foftickets.js

const express = require('express');
const bodyParser = require('body-parser');
const session = require('express-session');
const QRCode=require('qrcode');
const crypto=require('crypto');
const path=require('path');

const app = express();
app.set('view engine','ejs');
app.use(express.json());
app.use(express.static('public'));
const PORT = 3000;
const PWSalt="!SaltyMagic7283715374";
const QRSalt="!SaltyMagic5392370662";

//
// ToDo, Actions:
//   + Login with Password
//   + Login with Token
//   + Email Link
//   + Signup
//     Change Password
//   + Issue Tickets
//   + Transfer Tickets      Complicated page. (One ticket: static with transfer and QR code. Multi: buttons to transfer or show QR code)
//     Split Transfer into admin (change owner, unused/used/cancelled pulldown) and public (no Used column) versions
//     Claim Tickets 
//   + Use Ticket
//
// ToDo, Later
//   + Use a templating engine
//   + Store password hashed and salted
//     Make all HTML look nice
//     Logging and Replay system
//

function hashPW(pw) {
    const hash0=crypto.createHash('sha256');
    const hash1=hash0.update(pw+PWSalt);
    const hash=hash1.digest("base64");
    return(hash);
}

function hashQR(t,ownername) {
    const hash0=crypto.createHash('sha256');
    const hash1=hash0.update(t+QRSalt+ownername);
    const hash=hash1.digest("base64").slice(0,6);
    return(hash);
}

//
// In-memory data structures
//
// There are two ways to log in: with a username/password or with a token. 
//
const users = { "teppy@egenesis.com"    : { password: hashPW("x6321872X.1"),      superuser:true  },
	        "fallsonfire@gmail.com" : { password: hashPW("indiantreeonfire"), superuser:false }
	      };

const tickets = { "habitat-1" : { owner: "teppy@egenesis.com"  , offered: "", paid: 0.00, used: false },
		  "habitat-2" : { owner: "teppy@egenesis.com"  , offered: "", paid: 0.00 },
		  "habitat-3" : { owner: "ginachen94@gmail.com", offered: "teppy@egenesis.com", paid: 0.00 },
		  "habitat-4" : { owner: "teppy@egenesis.com"  , offered: "noahstern00@gmail.com", paid: 0.00 },
		  "habitat-5" : { owner: "teppy@egenesis.com"  , offered: "", paid: 0.00, used: true },
		  "habitat-6" : { owner: "teppy@egenesis.com"  , offered: "", paid: 0.00 },
		};

const camps = { "habitat": { leader: "teppy@egenesis.com", lastid:6 } };

const tokens = { "abc" : { username: "teppy@egenesis.com", expires: 0 }
	       };
const tokensu = { "teppy@egenesis.com" : "abc"
		};

// Middleware setup
app.use(bodyParser.urlencoded({ extended: true }));
app.use(session({
  secret: 'supersecretkey',
  resave: false,
  saveUninitialized: false,
}));

// Middleware to protect routes
function requireLogin(req, res, next) {
    if (req.session.username) return next();
    return res.redirect('/login');
    }

function requireSuperUser(req,res,next) {
    if (req.session.superuser) return next();
    req.session.returnTo=req.originalUrl;
    console.log("In requireSuperUser: ",req.session);
    return res.redirect('/login');
    }


app.get('/styles.css', (req, res) => {
    res.setHeader('Content-Type', 'text/css');
    res.sendFile(path.join(__dirname, 'public', 'styles.css'));
    });

function generateSecureToken(length = 8) {
    const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
    let token = '';
    const array = new Uint8Array(length);
    crypto.getRandomValues(array);
    for (let i = 0; i < length; i++) {
        token += characters.charAt(array[i] % characters.length);
    }
    return token;
}

const postmark = require('postmark');
const client = new postmark.ServerClient('f45bcb9f-6556-4420-9e21-05d16739b5e8');


app.get('/logintoken', (req, res) => {
    const tok=req.query.token;
    const tokenData = tokens[tok];
    if (!consumeToken(tok)) return res.status(200).send("Missing, Invalid or Expired Token.");
    req.session.username = tokenData.username;
    req.session.superuser= users[tokenData.username].superuser;
    res.redirect('/transfer');
    });

app.get('/emaillink',(req,res) => {
    res.send(`
      <h1>Email me a login link</h1>
      <form method="POST" action="/emaillink">
        <label>Email Address: <input name="email"></label>
        <button type="submit">Submit</button>`
            )
    });

