fix a few implementations

src/server/lib/accounts.ts

@@ -21,23 +21,21 @@ export type Account = z.infer<typeof AccountSchemas.Account>
  * @returns A Promise which returns the new account's ID
  */
 
-export async function create(username:string,pwd:string,admin:boolean=false):Promise<string> {
+export async function create(username:string,pwd:string,admin:boolean=false):Promise<Account> {
-    let accId = crypto.randomBytes(12).toString("hex")
+    let acc: Account = {
-
+        id:     crypto.randomUUID(),
-    Db.data.push(
+        username: username,
-        {
+        password: password.hash(pwd),
-            id:     accId,
+        files: [],
-            username: username,
+        admin: admin,
-            password: password.hash(pwd),
+        defaultFileVisibility: "public",
-            files: [],
+        settings: AccountSchemas.Settings.User.parse({})
-            admin: admin,
+    }
-            defaultFileVisibility: "public",
-            settings: AccountSchemas.Settings.User.parse({})
-        }
-    )
 
+    Db.data.push(acc)
     await Db.save()
-    return accId
+    
+    return acc
 }
 
 /**

src/server/lib/auth.ts

@@ -59,7 +59,7 @@ export function makeJwt(_token: TokenResolvable) {
         sub: token.account,
         jti: token.id,
         ...(token.type != "User" ? { scope: token.scopes } : {})
-    })
+    }).setProtectedHeader({ alg: "HS256" })
 
     return jwt.sign(config.jwtSecret)
 }

src/server/lib/middleware.ts

@@ -10,19 +10,18 @@ import { codes } from "./codes.js"
  * @description Middleware which adds an account, if any, to ctx.get("account")
  */
 export const getAccount: RequestHandler = async function (ctx, next) {
-    let account = Accounts.getFromToken((await auth.tokenFor(ctx))!)
+    let uToken = (await auth.tokenFor(ctx))!
+    let account = Accounts.getFromToken(uToken)
     if (account?.suspension)
-        setCookie(ctx, "auth", "")
+        auth.invalidate(uToken)
     ctx.set("account", account)
     return next()
 }
 
-export function resolveTarget(actor: Accounts.Account, targetString: string) {
+export function resolveTarget(actor: Accounts.Account, target: Accounts.AccountResolvable) {
-    return targetString == "me"
+    return target == "me"
             ? actor
-            : targetString.startsWith("@")
+            : Accounts.resolve(target)
-              ? Accounts.getFromUsername(targetString.slice(1))
-              : Accounts.getFromId(targetString)
 }
 
 /**
@@ -36,7 +35,6 @@ export const getTarget: RequestHandler = async (ctx, next) => {
         permissions = auth.getScopes(tok)
 
     let actor = ctx.get("account")
-
     let target = resolveTarget(actor, ctx.req.param("user"))
     
     if (!target) return ServeError(ctx, 404, "account does not exist")
@@ -44,11 +42,12 @@ export const getTarget: RequestHandler = async (ctx, next) => {
     if (actor && (
         (
             target != actor // target is not the current account
-            && !actor?.admin // account is not admin
+            && (
-        )
+                !actor?.admin // account is not admin
-        || (
+                || (
-            actor?.admin // account is admin
+                    permissions && !permissions.includes("manage_server") // account is admin but permissions does not include manage_server
-            && permissions && !permissions.includes("manage_server") // permissions does not include manage_server
+                )
+            )
         )
     ))
         return ServeError(ctx, 403, "you cannot manage this user")
@@ -188,7 +187,7 @@ export function scheme(scheme: z.ZodTypeAny, transformer: (ctx: Context) => Prom
 
 // Not really middleware but a utility
 
-export const login = async (ctx: Context, account: string) => {
+export const login = async (ctx: Context, account: Accounts.AccountResolvable) => {
     let token = auth.create(account, 3 * 24 * 60 * 60 * 1000)
     setCookie(ctx, "auth", await auth.makeJwt(token), {
         path: "/",

src/server/routes/api/v1/account/access.ts

@@ -90,7 +90,7 @@ export default function (files: Files) {
     })
 
     router.delete("/:token", async (ctx) => {
-        auth.invalidate(ctx.get("targetToken").id)
+        auth.invalidate(ctx.get("targetToken"))
         return ctx.text(`deleted token ${ctx.req.param("token")}`)
     })
 

src/server/routes/api/v1/account/index.ts

@@ -217,7 +217,12 @@ router.use(getAccount)
 router.on(
     ["GET","PATCH","DELETE"],
     "/:user",
-    requiresAccount, getTarget, accountMgmtRoute
+    requiresAccount, getTarget
+)
+router.on(
+    ["PATCH","DELETE"],
+    "/:user",
+    accountMgmtRoute
 )
 
 function isMessage(object: any): object is Message {
@@ -278,7 +283,7 @@ export default function (files: Files) {
             .then((account) => {
                 if (!ctx.get("account"))
                     login(ctx, account)
-                return ctx.text(account)
+                return ctx.text(account.id)
             })
             .catch((e) => {
                 console.error(e)

src/server/routes/api/v1/session.ts

@@ -12,6 +12,7 @@ import * as auth from "../../../lib/auth.js"
 import {
     getAccount,
     login,
+    mirror,
     requiresAccount,
     scheme
 } from "../../../lib/middleware.js"
@@ -27,7 +28,7 @@ const router = new Hono<{
 
 router.use(getAccount)
 
-export default function (files: Files) {
+export default function (files: Files, apiRoot: Hono) {
     router.post("/",scheme(z.object({
         username: AccountSchemas.Username,
         password: AccountSchemas.StringPassword
@@ -59,8 +60,7 @@ export default function (files: Files) {
     })
 
     router.get("/", requiresAccount, async ctx => {
-        let sessionToken = (await auth.tokenFor(ctx))!
+        return ctx.json(auth.resolve((await auth.tokenFor(ctx))!)!)
-        return ctx.redirect(`/api/v1`)
     })
 
     router.delete("/", requiresAccount, async ctx => {