Make a auth lib for Berry Dash

src/lib/bd/auth.ts

@@ -0,0 +1,19 @@
+import { MySql2Database } from 'drizzle-orm/mysql2'
+import { berryDashUserData } from '../tables'
+import { eq } from 'drizzle-orm'
+
+export async function checkAuthorization (
+  authorizationToken: string,
+  db1: MySql2Database
+) {
+  if (!authorizationToken) return { valid: false, id: 0 }
+
+  const userData = await db1
+    .select({ id: berryDashUserData.id })
+    .from(berryDashUserData)
+    .where(eq(berryDashUserData.token, authorizationToken))
+    .execute()
+
+  if (!userData[0]) return { valid: false, id: 0 }
+  else return { valid: true, id: userData[0].id }
+}

src/routes/berrydash/icon-marketplace/post.ts

@@ -1,11 +1,8 @@
 import { Context } from 'elysia'
 import { getDatabaseConnection, jsonResponse } from '../../../lib/util'
-import {
+import { berryDashMarketplaceIcons, users } from '../../../lib/tables'
-  berryDashMarketplaceIcons,
+import { and, eq, inArray, or, sql, not } from 'drizzle-orm'
-  berryDashUserData,
+import { checkAuthorization } from '../../../lib/bd/auth'
-  users
-} from '../../../lib/tables'
-import { and, eq, inArray, or, sql, not, like } from 'drizzle-orm'
 
 type Body = {
   sortBy: number
@@ -44,6 +41,17 @@ export async function handler (context: Context) {
   const { connection: connection0, db: db0 } = dbInfo0
   const { connection: connection1, db: db1 } = dbInfo1
 
+  const authorizationToken = context.headers.authorizationToken
+  const authResult = await checkAuthorization(authorizationToken as string, db1)
+  if (!authResult.valid) {
+    connection1.end()
+    return jsonResponse(
+      { success: false, message: 'Unauthorized', data: null },
+      401
+    )
+  }
+  const userId = authResult.id
+
   const body: { [key: string]: any } = context.body as any
 
   for (const key of requiredKeys) {
@@ -67,33 +75,6 @@ export async function handler (context: Context) {
   body2.currentIcons = JSON.parse(atob(body.currentIcons))
   const body3: Body = body2 as Body
 
-  const authorizationToken = context.headers.authorization
-  if (!authorizationToken) {
-    connection0.end()
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
-
-  const userData = await db1
-    .select({ id: berryDashUserData.id })
-    .from(berryDashUserData)
-    .where(eq(berryDashUserData.token, authorizationToken))
-    .execute()
-
-  if (!userData[0]) {
-    connection0.end()
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
-
-  const userId = userData[0].id
-
   const filters: any[] = [
     or(
       eq(berryDashMarketplaceIcons.state, 1),

src/routes/berrydash/profile/posts/delete.ts

@@ -1,7 +1,8 @@
 import { Context } from 'elysia'
 import { getDatabaseConnection, jsonResponse } from '../../../../lib/util'
-import { berryDashUserData, berryDashUserPosts } from '../../../../lib/tables'
+import { berryDashUserPosts } from '../../../../lib/tables'
 import { and, eq } from 'drizzle-orm'
+import { checkAuthorization } from '../../../../lib/bd/auth'
 
 export async function handler (context: Context) {
   const dbInfo0 = getDatabaseConnection(0)
@@ -14,7 +15,17 @@ export async function handler (context: Context) {
     )
   const { connection: connection1, db: db1 } = dbInfo1
 
-  let authorizationToken = context.headers.authorization
+  const authorizationToken = context.headers.authorizationToken
+  const authResult = await checkAuthorization(authorizationToken as string, db1)
+  if (!authResult.valid) {
+    connection1.end()
+    return jsonResponse(
+      { success: false, message: 'Unauthorized', data: null },
+      401
+    )
+  }
+  const userId = authResult.id
+
   let idQuery = context.query.id ? parseInt(context.query.id, 10) : 0
   if (!idQuery || idQuery < 1) {
     connection1.end()
@@ -23,27 +34,6 @@ export async function handler (context: Context) {
       400
     )
   }
-  if (!authorizationToken) {
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
-
-  const userData = await db1
-    .select({ id: berryDashUserData.id })
-    .from(berryDashUserData)
-    .where(eq(berryDashUserData.token, authorizationToken))
-    .execute()
-
-  if (!userData[0]) {
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
 