// These can be owned, offered, of offering
function categorizeTickets(username) {
    let rval="none";
    let numtickets=0;
    let simpleowner=0;
    let offering=0;
    let simpleoffered=0;
    let thet="";
    for (const t in tickets) if (!tickets[t].used) {
        if      (tickets[t].owner==username && tickets[t].offered=="")       simpleowner+=1;
        else if (tickets[t].owner==username && tickets[t].offered!=username) offering+=1;
        else if (tickets[t].owner!=username && tickets[t].offered==username) simpleoffered+=1;
        if (tickets[t].owner==username || tickets[t].offered==username) numtickets+=1;
        if (numtickets==1) thet=t; else thet="";
    }
    if (numtickets==0)    return [ "none", ""];
    if (numtickets >1)    return [ "complex", ""];
    if (simpleowner+offering+simpleoffered>1)
                          return [ "error", "" ]
    if (simpleowner==1)   return [ "simpleowner", thet ];
    if (offering==1)      return [ "simpleoffering", thet ];
    if (simpleoffered==1) return [ "simpleoffered", thet ];
    return [ "complex", "" ];
}


app.get('/camps',requireSuperUser, (req,res) => {
    const camplist={};
    for (const c in camps) {
        camplist[c]={ leader:camps[c].leader, issued:0, claimed:0, used:0 };
        }
    for (const t in tickets) {
        const parts=t.split("-");
        const campname=parts[0];
        const ticketnum=Number(parts[1]);
//        camplist[campname]??={ leader:"", issued:0, claimed:0, used:0 };
        camplist[campname].issued+=1;
        if (tickets[t].owner!="") camplist[campname].claimed+=1;
        if (tickets[t].used)      camplist[campname].used+=1;
        }
    return res.render("camps",{ username:"Teppy", camps:camplist });
    })
    

app.get('/issue', requireSuperUser, (req,res) => {
    const camplist={};
    for (const t in tickets) {
        const parts=t.split("-");
        const campname=parts[0];
        const ticketnum=Number(parts[1]);
        camplist[campname]??={ issued:0, claimed:0, used:0 };
        camplist[campname].issued+=1;
        if (tickets[t].owner!="") camplist[campname].claimed+=1;
        if (tickets[t].used)      camplist[campname].used+=1;
        }
    return res.render("issue",{ username:"Teppy", camps:camplist });
    })

app.post("/camps",(req,res) => {
    const campname=req.body.campname;
    const email=req.body.email;
    const qty=Number(req.body.qty);
    console.log("New camp: ",campname);
    camps[campname]??={ leader:leader, lastid:0 };
    for (let i=0; i<qty; i++) {
        camps[campname].lastid+=1;
        tickets[campname+'-'+camps[campname].lastid]={ owner: "", offered: email, used:false };
        }
    return res.redirect("/camps");
    })
    

// Big Kahuna
//    If you have zero tickets, show something saying that
//    For each ticket owned, display options to offer it, use it, or (eventually) pay for it.
//    For each ticket offered, show a button to claim it.
//    Have a button to claim all tickets, if there are multiple offered to you
app.get('/transfer', requireLogin, async (req,res) => {
    let username=req.session.username;
    const [ cat, ticket ] = categorizeTickets(username);
    const simpledata={ username: username, ticket: ticket };
    if (cat=="none") return res.render("notickets",simpledata);
    if (cat=="error") return res.render("error",simpledata);
    if (cat=="simpleoffered") return res.render("claimone",simpledata);
    if (cat=="simpleoffering") return res.render("retractoffer",simpledata);
    if (cat=="complex") { 
        const edit={ username: username, tickets: {} };
        for (const t in tickets)
            if (tickets[t].owner==username || tickets[t].offered==username) {
                edit.tickets[t]={};
                edit.tickets[t].owner=tickets[t].owner;
                edit.tickets[t].offered=tickets[t].offered;
                edit.tickets[t].used=tickets[t].used;
                }
        return res.render("transfer",edit);
        }
    if (cat=="simpleowner") {
        try {
            const hash0=crypto.createHash('sha256');
            const hash1=hash0.update(ticket+QRSalt);
            const hash=hash1.digest("base64").slice(0,6);
            const dataURL=await QRCode.toDataURL('localhost:3000/useticket?t='+ticket+'&h='+hashQR(ticket,username));
            simpledata.qrcode=dataURL;
            return res.render("simpleowner",simpledata);
            }
        catch(err) {
            res.status(500).send('Error generating QR code');
            }
        }
    if (cat=="complex")     return res.render('transfer',simpledata);
})

app.post("/toggle", requireSuperUser, (req,res) => {
    const ticket=req.body.ticket;
    const isChecked = req.body.checked;
    tickets[ticket].used=isChecked; 
    // Perform any server-side logic here
    res.json({ message: 'Checkbox state received', checked: isChecked });
    })

