derv-net/routes/youApi.js

121 lines
2.8 KiB
JavaScript
Raw Normal View History

2025-02-25 19:47:28 -05:00
import { Router } from "express";
import { apiStat } from "../lib.js";
import { hash, compare } from "bcrypt";
import { initDb } from "../db.js";
import { randomBytes } from 'node:crypto';
2025-02-26 22:12:46 -05:00
import { rename } from 'node:fs/promises';
2025-02-25 19:47:28 -05:00
let db = await initDb();
const router = Router();
const minChar = 1;
const maxChar = 32;
function legalName(user) {
return user.search(/[^A-Za-z0-9\-\_]/g) == -1;
}
2025-02-26 22:12:46 -05:00
router.post('/settings', async (req, res, next) => {
let {file} = req;
let {username, valid} = res.auth;
if (!valid) return;
if (file) {
await rename(file.path,`./uploads/pfp_${username}.png`);
}
next();
});
2025-02-25 19:51:46 -05:00
router.post('/logout', (req, res, next) => {
res.clearCookie('token');
apiStat(res, next, `Goodbye!`, '/');
return;
});
2025-02-25 19:47:28 -05:00
async function login(req, res, next) {
let { user, pass } = req.body;
if (!pass || !user) {
apiStat(res, next, 'Fields are missing.')
return;
}
let isExist = await db.all('SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)', [
user
]); // TODO: dont use all
if (isExist.length < 1) {
apiStat(res, next, `Username wasn't taken.`)
return;
}
let passHash = await compare(pass, isExist[0].password);
if (!passHash) {
apiStat(res, next, `Password is wrong.`);
return;
}
let token = randomBytes(32).toString('hex');
await db.run('INSERT INTO token (username, token) VALUES (?, ?)', [
user,
token
])
res.cookie('token', token);
let stat = `Login succeeded.`;
apiStat(res, next, stat, '/');
return stat;
}
router.post('/login', login)
router.post('/new', async (req, res, next) => {
let { user, pass, pass2 } = req.body;
if (pass != pass2) {
apiStat(res, next, "Passwords don't match.")
return;
}
if (!pass || !user || !pass2) {
apiStat(res, next, 'Fields are missing.')
return;
}
if (!legalName(user)) {
apiStat(res, next, 'Username is invalid.')
return;
}
if (user.length < minChar || user.length > maxChar) {
apiStat(res, next, `Username length isn't ${minChar} to ${maxChar} characters.`)
return;
} // TODO: fix this horrible logic chain thing
let isExist = await db.all('SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)', [
user
]); // TODO: dont use all
if (isExist.length > 0) {
apiStat(res, next, `Username was taken.`)
return;
}
var passHash = await hash(pass, 10);
await db.run('INSERT INTO auth (username, password) VALUES (?, ?)', [
user,
passHash
]);
let testLogin = await login(req, res, () => { });
apiStat(res, next, `Account created. Login status: ${testLogin}`, '/')
})
export default router;