mirror of
https://github.com/mollersuite/monofile.git
synced 2024-10-06 20:16:25 -07:00
account api half done
This commit is contained in:
parent
03c638b951
commit
6b8d050fa5
|
@ -1,12 +1,146 @@
|
||||||
|
// Modules
|
||||||
|
|
||||||
import { Router } from "express";
|
import { Router } from "express";
|
||||||
import Files from "../../../lib/files";
|
import bodyParser from "body-parser";
|
||||||
|
|
||||||
import { getAccount } from "../../../lib/middleware";
|
// Libs
|
||||||
|
|
||||||
let router = Router()
|
import Files, { id_check_regex } from "../../../lib/files";
|
||||||
|
import * as Accounts from '../../../lib/accounts'
|
||||||
|
import * as Authentication from '../../../lib/auth'
|
||||||
|
import { assertAPI, getAccount, noAPIAccess, requiresAccount, requiresPermissions } from "../../../lib/middleware";
|
||||||
|
import ServeError from "../../../lib/errors";
|
||||||
|
|
||||||
|
const Configuration = require(`${process.cwd()}/config.json`)
|
||||||
|
|
||||||
|
const parser = bodyParser.json({
|
||||||
|
type: [ "type/plain", "application/json" ]
|
||||||
|
})
|
||||||
|
|
||||||
|
const router = Router()
|
||||||
|
|
||||||
router.use(getAccount)
|
router.use(getAccount)
|
||||||
|
|
||||||
module.exports = function(files: Files) {
|
module.exports = function(files: Files) {
|
||||||
|
router.post("/login",
|
||||||
|
parser,
|
||||||
|
(req, res) => {
|
||||||
|
if (typeof req.body.username != "string" || typeof req.body.password != "string") {
|
||||||
|
ServeError(res, 400, "please provide a username or password")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Authentication.validate(req.cookies.auth)) {
|
||||||
|
ServeError(res, 400, "you are already logged in")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
const Account = Accounts.getFromUsername(req.body.username)
|
||||||
|
|
||||||
|
if (!Account || !Accounts.password.check(Account.id, req.body.password)) {
|
||||||
|
ServeError(res, 400, "username or password incorrect")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
res.cookie("auth",
|
||||||
|
Authentication.create(
|
||||||
|
Account.id, // account id
|
||||||
|
(3 * 24 * 60 * 60 * 1000) // expiration time
|
||||||
|
)
|
||||||
|
)
|
||||||
|
res.status(200)
|
||||||
|
res.end()
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
router.post("/create",
|
||||||
|
parser,
|
||||||
|
(req, res) => {
|
||||||
|
if (!Configuration.accounts.registrationEnabled) {
|
||||||
|
ServeError(res , 403, "account registration disabled")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Authentication.validate(req.cookies.auth)) {
|
||||||
|
ServeError(res, 400, "you are already logged in")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Accounts.getFromUsername(req.body.username)) {
|
||||||
|
ServeError(res, 400, "account with this username already exists")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (req.body.username.length < 3 || req.body.username.length > 20) {
|
||||||
|
ServeError(res, 400, "username must be over or equal to 3 characters or under or equal to 20 characters in length")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
(
|
||||||
|
req.body.username.match(/[A-Za-z0-9_\-\.]+/)
|
||||||
|
||
|
||||||
|
[]
|
||||||
|
)[0] != req.body.username
|
||||||
|
) {
|
||||||
|
ServeError(res, 400, "username contains invalid characters")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (req.body.password.length < 8) {
|
||||||
|
ServeError(res, 400, "password must be 8 characters or longer")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
Accounts.create(
|
||||||
|
req.body.username,
|
||||||
|
req.body.password
|
||||||
|
).then((Account) => {
|
||||||
|
res.cookie("auth", Authentication.create(
|
||||||
|
Account, // account id
|
||||||
|
(3 * 24 * 60 * 60 * 1000) // expiration time
|
||||||
|
))
|
||||||
|
res.status(200)
|
||||||
|
res.end()
|
||||||
|
})
|
||||||
|
.catch(() => {
|
||||||
|
ServeError(res, 500, "internal server error")
|
||||||
|
})
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
router.post("/logout",
|
||||||
|
(req, res) => {
|
||||||
|
if (!Authentication.validate(req.cookies.auth)) {
|
||||||
|
ServeError(res, 401, "not logged in")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
Authentication.invalidate(req.cookies.auth)
|
||||||
|
res.send("logged out")
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
router.put("/dfv",
|
||||||
|
requiresAccount,
|
||||||
|
requiresPermissions("manage"),
|
||||||
|
parser,
|
||||||
|
(req, res) => {
|
||||||
|
const Account = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
|
if (['public', 'private', 'anonymous'].includes(req.body.defaultFileVisibility)) {
|
||||||
|
Account.defaultFileVisibility = req.body.defaultFileVisibility
|
||||||
|
|
