From f37d20694386e59622fdfab586a9b580011efce6 Mon Sep 17 00:00:00 2001 From: Pitu Date: Thu, 28 Feb 2019 23:26:28 +0900 Subject: Change password and api keys --- src/api/routes/user/apiKey.js | 27 +++++++++++++++++++++ src/api/routes/user/changePasswordPOST.js | 40 +++++++++++++++++++++++++++++++ src/api/routes/user/userGET.js | 21 ++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 src/api/routes/user/apiKey.js create mode 100644 src/api/routes/user/changePasswordPOST.js create mode 100644 src/api/routes/user/userGET.js (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js new file mode 100644 index 0000000..820e28c --- /dev/null +++ b/src/api/routes/user/apiKey.js @@ -0,0 +1,27 @@ +const Route = require('../../structures/Route'); +const randomstring = require('randomstring'); +const moment = require('moment'); + +class apiKeyPOST extends Route { + constructor() { + super('/user/apikey/change', 'post'); + } + + async run(req, res, db, user) { + const now = moment.utc().toDate(); + const apiKey = randomstring.generate(64); + await db.table('users') + .where({ id: user.id }) + .update({ + apiKey, + apiKeyEditedAt: now + }); + + return res.json({ + message: 'Successfully created new api key', + apiKey + }); + } +} + +module.exports = apiKeyPOST; diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js new file mode 100644 index 0000000..d73cff3 --- /dev/null +++ b/src/api/routes/user/changePasswordPOST.js @@ -0,0 +1,40 @@ +const Route = require('../../structures/Route'); +const log = require('../../utils/Log'); +const bcrypt = require('bcrypt'); +const moment = require('moment'); + +class changePasswordPOST extends Route { + constructor() { + super('/user/password/change', 'post'); + } + + async run(req, res, db, user) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { password, newPassword } = req.body; + if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' }); + if (password === newPassword) return res.status(400).json({ message: 'Passwords have to be different' }); + + if (newPassword.length < 6 || newPassword.length > 64) { + return res.status(400).json({ message: 'Password must have 6-64 characters' }); + } + + let hash; + try { + hash = await bcrypt.hash(newPassword, 10); + } catch (error) { + log.error('Error generating password hash'); + log.error(error); + return res.status(401).json({ message: 'There was a problem processing your account' }); + } + + const now = moment.utc().toDate(); + await db.table('users').where('id', user.id).update({ + password: hash, + passwordEditedAt: now + }); + + return res.json({ message: 'The password was changed successfully' }); + } +} + +module.exports = changePasswordPOST; diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js new file mode 100644 index 0000000..7929aac --- /dev/null +++ b/src/api/routes/user/userGET.js @@ -0,0 +1,21 @@ +const Route = require('../../structures/Route'); + +class usersGET extends Route { + constructor() { + super('/users/me', 'get'); + } + + run(req, res, db, user) { + return res.json({ + message: 'Successfully retrieved user', + user: { + id: user.id, + username: user.username, + isAdmin: user.isAdmin, + apiKey: user.apiKey + } + }); + } +} + +module.exports = usersGET; -- cgit v1.2.3 From 99bc74875edb44b4e679b17158511474cd575e10 Mon Sep 17 00:00:00 2001 From: Pitu Date: Sat, 2 Mar 2019 22:36:16 +0900 Subject: Various password fixes --- src/api/routes/user/changePasswordPOST.js | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js index d73cff3..9cd621e 100644 --- a/src/api/routes/user/changePasswordPOST.js +++ b/src/api/routes/user/changePasswordPOST.js @@ -14,6 +14,12 @@ class changePasswordPOST extends Route { if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' }); if (password === newPassword) return res.status(400).json({ message: 'Passwords have to be