i think we're done actually

2024-11-24 06:36:27 -08:00 · 2024-04-30 23:40:42 -07:00 · 2024-04-30 23:40:42 -07:00 · f0a2450082
parent 8a26ace11f
commit f0a2450082
7 changed files with 107 additions and 138 deletions
--- a/src/server/index.ts
+++ b/src/server/index.ts
@ -9,7 +9,7 @@ import { fileURLToPath } from "url"
 import { dirname } from "path"
 import config from "./lib/config.js"

-const app = new Hono()
+const app = new Hono({strict: false})

 app.get(
    "/static/assets/*",
@ -78,7 +78,7 @@ apiRouter.loadAPIMethods().then(() => {
        app.fetch(
            new Request(
                new URL(
-                    "/api/v1/info",
+                    "/api/v1",
                    ctx.req.raw.url
                ).href,
                ctx.req.raw
--- a/src/server/lib/files.ts
+++ b/src/server/lib/files.ts
@ -10,6 +10,7 @@ import "dotenv/config"
 import * as Accounts from "./accounts.js"
 import { z } from "zod"
 import * as schemas from "./schemas/files.js"
+import { issuesToMessage } from "./middleware.js"

 export let alphanum = Array.from(
    "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
@ -504,7 +505,7 @@ export class UploadStream extends Writable {
        let check = schemas.FileId.safeParse(id);

        if (!check.success)
-            return this.destroy(new WebError(400, check.error.message))
+            return this.destroy(new WebError(400, issuesToMessage(check.error.issues)))

        if (this.files.files[id] && this.files.files[id].owner != this.owner)
            return this.destroy(new WebError(403, "you don't own this file"))
--- a/src/server/lib/middleware.ts
+++ b/src/server/lib/middleware.ts
@ -3,7 +3,7 @@ import type { Context, Handler as RequestHandler } from "hono"
 import ServeError from "../lib/errors.js"
 import * as auth from "./auth.js"
 import { setCookie } from "hono/cookie"
-import { ZodObject } from "zod"
+import { z } from "zod"

 /**
 * @description Middleware which adds an account, if any, to ctx.get("account")
@ -38,7 +38,6 @@ export const requiresAdmin: RequestHandler = function (ctx, next) {
 * @param tokenPermissions Permissions which your route requires.
 * @returns Express middleware
 */
-
 export const requiresPermissions = function (
    ...tokenPermissions: auth.TokenPermission[]
 ): RequestHandler {
@ -94,6 +93,18 @@ export const assertAPI = function (
    }
 }

+export const issuesToMessage = function(issues: z.ZodIssue[]) {
+    return issues.map(e => `${e.path}: ${e.code} :: ${e.message}`).join("; ")
+}
+
+export const scheme = function(scheme: z.ZodTypeAny): RequestHandler {
+    return async function(ctx, next) {
+        let chk = scheme.safeParse(await ctx.req.json())
+        if (chk.success) return next()
+        else return ServeError(ctx, 400, issuesToMessage(chk.error.issues))
+    }
+}
+
 // Not really middleware but a utility

 export const login = (ctx: Context, account: string) => setCookie(ctx, "auth", auth.create(account, 3 * 24 * 60 * 60 * 1000), {
@ -102,11 +113,3 @@ export const login = (ctx: Context, account: string) => setCookie(ctx, "auth", a
    secure: true,
    httpOnly: true
 })
-
-export const scheme = function(scheme: ZodObject<any>): RequestHandler {
-    return function(ctx, next) {
-        let chk = scheme.safeParse(ctx.req.json())
-        if (chk.success) next()
-        else ServeError(ctx, 400, chk.error.message)
-    }
-}
--- a/src/server/routes/api/v1/account.ts
+++ b/src/server/routes/api/v1/account.ts
@ -11,6 +11,7 @@ import * as auth from "../../../lib/auth.js"
 import {
    assertAPI,
    getAccount,
+    issuesToMessage,
    login,
    noAPIAccess,
    requiresAccount,
@ -43,8 +44,7 @@ type Message = [200 | 400 | 401 | 403 | 429 | 501, string]
 // @Jack5079 make typings better if possible

 type Validator<
-    T extends keyof Partial<Accounts.Account>,
-    ValueNotNull extends boolean,
+    T extends keyof Partial<Accounts.Account>
 > =
    /**
     * @param actor The account performing this action
@ -55,38 +55,33 @@ type Validator<
        actor: Accounts.Account,
        target: Accounts.Account,
        params: UserUpdateParameters &
-            (ValueNotNull extends true
-                ? {
-                      [K in keyof Pick<
-                          UserUpdateParameters,
-                          T
-                      >]-?: UserUpdateParameters[K]
-                  }
-                : {}),
+            {
+                [K in keyof Pick<
+                    UserUpdateParameters,
+                    T
+                >]-?: UserUpdateParameters[K]
+            },
        ctx: Context
    ) => Accounts.Account[T] | Message