app.post("/updateoffered", requireLogin, (req,res) => {
    const ticket=req.body.ticket;
    const offered=req.body.offered;
    if      (tickets[ticket].owner!=req.session.username) res.status(500).send("Ticket "+ticket+" owned by someone else");
    else if (tickets[ticket].used)                        res.status(500).send("Ticket "+ticket+" has already been used");
    else {
        tickets[ticket].offered=offered;
        res.json({ message: 'Updated owner of '+ticket+' to '+offered });
        }
    })


app.get("/useticket",(req,res) => {
    let ticket=req.t;
    let hash=req.h;
    if (hashQR(ticket,req.session.username)!=hash) res.status(500).send("Ticket "+ticket+" was transferred to "+tickets[ticket].username);
    else if (tickets[ticket].used) res.status(500).send("Ticket "+ticket+" has already been used.");
    else {
        tickets[ticket].used=new Date().toISOString();
        res.send("<h1>Welcome, "+tickets[ticket].username+" to Falls on Fire! Ticket "+ticket+" has now been used.</h1>");
        }
})

    
function knownEmail(email) {
    if (users[email]) return true;
    for (const key in tickets)
        if (tickets[key].owner==email || tickets[key].offered==email) return true;
    return false;
}

app.post('emaillink',(req,res) => {
    if (!knownUser(req.email)) return res.send("Unknown User");
    const tok=createtoken(email);
    client.sendEmail({ From: 'tickets@fallsonfire.net',
                       To: 'teppy@egenesis.com',
		       Subject: 'Falls on Fire Tickets, Login Link',
		       TextBody: 'Your Login Link: http://www.fallonfire.net/longinlink?token='+tok,
		       HtmlBody: '<p>Your Login Link: </p>',
		     }).then(() => {
			 console.log('Email sent');
			 res.send("<h1>Email sent</h1>");
		     }).catch((error) => {
			 console.error('Error sending email:', error);
			 res.send("<h1>Email failed</h1>");
		     });
    res.send("Email link sent");
})
 

app.get('/testemail',
	(req,res) => {
	    client.sendEmail({ From: 'tickets@fallsonfire.net',
			       To: 'teppy@egenesis.com',
			       Subject: 'Email from Ticketing System',
			       TextBody: 'This is a test email.',
			       HtmlBody: '<p>This is a test email.</p>',
			     }).then(() => {
				 console.log('Email sent');
				 res.send("<h1>Email sent</h1>");
			     }).catch((error) => {
				 console.error('Error sending email:', error);
				 res.send("<h1>Email failed</h1>");
			     })});


// Routes
app.get('/', (req, res) => {
  if (req.session.username) {
    res.send(`
      <h1>Welcome, ${req.session.username}</h1>
      <a href="/products">Products</a><br>
      <a href="/faq">FAQ</a><br>
      <a href="/logout">Log Out</a>
    `);
  } else {
    res.send(`
      <h1>Welcome to our website!</h1>
      <a href="/login">Log In</a><br>
      <a href="/signup">Sign Up</a>
    `);
  }
});

app.get('/signup', (req, res) => {
  res.send(`
    <h1>Sign Up</h1>
    <form method="POST" action="/signup">
      <label>Username: <input type="text" name="username" required></label><br>
      <label>Password: <input type="password" name="password" required></label><br>
      <button type="submit">Sign Up</button>
    </form>
    <a href="/login">Log In</a>
  `);
});


function consumeToken(tok) {
    if (!(tok in tokens)) return false;
    const rval=tokens[tok].expires==0 || tokens[tok].expires>=Date.now();
    delete tokensu[tokens[tok].username];
    delete tokens[tok];
    return rval;
}

function createToken(username) {
    const token=generateSecureToken();
    tokens[token]={ username: username, expires:0 };
    tokensu[username]=token;
    return token;
}

app.get('/test', (req, res) => {
    res.send("Test worked:" + consumeToken("abc"));
})


app.post('/signup', (req, res) => {
  const { username, password } = req.body;
  if (users[username]) {
    return res.send('User already exists. <a href="/signup">Try again</a>');
  }
    users[username] = { password: hashPW(password) };
    console.log("Created new account:",username);
  res.redirect('/login');
});

app.get('/changepassword', (req, res) => {
  res.send(`
    <h1>Change Password</h1>
    <form method="POST" action="/changepassword">
      <label>Password: <input type="password" name="password1" required></label><br>
      <label>Again: <input type="password" name="password2" required></label><br>
      <button type="submit">Sign Up</button>
    </form>
    <a href="/">Home</a>
  `);
});

app.post('/changepassword', (req, res) => {
    const { password1, password2 } = req.body;
    if (!req.session.username) {
	return res.send('You are not logged in<a href="/">Back</a>');
        }
    if (password1!=password2) {
        return res.send('Passwords do not match<a href="/">Back</a>');
        }
  users[req.session.username].password=hashPW(password1);
  res.redirect('/login');
});

