42_adjoly/knl_meowscendence
1
0
Fork 0
mirror of https://github.com/KeyZox71/knl_meowscendence.git synced 2025-12-31 21:56:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

🔨」 fix(user-management): fix the fact the no fucking route was protected

Browse Source
This commit is contained in:
Adam JOLY
2025-10-23 15:49:35 +02:00
parent c4221d9463
commit 0c9f595047
19 changed files with 76 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/api/user/dAvatar.js
View File

@ -1,6 +1,12 @@
export async function dAvatar(request, reply, fastify, getUserInfo, getAvatarId, deleteAvatarId, deleteImage) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
if (!getUserInfo.get(userId)) {
return reply.cose(404).send({ error: "User does not exist" });
}

6
src/api/user/dFriend.js
View File

@ -1,9 +1,9 @@
export async function dFriend(request, reply, fastify, getUserInfo, getFriend, deleteFriend) {
try {
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}

9
src/api/user/dFriends.js
View File

@ -1,15 +1,12 @@
export async function dFriends(request, reply, fastify, getUserInfo, deleteFriends) {
try {
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
if (request.user !== 'admin' && request.user !== userId) {
return reply.code(401).send({ error: "Unauthorized" });
}
deleteFriends.run(userId);
return reply.code(200).send({ msg: "Friends deleted successfully" });
} catch (err) {

9
src/api/user/dMatchHistory.js
View File

@ -1,15 +1,12 @@
export async function dMatchHistory(request, reply, fastify, getUserInfo, deleteMatchHistory, deleteStatsPong, deleteStatsTetris) {
try {
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
if (request.user !== 'admin' && request.user !== userId) {
return reply.code(401).send({ error: "Unauthorized" });
}
const { game } = request.query;
if (game !== 'pong' && game !== 'tetris') {
return reply.code(400).send({ error: "Specified game does not exist" });

17
src/api/user/dMember.js
View File

@ -1,22 +1,19 @@
export async function dMember(request, reply, fastify, getUserInfo, changeDisplayName) {
try {
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
const user = request.user;
const member = request.params.member;
if (user === 'admin' || user === request.params.userId) {
if (member === 'displayName') {
changeDisplayName.run("", request.params.userId);
return reply.code(200).send({ msg: "Display name deleted successfully" });
}
return reply.code(400).send({ msg: "Member does not exist" })
if (member === 'displayName') {
changeDisplayName.run("", request.params.userId);
return reply.code(200).send({ msg: "Display name deleted successfully" });
} else {
return reply.code(401).send({ error: 'You dont have the right to delete this' });
return reply.code(400).send({ msg: "Member does not exist" })
}
} catch (err) {
fastify.log.error(err);

6
src/api/user/dUser.js
View File

@ -1,6 +1,10 @@
export async function dUser(request, reply, fastify, getUserInfo, deleteMatchHistory, deleteFriends, deleteUser) {
try {
if (!getUserInfo.get(request.params.userId)) {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
deleteMatchHistory.run('pong', request.params.userId);

1
src/api/user/default.js
View File

@ -173,6 +173,7 @@ export default async function(fastify, options) {
if (jwt.user !== 'admin') {
throw ('You lack administrator privileges');
}
request.user = jwt.user;
} catch (err) {
reply.code(401).send({ error: 'Unauthorized' });
}

3
src/api/user/gAvatar.js
View File

@ -1,6 +1,9 @@
export async function gAvatar(request, reply, fastify, getUserInfo, getAvatarId, getImage) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}

3
src/api/user/gFriends.js
View File

@ -1,6 +1,9 @@
export async function gFriends(request, reply, fastify, getUserInfo, getFriends) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}

3
src/api/user/gMatchHistory.js
View File

@ -1,6 +1,9 @@
export async function gMatchHistory(request, reply, fastify, getUserInfo, getMatchHistory) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}