-// this type is so stupid stg
-type ValidatorWithSettings<T extends keyof Partial<Accounts.Account>> =
-    | {
-          acceptsNull: true
-          validator: Validator<T, false>
-      }
-    | {
-          acceptsNull?: false
-          validator: Validator<T, true>
-      }
+type SchemedValidator<
+    T extends keyof Partial<Accounts.Account>
+> = {
+    validator: Validator<T>,
+    schema: z.ZodTypeAny
+}

 const validators: {
-    [T in keyof Partial<Accounts.Account>]:
-        | Validator<T, true>
-        | ValidatorWithSettings<T>
+    [T in keyof Partial<Accounts.Account>]: SchemedValidator<T>
 } = {
-    defaultFileVisibility(actor, target, params) {
-        return params.defaultFileVisibility
+    defaultFileVisibility: {
+        schema: FileSchemas.FileVisibility,
+        validator: (actor, target, params) => {
+            return params.defaultFileVisibility
+        }
    },
    email: {
-        acceptsNull: true,
+        schema: AccountSchemas.Account.shape.email.optional(),
        validator: (actor, target, params, ctx) => {
            if (
                !params.currentPassword || // actor on purpose here to allow admins
@ -139,82 +134,62 @@ const validators: {
            return [200, "please check your inbox"]
        },
    },
-    password(actor, target, params) {
-        if (
-            !params.currentPassword || // actor on purpose here to allow admins
-            (params.currentPassword &&
-                Accounts.password.check(actor.id, params.currentPassword))
-        )
-            return [401, "current password incorrect"]
-
-        if (target.email) {
-            sendMail(
-                target.email,
-                `Your login details have been updated`,
-                `<b>Hello there!</b> Your password on your account, <span username>${target.username}</span>, has been updated` +
-                    `${actor != target ? ` by <span username>${actor.username}</span>` : ""}. ` +
-                    `Please update your saved login details accordingly.`
-            ).catch()
-        }
-
-        return Accounts.password.hash(params.password)
-    },
-    username(actor, target, params) {
-        if (
-            !params.currentPassword || // actor on purpose here to allow admins
-            (params.currentPassword &&
-                Accounts.password.check(actor.id, params.currentPassword))
-        )
-            return [401, "current password incorrect"]
-
-        if (Accounts.getFromUsername(params.username))
-            return [400, "account with this username already exists"]
-
-        if (target.email) {
-            sendMail(
-                target.email,
-                `Your login details have been updated`,
-                `<b>Hello there!</b> Your username on your account, <span username>${target.username}</span>, has been updated` +
-                    `${actor != target ? ` by <span username>${actor.username}</span>` : ""} to <span username>${params.username}</span>. ` +
-                    `Please update your saved login details accordingly.`
-            ).catch()
-        }
-
-        return params.username
-    },
-    customCSS: {
-        acceptsNull: true,
+    password: {
+        schema: AccountSchemas.StringPassword,
        validator: (actor, target, params) => {
-            if (FileSchemas.FileId.safeParse(params.customCSS).success)
-                return params.customCSS
-            else return [400, "bad file id"]
-        },
-    },
-    embed(actor, target, params) {
-        if (typeof params.embed !== "object")
-            return [400, "must use an object for embed"]
-        if (params.embed.color === undefined) {
-            params.embed.color = target.embed?.color
-        } else if (
-            !(
-                (params.embed.color.toLowerCase().match(/[a-f0-9]+/)?.[0] ==
-                    params.embed.color.toLowerCase() &&
-                    params.embed.color.length == 6) ||
-                params.embed.color == null
+            if (
+                !params.currentPassword || // actor on purpose here to allow admins
+                (params.currentPassword &&
+                    Accounts.password.check(actor.id, params.currentPassword))
            )
-        )
-            return [400, "bad embed color"]
+                return [401, "current password incorrect"]

