diff --git a/src/lib/bd/auth.ts b/src/lib/bd/auth.ts new file mode 100644 index 0000000..7718d68 --- /dev/null +++ b/src/lib/bd/auth.ts @@ -0,0 +1,19 @@ +import { MySql2Database } from 'drizzle-orm/mysql2' +import { berryDashUserData } from '../tables' +import { eq } from 'drizzle-orm' + +export async function checkAuthorization ( + authorizationToken: string, + db1: MySql2Database +) { + if (!authorizationToken) return { valid: false, id: 0 } + + const userData = await db1 + .select({ id: berryDashUserData.id }) + .from(berryDashUserData) + .where(eq(berryDashUserData.token, authorizationToken)) + .execute() + + if (!userData[0]) return { valid: false, id: 0 } + else return { valid: true, id: userData[0].id } +} diff --git a/src/routes/berrydash/icon-marketplace/post.ts b/src/routes/berrydash/icon-marketplace/post.ts index dd63fa9..943c983 100644 --- a/src/routes/berrydash/icon-marketplace/post.ts +++ b/src/routes/berrydash/icon-marketplace/post.ts @@ -1,11 +1,8 @@ import { Context } from 'elysia' import { getDatabaseConnection, jsonResponse } from '../../../lib/util' -import { - berryDashMarketplaceIcons, - berryDashUserData, - users -} from '../../../lib/tables' -import { and, eq, inArray, or, sql, not, like } from 'drizzle-orm' +import { berryDashMarketplaceIcons, users } from '../../../lib/tables' +import { and, eq, inArray, or, sql, not } from 'drizzle-orm' +import { checkAuthorization } from '../../../lib/bd/auth' type Body = { sortBy: number @@ -44,6 +41,17 @@ export async function handler (context: Context) { const { connection: connection0, db: db0 } = dbInfo0 const { connection: connection1, db: db1 } = dbInfo1 + const authorizationToken = context.headers.authorizationToken + const authResult = await checkAuthorization(authorizationToken as string, db1) + if (!authResult.valid) { + connection1.end() + return jsonResponse( + { success: false, message: 'Unauthorized', data: null }, + 401 + ) + } + const userId = authResult.id + const body: { [key: string]: any } = context.body as any for (const key of requiredKeys) { @@ -67,33 +75,6 @@ export async function handler (context: Context) { body2.currentIcons = JSON.parse(atob(body.currentIcons)) const body3: Body = body2 as Body - const authorizationToken = context.headers.authorization - if (!authorizationToken) { - connection0.end() - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } - - const userData = await db1 - .select({ id: berryDashUserData.id }) - .from(berryDashUserData) - .where(eq(berryDashUserData.token, authorizationToken)) - .execute() - - if (!userData[0]) { - connection0.end() - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } - - const userId = userData[0].id - const filters: any[] = [ or( eq(berryDashMarketplaceIcons.state, 1), diff --git a/src/routes/berrydash/profile/posts/delete.ts b/src/routes/berrydash/profile/posts/delete.ts index b1a0636..a010e4d 100644 --- a/src/routes/berrydash/profile/posts/delete.ts +++ b/src/routes/berrydash/profile/posts/delete.ts @@ -1,7 +1,8 @@ import { Context } from 'elysia' import { getDatabaseConnection, jsonResponse } from '../../../../lib/util' -import { berryDashUserData, berryDashUserPosts } from '../../../../lib/tables' +import { berryDashUserPosts } from '../../../../lib/tables' import { and, eq } from 'drizzle-orm' +import { checkAuthorization } from '../../../../lib/bd/auth' export async function handler (context: Context) { const dbInfo0 = getDatabaseConnection(0) @@ -14,7 +15,17 @@ export async function handler (context: Context) { ) const { connection: connection1, db: db1 } = dbInfo1 - let authorizationToken = context.headers.authorization + const authorizationToken = context.headers.authorizationToken + const authResult = await checkAuthorization(authorizationToken as string, db1) + if (!authResult.valid) { + connection1.end() + return jsonResponse( + { success: false, message: 'Unauthorized', data: null }, + 401 + ) + } + const userId = authResult.id + let idQuery = context.query.id ? parseInt(context.query.id, 10) : 0 if (!idQuery || idQuery < 1) { connection1.end() @@ -23,27 +34,6 @@ export async function handler (context: Context) { 400 ) } - if (!authorizationToken) { - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } - - const userData = await db1 - .select({ id: berryDashUserData.id }) - .from(berryDashUserData) - .where(eq(berryDashUserData.token, authorizationToken)) - .execute() - - if (!userData[0]) { - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } const