NatsukiDev
/
api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Natsuki's API! https://api.natsuki.app
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
866 KiB
 
Tag: Branch: Tree: 6d35b93d9b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6d35b93d9b'
${ noResults }
api/api/ani/v1/routes/user.js

77 lines
4.1 KiB
Raw Blame History

const {hashSync, compareSync} = require('bcrypt');
const {sign} = require('jsonwebtoken');
module.exports = (app, router) => {
const Users = app.db.models.ani.users;
router.get('/user', (req, res) => res.send("/user: /user/:id required."));
router.route('/user/:id')
.get(async (req, res) => {
if (!req.params.id) {return res.status(400).send("Missing ID!");}
const user = await Users.findOne({id: req.params.id.toLowerCase()});
if (!user) {return res.status(404).send("That user doesn't exist!");}
return res.json({name: user.name, discord: user.discord, id: user.id, permissions: user.permissions});
})
.post(async (req, res) => { //TODO validate Discord ID
try {
if (!req.params.id) {return res.status(400).send("Missing ID!");}
if (await Users.findOne({id: req.params.id.toLowerCase()})) {return res.status(400).send("That user already exists!");}
if (!req.body) {return res.status(400).send("Missing body!");}
if (
!req.body.name || !req.body.discord || !req.body.permissions || !Array.isArray(req.body.permissions)
|| !req.body.name.match(/^[\w_ ]+$/gm) || req.body.name.length > 20
|| !req.params.id.toLowerCase().match(/^[\w_]+$/gm) || req.params.id.toLowerCase().length > 15
|| !req.body.password || req.body.password.length > 30
) {return res.status(400).send("Malformed body or missing body data. Make sure you have all the required parameters, and you don't have illegal characters present.");}
const newUser = new Users({
id: req.params.id.toLowerCase(),
name: req.body.name,
permissions: req.body.permissions,
discord: req.body.discord,
password: hashSync(req.body.password, 8)
});
return newUser.save()
.then(() => res.json({
message: "Successfully added user.",
name: newUser.name,
discord: newUser.discord,
id: newUser.id,
permissions: newUser.permissions,
accessToken: sign({id: newUser.id}, app.auth.jwt_secret, {expiresIn: "15d"})
}))
.catch(e => {console.error("Error trying to add new user", e); res.status(500).send("Something went wrong.");});
}
catch (e) {console.error("Error trying to add new user", e); res.status(500).send("Something went wrong.");}
})
.put(app.auth.token, async (req, res) => {
});
router.route('/user/:id/auth')
.post(async (req, res) => {
if (!req.params.id) {return res.status(400).send("Missing ID!");}
const user = await Users.findOne({id: req.params.id.toLowerCase()});
if (!user) {return res.status(404).send("That user doesn't exist!");}
if (!req.body.password || !compareSync(req.body.password, user.password)) {return res.status(401).json({accessToken: null, message: "Invalid or missing password!"});}
return res.json({
message: "Successfully authenticated.",
name: user.name,
discord: user.discord,
id: user.id,
permissions: user.permissions,
accessToken: sign({id: user.id}, app.auth.jwt_secret, {expiresIn: "15d"})
});
})
.get(app.auth.token, (req, res) => {
if (!req.user) {return res.status(401).send("You have not been authenticated, and will not be able to access any sensitive routes.");}
return res.json({
message: "You are authenticated, and your token is valid.",
name: req.user.name,
discord: req.user.discord,
id: req.user.id,
permissions: req.user.permissions
});
});
};