login and register logic

2025-02-25 19:47:28 -05:00 · 2025-02-25 19:47:28 -05:00 · 8d0c02e27e
commit 8d0c02e27e
parent a2f8452eec
15 changed files with 496 additions and 106 deletions
--- a/routes/youApi.js
+++ b/routes/youApi.js
@ -0,0 +1,101 @@
+import { Router } from "express";
+import { apiStat } from "../lib.js";
+import { hash, compare } from "bcrypt";
+import { initDb } from "../db.js";
+import { randomBytes } from 'node:crypto';
+
+let db = await initDb();
+
+const router = Router();
+const minChar = 1;
+const maxChar = 32;
+
+function legalName(user) {
+    return user.search(/[^A-Za-z0-9\-\_]/g) == -1;
+}
+
+async function login(req, res, next) {
+    let { user, pass } = req.body;
+
+    if (!pass || !user) {
+        apiStat(res, next, 'Fields are missing.')
+        return;
+    }
+
+    let isExist = await db.all('SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)', [
+        user
+    ]); // TODO: dont use all
+
+    if (isExist.length < 1) {
+        apiStat(res, next, `Username wasn't taken.`)
+        return;
+    }
+
+    let passHash = await compare(pass, isExist[0].password);
+
+    if (!passHash) {
+        apiStat(res, next, `Password is wrong.`);
+        return;
+    }
+
+    let token = randomBytes(32).toString('hex');
+
+    await db.run('INSERT INTO token (username, token) VALUES (?, ?)', [
+        user,
+        token
+    ])
+
+    res.cookie('token', token);
+
+    let stat = `Login succeeded.`;
+    apiStat(res, next, stat, '/');
+    return stat;
+}
+
+router.post('/login', login)
+
+router.post('/new', async (req, res, next) => {
+    let { user, pass, pass2 } = req.body;
+
+    if (pass != pass2) {
+        apiStat(res, next, "Passwords don't match.")
+        return;
+    }
+
+    if (!pass || !user || !pass2) {
+        apiStat(res, next, 'Fields are missing.')
+        return;
+    }
+
+    if (!legalName(user)) {
+        apiStat(res, next, 'Username is invalid.')
+        return;
+    }
+
+    if (user.length < minChar || user.length > maxChar) {
+        apiStat(res, next, `Username length isn't ${minChar} to ${maxChar} characters.`)
+        return;
+    } // TODO: fix this horrible logic chain thing
+
+    let isExist = await db.all('SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)', [
+        user
+    ]); // TODO: dont use all
+
+    if (isExist.length > 0) {
+        apiStat(res, next, `Username was taken.`)
+        return;
+    }
+
+    var passHash = await hash(pass, 10);
+
+    await db.run('INSERT INTO auth (username, password) VALUES (?, ?)', [
+        user,
+        passHash
+    ]);
+
+    let testLogin = await login(req, res, () => { });
+
+    apiStat(res, next, `Account created. Login status: ${testLogin}`, '/')
+})
+
+export default router;