different' }); + /* + Checks if the password is right + */ + const comparePassword = await bcrypt.compare(password, user.password); + if (!comparePassword) return res.status(401).json({ message: 'Current password is incorrect' }); + if (newPassword.length < 6 || newPassword.length > 64) { return res.status(400).json({ message: 'Password must have 6-64 characters' }); } -- cgit v1.2.3 From 5df57517365623ffde5acb3f6d06dffe07960704 Mon Sep 17 00:00:00 2001 From: Pitu Date: Fri, 29 Mar 2019 00:36:28 +0900 Subject: Removed apikey from user object and added route for requesting a new one --- src/api/routes/user/apiKey.js | 23 ++++++++++++++++------- src/api/routes/user/userGET.js | 3 +-- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js index 820e28c..f80d563 100644 --- a/src/api/routes/user/apiKey.js +++ b/src/api/routes/user/apiKey.js @@ -1,21 +1,30 @@ const Route = require('../../structures/Route'); const randomstring = require('randomstring'); const moment = require('moment'); +const bcrypt = require('bcrypt'); +const { dump } = require('dumper.js'); class apiKeyPOST extends Route { constructor() { - super('/user/apikey/change', 'post'); + super('/user/apikey/change', 'post', { noApiKey: true }); } async run(req, res, db, user) { const now = moment.utc().toDate(); const apiKey = randomstring.generate(64); - await db.table('users') - .where({ id: user.id }) - .update({ - apiKey, - apiKeyEditedAt: now - }); + + try { + const hash = await bcrypt.hash(apiKey, 10); + await db.table('users') + .where({ id: user.id }) + .update({ + apiKey: hash, + apiKeyEditedAt: now + }); + } catch (error) { + dump(error); + return res.status(401).json({ message: 'There was a problem processing your account' }); + } return res.json({ message: 'Successfully created new api key', diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js index 7929aac..fe46fd4 100644 --- a/src/api/routes/user/userGET.js +++ b/src/api/routes/user/userGET.js @@ -11,8 +11,7 @@ class usersGET extends Route { user: { id: user.id, username: user.username, - isAdmin: user.isAdmin, - apiKey: user.apiKey + isAdmin: user.isAdmin } }); } -- cgit v1.2.3 From 496477ebda3f6c347a9944e22daae447d15ebc31 Mon Sep 17 00:00:00 2001 From: Pitu Date: Mon, 11 May 2020 00:57:56 +0900 Subject: Feature: enable apiKey access to uploads and album fetching for the uploader/sharex/3rd party --- src/api/routes/user/apiKey.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js index f80d563..a87d98d 100644 --- a/src/api/routes/user/apiKey.js +++ b/src/api/routes/user/apiKey.js @@ -1,12 +1,11 @@ const Route = require('../../structures/Route'); const randomstring = require('randomstring'); const moment = require('moment'); -const bcrypt = require('bcrypt'); const { dump } = require('dumper.js'); class apiKeyPOST extends Route { constructor() { - super('/user/apikey/change', 'post', { noApiKey: true }); + super('/user/apikey/change', 'post'); } async run(req, res, db, user) { @@ -14,11 +13,10 @@ class apiKeyPOST extends Route { const apiKey = randomstring.generate(64); try { - const hash = await bcrypt.hash(apiKey, 10); await db.table('users') .where({ id: user.id }) .update({ - apiKey: hash, + apiKey, apiKeyEditedAt: now }); } catch (error) { -- cgit v1.2.3 From dd46f79550d8e7a2f7a0364cc0fb8e7a38ed4aba Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Thu, 2 Jul 2020 23:40:35 +0300 Subject: feat: return APIKey when fetching user --- src/api/routes/user/userGET.