Make it so changing username/password actually resets your token
This commit is contained in:
@@ -8,6 +8,7 @@ import { checkAuthorization } from '../../../lib/auth'
|
|||||||
import { users } from '../../../lib/tables'
|
import { users } from '../../../lib/tables'
|
||||||
import { eq } from 'drizzle-orm'
|
import { eq } from 'drizzle-orm'
|
||||||
import bcrypt from 'bcryptjs'
|
import bcrypt from 'bcryptjs'
|
||||||
|
import { randomBytes } from 'crypto'
|
||||||
|
|
||||||
type Body = {
|
type Body = {
|
||||||
newPassword: string
|
newPassword: string
|
||||||
@@ -19,7 +20,7 @@ export async function handler (context: Context) {
|
|||||||
|
|
||||||
if (!dbInfo0 || !dbInfo1)
|
if (!dbInfo0 || !dbInfo1)
|
||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{ success: false, message: 'Failed to connect to database' },
|
{ success: false, message: 'Failed to connect to database', data: null },
|
||||||
500
|
500
|
||||||
)
|
)
|
||||||
const { connection: connection0, db: db0 } = dbInfo0
|
const { connection: connection0, db: db0 } = dbInfo0
|
||||||
@@ -33,7 +34,10 @@ export async function handler (context: Context) {
|
|||||||
)
|
)
|
||||||
if (!authResult.valid) {
|
if (!authResult.valid) {
|
||||||
connection0.end()
|
connection0.end()
|
||||||
return jsonResponse({ success: false, message: 'Unauthorized' }, 401)
|
return jsonResponse(
|
||||||
|
{ success: false, message: 'Unauthorized', data: null },
|
||||||
|
401
|
||||||
|
)
|
||||||
}
|
}
|
||||||
const userId = authResult.id
|
const userId = authResult.id
|
||||||
|
|
||||||
@@ -57,12 +61,13 @@ export async function handler (context: Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const hashedPassword = await bcrypt.hash(body.newPassword, 10)
|
const hashedPassword = await bcrypt.hash(body.newPassword, 10)
|
||||||
|
const token = randomBytes(256).toString('hex')
|
||||||
|
|
||||||
await db0
|
await db0
|
||||||
.update(users)
|
.update(users)
|
||||||
.set({ password: hashedPassword })
|
.set({ password: hashedPassword, token })
|
||||||
.where(eq(users.id, userId))
|
.where(eq(users.id, userId))
|
||||||
.execute()
|
.execute()
|
||||||
|
|
||||||
return jsonResponse({ success: true, message: null })
|
return jsonResponse({ success: true, message: null, data: token })
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ import {
|
|||||||
import { checkAuthorization } from '../../../lib/auth'
|
import { checkAuthorization } from '../../../lib/auth'
|
||||||
import { users } from '../../../lib/tables'
|
import { users } from '../../../lib/tables'
|
||||||
import { eq } from 'drizzle-orm'
|
import { eq } from 'drizzle-orm'
|
||||||
|
import { randomBytes } from 'crypto'
|
||||||
|
|
||||||
type Body = {
|
type Body = {
|
||||||
newUsername: string
|
newUsername: string
|
||||||
@@ -18,7 +19,7 @@ export async function handler (context: Context) {
|
|||||||
|
|
||||||
if (!dbInfo0 || !dbInfo1)
|
if (!dbInfo0 || !dbInfo1)
|
||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{ success: false, message: 'Failed to connect to database' },
|
{ success: false, message: 'Failed to connect to database', data: null },
|
||||||
500
|
500
|
||||||
)
|
)
|
||||||
const { connection: connection0, db: db0 } = dbInfo0
|
const { connection: connection0, db: db0 } = dbInfo0
|
||||||
@@ -32,7 +33,10 @@ export async function handler (context: Context) {
|
|||||||
)
|
)
|
||||||
if (!authResult.valid) {
|
if (!authResult.valid) {
|
||||||
connection0.end()
|
connection0.end()
|
||||||
return jsonResponse({ success: false, message: 'Unauthorized' }, 401)
|
return jsonResponse(
|
||||||
|
{ success: false, message: 'Unauthorized', data: null },
|
||||||
|
401
|
||||||
|
)
|
||||||
}
|
}
|
||||||
const userId = authResult.id
|
const userId = authResult.id
|
||||||
|
|
||||||
@@ -51,11 +55,13 @@ export async function handler (context: Context) {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const token = randomBytes(256).toString('hex')