   const result = await db1
     .update(berryDashUserPosts)
@@ -51,7 +41,7 @@ export async function handler (context: Context) {
     .where(
       and(
         eq(berryDashUserPosts.id, idQuery),
-        eq(berryDashUserPosts.userId, userData[0].id),
+        eq(berryDashUserPosts.userId, userId),
         eq(berryDashUserPosts.deletedAt, 0)
       )
     )

src/routes/berrydash/profile/posts/post.ts

@@ -1,7 +1,7 @@
 import { Context } from 'elysia'
 import { getDatabaseConnection, jsonResponse } from '../../../../lib/util'
-import { berryDashUserData, berryDashUserPosts } from '../../../../lib/tables'
+import { berryDashUserPosts } from '../../../../lib/tables'
-import { eq } from 'drizzle-orm'
+import { checkAuthorization } from '../../../../lib/bd/auth'
 
 type Body = {
   content: string
@@ -18,7 +18,17 @@ export async function handler (context: Context) {
     )
   const { connection: connection1, db: db1 } = dbInfo1
 
-  let authorizationToken = context.headers.authorization
+  const authorizationToken = context.headers.authorizationToken
+  const authResult = await checkAuthorization(authorizationToken as string, db1)
+  if (!authResult.valid) {
+    connection1.end()
+    return jsonResponse(
+      { success: false, message: 'Unauthorized', data: null },
+      401
+    )
+  }
+  const userId = authResult.id
+
   const body = context.body as Body
   if (!body.content) {
     connection1.end()
@@ -27,32 +37,11 @@ export async function handler (context: Context) {
       400
     )
   }
-  if (!authorizationToken) {
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
-
-  const userData = await db1
-    .select({ id: berryDashUserData.id })
-    .from(berryDashUserData)
-    .where(eq(berryDashUserData.token, authorizationToken))
-    .execute()
-
-  if (!userData[0]) {
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
 
   await db1
     .insert(berryDashUserPosts)
     .values({
-      userId: userData[0].id,
+      userId: userId,
       content: btoa(body.content),
       timestamp: Math.floor(Date.now() / 1000)
     })

src/routes/berrydash/profile/posts/put.ts

@@ -1,7 +1,8 @@
 import { Context } from 'elysia'
 import { getDatabaseConnection, jsonResponse } from '../../../../lib/util'
-import { berryDashUserData, berryDashUserPosts } from '../../../../lib/tables'
+import { berryDashUserPosts } from '../../../../lib/tables'
 import { and, eq } from 'drizzle-orm'
+import { checkAuthorization } from '../../../../lib/bd/auth'
 
 type Body = {
   liked: string
@@ -18,7 +19,17 @@ export async function handler (context: Context) {
     )
   const { connection: connection1, db: db1 } = dbInfo1
 
-  let authorizationToken = context.headers.authorization
+  const authorizationToken = context.headers.authorizationToken
+  const authResult = await checkAuthorization(authorizationToken as string, db1)
+  if (!authResult.valid) {
+    connection1.end()
+    return jsonResponse(
+      { success: false, message: 'Unauthorized', data: null },
+      401
+    )
+  }
+  const userId = authResult.id
+
   let idQuery = context.query.id ? parseInt(context.query.id, 10) : 0
   let likedQuery = context.query.liked as string
   if (!idQuery || idQuery < 1) {
@@ -42,27 +53,6 @@ export async function handler (context: Context) {
       400
     )
   }
-  if (!authorizationToken) {
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
-
-  const userData = await db1
-    .select({ id: berryDashUserData.id })
-    .from(berryDashUserData)
-    .where(eq(berryDashUserData.token, authorizationToken))
-    .execute()
-
-  if (!userData[0]) {
-    connection1.end()
-    return jsonResponse(
-      { success: false, message: 'Unauthorized', data: null },
-      401
-    )
-  }
 
   const votesResult = await db1
     .select({ votes: berryDashUserPosts.votes })
@@ -85,12 +75,12 @@ export async function handler (context: Context) {
       400
     )
   const votes = JSON.parse(votesResult[0].votes)
-  if (votes[userData[0].id.toString()]) {
+  if (votes[userId.toString()]) {
     let likes = 0
     for (const vote of Object.values(votes) as boolean[]) likes += vote ? 1 : -1
     return jsonResponse({ success: true, message: null, data: { likes } }, 200)
   }
-  votes[userData[0].id.toString()] = likedQuery.toLowerCase() == 'true'
+  votes[userId.toString()] = likedQuery.toLowerCase() == 'true'
 
   await db1
     .update(berryDashUserPosts)