Lncvrt-Games/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move endpoints

Browse Source
This commit is contained in:
Travis
2026-01-29 19:43:28 -07:00
parent 024b651c52
commit 8edd408297
5 changed files with 99 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
src/routes/berrydash/account/change-password/post.ts
View File

@@ -1,79 +0,0 @@
import { Context } from 'elysia'
import {
getClientIp,
getDatabaseConnection,
jsonResponse
} from '../../../../lib/util'
import { checkAuthorization } from '../../../../lib/auth'
import { users } from '../../../../lib/tables'
import { eq } from 'drizzle-orm'
import bcrypt from 'bcryptjs'
type Body = {
newPassword: string
}
export async function handler (context: Context) {
const dbInfo0 = getDatabaseConnection(0)
const dbInfo1 = getDatabaseConnection(1)
if (!dbInfo0 || !dbInfo1)
return jsonResponse(
{ success: false, message: 'Failed to connect to database' },
500
)
const { connection: connection0, db: db0 } = dbInfo0
const { connection: connection1, db: db1 } = dbInfo1
const ip = getClientIp(context)
const authorizationToken = context.headers.authorization
const authResult = await checkAuthorization(
authorizationToken as string,
db0,
ip
)
if (!authResult.valid) {
connection0.end()
connection1.end()
return jsonResponse({ success: false, message: 'Unauthorized' }, 401)
}
const userId = authResult.id
const body = context.body as Body
if (!body.newPassword) {
connection0.end()
connection1.end()
return jsonResponse(
{ success: false, message: 'No new password provided' },
400
)
}
if (
!/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/.test(
body.newPassword
)
) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message:
'New password must be at least 8 characters with at least one letter and one number',
data: null
},
400
)
}
const hashedPassword = await bcrypt.hash(body.newPassword, 10)
await db0
.update(users)
.set({ password: hashedPassword })
.where(eq(users.id, userId))
.execute()
return jsonResponse({ success: true, message: null })
}

72
src/routes/berrydash/account/change-username/post.ts
View File

@@ -1,72 +0,0 @@
import { Context } from 'elysia'
import {
getClientIp,
getDatabaseConnection,
jsonResponse
} from '../../../../lib/util'
import { checkAuthorization } from '../../../../lib/auth'
import { users } from '../../../../lib/tables'
import { eq } from 'drizzle-orm'
type Body = {
newUsername: string
}
export async function handler (context: Context) {
const dbInfo0 = getDatabaseConnection(0)
const dbInfo1 = getDatabaseConnection(1)
if (!dbInfo0 || !dbInfo1)
return jsonResponse(
{ success: false, message: 'Failed to connect to database' },
500
)
const { connection: connection0, db: db0 } = dbInfo0
const { connection: connection1, db: db1 } = dbInfo1
const ip = getClientIp(context)
const authorizationToken = context.headers.authorization
const authResult = await checkAuthorization(
authorizationToken as string,
db0,
ip
)
if (!authResult.valid) {
connection0.end()
connection1.end()
return jsonResponse({ success: false, message: 'Unauthorized' }, 401)
}
const userId = authResult.id
const body = context.body as Body
if (!body.newUsername) {
connection0.end()
connection1.end()
return jsonResponse(
{ success: false, message: 'No new username provided' },
400
)
}
if (!/^[a-zA-Z0-9]{3,16}$/.test(body.newUsername)) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message:
'New username must be 3-16 characters, letters and numbers only',
data: null
},
400
)
}
await db0
.update(users)
.set({ username: body.newUsername })
.where(eq(users.id, userId))
.execute()
return jsonResponse({ success: true, message: null })
}