app.get('/login', (req, res) => {
    console.log("In get /login: ",req.session);
    res.send(`
        <h1>Log In</h1>
        <form method="POST" action="/login">
          <label>Username: <input type="text" name="username" required></label><br>
          <label>Password: <input type="password" name="password" required></label><br>
          <button type="submit">Log In</button>
        </form>
        <a href="/signup">Sign Up</a>
        `);
    });

app.post('/login', (req, res) => {
    const { username, password, superuser } = req.body;
    if (users[username] && users[username].password === hashPW(password)) {
        req.session.username = username;
        req.session.superuser = users[username].superuser;
        console.log("In post /login",req.session);
        const redir=req.session.returnTo;
        delete req.session.returnTo;
        return res.redirect(redir || "/transfer");
  }
  res.send('Invalid username or password. <a href="/login">Try again</a>');
});

app.get('/logout', (req, res) => {
  req.session.destroy(() => {
    res.redirect('/');
  });
});

app.post('/qrcode',requireLogin,async (req,res) => {
    const username=req.session.username;
    const ticket=req.body.ticket;
    if (tickets[ticket].owner!=username) return res.status(500).send("Only a ticket owner can generate a QR code");
    const URL=await QRCode.toDataURL('localhost:3000/useticket?t='+ticket+'&h='+hashQR(ticket,username));
    return res.send({ owner:tickets[ticket].owner, qrcode: URL });
    })

// Protected routes
app.get('/products', requireLogin, (req, res) => {
  res.send(`
    <h1>Products Page</h1>
    <p>Here is a list of products!</p>
    <a href="/">Home</a>
  `);
});

app.get('/tickets', requireLogin, (req, res) => {
    res.write(`<h1>Tickets for `+req.session.username+`</h1>`);
    res.write(`<a href="/">Home</a>`);
    res.end();
});

app.get('/faq', requireLogin, (req, res) => {
  res.send(`
    <h1>FAQ Page</h1>
    <p>Here are some frequently asked questions.</p>
    <a href="/">Home</a>
  `);
});

// Start the server
app.listen(PORT, () => {
  console.log(`Server is running at http://localhost:${PORT}`);
});
changes 2024-12-05 13:05:35 -05:00			`const express = require('express');`
			`const bodyParser = require('body-parser');`
			`const session = require('express-session');`
			`const QRCode=require('qrcode');`
			`const crypto=require('crypto');`
changes 2024-12-09 15:11:22 -05:00			`const path=require('path');`
changes 2024-12-05 13:05:35 -05:00
			`const app = express();`
			`app.set('view engine','ejs');`
			`app.use(express.json());`
changes 2024-12-19 15:57:33 -05:00			`app.use(express.static('public'));`
changes 2024-12-05 13:05:35 -05:00			`const PORT = 3000;`
			`const PWSalt="!SaltyMagic7283715374";`
			`const QRSalt="!SaltyMagic5392370662";`

			`//`
			`// ToDo, Actions:`
			`// + Login with Password`
			`// + Login with Token`
			`// + Email Link`
changes 2024-12-09 15:11:22 -05:00			`// + Signup`
			`// Change Password`
changes 2024-12-19 15:57:33 -05:00			`// + Issue Tickets`
			`// + Transfer Tickets Complicated page. (One ticket: static with transfer and QR code. Multi: buttons to transfer or show QR code)`
			`// Split Transfer into admin (change owner, unused/used/cancelled pulldown) and public (no Used column) versions`
changes 2024-12-05 13:05:35 -05:00			`// Claim Tickets`
			`// + Use Ticket`
			`//`
			`// ToDo, Later`
changes 2024-12-19 15:57:33 -05:00			`// + Use a templating engine`
			`// + Store password hashed and salted`
changes 2024-12-05 13:05:35 -05:00			`// Make all HTML look nice`
			`// Logging and Replay system`
			`//`

			`function hashPW(pw) {`
			`const hash0=crypto.createHash('sha256');`
			`const hash1=hash0.update(pw+PWSalt);`
			`const hash=hash1.digest("base64");`
			`return(hash);`
			`}`

changes 2024-12-14 23:26:38 -05:00			`function hashQR(t,ownername) {`
changes 2024-12-05 13:05:35 -05:00			`const hash0=crypto.createHash('sha256');`
changes 2024-12-14 23:26:38 -05:00			`const hash1=hash0.update(t+QRSalt+ownername);`
changes 2024-12-05 13:05:35 -05:00			`const hash=hash1.digest("base64").slice(0,6);`
			`return(hash);`
			`}`

