107 lines
No EOL
2.5 KiB
JavaScript
107 lines
No EOL
2.5 KiB
JavaScript
import { Router } from "express";
|
|
import { apiStat } from "../lib.js";
|
|
import { hash, compare } from "bcrypt";
|
|
import { initDb } from "../db.js";
|
|
import { randomBytes } from 'node:crypto';
|
|
|
|
let db = await initDb();
|
|
|
|
const router = Router();
|
|
const minChar = 1;
|
|
const maxChar = 32;
|
|
|
|
function legalName(user) {
|
|
return user.search(/[^A-Za-z0-9\-\_]/g) == -1;
|
|
}
|
|
|
|
router.post('/logout', (req, res, next) => {
|
|
res.clearCookie('token');
|
|
apiStat(res, next, `Goodbye!`, '/');
|
|
return;
|
|
});
|
|
|
|
async function login(req, res, next) {
|
|
let { user, pass } = req.body;
|
|
|
|
if (!pass || !user) {
|
|
apiStat(res, next, 'Fields are missing.')
|
|
return;
|
|
}
|
|
|
|
let isExist = await db.all('SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)', [
|
|
user
|
|
]); // TODO: dont use all
|
|
|
|
if (isExist.length < 1) {
|
|
apiStat(res, next, `Username wasn't taken.`)
|
|
return;
|
|
}
|
|
|
|
let passHash = await compare(pass, isExist[0].password);
|
|
|
|
if (!passHash) {
|
|
apiStat(res, next, `Password is wrong.`);
|
|
return;
|
|
}
|
|
|
|
let token = randomBytes(32).toString('hex');
|
|
|
|
await db.run('INSERT INTO token (username, token) VALUES (?, ?)', [
|
|
user,
|
|
token
|
|
])
|
|
|
|
res.cookie('token', token);
|
|
|
|
let stat = `Login succeeded.`;
|
|
apiStat(res, next, stat, '/');
|
|
return stat;
|
|
}
|
|
|
|
router.post('/login', login)
|
|
|
|
router.post('/new', async (req, res, next) => {
|
|
let { user, pass, pass2 } = req.body;
|
|
|
|
if (pass != pass2) {
|
|
apiStat(res, next, "Passwords don't match.")
|
|
return;
|
|
}
|
|
|
|
if (!pass || !user || !pass2) {
|
|
apiStat(res, next, 'Fields are missing.')
|
|
return;
|
|
}
|
|
|
|
if (!legalName(user)) {
|
|
apiStat(res, next, 'Username is invalid.')
|
|
return;
|
|
}
|
|
|
|
if (user.length < minChar || user.length > maxChar) {
|
|
apiStat(res, next, `Username length isn't ${minChar} to ${maxChar} characters.`)
|
|
return;
|
|
} // TODO: fix this horrible logic chain thing
|
|
|
|
let isExist = await db.all('SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)', [
|
|
user
|
|
]); // TODO: dont use all
|
|
|
|
if (isExist.length > 0) {
|
|
apiStat(res, next, `Username was taken.`)
|
|
return;
|
|
}
|
|
|
|
var passHash = await hash(pass, 10);
|
|
|
|
await db.run('INSERT INTO auth (username, password) VALUES (?, ?)', [
|
|
user,
|
|
passHash
|
|
]);
|
|
|
|
let testLogin = await login(req, res, () => { });
|
|
|
|
apiStat(res, next, `Account created. Login status: ${testLogin}`, '/')
|
|
})
|
|
|
|
export default router; |