Auth fix (#54)

* Authorization added

* added secret to password, md5 hashing, removed promise from verifyToken, deleted links when not authorized

* added dbinsert script

* turned verifyToken to middleware, added description for dbinsert, added hidden csrf field in auth form

* added middlewares, user model and controller

* JSDoc fix

* wrong password processing fix

* added comments to dbinsert script, moved salt and passHash to singe db doc

* Moved salt to .env, upgradedscript for generating password was, fixed comments and JSDoc

* Deleted using salt (now user is only one), changed verifying password to bcrypt.compare, added httpyOnly property to jwt cookie

* Added verifyToken middleware to aliases route, added check for user existance on POST/auth

* Added message "password not set" to client

src/routes/auth.js

@@ -28,6 +28,14 @@ router.get('/auth', csrfProtection, function (req, res) {
 router.post('/auth', parseForm, csrfProtection, async (req, res) => {
   let userDoc = await Users.get();
 
+  if (!userDoc) {
+    res.render('auth', {
+      title: 'Login page',
+      header: 'Password not set',
+      csrfToken: req.csrfToken()
+    });
+  }
+
   const passHash = userDoc.passHash;
 
   bcrypt.compare(req.body.password, passHash, async (err, result) => {