4
src/api/user/gNumberFriends.js
View File

@ -1,9 +1,13 @@
export async function gNumberFriends(request, reply, fastify, getUserInfo, getNumberFriends) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
const row = getNumberFriends.get(userId);
return reply.code(200).send({ n_friends: row.n_friends });
} catch (err) {

3
src/api/user/gNumberMatches.js
View File

@ -1,6 +1,9 @@
export async function gNumberMatches(request, reply, fastify, getUserInfo, getNumberMatches) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}

19
src/api/user/gUser.js
View File

@ -1,11 +1,24 @@
export async function gUser(request, reply, fastify, getUserInfo) {
try {
const userId = request.params.userId;
const userInfo = getUserInfo.get(userId);
if (!userInfo) {
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
return reply.code(200).send({ username: userInfo.username, displayName: userInfo.displayName, pong: { wins: userInfo.pongWins, losses: userInfo.pongLosses }, tetris: { wins: userInfo.tetrisWins, losses: userInfo.tetrisLosses } });
return reply.code(200).send({
username: userInfo.username,
displayName: userInfo.displayName,
pong: {
wins: userInfo.pongWins,
losses: userInfo.pongLosses
},
tetris: {
wins: userInfo.tetrisWins,
losses: userInfo.tetrisLosses
}
});
} catch (err) {
fastify.log.error(err);
return reply.code(500).send({ error: "Internal server error" });

3
src/api/user/pAvatar.js
View File

@ -8,6 +8,9 @@ import sharp from 'sharp';
export async function pAvatar(request, reply, fastify, getUserInfo, setAvatarId, postImage) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}

7
src/api/user/pFriend.js
View File

@ -1,11 +1,8 @@
export async function pFriend(request, reply, fastify, getUserInfo, getFriend, addFriend) {
try {
const userId = request.params.userId;
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
if (request.user !== 'admin' && request.user !== userId) {
return reply.code(401).send({ error: "Unauthorized" });
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });

8
src/api/user/pMatchHistory.js
View File

@ -16,11 +16,11 @@ async function fetchSave(request, reply, userId, addMatch) {
export async function pMatchHistory(request, reply, fastify, getUserInfo, addMatch, incWinsPong, incLossesPong, incWinsTetris, incLossesTetris) {
try {
const userId = request.params.userId;
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (request.user !== 'admin' && request.user !== userId) {
return reply.code(401).send({ error: "Unauthorized" });
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });
}
if (request.body.game !== 'pong' && request.body.game !== 'tetris') {
return reply.code(400).send({ error: "Specified game does not exist" });

5
src/api/user/pUser.js
View File

@ -1,10 +1,7 @@
export async function pUser(request, reply, fastify, getUserInfo, createUser) {
try {
const userId = request.params.userId;
if (!request.user || !request.user.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
if (request.user.user !== 'admin') {
if (request.user !== 'admin') {
return reply.code(401).send({ error: "Unauthorized" });
}
if (getUserInfo.get(userId)) {

5
src/api/user/uAvatar.js
View File

@ -3,8 +3,11 @@ import sharp from 'sharp';
export async function uAvatar(request, reply, fastify, getUserInfo, setAvatarId, getAvatarId, deleteAvatarId, postImage, deleteImage) {
try {
const userId = request.params.userId;
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.cose(404).send({ error: "User does not exist" });
return reply.code(404).send({ error: "User does not exist" });
}
deleteAvatarId.run(userId);
const parts = request.parts();

7
src/api/user/uMember.js
View File

@ -1,11 +1,8 @@
export async function uMember(request, reply, fastify, getUserInfo, changeDisplayName, changeAvatarId) {
try {
const userId = request.params.userId;
if (!request.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
if (request.user !== 'admin' && request.user !== userId) {
return reply.code(401).send({ error: "Unauthorized" });
if (request.user !== userId && request.user !== 'admin') {
return reply.code(401).send({ error: 'Unauthorized' });
}
if (!getUserInfo.get(userId)) {
return reply.code(404).send({ error: "User does not exist" });