account api half done

2024-11-22 05:46:26 -08:00 · 2023-10-05 02:25:04 +01:00 · 2023-10-05 02:25:04 +01:00 · 6b8d050fa5
parent 03c638b951
commit 6b8d050fa5
3 changed files with 270 additions and 4 deletions
--- a/src/server/routes/api/v1/account.ts
+++ b/src/server/routes/api/v1/account.ts
@ -1,12 +1,146 @@
+// Modules
+
 import { Router } from "express";
-import Files from "../../../lib/files";
+import bodyParser from "body-parser";

-import { getAccount } from "../../../lib/middleware";
+// Libs

-let router = Router()
+import Files, { id_check_regex } from "../../../lib/files";
+import * as Accounts from '../../../lib/accounts'
+import * as Authentication from '../../../lib/auth'
+import { assertAPI, getAccount, noAPIAccess, requiresAccount, requiresPermissions } from "../../../lib/middleware";
+import ServeError from "../../../lib/errors";
+
+const Configuration = require(`${process.cwd()}/config.json`)
+
+const parser = bodyParser.json({
+    type: [ "type/plain", "application/json" ]
+})
+
+const router = Router()

 router.use(getAccount)

 module.exports = function(files: Files) {
+    router.post("/login",
+        parser,
+        (req, res) => {
+            if (typeof req.body.username != "string" || typeof req.body.password != "string") {
+                ServeError(res, 400, "please provide a username or password")
+                return
+            }
+
+            if (Authentication.validate(req.cookies.auth)) {
+                ServeError(res, 400, "you are already logged in")
+                return
+            }
+
+            const Account = Accounts.getFromUsername(req.body.username)
+
+            if (!Account || !Accounts.password.check(Account.id, req.body.password)) {
+                ServeError(res, 400, "username or password incorrect")
+                return
+            }
+
+            res.cookie("auth",
+                Authentication.create(
+                    Account.id, // account id
+                    (3 * 24 * 60 * 60 * 1000) // expiration time
+                )
+            )
+            res.status(200)
+            res.end()
+        }
+    )
+
+    router.post("/create",
+        parser,
+        (req, res) => {
+            if (!Configuration.accounts.registrationEnabled) {
+                ServeError(res , 403, "account registration disabled")
+                return
+            }
+
+            if (Authentication.validate(req.cookies.auth)) {
+                ServeError(res, 400, "you are already logged in")
+                return
+            }
+
+            if (Accounts.getFromUsername(req.body.username)) {
+                ServeError(res, 400, "account with this username already exists")
+                return
+            }
+
+            if (req.body.username.length < 3 || req.body.username.length > 20) {
+                ServeError(res, 400, "username must be over or equal to 3 characters or under or equal to 20 characters in length")
+                return
+            }
+
+            if (
+                (
+                    req.body.username.match(/[A-Za-z0-9_\-\.]+/)
+                    ||
+                    []
+                )[0] != req.body.username
+            ) {
+                ServeError(res, 400, "username contains invalid characters")
+                return
+            }
+
+            if (req.body.password.length < 8) {
+                ServeError(res, 400, "password must be 8 characters or longer")
+                return
+            }
+
+            Accounts.create(
+                req.body.username,
+                req.body.password
+            ).then((Account) => {
+                res.cookie("auth", Authentication.create(
+                    Account, // account id
+                    (3 * 24 * 60 * 60 * 1000) // expiration time
+                ))
+                res.status(200)
+                res.end()
+            })
+            .catch(() => {
+                ServeError(res, 500, "internal server error")
+            })
+        }
+    )
+
+    router.post("/logout",
+        (req, res) => {
+            if (!Authentication.validate(req.cookies.auth)) {
+                ServeError(res, 401, "not logged in")
+                return
+            }
+
+            Authentication.invalidate(req.cookies.auth)
+            res.send("logged out")
+        }
+    )
+
+    router.put("/dfv",
+        requiresAccount,
+        requiresPermissions("manage"),
+        parser,
+        (req, res) => {
+            const Account = res.locals.acc as Accounts.Account