			`//`
			`// In-memory data structures`
			`//`
			`// There are two ways to log in: with a username/password or with a token.`
			`//`
changes 2024-12-09 15:11:22 -05:00			`const users = { "teppy@egenesis.com" : { password: hashPW("x6321872X.1"), superuser:true },`
			`"fallsonfire@gmail.com" : { password: hashPW("indiantreeonfire"), superuser:false }`
changes 2024-12-05 13:05:35 -05:00			`};`

			`const tickets = { "habitat-1" : { owner: "teppy@egenesis.com" , offered: "", paid: 0.00, used: false },`
			`"habitat-2" : { owner: "teppy@egenesis.com" , offered: "", paid: 0.00 },`
			`"habitat-3" : { owner: "ginachen94@gmail.com", offered: "teppy@egenesis.com", paid: 0.00 },`
			`"habitat-4" : { owner: "teppy@egenesis.com" , offered: "noahstern00@gmail.com", paid: 0.00 },`
			`"habitat-5" : { owner: "teppy@egenesis.com" , offered: "", paid: 0.00, used: true },`
			`"habitat-6" : { owner: "teppy@egenesis.com" , offered: "", paid: 0.00 },`
			`};`

changes 2024-12-21 00:29:45 -05:00			`const camps = { "habitat": { leader: "teppy@egenesis.com", lastid:6 } };`
changes 2024-12-09 15:11:22 -05:00
changes 2024-12-05 13:05:35 -05:00			`const tokens = { "abc" : { username: "teppy@egenesis.com", expires: 0 }`
			`};`
			`const tokensu = { "teppy@egenesis.com" : "abc"`
			`};`

			`// Middleware setup`
			`app.use(bodyParser.urlencoded({ extended: true }));`
			`app.use(session({`
			`secret: 'supersecretkey',`
			`resave: false,`
			`saveUninitialized: false,`
			`}));`

			`// Middleware to protect routes`
			`function requireLogin(req, res, next) {`
changes 2024-12-19 15:57:33 -05:00			`if (req.session.username) return next();`
			`return res.redirect('/login');`
changes 2024-12-09 15:11:22 -05:00			`}`
changes 2024-12-05 13:05:35 -05:00
changes 2024-12-09 15:11:22 -05:00			`function requireSuperUser(req,res,next) {`
changes 2024-12-19 15:57:33 -05:00			`if (req.session.superuser) return next();`
			`req.session.returnTo=req.originalUrl;`
			`console.log("In requireSuperUser: ",req.session);`
			`return res.redirect('/login');`
changes 2024-12-09 15:11:22 -05:00			`}`
changes 2024-12-05 13:05:35 -05:00

changes 2024-12-09 15:11:22 -05:00			`app.get('/styles.css', (req, res) => {`
			`res.setHeader('Content-Type', 'text/css');`
			`res.sendFile(path.join(__dirname, 'public', 'styles.css'));`
			`});`
changes 2024-12-05 13:05:35 -05:00
			`function generateSecureToken(length = 8) {`
			`const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';`
			`let token = '';`
			`const array = new Uint8Array(length);`
			`crypto.getRandomValues(array);`
			`for (let i = 0; i < length; i++) {`
			`token += characters.charAt(array[i] % characters.length);`
			`}`
			`return token;`
			`}`

			`const postmark = require('postmark');`
			`const client = new postmark.ServerClient('f45bcb9f-6556-4420-9e21-05d16739b5e8');`


			`app.get('/logintoken', (req, res) => {`
			`const tok=req.query.token;`
			`const tokenData = tokens[tok];`
			`if (!consumeToken(tok)) return res.status(200).send("Missing, Invalid or Expired Token.");`
			`req.session.username = tokenData.username;`
changes 2024-12-09 15:11:22 -05:00			`req.session.superuser= users[tokenData.username].superuser;`
changes 2024-12-05 13:05:35 -05:00			`res.redirect('/transfer');`
			`});`

			`app.get('/emaillink',(req,res) => {`
			res.send(`
			`<h1>Email me a login link</h1>`
			`<form method="POST" action="/emaillink">`
			`<label>Email Address: <input name="email"></label>`
			<button type="submit">Submit</button>`
			`)`
changes 2024-12-19 15:57:33 -05:00			`});`
changes 2024-12-05 13:05:35 -05:00
			`// These can be owned, offered, of offering`
			`function categorizeTickets(username) {`
			`let rval="none";`
			`let numtickets=0;`
			`let simpleowner=0;`
			`let offering=0;`
			`let simpleoffered=0;`
			`let thet="";`
			`for (const t in tickets) if (!tickets[t].used) {`
			`if (tickets[t].owner==username && tickets[t].offered=="") simpleowner+=1;`
			`else if (tickets[t].owner==username && tickets[t].offered!=username) offering+=1;`
			`else if (tickets[t].owner!=username && tickets[t].offered==username) simpleoffered+=1;`
			`if (tickets[t].owner==username \|\| tickets[t].offered==username) numtickets+=1;`
			`if (numtickets==1) thet=t; else thet="";`
			`}`
			`if (numtickets==0) return [ "none", ""];`
			`if (numtickets >1) return [ "complex", ""];`
			`if (simpleowner+offering+simpleoffered>1)`
			`return [ "error", "" ]`
			`if (simpleowner==1) return [ "simpleowner", thet ];`
			`if (offering==1) return [ "simpleoffering", thet ];`
			`if (simpleoffered==1) return [ "simpleoffered", thet ];`
			`return [ "complex", "" ];`
			`}`


