From f689274716965af466496207f6b91191a0c073cf Mon Sep 17 00:00:00 2001 From: adjoly Date: Thu, 16 Oct 2025 12:29:16 +0200 Subject: [PATCH 1/5] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?= =?UTF-8?q?ip(auth):=20added=20the=20hability=20to=20remove=20user?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/auth/remove.md | 32 ++++++++++++++++++++++++++++++++ src/api/auth/default.js | 3 +++ src/api/auth/remove.js | 34 ++++++++++++++++++++++++++++++++++ src/utils/authUserRemove.js | 19 +++++++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 doc/auth/remove.md create mode 100644 src/api/auth/remove.js create mode 100644 src/utils/authUserRemove.js diff --git a/doc/auth/remove.md b/doc/auth/remove.md new file mode 100644 index 0000000..366c89c --- /dev/null +++ b/doc/auth/remove.md @@ -0,0 +1,32 @@ +# remove user + +Available endpoints: +- DELETE `/` + +Common return: +- 500 with response +```json +{ + "error": "Internal server error" +} +``` + +## DELETE `/` + +User to remove a user from the backend + +Inputs: just need a valid JWT cookie + +Returns: +- 200 +```json +{ + "msg": "User successfully deleted" +} +``` +- 401 || 400 +```json +{ + "error": " +} +``` diff --git a/src/api/auth/default.js b/src/api/auth/default.js index 0e491ac..422d794 100644 --- a/src/api/auth/default.js +++ b/src/api/auth/default.js @@ -11,6 +11,7 @@ import { totpSetup } from './totpSetup.js'; import { totpDelete } from './totpDelete.js'; import { totpVerify } from './totpVerify.js'; import { logout } from './logout.js'; +import { remove } from './remove.js'; const saltRounds = 10; export const appName = process.env.APP_NAME || 'knl_meowscendence'; @@ -110,4 +111,6 @@ export default async function(fastify, options) { }, async (request, reply) => { return register(request, reply, saltRounds, fastify); }); fastify.get('/logout', {}, async (request, reply) => { return logout(reply, fastify); }) + + fastify.delete('/', { preHandler: fastify.authenticate }, async (request, reply) => { return remove(request, reply, fastify)}) } diff --git a/src/api/auth/remove.js b/src/api/auth/remove.js new file mode 100644 index 0000000..90579af --- /dev/null +++ b/src/api/auth/remove.js @@ -0,0 +1,34 @@ +import authDB from '../../utils/authDB'; +import { authUserRemove } from '../../utils/authUserRemove'; + +/** + * @param {import('fastify').FastifyRequest} request + * @param {import('fastify').FastifyReply} reply + * @param {import('fastify').FastifyInstance} fastify + */ +export async function remove(request, reply, fastify) { + try { + const user = request.user; + + if (authDB.RESERVED_USERNAMES.includes(user)) { + return reply.code(400).send({ error: 'Reserved username' }); + } + + if (authDB.checkUser(user) === false) { + return reply.code(400).send({ error: "User does not exist" }); + } + + authDB.rmUser(user) + + authUserRemove(user, fastify) + + return reply + .code(200) + .send({ + msg: "User successfully deleted" + }) + } catch (err) { + fastify.log.error(err); + return reply.code(500).send({ error: "Internal server error" }); + } +} diff --git a/src/utils/authUserRemove.js b/src/utils/authUserRemove.js new file mode 100644 index 0000000..071a51f --- /dev/null +++ b/src/utils/authUserRemove.js @@ -0,0 +1,19 @@ +import axios from 'axios' + +/** + * @param {string} username + * @param {import('fastify').FastifyInstance} fastify + */ +export async function authUserRemove(username, fastify) { + const url = (process.env.USER_URL || "http://localhost:3002/") + "users/" + username; + const cookie = fastify.jwt.sign({ user: "admin" }); + + await axios.post( + url, + { + headers: { + 'Cookie': 'token=' + cookie, + }, + } + ); +} From 95cbbc6613273ec17402755298cb60c1b004e34d Mon Sep 17 00:00:00 2001 From: adjoly Date: Thu, 16 Oct 2025 12:33:49 +0200 Subject: [PATCH 2/5] =?UTF-8?q?=E3=80=8C=F0=9F=93=9D=E3=80=8D=20doc(auth):?= =?UTF-8?q?=20added=20doc=20for=202fa=20in=20login?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/auth/login.md | 11 +++++++++-- src/api/auth/login.js | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/doc/auth/login.md b/doc/auth/login.md index 76945d3..eff517d 100644 --- a/doc/auth/login.md +++ b/doc/auth/login.md @@ -21,7 +21,8 @@ Input needed : ```json { "user": "", - "password": "" + "password": "", + (optional)"token": "<2fa token>" } ``` @@ -32,7 +33,13 @@ Can return: "msg": "Login successfully" } ``` -- 400 with response +- 402 with response +```json +{ + "msg": "Please specify a 2fa token" +} +``` +- 400 || 401 with response ```json { "error": "" diff --git a/src/api/auth/login.js b/src/api/auth/login.js index 2580383..83d9a76 100644 --- a/src/api/auth/login.js +++ b/src/api/auth/login.js @@ -37,8 +37,8 @@ export async function login(request, reply, fastify) { const userTOTP = authDB.getUser(user); if (userTOTP.totpEnabled == 1) { - if (!request.body.token){ - return reply.code(401).send({ error: 'Invalid 2FA token' }); + if (!request.body.token) { + return reply.code(402).send({ error: 'Please specify a 2fa token' }); } const isValid = verifyTOTP(userTOTP.totpHash, request.body.token); if (!isValid) { From d1838e7722673b62ee9451288bbdec3249f9f7bd Mon Sep 17 00:00:00 2001 From: adjoly Date: Thu, 16 Oct 2025 13:27:19 +0200 Subject: [PATCH 3/5] =?UTF-8?q?