレクト
-        res.redirect("/Home");
-        
-    }else{
-        // Verify Error Log
-        console.error("LoginToken is not verified!");
-        return res.status(400).json({ error: 'Bad Request: ID or Password is failed.' });
+    // 2. DB検索とサイドチャネル攻撃対策
+    //    ユーザーが存在しない場合でも固定ダミーパスワードを使用
+    const userInfo = await DBPerf(
+      "Select From Identify To Login",
+      "SELECT Address, Password FROM Identify WHERE UserID = ?;",
+      [userId]
+    );
+    const hashToVerify = userInfo.length === 0 ? process.env.DUMMY_PASSWORD : userInfo[0].Password;
+
+    // 3. パスワードハッシュ検証
+    //    PEPPER を付加してセキュリティ強化
+    const isVerified = await argon2.verify(hashToVerify, password + process.env.PEPPER);
+
+    if (isVerified) {
+      // 3a. 認証成功ログ
+      console.log("LoginToken is verified!");
+
+      // 4. Cookie発行
+      CreateCookie({
+        res,
+        cookieName: 'LOGIN_TOKEN',
+        payload: { userId, address: userInfo[0].Address },
+        secretKey: process.env.LOGIN_SECRET,
+        deadlineHours: 24, // 1日有効
+        httpOnly: true,
+        sameSite: 'strict'
+      });
+
+      // 5. リダイレクト
+      res.redirect("/Home");
+
+    } else {
+      // 3b. 認証失敗ログ
+      console.error("LoginToken is not verified!");
+      return res.status(400).json({
+        error: 'Bad Request: IDまたはPasswordが正しくありません。'
+      });
     }
-})
 
-module.exports = router;
+  } catch (err) {
+    // 例外処理
+    console.error("Login/Submit Error:", err);
+    res.status(500).json({
+      message: "Internal Server Error: サーバーエラーが発生しました。"
+    });
+  }
+});
+
+// ==========================
+// Routerエクスポート
+// ==========================
+export default router;

Backend/Workspace/Routes/RoomList.js

@@ -0,0 +1,20 @@
+import express from 'express';
+import DBPerf from '../Tools/DBPerf.js'; // ESMでは拡張子(.js)が必要です
+import VCM from '../Tools/VCM.js'; // ESMでは拡張子(.js)が必要です
+
+const router = express.Router();
+
+
+// ========== 画面表示 ==========
+router.get('/', VCM('LOGIN_TOKEN', process.env.LOGIN_SECRET), async (req, res) => {
+    console.log("/RoomList-API is running");
+
+    const userId = req.auth.userId;
+    const RoomList = await DBPerf(
+        "",
+        "SELECT RoomName, RoomIconPath FROM RoomDetails WHERE RoomName IN (SELECT RoomName FROM Rooms WHERE UserID = ?)", [userId]
+    );
+    res.json({ RoomList });
+});
+
+export default router;

Backend/Workspace/Server.js

@@ -73,6 +73,10 @@ app.use(express.urlencoded({ extended: true }));
 // publicフォルダを静的公開
 app.use(express.static(path.join(__dirname, 'public')));
 
+// 保存されたアイコンフォルダを静的配信
+app.use('/icons', express.static(path.join(__dirname, 'icons')));
+
+
 
 // ==========================
 // Routes自動マウント処理

Frontend/src/Workspace/Pages/Create/Create.tsx

@@ -23,6 +23,7 @@ function Create() {
         const formData = new FormData();
         formData.append("RoomName", RoomName);
         formData.append("MosaicName", TokenName);
+        formData.append("password", password);
         if (RoomIcon) formData.append("RoomIcon", RoomIcon);
         if (TokenIcon) formData.append("MosaicIcon", TokenIcon);
 

Frontend/src/Workspace/Pages/Home/Home.tsx

@@ -106,11 +106,11 @@ function Home() {
                 <div className="HomeRoom">
                     {rooms.map((room) => (
                         <RoomButton
-                            key={room.id}
-                            icon={room.RoomIcon || icon}
+                            key={room.RoomName}
+                            icon={`http://localhost:5000${room.RoomIconPath}` || icon}
                             label={room.RoomName}
                             onClick={() => {
-                                navigate(`/room/${room.id}`);
+                                navigate(`/room/${room.RoomName}`);
                             }
                             }
                             type="button"

Frontend/src/Workspace/Pages/Register/Register.tsx

@@ -14,7 +14,7 @@ function Register() {
 
     async function HandleLogin() {
         try {
-            const res = await fetch('Login/Submit', {
+            const res = await fetch('/Register/Submit', {
                 method: 'POST',
                 headers: { "Content-Type": "application/json" },
                 credentials: "include",
@@ -23,17 +23,17 @@ function Register() {
 
             if (!res.ok) {
                 const data = await res.json();
-                toast.error("ログインに失敗しました");
-                console.log("Faild: Login", data);
+                toast.error("登録に失敗しました");
+                console.log("Failed: Register", data);
                 return;
             } else {
-                toast.success("ログインしました");
-                console.log("Success: Login");
+                toast.success("登録しました");
+                console.log("Success: Register");
                 navigate("/Home");
             }
         } catch (err) {
             toast.error('通信エラーが発生しました');
-            console.log("Faild: Communication");
+            console.log("Failed: Communication");
         }
     }