42_adjoly/knl_meowscendence
1
0
Fork 0
mirror of https://github.com/KeyZox71/knl_meowscendence.git synced 2025-08-14 04:22:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

🏗️」 wip: added create, users and delete routes

Browse Source
This commit is contained in:
Adam JOLY
2025-07-01 16:05:47 +02:00
parent 4c965c6849
commit aa7f4ad172
2 changed files with 86 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/api/auth/default.js
View File

@ -62,7 +62,7 @@ export default async function(fastify, options) {
/** @type {{ user: string, password: string }} */
const { user, password } = request.body;
if (!checkUser(user)) {
if (!checkUser(user) || user === 'admin') {
return reply.code(400).send({ error: "User does not exist" });
}
@ -98,10 +98,10 @@ export default async function(fastify, options) {
fastify.post('/register', async (request, reply) => {
try {
/** @type {{ username: string, password: string }} */
/** @type {{ user: string, password: string }} */
const { user, password } = request.body;
if (!isValidString(user) || !isValidString(password)) {
if (!isValidString(user) || !isValidString(password) || user === 'admin') {
return reply.code(400).send({ error: 'Invalid username or password' });
} else if (checkUser(user) === true) {
return reply.code(400).send({ error: "User already exist" });

87
src/api/user/default.js
View File

@ -6,28 +6,46 @@ const database = new Database(":memory:");
function prepareDB() {
database.exec(`
CREATE TABLE credentials (
CREATE TABLE userData (
username TEXT PRIMARY KEY,
passwordHash TEXT
displayName TEXT
) STRICT
`);
}
prepareDB();
// POST
const createUser = database.prepare('INSERT INTO userData (username, displayName) VALUES (?, ?);');
// PATCH
const changeDisplayName = database.prepare('UPDATE userData SET displayName = ? WHERE username = ?;');
// GET
const getUserInfo = database.prepare('SELECT * FROM userData WHERE username = ?;');
const getUserData = database.prepare('SELECT * FROM userData;');
const userCheck = database.prepare('SELECT EXISTS (SELECT 1 FROM userData WHERE username = ?);');
// DELETE
const deleteUser = database.prepare('DELETE FROM userData WHERE username = ?;');
/**
* @param {import('fastify').FastifyInstance} fastify
* @param {import('fastify').FastifyPluginOptions} options
*/
export default async function(fastify, options) {
fastify.register(fastifyJWT, {
secret: '123456789101112131415161718192021',
cookie: {
cookieName: 'token',
},
});
fastify.register(fastifyCookie);
fastify.decorate("authenticate", async function(request, reply) {
try {
// fastify.log.info(request.headers.cookie);
const jwt = await request.jwtVerify();
request.user = jwt.user;
} catch (err) {
@ -35,9 +53,70 @@ export default async function(fastify, options) {
}
});
fastify.register(fastifyCookie);
fastify.decorate("authenticateAdmin", async function(request, reply) {
try {
const jwt = await request.jwtVerify();
if (jwt.user !== 'admin') {
throw ("");
}
} catch (err) {
reply.code(401).send({ error: 'Unauthorized' });
}
});
// GET
fastify.get('/users', { preHandler: [fastify.authenticate] }, async (request, reply) => {
const users = getUserData.all();
return reply.code(200).send({ users });
});
fastify.get('/users/:userId', { preHandler: [fastify.authenticate] }, async (request, reply) => {
if (userCheck.get(request.params.userId) == false) {
return reply.code(400).send({ error: "User does not exist" });
}
const info = getUserInfo.get(request.params.userId);
return reply.code(200).send({ info });
});
fastify.get('/check', { preHandler: [fastify.authenticate] }, async (request, reply) => {
if (request.user === 'admin') {
return reply.code(200).send({ msg: "omg you are an admin" });
}
return reply.code(200).send({ msg: "workinggg", user: request.user });
});
// POST
fastify.post('/create', { preHandler: [fastify.authenticateAdmin] }, async (request, reply) => {
if (!request.body || !request.body.user) {
return reply.code(400).send({ error: "Please specify a user" });
}
if (userCheck.get(request.body.user) == true) {
return reply.code(400).send({ error: "User already exist" });
}
createUser.run(request.body.user, request.body.user);
return reply.code(200).send({ msg: "User created sucessfully" });
})
// DELETE
/**
* @description Can be used to delete a user from the db
*/
fastify.delete('/users/:userId', { preHandler: [fastify.authenticate] }, async (request, reply) => {
const user = request.user;
if (user == 'admin' || user == request.params.userId) {
deleteUser.run(request.params.userId);
} else {
return reply.code(401).send({ error: 'You dont have the right to delete this user' });
}
});
// fastify.delete('/users/:userId/:member', { preHandler: fastify.authenticate}, async (request, reply) => {
// const user = request.user;
// if (user == 'admin' || user == request.params.userId) {
// deleteUser.run(request.params.userId);
// } else {
// return reply.code(401).send({ error: 'You dont have the right to delete this'});
// }
//
// });
}