=E3=80=8C=F0=9F=94=A8=E3=80=8D=20fix:=20fix?= =?UTF-8?q?ed=20some=20things.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/utils/authUserRemove.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils/authUserRemove.js b/src/utils/authUserRemove.js index 071a51f..ba892fc 100644 --- a/src/utils/authUserRemove.js +++ b/src/utils/authUserRemove.js @@ -5,7 +5,7 @@ import axios from 'axios' * @param {import('fastify').FastifyInstance} fastify */ export async function authUserRemove(username, fastify) { - const url = (process.env.USER_URL || "http://localhost:3002/") + "users/" + username; + const url = ((process.env.USER_URL + "/") || "http://localhost:3002/") + "users/" + username; const cookie = fastify.jwt.sign({ user: "admin" }); await axios.post( From 169386a97c776119b7085d62191ddb07a1f7d6a9 Mon Sep 17 00:00:00 2001 From: adjoly Date: Thu, 16 Oct 2025 13:28:43 +0200 Subject: [PATCH 4/5] =?UTF-8?q?=E3=80=8C=F0=9F=94=A8=E3=80=8D=20fix:=20fix?= =?UTF-8?q?ed=20this=20shit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/utils/authUserRemove.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils/authUserRemove.js b/src/utils/authUserRemove.js index ba892fc..8af7503 100644 --- a/src/utils/authUserRemove.js +++ b/src/utils/authUserRemove.js @@ -5,7 +5,7 @@ import axios from 'axios' * @param {import('fastify').FastifyInstance} fastify */ export async function authUserRemove(username, fastify) { - const url = ((process.env.USER_URL + "/") || "http://localhost:3002/") + "users/" + username; + const url = (process.env.USER_URL || "http://localhost:3002") + "/users/" + username; const cookie = fastify.jwt.sign({ user: "admin" }); await axios.post( From cd03f63d01553b13849e1a5e4f7d0e8c91a7cb65 Mon Sep 17 00:00:00 2001 From: Adam <45126464+KeyZox71@users.noreply.github.com> Date: Thu, 16 Oct 2025 15:26:54 +0200 Subject: [PATCH 5/5] =?UTF-8?q?=E3=80=8C=F0=9F=93=9D=E3=80=8D=20doc(README?= =?UTF-8?q?):=20updated=20TODO=20list?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updated module completion status and removed completed tasks. --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9d75505..b7c08ae 100644 --- a/README.md +++ b/README.md @@ -18,27 +18,27 @@ Press F to pay respect ``` ## Modules done -6 major + 2 minor = 7 full modules +8 major + 4 minor = 10 full modules - **Web** - [x] Use a framework to build the backend.(node with Fastify) - Major - - [ ] Use a framework or toolkit to build the front-end.(Tailwind CSS) - Minor + - [x] Use a framework or toolkit to build the front-end.(Tailwind CSS) - Minor - [x] Use a database for the backend -and more.(SQLite) - Minor - [x] Store the score of a tournament in the Blockchain.(Soldity on Avalanche) - Major - **User Management** - - [ ] Standard user management, authentication and users across tournaments. - Major + - [x] Standard user management, authentication and users across tournaments. - Major - [x] Implement remote authentication. - Major - **Gameplay and user experience** - - [ ] Remote players - Major - - [ ] Multiplayer - Major - - [ ] Add another game - Major - - [ ] Game customization options - Minor - - [ ] Live chat - Major + - [ ] ~~Remote players - Major~~ + - [ ] ~~Multiplayer - Major~~ + - [x] Add another game - Major + - [ ] ~~Game customization options - Minor~~ + - [ ] ~~Live chat - Major~~ - **AI-Algo** - - [ ] AI opponent - Major + - [ ] ~~AI opponent - Major~~ - [ ] User and game stats dashboards - Minor - **Cybersecurity** - - [ ] WAF/ModSecurity and Hashicorp Vault - Major + - [ ] ~~WAF/ModSecurity and Hashicorp Vault - Major~~ - [ ] RGPD compliance - Minor - [x] 2FA and JWT - Major - **DevOps** @@ -46,16 +46,16 @@ Press F to pay respect - [x] Monitoring system - Minor - [x] Designing the backend in micro-architecture - Major - **Graphics** - - [ ] Use of advanced 3D techniques - Major + - [ ] ~~Use of advanced 3D techniques - Major~~ - **Accessibility** - - [ ] Support on all devices - Minor - - [ ] Expanding Browser compatibility - Minor - - [ ] Multiple language support - Minor - - [ ] Add accessibility for visually impaired users - Minor - - [ ] Server-Side Rendering (SSR) integration - Minor + - [ ] ~~Support on all devices - Minor~~ + - [x] Expanding Browser compatibility - Minor + - [ ] ~~Multiple language support - Minor~~ + - [ ] ~~Add accessibility for visually impaired users - Minor~~ + - [ ] ~~Server-Side Rendering (SSR) integration - Minor~~9 - **Server-Side Pong** - - [ ] Replace basic pong with server-side pong and implementing an API - Major - - [ ] Enabling pong gameplay via CLI against web users with API integration - Major + - [ ] ~~Replace basic pong with server-side pong and implementing an API - Major~~ + - [ ] ~~Enabling pong gameplay via CLI against web users with API integration - Major~~ ## License