changes 2024-12-21 00:29:45 -05:00			`app.get('/camps',requireSuperUser, (req,res) => {`
			`const camplist={};`
			`for (const c in camps) {`
			`camplist[c]={ leader:camps[c].leader, issued:0, claimed:0, used:0 };`
			`}`
			`for (const t in tickets) {`
			`const parts=t.split("-");`
			`const campname=parts[0];`
			`const ticketnum=Number(parts[1]);`
			`// camplist[campname]??={ leader:"", issued:0, claimed:0, used:0 };`
			`camplist[campname].issued+=1;`
			`if (tickets[t].owner!="") camplist[campname].claimed+=1;`
			`if (tickets[t].used) camplist[campname].used+=1;`
			`}`
			`return res.render("camps",{ username:"Teppy", camps:camplist });`
			`})`


changes 2024-12-19 15:57:33 -05:00			`app.get('/issue', requireSuperUser, (req,res) => {`
			`const camplist={};`
			`for (const t in tickets) {`
			`const parts=t.split("-");`
			`const campname=parts[0];`
			`const ticketnum=Number(parts[1]);`
			`camplist[campname]??={ issued:0, claimed:0, used:0 };`
			`camplist[campname].issued+=1;`
			`if (tickets[t].owner!="") camplist[campname].claimed+=1;`
			`if (tickets[t].used) camplist[campname].used+=1;`
			`}`
			`return res.render("issue",{ username:"Teppy", camps:camplist });`
			`})`

changes 2024-12-21 00:29:45 -05:00			`app.post("/camps",(req,res) => {`
changes 2024-12-19 15:57:33 -05:00			`const campname=req.body.campname;`
			`const email=req.body.email;`
			`const qty=Number(req.body.qty);`
changes 2024-12-21 00:29:45 -05:00			`console.log("New camp: ",campname);`
			`camps[campname]??={ leader:leader, lastid:0 };`
changes 2024-12-19 15:57:33 -05:00			`for (let i=0; i<qty; i++) {`
changes 2024-12-21 00:29:45 -05:00			`camps[campname].lastid+=1;`
			`tickets[campname+'-'+camps[campname].lastid]={ owner: "", offered: email, used:false };`
changes 2024-12-19 15:57:33 -05:00			`}`
changes 2024-12-21 00:29:45 -05:00			`return res.redirect("/camps");`
changes 2024-12-19 15:57:33 -05:00			`})`


changes 2024-12-05 13:05:35 -05:00			`// Big Kahuna`
			`// If you have zero tickets, show something saying that`
			`// For each ticket owned, display options to offer it, use it, or (eventually) pay for it.`
			`// For each ticket offered, show a button to claim it.`
			`// Have a button to claim all tickets, if there are multiple offered to you`
			`app.get('/transfer', requireLogin, async (req,res) => {`
			`let username=req.session.username;`
			`const [ cat, ticket ] = categorizeTickets(username);`
			`const simpledata={ username: username, ticket: ticket };`
			`if (cat=="none") return res.render("notickets",simpledata);`
			`if (cat=="error") return res.render("error",simpledata);`
			`if (cat=="simpleoffered") return res.render("claimone",simpledata);`
			`if (cat=="simpleoffering") return res.render("retractoffer",simpledata);`
			`if (cat=="complex") {`
			`const edit={ username: username, tickets: {} };`
			`for (const t in tickets)`
			`if (tickets[t].owner==username \|\| tickets[t].offered==username) {`
			`edit.tickets[t]={};`
			`edit.tickets[t].owner=tickets[t].owner;`
			`edit.tickets[t].offered=tickets[t].offered;`
			`edit.tickets[t].used=tickets[t].used;`
			`}`
			`return res.render("transfer",edit);`
			`}`
			`if (cat=="simpleowner") {`
			`try {`
			`const hash0=crypto.createHash('sha256');`
			`const hash1=hash0.update(ticket+QRSalt);`
			`const hash=hash1.digest("base64").slice(0,6);`
			`const dataURL=await QRCode.toDataURL('localhost:3000/useticket?t='+ticket+'&h='+hashQR(ticket,username));`
			`simpledata.qrcode=dataURL;`
			`return res.render("simpleowner",simpledata);`
			`}`
			`catch(err) {`
			`res.status(500).send('Error generating QR code');`
			`}`
			`}`
			`if (cat=="complex") return res.render('transfer',simpledata);`
			`})`