83
src/routes/berrydash/account/login/post.ts
View File

@@ -1,83 +0,0 @@
import { Context } from 'elysia'
import { getDatabaseConnection, jsonResponse } from '../../../../lib/util'
import { berryDashUserData, users } from '../../../../lib/tables'
import { eq } from 'drizzle-orm'
import bcrypt from 'bcryptjs'
type Body = {
username: string
password: string
}
export async function handler (context: Context) {
const dbInfo0 = getDatabaseConnection(0)
const dbInfo1 = getDatabaseConnection(1)
if (!dbInfo0 || !dbInfo1)
return jsonResponse(
{ success: false, message: 'Failed to connect to database', data: null },
500
)
const { connection: connection0, db: db0 } = dbInfo0
const { connection: connection1, db: db1 } = dbInfo1
const body = context.body as Body
if (!body.username || !body.password) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Username and password must be in POST data',
data: null
},
400
)
}
const user = await db0
.select({
id: users.id,
username: users.username,
password: users.password,
token: users.token
})
.from(users)
.where(eq(users.username, body.username))
.limit(1)
.execute()
if (!user[0]) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Invalid username or password',
data: null
},
401
)
}
if (!(await bcrypt.compare(body.password, user[0].password))) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Invalid username or password',
data: null
},
401
)
}
return jsonResponse({
success: true,
message: null,
data: {
session: user[0].token,
username: user[0].username,
id: user[0].id
}
})
}

180
src/routes/berrydash/account/register/post.ts
View File

@@ -1,180 +0,0 @@
import { Context } from 'elysia'
import {
getClientIp,
getDatabaseConnection,
jsonResponse
} from '../../../../lib/util'
import isEmail from 'validator/lib/isEmail'
import { berryDashUserData, users, verifyCodes } from '../../../../lib/tables'
import { and, desc, eq, or, sql } from 'drizzle-orm'
import bcrypt from 'bcryptjs'
import { randomBytes } from 'crypto'
type Body = {
username: string
password: string
email: string
verifyCode: string
}
export async function handler (context: Context) {
const dbInfo0 = getDatabaseConnection(0)
const dbInfo1 = getDatabaseConnection(1)
if (!dbInfo0 || !dbInfo1)
return jsonResponse(
{ success: false, message: 'Failed to connect to database', data: null },
500
)
const { connection: connection0, db: db0 } = dbInfo0
const { connection: connection1, db: db1 } = dbInfo1
const body = context.body as Body
if (!body.username || !body.password || !body.email || !body.verifyCode) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message:
'Username, password, email and verifyCode must be in POST data',
data: null
},
400
)
}
if (body.verifyCode.length != 16) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Invalid verify code (codes can only be used once)',
data: null
},
400
)
}
const ip = getClientIp(context)
if (!ip) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Failed to get required info',
data: null
},
400
)
}
const time = Math.floor(Date.now() / 1000)
const codeExists = await db0
.select({ id: verifyCodes.id })
.from(verifyCodes)
.where(
and(
eq(verifyCodes.ip, ip),
eq(verifyCodes.usedTimestamp, 0),
eq(verifyCodes.code, body.verifyCode),
sql`${verifyCodes.timestamp} >= UNIX_TIMESTAMP() - 600`
)
)
.orderBy(desc(verifyCodes.id))
.limit(1)
.execute()
if (codeExists[0]) {
await db0
.update(verifyCodes)
.set({ usedTimestamp: time })
.where(
and(
eq(verifyCodes.id, codeExists[0].id),
eq(verifyCodes.ip, ip),
eq(verifyCodes.usedTimestamp, 0),
eq(verifyCodes.code, body.verifyCode)
)
)
} else
return jsonResponse(
{
success: false,
message: 'Invalid verify code (codes can only be used once)',
data: null
},
400
)
if (!/^[a-zA-Z0-9]{3,16}$/.test(body.username)) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Username must be 3-16 characters, letters and numbers only',
data: null
},
400
)
}
if (!isEmail(body.email)) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message: 'Email is invalid',
data: null
},
400
)
}
if (
!/^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_\-+=]{8,}$/.test(body.password)
) {
connection0.end()
connection1.end()
return jsonResponse(
{
success: false,
message:
'Password must be at least 8 characters with at least one letter and one number',
data: null
},
400
)
}
const hashedPassword = await bcrypt.hash(body.password, 10)
const token = randomBytes(256).toString('hex')
const result = await db0
.insert(users)
.values({
username: body.username,
password: hashedPassword,
email: body.email,
token,
registerTime: time,
latestIp: ip
})
.execute()
await db1
.insert(berryDashUserData)
.values({
id: result[0].insertId
})
.execute()
return jsonResponse(
{
success: true,
message: null,
data: null
},
200
)
}