Merge branch 'dev'

2 files changed, 115 insertions, 0 deletions

diff --git a/src/api/routes/auth/loginPOST.js b/src/api/routes/auth/loginPOST.js
new file mode 100644
index 0000000..373252b
--- /dev/null
+++ b/src/api/routes/auth/loginPOST.js
@@ -0,0 +1,56 @@
+const bcrypt = require('bcrypt');
+const moment = require('moment');
+const JWT = require('jsonwebtoken');
+const Route = require('../../structures/Route');
+
+class loginPOST extends Route {
+	constructor() {
+		super('/auth/login', 'post', { bypassAuth: true });
+	}
+
+	async run(req, res, db) {
+		if (!req.body) return res.status(400).json({ message: 'No body provided' });
+		const { username, password } = req.body;
+		if (!username || !password) return res.status(401).json({ message: 'Invalid body provided' });
+
+		/*
+			Checks if the user exists
+		*/
+		const user = await db.table('users').where('username', username).first();
+		if (!user) return res.status(401).json({ message: 'Invalid authorization' });
+
+		/*
+			Checks if the user is disabled
+		*/
+		if (!user.enabled) return res.status(401).json({ message: 'This account has been disabled' });
+
+		/*
+			Checks if the password is right
+		*/
+		const comparePassword = await bcrypt.compare(password, user.password);
+		if (!comparePassword) return res.status(401).json({ message: 'Invalid authorization.' });
+
+		/*
+			Create the jwt with some data
+		*/
+		const jwt = JWT.sign({
+			iss: 'chibisafe',
+			sub: user.id,
+			iat: moment.utc().valueOf()
+		}, process.env.SECRET, { expiresIn: '30d' });
+
+		return res.json({
+			message: 'Successfully logged in.',
+			user: {
+				id:	user.id,
+				username: user.username,
+				apiKey: user.apiKey,
+				isAdmin: user.isAdmin
+			},
+			token: jwt,
+			apiKey: user.apiKey
+		});
+	}
+}
+
+module.exports = loginPOST;
diff --git a/src/api/routes/auth/registerPOST.js b/src/api/routes/auth/registerPOST.js
new file mode 100644
index 0000000..1cf3630
--- /dev/null
+++ b/src/api/routes/auth/registerPOST.js
@@ -0,0 +1,59 @@
+const bcrypt = require('bcrypt');
+const moment = require('moment');
+const Route = require('../../structures/Route');
+const log = require('../../utils/Log');
+
+class registerPOST extends Route {
+	constructor() {
+		super('/auth/register', 'post', { bypassAuth: true });
+	}
+
+	async run(req, res, db) {
+		if (process.env.USER_ACCOUNTS === 'false') return res.status(401).json({ message: 'Creation of new accounts is currently disabled' });
+		if (!req.body) return res.status(400).json({ message: 'No body provided' });
+		const { username, password } = req.body;
+		if (!username || !password) return res.status(401).json({ message: 'Invalid body provided' });
+
+		if (username.length < 4 || username.length > 32) {
+			return res.status(400).json({ message: 'Username must have 4-32 characters' });
+		}
+		if (password.length < 6 || password.length > 64) {
+			return res.status(400).json({ message: 'Password must have 6-64 characters' });
+		}
+
+		/*
+			Make sure the username doesn't exist yet
+		*/
+		const user = await db.table('users').where('username', username).first();
+		if (user) return res.status(401).json({ message: 'Username already exists' });
+
+		/*
+			Hash the supplied password
+		*/
+		let hash;
+		try {
+			hash = await bcrypt.hash(password, 10);
+		} catch (error) {
+			log.error('Error generating password hash');
+			log.error(error);
+			return res.status(401).json({ message: 'There was a problem processing your account' });
+		}
+
+		/*
+			Create the user
+		*/
+		const now = moment.utc().toDate();
+		await db.table('users').insert({
+			username,
+			password: hash,
+			passwordEditedAt: now,
+			createdAt: now,
+			editedAt: now,
+			enabled: true,
+			isAdmin: false
+		});
+		return res.json({ message: 'The account was created successfully' });
+	}
+}
+
+module.exports = registerPOST;