changes 2024-12-09 15:11:22 -05:00			`app.post("/toggle", requireSuperUser, (req,res) => {`
changes 2024-12-05 13:05:35 -05:00			`const ticket=req.body.ticket;`
			`const isChecked = req.body.checked;`
			`tickets[ticket].used=isChecked;`
			`// Perform any server-side logic here`
			`res.json({ message: 'Checkbox state received', checked: isChecked });`
			`})`

changes 2024-12-09 15:11:22 -05:00			`app.post("/updateoffered", requireLogin, (req,res) => {`
			`const ticket=req.body.ticket;`
			`const offered=req.body.offered;`
			`if (tickets[ticket].owner!=req.session.username) res.status(500).send("Ticket "+ticket+" owned by someone else");`
			`else if (tickets[ticket].used) res.status(500).send("Ticket "+ticket+" has already been used");`
			`else {`
			`tickets[ticket].offered=offered;`
			`res.json({ message: 'Updated owner of '+ticket+' to '+offered });`
			`}`
			`})`
changes 2024-12-05 13:05:35 -05:00
changes 2024-12-19 15:57:33 -05:00
changes 2024-12-05 13:05:35 -05:00			`app.get("/useticket",(req,res) => {`
			`let ticket=req.t;`
			`let hash=req.h;`
			`if (hashQR(ticket,req.session.username)!=hash) res.status(500).send("Ticket "+ticket+" was transferred to "+tickets[ticket].username);`
			`else if (tickets[ticket].used) res.status(500).send("Ticket "+ticket+" has already been used.");`
			`else {`
			`tickets[ticket].used=new Date().toISOString();`
			`res.send("<h1>Welcome, "+tickets[ticket].username+" to Falls on Fire! Ticket "+ticket+" has now been used.</h1>");`
			`}`
			`})`



			`function knownEmail(email) {`
			`if (users[email]) return true;`
			`for (const key in tickets)`
			`if (tickets[key].owner==email \|\| tickets[key].offered==email) return true;`
			`return false;`
			`}`

			`app.post('emaillink',(req,res) => {`
			`if (!knownUser(req.email)) return res.send("Unknown User");`
			`const tok=createtoken(email);`
			`client.sendEmail({ From: 'tickets@fallsonfire.net',`
			`To: 'teppy@egenesis.com',`
			`Subject: 'Falls on Fire Tickets, Login Link',`
			`TextBody: 'Your Login Link: http://www.fallonfire.net/longinlink?token='+tok,`
			`HtmlBody: '<p>Your Login Link: </p>',`
			`}).then(() => {`
			`console.log('Email sent');`
			`res.send("<h1>Email sent</h1>");`
			`}).catch((error) => {`
			`console.error('Error sending email:', error);`
			`res.send("<h1>Email failed</h1>");`
			`});`
			`res.send("Email link sent");`
			`})`


			`app.get('/testemail',`
			`(req,res) => {`
			`client.sendEmail({ From: 'tickets@fallsonfire.net',`
			`To: 'teppy@egenesis.com',`
			`Subject: 'Email from Ticketing System',`
			`TextBody: 'This is a test email.',`
			`HtmlBody: '<p>This is a test email.</p>',`
			`}).then(() => {`
			`console.log('Email sent');`
			`res.send("<h1>Email sent</h1>");`
			`}).catch((error) => {`
			`console.error('Error sending email:', error);`
			`res.send("<h1>Email failed</h1>");`
			`})});`




			`// Routes`
			`app.get('/', (req, res) => {`
			`if (req.session.username) {`
			res.send(`
			`<h1>Welcome, ${req.session.username}</h1>`
			`<a href="/products">Products</a><br>`
			`<a href="/faq">FAQ</a><br>`
			`<a href="/logout">Log Out</a>`
			`);
			`} else {`
			res.send(`
			`<h1>Welcome to our website!</h1>`
			`<a href="/login">Log In</a><br>`
			`<a href="/signup">Sign Up</a>`
			`);
			`}`
			`});`

			`app.get('/signup', (req, res) => {`
			res.send(`
			`<h1>Sign Up</h1>`
			`<form method="POST" action="/signup">`
			`<label>Username: <input type="text" name="username" required></label><br>`
			`<label>Password: <input type="password" name="password" required></label><br>`
			`<button type="submit">Sign Up</button>`
			`</form>`
			`<a href="/login">Log In</a>`
			`);
			`});`