+
+            if (['public', 'private', 'anonymous'].includes(req.body.defaultFileVisibility)) {
+                Account.defaultFileVisibility = req.body.defaultFileVisibility
+                
+                Accounts.save()
+                
+                res.send(`dfv has been set to ${Account.defaultFileVisibility}`)
+            } else {
+                res.status(400)
+                
+                res.send("invalid dfv")
+            }
+        }
+    )
+
    return router
 }
--- a/src/server/routes/api/v1/api.json
+++ b/src/server/routes/api/v1/api.json
@ -2,6 +2,16 @@
    "name": "v1",
    "baseURL": "/api/v1",
    "mount": [
-        "account", "admin", "file", "public"
+        "account",
+        "admin",
+        "public",
+        {
+            "file": "file",
+            "to": "/account/files" 
+        },
+        {
+            "file": "customization",
+            "to": "/account/customization"
+        }
    ]
 }
--- a/src/server/routes/api/v1/customization.ts
+++ b/src/server/routes/api/v1/customization.ts
@ -0,0 +1,122 @@
+// Modules
+
+import { Router } from "express";
+import bodyParser from "body-parser";
+
+// Libs
+
+import Files, { id_check_regex } from "../../../lib/files";
+import * as Accounts from '../../../lib/accounts'
+import { getAccount, requiresAccount, requiresPermissions } from "../../../lib/middleware";
+
+const Configuration = require(`${process.cwd()}/config.json`)
+
+const parser = bodyParser.json({
+    type: [ "type/plain", "application/json" ]
+})
+
+const router = Router()
+
+router.use(getAccount)
+
+module.exports = function(files: Files) {
+    router.put("/css",
+        requiresAccount,
+        requiresPermissions("customize"),
+        parser,
+        (req, res) => {
+            const Account = res.locals.acc as Accounts.Account
+
+            if (typeof req.body.fileId != "string") req.body.fileId = undefined;
+
+            if (
+                !req.body.fileId
+                ||
+                (req.body.fileId.match(id_check_regex) == req.body.fileId 
+                && req.body.fileId.length <= Configuration.maxUploadIdLength)
+            ) {
+                Account.customCSS = req.body.fileId || undefined
+
+                if (!req.body.fileId) delete Account.customCSS;
+
+                Accounts.save()
+
+                res.send("custom css saved")
+            } else {
+                res.status(400)
+
+                res.send("invalid fileid")
+            }
+        }
+    )
+
+    // authRoutes.get("/customCSS", (req,res) => {
+    //     let acc = res.locals.acc
+    //     if (acc?.customCSS) res.redirect(`/file/${acc.customCSS}`)
+    //     else res.send("")
+    // })
+
+    router.get('/css',
+        requiresAccount,
+        (req, res) => {
+            const Account = res.locals.acc
+
+            if (Account?.customCSS) res.redirect(`/file/${Account.customCSS}`)
+            else res.send("");
+        }
+    )
+
+    router.put("/embed/color",
+        requiresAccount,
+        requiresPermissions("customize"),
+        parser,
+        (req, res) => {
+            const Account = res.locals.acc as Accounts.Account
+
+            if (typeof req.body.color != "string") req.body.color = undefined;
+            
+            if (
+                !req.body.color
+                || (req.body.color.toLowerCase().match(/[a-f0-9]+/) == req.body.color.toLowerCase())
+                && req.body.color.length == 6
+            ) {
+                if (!Account.embed) Account.embed = {};
+
+                Account.embed.color = req.body.color || undefined
+
+                if (!req.body.color) delete Account.embed.color;
+
+                Accounts.save()
+
+                res.send("custom embed color saved")
+            } else {
+                res.status(400)
+
+                res.send("invalid hex code")
+            }
+        }
+    )
+
+    router.put("/embed/size",
+        requiresAccount,
+        requiresPermissions("customize"),
+        parser,
+        (req, res) => {
+            const Account = res.locals.acc as Accounts.Account
+
+            if (typeof req.body.largeImage != "boolean") req.body.color = false;
+
+            if (!Account.embed) Account.embed = {};
+
+            Account.embed.largeImage = req.body.largeImage
+            
+            if (!req.body.largeImage) delete Account.embed.largeImage;
+
+            Accounts.save()
+
+            res.send(`custom embed image size saved`)
+        }
+    )
+
+    return router
+}