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js index fe46fd4..7929aac 100644 --- a/src/api/routes/user/userGET.js +++ b/src/api/routes/user/userGET.js @@ -11,7 +11,8 @@ class usersGET extends Route { user: { id: user.id, username: user.username, - isAdmin: user.isAdmin + isAdmin: user.isAdmin, + apiKey: user.apiKey } }); } -- cgit v1.2.3 From ad852de51a0d2dd5d29c08838d5a430c58849e74 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Wed, 8 Jul 2020 04:00:12 +0300 Subject: chore: linter the entire project using the new rules --- src/api/routes/user/apiKey.js | 6 +++--- src/api/routes/user/changePasswordPOST.js | 6 +++--- src/api/routes/user/userGET.js | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js index a87d98d..a63f0c0 100644 --- a/src/api/routes/user/apiKey.js +++ b/src/api/routes/user/apiKey.js @@ -1,7 +1,7 @@ -const Route = require('../../structures/Route'); const randomstring = require('randomstring'); const moment = require('moment'); const { dump } = require('dumper.js'); +const Route = require('../../structures/Route'); class apiKeyPOST extends Route { constructor() { @@ -17,7 +17,7 @@ class apiKeyPOST extends Route { .where({ id: user.id }) .update({ apiKey, - apiKeyEditedAt: now + apiKeyEditedAt: now, }); } catch (error) { dump(error); @@ -26,7 +26,7 @@ class apiKeyPOST extends Route { return res.json({ message: 'Successfully created new api key', - apiKey + apiKey, }); } } diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js index 9cd621e..1b3a27a 100644 --- a/src/api/routes/user/changePasswordPOST.js +++ b/src/api/routes/user/changePasswordPOST.js @@ -1,7 +1,7 @@ -const Route = require('../../structures/Route'); -const log = require('../../utils/Log'); const bcrypt = require('bcrypt'); const moment = require('moment'); +const Route = require('../../structures/Route'); +const log = require('../../utils/Log'); class changePasswordPOST extends Route { constructor() { @@ -36,7 +36,7 @@ class changePasswordPOST extends Route { const now = moment.utc().toDate(); await db.table('users').where('id', user.id).update({ password: hash, - passwordEditedAt: now + passwordEditedAt: now, }); return res.json({ message: 'The password was changed successfully' }); diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js index 7929aac..6f179a9 100644 --- a/src/api/routes/user/userGET.js +++ b/src/api/routes/user/userGET.js @@ -12,8 +12,8 @@ class usersGET extends Route { id: user.id, username: user.username, isAdmin: user.isAdmin, - apiKey: user.apiKey - } + apiKey: user.apiKey, + }, }); } } -- cgit v1.2.3 From 90001c2df56d58e69fd199a518ae7f3e4ed327fc Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Thu, 24 Dec 2020 10:40:50 +0200 Subject: chore: remove trailing commas --- src/api/routes/user/apiKey.js | 4 ++-- src/api/routes/user/changePasswordPOST.js | 2 +- src/api/routes/user/userGET.js | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/api/routes/user') diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js index a63f0c0..653c56a 100644 --- a/src/api/routes/user/apiKey.js +++ b/src/api/routes/user/apiKey.js @@ -17,7 +17,7 @@ class apiKeyPOST extends Route { .where({ id: user.id }) .update({ apiKey, - apiKeyEditedAt: now, + apiKeyEditedAt: now }); } catch (error) { dump(error); @@ -26,7 +26,7 @@ class apiKeyPOST extends Route { return res.json({ message: 'Successfully created new api key', - apiKey, + apiKey }); } } diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js index 1b3a27a..82bce40 100644 --- a/src/api/routes/user/changePasswordPOST.js +++ b/src/api/routes/user/changePasswordPOST.js @@ -36,7 +36,7 @@ class changePasswordPOST extends Route { const now = moment.utc().toDate(); await db.table('users').where('id', user.id).update({ password: hash, - passwordEditedAt: now, + passwordEditedAt: now }); return res.json({ message: 'The password was changed successfully' }); diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js index 6f179a9..7929aac 100644 --- a/src/api/routes/user/userGET.js +++ b/src/api/routes/user/userGET.js @@ -12,8 +12,8 @@ class usersGET extends Route { id: user.id, username: user.username, isAdmin: user.isAdmin, - apiKey: user.apiKey, - }, + apiKey: user.apiKey + } }); } } -- cgit v1.2.3