Merge pull request #52 from KeyZox71/auth-fix :3

「🏗️」 wip(auth): added the hability to remove user and fix for 2fa :D

doc/auth/login.md

@@ -21,7 +21,8 @@ Input needed :
 ```json
 {
     "user": "<string>",
-    "password": "<string>"
+    "password": "<string>",
+    (optional)"token": "<2fa token>"
 }
 ```
 
@@ -32,7 +33,13 @@ Can return:
     "msg": "Login successfully"
 }
 ```
-- 400 with response
+- 402 with response
+```json
+{
+    "msg": "Please specify a 2fa token"
+}
+```
+- 400 || 401 with response
 ```json
 {
     "error": "<corresponding error>"

doc/auth/remove.md

@@ -0,0 +1,32 @@
+# remove user
+
+Available endpoints:
+- DELETE `/`
+
+Common return:
+- 500 with response 
+```json
+{
+    "error": "Internal server error"
+}
+```
+
+## DELETE `/`
+
+User to remove a user from the backend
+
+Inputs: just need a valid JWT cookie
+
+Returns:
+- 200
+```json
+{
+    "msg": "User successfully deleted"
+}
+```
+- 401 || 400
+```json
+{
+    "error": "<corresponding msg>
+}
+```

src/api/auth/default.js

@@ -11,6 +11,7 @@ import { totpSetup } from './totpSetup.js';
 import { totpDelete } from './totpDelete.js';
 import { totpVerify } from './totpVerify.js';
 import { logout } from './logout.js';
+import { remove } from './remove.js';
 
 const saltRounds = 10;
 export const appName = process.env.APP_NAME || 'knl_meowscendence';
@@ -110,4 +111,6 @@ export default async function(fastify, options) {
 	}, async (request, reply) => { return register(request, reply, saltRounds, fastify); });
 
 	fastify.get('/logout', {}, async (request, reply) => { return logout(reply, fastify); })
+
+	 fastify.delete('/', { preHandler: fastify.authenticate }, async (request, reply) => { return remove(request, reply, fastify)})
 }

src/api/auth/login.js

@@ -37,8 +37,8 @@ export async function login(request, reply, fastify) {
 
 		const userTOTP = authDB.getUser(user);
 		if (userTOTP.totpEnabled == 1) {
-			if (!request.body.token){
+			if (!request.body.token) {
-				return reply.code(401).send({ error: 'Invalid 2FA token' });
+				return reply.code(402).send({ error: 'Please specify a 2fa token' });
 			}
 			const isValid = verifyTOTP(userTOTP.totpHash, request.body.token);
 			if (!isValid) {

src/api/auth/remove.js

@@ -0,0 +1,34 @@
+import authDB from '../../utils/authDB';
+import { authUserRemove } from '../../utils/authUserRemove';
+
+/**
+ * @param {import('fastify').FastifyRequest} request
+ * @param {import('fastify').FastifyReply} reply
+ * @param {import('fastify').FastifyInstance} fastify
+ */
+export async function remove(request, reply, fastify) {
+	try {
+		const user = request.user;
+
+		if (authDB.RESERVED_USERNAMES.includes(user)) {
+			return reply.code(400).send({ error: 'Reserved username' });
+		}
+
+		if (authDB.checkUser(user) === false) {
+			return reply.code(400).send({ error: "User does not exist" });
+		}
+
+		authDB.rmUser(user)
+
+		authUserRemove(user, fastify)
+
+		return reply
+			.code(200)
+			.send({
+				msg: "User successfully deleted"
+			})
+	} catch (err) {
+		fastify.log.error(err);
+		return reply.code(500).send({ error: "Internal server error" });
+	}
+}

src/utils/authUserRemove.js

@@ -0,0 +1,19 @@
+import axios from 'axios'
+
+/**
+ * @param {string} username
+ * @param {import('fastify').FastifyInstance} fastify
+ */
+export async function authUserRemove(username, fastify) {
+	const url = (process.env.USER_URL || "http://localhost:3002/") + "users/" + username;
+	const cookie = fastify.jwt.sign({ user: "admin" });
+
+	await axios.post(
+		url,
+		{
+			headers: {
+				'Cookie': 'token=' + cookie,
+			},
+		}
+	);
+}