diff options
Diffstat (limited to 'src/api/routes/auth')
| -rw-r--r-- | src/api/routes/auth/apiKey.js | 23 | ||||
| -rw-r--r-- | src/api/routes/auth/changePasswordPOST.js | 41 | ||||
| -rw-r--r-- | src/api/routes/auth/loginPOST.js | 39 | ||||
| -rw-r--r-- | src/api/routes/auth/registerPOST.js | 53 |
4 files changed, 156 insertions, 0 deletions
diff --git a/src/api/routes/auth/apiKey.js b/src/api/routes/auth/apiKey.js new file mode 100644 index 0000000..84df2e3 --- /dev/null +++ b/src/api/routes/auth/apiKey.js @@ -0,0 +1,23 @@ +const Route = require('../../structures/Route'); + +class apiKeyGET extends Route { + constructor() { + super('/auth/apiKey', 'get'); + } + + run(req, res, user) { + return res.json({ message: 'Hai hai api works.' }); + } +} + +class apiKeyPOST extends Route { + constructor() { + super('/auth/apiKey', 'post'); + } + + run(req, res, user) { + return res.json({ message: 'Hai hai api works.' }); + } +} + +module.exports = [apiKeyGET, apiKeyPOST]; diff --git a/src/api/routes/auth/changePasswordPOST.js b/src/api/routes/auth/changePasswordPOST.js new file mode 100644 index 0000000..bd64320 --- /dev/null +++ b/src/api/routes/auth/changePasswordPOST.js @@ -0,0 +1,41 @@ +const Route = require('../../structures/Route'); +const config = require('../../../../config'); +const log = require('../../utils/Log'); +const db = require('knex')(config.server.database); +const bcrypt = require('bcrypt'); +const moment = require('moment'); + +class changePasswordPOST extends Route { + constructor() { + super('/auth/password/change', 'post'); + } + + async run(req, res, user) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { password, newPassword } = req.body; + if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' }); + + if (newPassword.length < 6 || newPassword.length > 64) { + return res.status(400).json({ message: 'Password must have 6-64 characters' }); + } + + let hash; + try { + hash = await bcrypt.hash(newPassword, 10); + } catch (error) { + log.error('Error generating password hash'); + log.error(error); + return res.status(401).json({ message: 'There was a problem processing your account' }); + } + + const now = moment.utc().toDate(); + await db.table('users').where('id', user.id).update({ + password: hash, + passwordEditedAt: now + }); + + return res.json({ message: 'The password was changed successfully' }); + } +} + +module.exports = changePasswordPOST; diff --git a/src/api/routes/auth/loginPOST.js b/src/api/routes/auth/loginPOST.js new file mode 100644 index 0000000..7e85812 --- /dev/null +++ b/src/api/routes/auth/loginPOST.js @@ -0,0 +1,39 @@ +const Route = require('../../structures/Route'); +const config = require('../../../../config'); +const db = require('knex')(config.server.database); +const bcrypt = require('bcrypt'); +const moment = require('moment'); +const JWT = require('jsonwebtoken'); + +class loginPOST extends Route { + constructor() { + super('/auth/login', 'post', { bypassAuth: true }); + } + + async run(req, res) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { username, password } = req.body; + if (!username || !password) return res.status(401).json({ message: 'Invalid body provided' }); + + const user = await db.table('users').where('username', username).first(); + if (!user) return res.status(401).json({ message: 'Invalid authorization' }); + + const comparePassword = await bcrypt.compare(password, user.password); + if (!comparePassword) return res.status(401).json({ message: 'Invalid authorization.' }); + + const jwt = JWT.sign({ + iss: 'lolisafe', + sub: user.id, + iat: moment.utc().valueOf() + }, config.server.secret, { expiresIn: '30d' }); + + return res.json({ + message: 'Successfully logged in.', + user: { username: user.username }, + token: jwt, + apiKey: user.apiKey + }); + } +} + +module.exports = loginPOST; diff --git a/src/api/routes/auth/registerPOST.js b/src/api/routes/auth/registerPOST.js new file mode 100644 index 0000000..dad45fd --- /dev/null +++ b/src/api/routes/auth/registerPOST.js @@ -0,0 +1,53 @@ +const Route = require('../../structures/Route'); +const config = require('../../../../config'); +const log = require('../../utils/Log'); +const db = require('knex')(config.server.database); +const bcrypt = require('bcrypt'); +const randomstring = require('randomstring'); +const moment = require('moment'); + +class registerPOST extends Route { + constructor() { + super('/auth/register', 'post', { bypassAuth: true }); + } + + async run(req, res) { + if (!config.enableCreateUserAccounts) return res.status(401).json({ message: 'Creation of new accounts is currently disabled' }); + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { username, password } = req.body; + if (!username || !password) return res.status(401).json({ message: 'Invalid body provided' }); + + if (username.length < 4 || username.length > 32) { + return res.status(400).json({ message: 'Username must have 4-32 characters' }); + } + if (password.length < 6 || password.length > 64) { + return res.status(400).json({ message: 'Password must have 6-64 characters' }); + } + + const user = await db.table('users').where('username', username).first(); + if (user) return res.status(401).json({ message: 'Username already exists' }); + + let hash; + try { + hash = await bcrypt.hash(password, 10); + } catch (error) { + log.error('Error generating password hash'); + log.error(error); + return res.status(401).json({ message: 'There was a problem processing your account' }); + } + + const now = moment.utc().toDate(); + await db.table('users').insert({ + username, + password: hash, + passwordEditedAt: now, + apiKey: randomstring.generate(64), + apiKeyEditedAt: now, + createdAt: now, + editedAt: now + }); + return res.json({ message: 'The account was created successfully' }); + } +} + +module.exports = registerPOST; |