			`function consumeToken(tok) {`
			`if (!(tok in tokens)) return false;`
			`const rval=tokens[tok].expires==0 \|\| tokens[tok].expires>=Date.now();`
			`delete tokensu[tokens[tok].username];`
			`delete tokens[tok];`
			`return rval;`
			`}`

			`function createToken(username) {`
			`const token=generateSecureToken();`
			`tokens[token]={ username: username, expires:0 };`
			`tokensu[username]=token;`
			`return token;`
			`}`

			`app.get('/test', (req, res) => {`
			`res.send("Test worked:" + consumeToken("abc"));`
			`})`


			`app.post('/signup', (req, res) => {`
			`const { username, password } = req.body;`
			`if (users[username]) {`
			`return res.send('User already exists. <a href="/signup">Try again</a>');`
			`}`
changes 2024-12-09 15:11:22 -05:00			`users[username] = { password: hashPW(password) };`
			`console.log("Created new account:",username);`
changes 2024-12-05 13:05:35 -05:00			`res.redirect('/login');`
			`});`

			`app.get('/changepassword', (req, res) => {`
			res.send(`
			`<h1>Change Password</h1>`
			`<form method="POST" action="/changepassword">`
			`<label>Password: <input type="password" name="password1" required></label><br>`
			`<label>Again: <input type="password" name="password2" required></label><br>`
			`<button type="submit">Sign Up</button>`
			`</form>`
			`<a href="/">Home</a>`
			`);
			`});`

			`app.post('/changepassword', (req, res) => {`
			`const { password1, password2 } = req.body;`
			`if (!req.session.username) {`
			`return res.send('You are not logged in<a href="/">Back</a>');`
			`}`
			`if (password1!=password2) {`
			`return res.send('Passwords do not match<a href="/">Back</a>');`
			`}`
			`users[req.session.username].password=hashPW(password1);`
			`res.redirect('/login');`
			`});`

			`app.get('/login', (req, res) => {`
changes 2024-12-19 15:57:33 -05:00			`console.log("In get /login: ",req.session);`
			res.send(`
			`<h1>Log In</h1>`
			`<form method="POST" action="/login">`
			`<label>Username: <input type="text" name="username" required></label><br>`
			`<label>Password: <input type="password" name="password" required></label><br>`
			`<button type="submit">Log In</button>`
			`</form>`
			`<a href="/signup">Sign Up</a>`
			`);
			`});`
changes 2024-12-05 13:05:35 -05:00
			`app.post('/login', (req, res) => {`
changes 2024-12-09 15:11:22 -05:00			`const { username, password, superuser } = req.body;`
			`if (users[username] && users[username].password === hashPW(password)) {`
			`req.session.username = username;`
			`req.session.superuser = users[username].superuser;`
changes 2024-12-19 15:57:33 -05:00			`console.log("In post /login",req.session);`
			`const redir=req.session.returnTo;`
			`delete req.session.returnTo;`
			`return res.redirect(redir \|\| "/transfer");`
changes 2024-12-05 13:05:35 -05:00			`}`
			`res.send('Invalid username or password. <a href="/login">Try again</a>');`
			`});`

			`app.get('/logout', (req, res) => {`
			`req.session.destroy(() => {`
			`res.redirect('/');`
			`});`
			`});`

changes 2024-12-14 23:26:38 -05:00			`app.post('/qrcode',requireLogin,async (req,res) => {`
			`const username=req.session.username;`
			`const ticket=req.body.ticket;`
			`if (tickets[ticket].owner!=username) return res.status(500).send("Only a ticket owner can generate a QR code");`
			`const URL=await QRCode.toDataURL('localhost:3000/useticket?t='+ticket+'&h='+hashQR(ticket,username));`
changes 2024-12-19 15:57:33 -05:00			`return res.send({ owner:tickets[ticket].owner, qrcode: URL });`
changes 2024-12-14 23:26:38 -05:00			`})`

changes 2024-12-05 13:05:35 -05:00			`// Protected routes`
			`app.get('/products', requireLogin, (req, res) => {`
			res.send(`
			`<h1>Products Page</h1>`
			`<p>Here is a list of products!</p>`
			`<a href="/">Home</a>`
			`);
			`});`

			`app.get('/tickets', requireLogin, (req, res) => {`
			res.write(`<h1>Tickets for `+req.session.username+`</h1>`);
			res.write(`<a href="/">Home</a>`);
			`res.end();`
			`});`

			`app.get('/faq', requireLogin, (req, res) => {`
			res.send(`
			`<h1>FAQ Page</h1>`
			`<p>Here are some frequently asked questions.</p>`
			`<a href="/">Home</a>`
			`);
			`});`

			`// Start the server`
			`app.listen(PORT, () => {`
			console.log(`Server is running at http://localhost:${PORT}`);
			`});`