account api half done

This commit is contained in:
linkability 2023-10-05 02:25:04 +01:00
parent 03c638b951
commit 6b8d050fa5
No known key found for this signature in database
3 changed files with 270 additions and 4 deletions

View file

@ -1,12 +1,146 @@
// Modules
import { Router } from "express";
import Files from "../../../lib/files";
import bodyParser from "body-parser";
import { getAccount } from "../../../lib/middleware";
// Libs
let router = Router()
import Files, { id_check_regex } from "../../../lib/files";
import * as Accounts from '../../../lib/accounts'
import * as Authentication from '../../../lib/auth'
import { assertAPI, getAccount, noAPIAccess, requiresAccount, requiresPermissions } from "../../../lib/middleware";
import ServeError from "../../../lib/errors";
const Configuration = require(`${process.cwd()}/config.json`)
const parser = bodyParser.json({
type: [ "type/plain", "application/json" ]
})
const router = Router()
router.use(getAccount)
module.exports = function(files: Files) {
router.post("/login",
parser,
(req, res) => {
if (typeof req.body.username != "string" || typeof req.body.password != "string") {
ServeError(res, 400, "please provide a username or password")
return
}
if (Authentication.validate(req.cookies.auth)) {
ServeError(res, 400, "you are already logged in")
return
}
const Account = Accounts.getFromUsername(req.body.username)
if (!Account || !Accounts.password.check(Account.id, req.body.password)) {
ServeError(res, 400, "username or password incorrect")
return
}
res.cookie("auth",
Authentication.create(
Account.id, // account id
(3 * 24 * 60 * 60 * 1000) // expiration time
)
)
res.status(200)
res.end()
}
)
router.post("/create",
parser,
(req, res) => {
if (!Configuration.accounts.registrationEnabled) {
ServeError(res , 403, "account registration disabled")
return
}
if (Authentication.validate(req.cookies.auth)) {
ServeError(res, 400, "you are already logged in")
return
}
if (Accounts.getFromUsername(req.body.username)) {
ServeError(res, 400, "account with this username already exists")
return
}
if (req.body.username.length < 3 || req.body.username.length > 20) {
ServeError(res, 400, "username must be over or equal to 3 characters or under or equal to 20 characters in length")
return
}
if (
(
req.body.username.match(/[A-Za-z0-9_\-\.]+/)
||
[]
)[0] != req.body.username
) {
ServeError(res, 400, "username contains invalid characters")
return
}
if (req.body.password.length < 8) {
ServeError(res, 400, "password must be 8 characters or longer")
return
}
Accounts.create(
req.body.username,
req.body.password
).then((Account) => {
res.cookie("auth", Authentication.create(
Account, // account id
(3 * 24 * 60 * 60 * 1000) // expiration time
))
res.status(200)
res.end()
})
.catch(() => {
ServeError(res, 500, "internal server error")
})
}
)
router.post("/logout",
(req, res) => {
if (!Authentication.validate(req.cookies.auth)) {
ServeError(res, 401, "not logged in")
return
}
Authentication.invalidate(req.cookies.auth)
res.send("logged out")
}
)
router.put("/dfv",
requiresAccount,
requiresPermissions("manage"),
parser,
(req, res) => {
const Account = res.locals.acc as Accounts.Account
if (['public', 'private', 'anonymous'].includes(req.body.defaultFileVisibility)) {
Account.defaultFileVisibility = req.body.defaultFileVisibility
Accounts.save()
res.send(`dfv has been set to ${Account.defaultFileVisibility}`)
} else {
res.status(400)
res.send("invalid dfv")
}
}
)
return router
}

View file

@ -2,6 +2,16 @@
"name": "v1",
"baseURL": "/api/v1",
"mount": [
"account", "admin", "file", "public"
"account",
"admin",
"public",
{
"file": "file",
"to": "/account/files"
},
{
"file": "customization",
"to": "/account/customization"
}
]
}

View file

@ -0,0 +1,122 @@
// Modules
import { Router } from "express";
import bodyParser from "body-parser";
// Libs
import Files, { id_check_regex } from "../../../lib/files";
import * as Accounts from '../../../lib/accounts'
import { getAccount, requiresAccount, requiresPermissions } from "../../../lib/middleware";
const Configuration = require(`${process.cwd()}/config.json`)
const parser = bodyParser.json({
type: [ "type/plain", "application/json" ]
})
const router = Router()
router.use(getAccount)
module.exports = function(files: Files) {
router.put("/css",
requiresAccount,
requiresPermissions("customize"),
parser,
(req, res) => {
const Account = res.locals.acc as Accounts.Account
if (typeof req.body.fileId != "string") req.body.fileId = undefined;
if (
!req.body.fileId
||
(req.body.fileId.match(id_check_regex) == req.body.fileId
&& req.body.fileId.length <= Configuration.maxUploadIdLength)
) {
Account.customCSS = req.body.fileId || undefined
if (!req.body.fileId) delete Account.customCSS;
Accounts.save()
res.send("custom css saved")
} else {
res.status(400)
res.send("invalid fileid")
}
}
)
// authRoutes.get("/customCSS", (req,res) => {
// let acc = res.locals.acc
// if (acc?.customCSS) res.redirect(`/file/${acc.customCSS}`)
// else res.send("")
// })
router.get('/css',
requiresAccount,
(req, res) => {
const Account = res.locals.acc
if (Account?.customCSS) res.redirect(`/file/${Account.customCSS}`)
else res.send("");
}
)
router.put("/embed/color",
requiresAccount,
requiresPermissions("customize"),
parser,
(req, res) => {
const Account = res.locals.acc as Accounts.Account
if (typeof req.body.color != "string") req.body.color = undefined;
if (
!req.body.color
|| (req.body.color.toLowerCase().match(/[a-f0-9]+/) == req.body.color.toLowerCase())
&& req.body.color.length == 6
) {
if (!Account.embed) Account.embed = {};
Account.embed.color = req.body.color || undefined
if (!req.body.color) delete Account.embed.color;
Accounts.save()
res.send("custom embed color saved")
} else {
res.status(400)
res.send("invalid hex code")
}
}
)
router.put("/embed/size",
requiresAccount,
requiresPermissions("customize"),
parser,
(req, res) => {
const Account = res.locals.acc as Accounts.Account
if (typeof req.body.largeImage != "boolean") req.body.color = false;
if (!Account.embed) Account.embed = {};
Account.embed.largeImage = req.body.largeImage
if (!req.body.largeImage) delete Account.embed.largeImage;
Accounts.save()
res.send(`custom embed image size saved`)
}
)
return router
}