|
||||||
|
|
||||||
await db0
|
await db0
|
||||||
.update(users)
|
.update(users)
|
||||||
.set({ username: body.newUsername })
|
.set({ username: body.newUsername, token })
|
||||||
.where(eq(users.id, userId))
|
.where(eq(users.id, userId))
|
||||||
.execute()
|
.execute()
|
||||||
|
|
||||||
return jsonResponse({ success: true, message: null })
|
return jsonResponse({ success: true, message: null, data: token })
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ import {
|
|||||||
import { resetCodes, users } from '../../../lib/tables'
|
import { resetCodes, users } from '../../../lib/tables'
|
||||||
import { and, desc, eq, sql } from 'drizzle-orm'
|
import { and, desc, eq, sql } from 'drizzle-orm'
|
||||||
import bcrypt from 'bcryptjs'
|
import bcrypt from 'bcryptjs'
|
||||||
|
import { randomBytes } from 'crypto'
|
||||||
|
|
||||||
type Body = {
|
type Body = {
|
||||||
token: string | null
|
token: string | null
|
||||||
@@ -21,7 +22,7 @@ export async function handler (context: Context) {
|
|||||||
|
|
||||||
if (!dbInfo0)
|
if (!dbInfo0)
|
||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{ success: false, message: 'Failed to connect to database' },
|
{ success: false, message: 'Failed to connect to database', data: null },
|
||||||
500
|
500
|
||||||
)
|
)
|
||||||
const { connection: connection0, db: db0 } = dbInfo0
|
const { connection: connection0, db: db0 } = dbInfo0
|
||||||
@@ -32,7 +33,8 @@ export async function handler (context: Context) {
|
|||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{
|
{
|
||||||
success: false,
|
success: false,
|
||||||
message: 'Invalid verify code (codes can only be used once)'
|
message: 'Invalid verify code (codes can only be used once)',
|
||||||
|
data: null
|
||||||
},
|
},
|
||||||
400
|
400
|
||||||
)
|
)
|
||||||
@@ -43,7 +45,8 @@ export async function handler (context: Context) {
|
|||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{
|
{
|
||||||
success: false,
|
success: false,
|
||||||
message: 'Failed to get required info'
|
message: 'Failed to get required info',
|
||||||
|
data: null
|
||||||
},
|
},
|
||||||
400
|
400
|
||||||
)
|
)
|
||||||
@@ -56,7 +59,8 @@ export async function handler (context: Context) {
|
|||||||
message:
|
message:
|
||||||
body.token != null
|
body.token != null
|
||||||
? 'Invalid captcha token'
|
? 'Invalid captcha token'
|
||||||
: 'Invalid verify code (codes can only be used once)'
|
: 'Invalid verify code (codes can only be used once)',
|
||||||
|
data: null
|
||||||
},
|
},
|
||||||
400
|
400
|
||||||
)
|
)
|
||||||
@@ -92,16 +96,18 @@ export async function handler (context: Context) {
|
|||||||
)
|
)
|
||||||
.execute()
|
.execute()
|
||||||
const hashedPassword = await bcrypt.hash(body.password, 10)
|
const hashedPassword = await bcrypt.hash(body.password, 10)
|
||||||
|
const token = randomBytes(256).toString('hex')
|
||||||
await db0
|
await db0
|
||||||
.update(users)
|
.update(users)
|
||||||
.set({ password: hashedPassword })
|
.set({ password: hashedPassword, token })
|
||||||
.where(eq(users.id, codeExists[0].userId))
|
.where(eq(users.id, codeExists[0].userId))
|
||||||
.execute()
|
.execute()
|
||||||
connection0.end()
|
connection0.end()
|
||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{
|
{
|
||||||
success: true,
|
success: true,
|
||||||
message: null
|
message: null,
|
||||||
|
data: token
|
||||||
},
|
},
|
||||||
200
|
200
|
||||||
)
|
)
|
||||||
@@ -110,7 +116,8 @@ export async function handler (context: Context) {
|
|||||||
return jsonResponse(
|
return jsonResponse(
|
||||||
{
|
{
|
||||||
success: false,
|
success: false,
|
||||||
message: 'Invalid reset code (codes can only be used once)'
|
message: 'Invalid reset code (codes can only be used once)',
|
||||||
|
data: null
|
||||||
},
|
},
|
||||||
400
|
400
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user