-        if (params.embed.largeImage === undefined) {
-            params.embed.largeImage = target.embed?.largeImage
-        } else params.embed.largeImage = Boolean(params.embed.largeImage)
+            if (target.email) {
+                sendMail(
+                    target.email,
+                    `Your login details have been updated`,
+                    `<b>Hello there!</b> Your password on your account, <span username>${target.username}</span>, has been updated` +
+                        `${actor != target ? ` by <span username>${actor.username}</span>` : ""}. ` +
+                        `Please update your saved login details accordingly.`
+                ).catch()
+            }

-        return params.embed
+            return Accounts.password.hash(params.password)
+        }
    },
-    admin(actor, target, params) {
-        if (actor.admin && !target.admin) return params.admin
-        else if (!actor.admin) return [400, "cannot promote yourself"]
-        else return [400, "cannot demote an admin"]
+    username: {
+        schema: AccountSchemas.Username,
+        validator: (actor, target, params) => {
+            if (
+                !params.currentPassword || // actor on purpose here to allow admins
+                (params.currentPassword &&
+                    Accounts.password.check(actor.id, params.currentPassword))
+            )
+                return [401, "current password incorrect"]
+
+            if (Accounts.getFromUsername(params.username))
+                return [400, "account with this username already exists"]
+
+            if (target.email) {
+                sendMail(
+                    target.email,
+                    `Your login details have been updated`,
+                    `<b>Hello there!</b> Your username on your account, <span username>${target.username}</span>, has been updated` +
+                        `${actor != target ? ` by <span username>${actor.username}</span>` : ""} to <span username>${params.username}</span>. ` +
+                        `Please update your saved login details accordingly.`
+                ).catch()
+            }
+
+            return params.username
+        }
+    },
+    admin: {
+        schema: z.boolean(),
+        validator: (actor, target, params) => {
+            if (actor.admin && !target.admin) return params.admin
+            else if (!actor.admin) return [400, "cannot promote yourself"]
+            else return [400, "cannot demote an admin"]
+        }
    },
 }

@ -306,23 +281,11 @@ export default function (files: Files) {
                        `the ${x} parameter cannot be set or is not a valid parameter`,
                    ] as Message

-                let validator = (
-                    typeof validators[x] == "object"
-                        ? validators[x]
-                        : {
-                              validator: validators[x] as Validator<
-                                  typeof x,
-                                  false
-                              >,
-                              acceptsNull: false,
-                          }
-                ) as ValidatorWithSettings<typeof x>
+                let validator = validators[x]!

-                if (!validator.acceptsNull && !v)
-                    return [
-                        400,
-                        `the ${x} validator does not accept null values`,
-                    ] as Message
+                let check = validator.schema.safeParse(v)
+                if (!check.success)
+                    return [400, issuesToMessage(check.error.issues)]

                return [
                    x,
@ -391,7 +354,7 @@ export default function (files: Files) {
        })
    })

-    router.get("/css", async (ctx) => {
+    router.get("/:user/css", async (ctx) => {
        let acc = ctx.get("account")
        if (acc?.customCSS) return ctx.redirect(`/file/${acc.customCSS}`)
        else return ctx.text("")
--- a/src/server/routes/api/v1/api.json
+++ b/src/server/routes/api/v1/api.json
@ -4,7 +4,10 @@
    "mount": [
        "account",
        "session",
-        "info",
+        {
+            "file": "index",
+            "to": "/"
+        },
        {
            "file": "file/index",
            "to": "/file"
--- a/src/server/routes/api/v1/index.ts
+++ b/src/server/routes/api/v1/index.ts
--- a/src/server/routes/api/v1/session.ts
+++ b/src/server/routes/api/v1/session.ts
@ -12,9 +12,12 @@ import * as auth from "../../../lib/auth.js"
 import {
    getAccount,
    login,
-    requiresAccount
+    requiresAccount,
+    scheme
 } from "../../../lib/middleware.js"
 import ServeError from "../../../lib/errors.js"
+import { AccountSchemas } from "../../../lib/schemas/index.js"
+import { z } from "zod"

 const router = new Hono<{
    Variables: {
@ -25,15 +28,11 @@ const router = new Hono<{
 router.use(getAccount)

 export default function (files: Files) {
-    router.post("/", async (ctx, res) => {
+    router.post("/",scheme(z.object({
+        username: AccountSchemas.Username,
+        password: AccountSchemas.StringPassword
+    })), async (ctx) => {
        const body = await ctx.req.json()
-        if (
-            typeof body.username != "string" ||
-            typeof body.password != "string"
-        ) {
-            ServeError(ctx, 400, "please provide a username or password")
-            return
-        }

        if (auth.validate(getCookie(ctx, "auth")!)) {
            ServeError(ctx, 400, "you are already logged in")