switched to typescript because why not lets learn it

.gitignore

@@ -1 +1,2 @@
-/config/mysqlConnector.js
+/config/mysqlConnector.js
+/config

build/routes/userRouter.js

@@ -0,0 +1,125 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var router = require('express').Router();
+var xss = require('xss'); //used for cleaning user input
+/**
+ * Registration and login routes
+ */
+var LoginAndRegisteration = require("../src/LoginAndRegistration");
+/**
+ * Registers a user if username and email are unique
+ *
+ * @param {String} username
+ * @param {String} password
+ * @param {String} email
+ */
+router.route('/userRegister').post(function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var cleanUsername, cleanPassword, cleanEmail, response;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                cleanUsername = xss(req.body.username);
+                cleanPassword = xss(req.body.password);
+                cleanEmail = xss(req.body.email);
+                return [4 /*yield*/, LoginAndRegisteration.registerUser(cleanUsername, cleanPassword, cleanEmail)];
+            case 1:
+                response = _a.sent();
+                if (response.http_id == 400 || response.http_id == 999)
+                    res.status(response.http_id).json(response.message);
+                else {
+                    res.json(response.message);
+                }
+                return [2 /*return*/];
+        }
+    });
+}); });
+/**
+ * Logs a user in by the token. Uses a 256 bit token, so absolutely impossible to brute force this.
+ *
+ * @param {String} token
+ */
+router.route('/loginWithToken').post(function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var cleanToken, response, user;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                cleanToken = xss(req.body.token);
+                return [4 /*yield*/, LoginAndRegisteration.loginUserToken(cleanToken)];
+            case 1:
+                response = _a.sent();
+                if (response.http_id == 400 || response.http_id == 999)
+                    res.status(response.http_id).json(response.message);
+                else {
+                    user = response.user;
+                    res.json(user);
+                }
+                return [2 /*return*/];
+        }
+    });
+}); });
+/**
+ * Logs a user and produces a token.
+ *
+ * Returns a login token
+ *
+ * @param {String} username
+ * @param {String} password
+ */
+router.route('/loginWithoutToken').post(function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var cleanUsername, cleanPassword, response, user;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                cleanUsername = xss(req.body.username);
+                cleanPassword = xss(req.body.password);
+                return [4 /*yield*/, LoginAndRegisteration.loginUserNoToken(cleanUsername, cleanPassword)];
+            case 1:
+                response = _a.sent();
+                if (response.http_id == 400 || response.http_id == 999)
+                    res.status(response.http_id).json(response.message);
+                else {
+                    user = response.user[0];
+                    user["token"] = response.token;
+                    res.json(user);
+                }
+                return [2 /*return*/];
+        }
+    });
+}); });
+module.exports = router;

build/src/LoginAndRegistration.js

@@ -0,0 +1,160 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var crypto = __importStar(require("crypto")); //used for generating salt
+var pool = require('../../config/mysqlConnector.js'); //connection pool
+/**
+ * SHA256 hash using salt
+ * @param {16 byte random string} salt
+ * @param {user input password} pwd
+ */
+var hash = function (pwd, salt) {
+    var hashAlgo = crypto.createHash('sha256');
+    pwd = hashAlgo.update(salt + pwd).digest('hex');
+    hashAlgo.end();
+    return pwd;
+};
+/**
+ * Registers a new user
+ *
+ * Output http_id:
+ * 999: Failed connection
+ * 400: Failed register
+ * 200: Successful register
+ *
+ *
+ *
+ * @param {String} username
+ * @param {String} password
+ * @param {String} email
+ */
+var registerUser = function (username, password, email) {
+    var salt = crypto.randomBytes(16).toString('hex');
+    var hashedPassword = hash(password, salt);
+    /**
+     * Procedure creates a new user with base amt of money of 15k.
+     */
+    var query = "CALL register_user( ?, ?, ?, ?)";
+    return (new Promise(function (resolve, reject) {
+        pool.getConnection(function (error, connection) {
+            if (error)
+                reject({ http_id: 999, message: "Failed to get connection from pool" });
+            else {
+                connection.query(query, [username, hashedPassword, salt, email], function (err, results, fields) {
+                    if (err)
+                        reject({ http_id: 400, message: "Failed to register" }); //400 is my failed due to bad data
+                    else
+                        resolve({ http_id: 200, message: "successful register" });
+                });
+            }
+            connection.release();
+        });
+    })).then(function (json) {
+        return json;
+    }).catch(function (err) {
+        return err;
+    });
+};
+/**
+ * Takes in a log in token, authenticates if this is a documented token, and returns user info if so.
+ *
+ * output:
+ * http_id: 400 means wrong token info or it does not exist anymore. TODO: make this href to log in page
+ * http_id: 200 means logged in, sends back the result json
+ * @param {128 byte String in hex} token
+ */
+var loginUserToken = function (token) {
+    var query = "CALL get_user_by_token(?)";
+    return new Promise(function (resolve, reject) {
+        pool.getConnection(function (error, connection) {
+            if (error)
+                reject({ http_id: 999, message: "Failed to get connection from pool" });
+            else {
+                connection.query(query, token, function (err, results, fields) {
+                    if (err)
+                        reject({ http_id: 400, message: "Not logged in or bad token" });
+                    else if (results[0].length != 1)
+                        reject({ http_id: 400, message: "Not logged in or bad token" });
+                    else
+                        resolve({ http_id: 200, message: "User found", user: results[0] });
+                });
+            }
+            connection.release();
+        });
+    }).then(function (result) { return result; })
+        .catch(function (err) { return err; });
+};
+/**
+ * Takes in XSS cleaned data from the routers, and returns a json object
+ *
+ * Logs you in if you do not have a token. Generates a new token and stores it. Sends it back to web browser
+ *
+ * Output:
+ * If success -> {http_id: 200, message: "Successful sign in", token}
+ * If error -> {http_id: 999 or 400, message: error msg}
+ *
+ *
+ * @param {*String} username
+ * @param {*String} password
+ */
+var loginUserNoToken = function (username, password) {
+    var query = "SELECT hashed_password, salt, user_id FROM user WHERE username = ?";
+    return (new Promise(function (resolve, reject) {
+        pool.getConnection(function (error, connection) {
+            if (error)
+                reject({ http_id: 999, message: "Failed to get connection from pool" });
+            else {
+                connection.query(query, username, function (err, results, fields) {
+                    if (err || results.length == 0)
+                        reject({ http_id: 400, message: "Wrong username or password" });
+                    else {
+                        var salt = results[0].salt;
+                        var hashedPassword = results[0].hashed_password;
+                        var userId = results[0].user_id;
+                        if (hashedPassword == hash(password, salt)) {
+                            var token_1 = crypto.randomBytes(64).toString('hex'); //I conjure a 64 byte token from random bytes
+                            var query_1 = "CALL new_login_token(?, ?)";
+                            connection.query(query_1, [userId, token_1], function (err, results, fields) {
+                                if (err)
+                                    reject({ http_id: 400, message: "token add failed" });
+                                else
+                                    resolve({ http_id: 200, message: "Successful sign in", token: token_1, user: results[0] });
+                            });
+                        }
+                        else
+                            reject({ http_id: 400, message: "Wrong username or password" });
+                    }
+                });
+            }
+            connection.release();
+        });
+    }).then(function (result) { return result; })
+        .catch(function (err) { return err; }));
+};
+var logoutUser = function () {
+    return null;
+};
+module.exports = {
+    registerUser: registerUser,
+    loginUserNoToken: loginUserNoToken,
+    loginUserToken: loginUserToken,
+    logoutUser: logoutUser
+};