result = await db1 .update(berryDashUserPosts) @@ -51,7 +41,7 @@ export async function handler (context: Context) { .where( and( eq(berryDashUserPosts.id, idQuery), - eq(berryDashUserPosts.userId, userData[0].id), + eq(berryDashUserPosts.userId, userId), eq(berryDashUserPosts.deletedAt, 0) ) ) diff --git a/src/routes/berrydash/profile/posts/post.ts b/src/routes/berrydash/profile/posts/post.ts index 92943a5..619beea 100644 --- a/src/routes/berrydash/profile/posts/post.ts +++ b/src/routes/berrydash/profile/posts/post.ts @@ -1,7 +1,7 @@ import { Context } from 'elysia' import { getDatabaseConnection, jsonResponse } from '../../../../lib/util' -import { berryDashUserData, berryDashUserPosts } from '../../../../lib/tables' -import { eq } from 'drizzle-orm' +import { berryDashUserPosts } from '../../../../lib/tables' +import { checkAuthorization } from '../../../../lib/bd/auth' type Body = { content: string @@ -18,7 +18,17 @@ export async function handler (context: Context) { ) const { connection: connection1, db: db1 } = dbInfo1 - let authorizationToken = context.headers.authorization + const authorizationToken = context.headers.authorizationToken + const authResult = await checkAuthorization(authorizationToken as string, db1) + if (!authResult.valid) { + connection1.end() + return jsonResponse( + { success: false, message: 'Unauthorized', data: null }, + 401 + ) + } + const userId = authResult.id + const body = context.body as Body if (!body.content) { connection1.end() @@ -27,32 +37,11 @@ export async function handler (context: Context) { 400 ) } - if (!authorizationToken) { - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } - - const userData = await db1 - .select({ id: berryDashUserData.id }) - .from(berryDashUserData) - .where(eq(berryDashUserData.token, authorizationToken)) - .execute() - - if (!userData[0]) { - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } await db1 .insert(berryDashUserPosts) .values({ - userId: userData[0].id, + userId: userId, content: btoa(body.content), timestamp: Math.floor(Date.now() / 1000) }) diff --git a/src/routes/berrydash/profile/posts/put.ts b/src/routes/berrydash/profile/posts/put.ts index 8ff77e8..0a78fd4 100644 --- a/src/routes/berrydash/profile/posts/put.ts +++ b/src/routes/berrydash/profile/posts/put.ts @@ -1,7 +1,8 @@ import { Context } from 'elysia' import { getDatabaseConnection, jsonResponse } from '../../../../lib/util' -import { berryDashUserData, berryDashUserPosts } from '../../../../lib/tables' +import { berryDashUserPosts } from '../../../../lib/tables' import { and, eq } from 'drizzle-orm' +import { checkAuthorization } from '../../../../lib/bd/auth' type Body = { liked: string @@ -18,7 +19,17 @@ export async function handler (context: Context) { ) const { connection: connection1, db: db1 } = dbInfo1 - let authorizationToken = context.headers.authorization + const authorizationToken = context.headers.authorizationToken + const authResult = await checkAuthorization(authorizationToken as string, db1) + if (!authResult.valid) { + connection1.end() + return jsonResponse( + { success: false, message: 'Unauthorized', data: null }, + 401 + ) + } + const userId = authResult.id + let idQuery = context.query.id ? parseInt(context.query.id, 10) : 0 let likedQuery = context.query.liked as string if (!idQuery || idQuery < 1) { @@ -42,27 +53,6 @@ export async function handler (context: Context) { 400 ) } - if (!authorizationToken) { - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } - - const userData = await db1 - .select({ id: berryDashUserData.id }) - .from(berryDashUserData) - .where(eq(berryDashUserData.token, authorizationToken)) - .execute() - - if (!userData[0]) { - connection1.end() - return jsonResponse( - { success: false, message: 'Unauthorized', data: null }, - 401 - ) - } const votesResult = await db1 .select({ votes: berryDashUserPosts.votes }) @@ -85,12 +75,12 @@ export async function handler (context: Context) { 400 ) const votes = JSON.parse(votesResult[0].votes) - if (votes[userData[0].id.toString()]) { + if (votes[userId.toString()]) { let likes = 0 for (const vote of Object.values(votes) as boolean[]) likes += vote ? 1 : -1 return jsonResponse({ success: true, message: null, data: { likes } }, 200) } - votes[userData[0].id.toString()] = likedQuery.toLowerCase() == 'true' + votes[userId.toString()] = likedQuery.toLowerCase() == 'true' await db1 .update(berryDashUserPosts)