||||||
|
Accounts.save()
|
||||||
|
|
||||||
|
res.send(`dfv has been set to ${Account.defaultFileVisibility}`)
|
||||||
|
} else {
|
||||||
|
res.status(400)
|
||||||
|
|
||||||
|
res.send("invalid dfv")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
return router
|
return router
|
||||||
}
|
}
|
|
@ -2,6 +2,16 @@
|
||||||
"name": "v1",
|
"name": "v1",
|
||||||
"baseURL": "/api/v1",
|
"baseURL": "/api/v1",
|
||||||
"mount": [
|
"mount": [
|
||||||
"account", "admin", "file", "public"
|
"account",
|
||||||
|
"admin",
|
||||||
|
"public",
|
||||||
|
{
|
||||||
|
"file": "file",
|
||||||
|
"to": "/account/files"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"file": "customization",
|
||||||
|
"to": "/account/customization"
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
122
src/server/routes/api/v1/customization.ts
Normal file
122
src/server/routes/api/v1/customization.ts
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
// Modules
|
||||||
|
|
||||||
|
import { Router } from "express";
|
||||||
|
import bodyParser from "body-parser";
|
||||||
|
|
||||||
|
// Libs
|
||||||
|
|
||||||
|
import Files, { id_check_regex } from "../../../lib/files";
|
||||||
|
import * as Accounts from '../../../lib/accounts'
|
||||||
|
import { getAccount, requiresAccount, requiresPermissions } from "../../../lib/middleware";
|
||||||
|
|
||||||
|
const Configuration = require(`${process.cwd()}/config.json`)
|
||||||
|
|
||||||
|
const parser = bodyParser.json({
|
||||||
|
type: [ "type/plain", "application/json" ]
|
||||||
|
})
|
||||||
|
|
||||||
|
const router = Router()
|
||||||
|
|
||||||
|
router.use(getAccount)
|
||||||
|
|
||||||
|
module.exports = function(files: Files) {
|
||||||
|
router.put("/css",
|
||||||
|
requiresAccount,
|
||||||
|
requiresPermissions("customize"),
|
||||||
|
parser,
|
||||||
|
(req, res) => {
|
||||||
|
const Account = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
|
if (typeof req.body.fileId != "string") req.body.fileId = undefined;
|
||||||
|
|
||||||
|
if (
|
||||||
|
!req.body.fileId
|
||||||
|
||
|
||||||
|
(req.body.fileId.match(id_check_regex) == req.body.fileId
|
||||||
|
&& req.body.fileId.length <= Configuration.maxUploadIdLength)
|
||||||
|
) {
|
||||||
|
Account.customCSS = req.body.fileId || undefined
|
||||||
|
|
||||||
|
if (!req.body.fileId) delete Account.customCSS;
|
||||||
|
|
||||||
|
Accounts.save()
|
||||||
|
|
||||||
|
res.send("custom css saved")
|
||||||
|
} else {
|
||||||
|
res.status(400)
|
||||||
|
|
||||||
|
res.send("invalid fileid")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// authRoutes.get("/customCSS", (req,res) => {
|
||||||
|
// let acc = res.locals.acc
|
||||||
|
// if (acc?.customCSS) res.redirect(`/file/${acc.customCSS}`)
|
||||||
|
// else res.send("")
|
||||||
|
// })
|
||||||
|
|
||||||
|
router.get('/css',
|
||||||
|
requiresAccount,
|
||||||
|
(req, res) => {
|
||||||
|
const Account = res.locals.acc
|
||||||
|
|
||||||
|
if (Account?.customCSS) res.redirect(`/file/${Account.customCSS}`)
|
||||||
|
else res.send("");
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
router.put("/embed/color",
|
||||||
|
requiresAccount,
|
||||||
|
requiresPermissions("customize"),
|
||||||
|
parser,
|
||||||
|
(req, res) => {
|
||||||
|
const Account = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
|
if (typeof req.body.color != "string") req.body.color = undefined;
|
||||||
|
|
||||||
|
if (
|
||||||
|
!req.body.color
|
||||||
|
|| (req.body.color.toLowerCase().match(/[a-f0-9]+/) == req.body.color.toLowerCase())
|
||||||
|
&& req.body.color.length == 6
|
||||||
|
) {
|
||||||
|
if (!Account.embed) Account.embed = {};
|
||||||
|
|
||||||
|
Account.embed.color = req.body.color || undefined
|
||||||
|
|
||||||
|
if (!req.body.color) delete Account.embed.color;
|
||||||
|
|
||||||
|
Accounts.save()
|
||||||
|
|
||||||
|
res.send("custom embed color saved")
|
||||||
|
} else {
|
||||||
|
res.status(400)
|
||||||
|
|
||||||
|
res.send("invalid hex code")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
router.put("/embed/size",
|
||||||
|
requiresAccount,
|
||||||
|
requiresPermissions("customize"),
|
||||||
|
parser,
|
||||||
|
(req, res) => {
|
||||||
|
const Account = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
|
if (typeof req.body.largeImage != "boolean") req.body.color = false;
|
||||||
|
|
||||||
|
if (!Account.embed) Account.embed = {};
|
||||||
|
|
||||||
|
Account.embed.largeImage = req.body.largeImage
|
||||||
|
|
||||||
|
if (!req.body.largeImage) delete Account.embed.largeImage;
|
||||||
|
|
||||||
|
Accounts.save()
|
||||||
|
|
||||||
|
res.send(`custom embed image size saved`)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
return router
|
||||||
|
}
|
Loading…
Reference in a new issue