From aa7f4ad172de3fe2b7078bcfe9ae1db5c25b0b65 Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Tue, 1 Jul 2025 16:05:47 +0200
Subject: [PATCH] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20wip:?=
 =?UTF-8?q?=20added=20create,=20users=20and=20delete=20routes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/api/auth/default.js |  6 +--
 src/api/user/default.js | 87 +++++++++++++++++++++++++++++++++++++++--
 2 files changed, 86 insertions(+), 7 deletions(-)

diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index 17eeb0e..f7dbb20 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -62,7 +62,7 @@ export default async function(fastify, options) {
 			/** @type {{ user: string, password: string }} */
 			const { user, password } = request.body;
 
-			if (!checkUser(user)) {
+			if (!checkUser(user) || user === 'admin') {
 				return reply.code(400).send({ error: "User does not exist" });
 			}
 
@@ -98,10 +98,10 @@ export default async function(fastify, options) {
 
 	fastify.post('/register', async (request, reply) => {
 		try {
-			/** @type {{ username: string, password: string }} */
+			/** @type {{ user: string, password: string }} */
 			const { user, password } = request.body;
 
-			if (!isValidString(user) || !isValidString(password)) {
+			if (!isValidString(user) || !isValidString(password) || user === 'admin') {
 				return reply.code(400).send({ error: 'Invalid username or password' });
 			} else if (checkUser(user) === true) {
 				return reply.code(400).send({ error: "User already exist" });
diff --git a/src/api/user/default.js b/src/api/user/default.js
index 25a3e1a..94c32d7 100644
--- a/src/api/user/default.js
+++ b/src/api/user/default.js
@@ -6,28 +6,46 @@ const database = new Database(":memory:");
 
 function prepareDB() {
 	database.exec(`
-		CREATE TABLE credentials (
+		CREATE TABLE userData (
 			username TEXT PRIMARY KEY,
-			passwordHash TEXT
+			displayName TEXT
 		) STRICT
 	`);
 }
 
+prepareDB();
+
+// POST
+const createUser = database.prepare('INSERT INTO userData (username, displayName) VALUES (?, ?);');
+
+// PATCH
+const changeDisplayName = database.prepare('UPDATE userData SET displayName = ? WHERE username = ?;');
+
+// GET
+const getUserInfo = database.prepare('SELECT * FROM userData WHERE username = ?;');
+const getUserData = database.prepare('SELECT * FROM userData;');
+const userCheck = database.prepare('SELECT EXISTS (SELECT 1 FROM userData WHERE username = ?);');
+
+// DELETE
+const deleteUser = database.prepare('DELETE FROM userData WHERE username = ?;');
+
+
 /**
  * @param {import('fastify').FastifyInstance}		fastify
  * @param {import('fastify').FastifyPluginOptions}	options
  */
 export default async function(fastify, options) {
+
 	fastify.register(fastifyJWT, {
 		secret: '123456789101112131415161718192021',
 		cookie: {
 			cookieName: 'token',
 		},
 	});
+	fastify.register(fastifyCookie);
 
 	fastify.decorate("authenticate", async function(request, reply) {
 		try {
-			// fastify.log.info(request.headers.cookie);
 			const jwt = await request.jwtVerify();
 			request.user = jwt.user;
 		} catch (err) {
@@ -35,9 +53,70 @@ export default async function(fastify, options) {
 		}
 	});
 
-	fastify.register(fastifyCookie);
+	fastify.decorate("authenticateAdmin", async function(request, reply) {
+		try {
+			const jwt = await request.jwtVerify();
+			if (jwt.user !== 'admin') {
+				throw ("");
+			}
+		} catch (err) {
+			reply.code(401).send({ error: 'Unauthorized' });
+		}
+	});
 
+	// GET
+	fastify.get('/users', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+		const users = getUserData.all();
+
+		return reply.code(200).send({ users });
+	});
+	fastify.get('/users/:userId', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+		if (userCheck.get(request.params.userId) == false) {
+			return reply.code(400).send({ error: "User does not exist" });
+		}
+		const info = getUserInfo.get(request.params.userId);
+
+		return reply.code(200).send({ info });
+	});
 	fastify.get('/check', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+		if (request.user === 'admin') {
+			return reply.code(200).send({ msg: "omg you are an admin" });
+		}
 		return reply.code(200).send({ msg: "workinggg", user: request.user });
 	});
+
+	// POST
+	fastify.post('/create', { preHandler: [fastify.authenticateAdmin] }, async (request, reply) => {
+		if (!request.body || !request.body.user) {
+			return reply.code(400).send({ error: "Please specify a user" });
+		}
+		if (userCheck.get(request.body.user) == true) {
+			return reply.code(400).send({ error: "User already exist" });
+		}
+		createUser.run(request.body.user, request.body.user);
+		return reply.code(200).send({ msg: "User created sucessfully" });
+	})
+
+	// DELETE
+	/**
+	 *	@description	Can be used to delete a user from the db
+	 */
+	fastify.delete('/users/:userId', { preHandler: [fastify.authenticate] }, async (request, reply) => {
+		const user = request.user;
+		if (user == 'admin' || user == request.params.userId) {
+			deleteUser.run(request.params.userId);
+		} else {
+			return reply.code(401).send({ error: 'You dont have the right to delete this user' });
+		}
+	});
+	// fastify.delete('/users/:userId/:member', { preHandler: fastify.authenticate}, async (request, reply) => {
+	// 	const user = request.user;
+	// 	if (user == 'admin' || user == request.params.userId) {
+	// 		deleteUser.run(request.params.userId);
+	// 	} else {
+	// 		return reply.code(401).send({ error: 'You dont have the right to delete this'});
+	// 	}
+	//
+	// });
+
 }