| import path from 'node:path'; |
| import { promises as fsPromises } from 'node:fs'; |
| import crypto from 'node:crypto'; |
|
|
| import storage from 'node-persist'; |
| import express from 'express'; |
|
|
| import { getUserAvatar, toKey, getPasswordHash, getPasswordSalt, createBackupArchive, ensurePublicDirectoriesExist, toAvatarKey } from '../users.js'; |
| import { SETTINGS_FILE } from '../constants.js'; |
| import { checkForNewContent, CONTENT_TYPES } from './content-manager.js'; |
| import { color, Cache } from '../util.js'; |
|
|
| const RESET_CACHE = new Cache(5 * 60 * 1000); |
|
|
| export const router = express.Router(); |
|
|
| router.post('/logout', async (request, response) => { |
| try { |
| if (!request.session) { |
| console.error('Session not available'); |
| return response.sendStatus(500); |
| } |
|
|
| request.session.handle = null; |
| request.session.csrfToken = null; |
| request.session = null; |
| return response.sendStatus(204); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.get('/me', async (request, response) => { |
| try { |
| if (!request.user) { |
| return response.sendStatus(403); |
| } |
|
|
| const user = request.user.profile; |
| const viewModel = { |
| handle: user.handle, |
| name: user.name, |
| avatar: await getUserAvatar(user.handle), |
| admin: user.admin, |
| password: !!user.password, |
| created: user.created, |
| }; |
|
|
| return response.json(viewModel); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/change-avatar', async (request, response) => { |
| try { |
| if (!request.body.handle) { |
| console.warn('Change avatar failed: Missing required fields'); |
| return response.status(400).json({ error: 'Missing required fields' }); |
| } |
|
|
| if (request.body.handle !== request.user.profile.handle && !request.user.profile.admin) { |
| console.error('Change avatar failed: Unauthorized'); |
| return response.status(403).json({ error: 'Unauthorized' }); |
| } |
|
|
| |
| if (!request.body.avatar.startsWith('data:image/') && request.body.avatar !== '') { |
| console.warn('Change avatar failed: Invalid data URL'); |
| return response.status(400).json({ error: 'Invalid data URL' }); |
| } |
|
|
| |
| const user = await storage.getItem(toKey(request.body.handle)); |
|
|
| if (!user) { |
| console.error('Change avatar failed: User not found'); |
| return response.status(404).json({ error: 'User not found' }); |
| } |
|
|
| await storage.setItem(toAvatarKey(request.body.handle), request.body.avatar); |
|
|
| return response.sendStatus(204); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/change-password', async (request, response) => { |
| try { |
| if (!request.body.handle) { |
| console.warn('Change password failed: Missing required fields'); |
| return response.status(400).json({ error: 'Missing required fields' }); |
| } |
|
|
| if (request.body.handle !== request.user.profile.handle && !request.user.profile.admin) { |
| console.error('Change password failed: Unauthorized'); |
| return response.status(403).json({ error: 'Unauthorized' }); |
| } |
|
|
| |
| const user = await storage.getItem(toKey(request.body.handle)); |
|
|
| if (!user) { |
| console.error('Change password failed: User not found'); |
| return response.status(404).json({ error: 'User not found' }); |
| } |
|
|
| if (!user.enabled) { |
| console.error('Change password failed: User is disabled'); |
| return response.status(403).json({ error: 'User is disabled' }); |
| } |
|
|
| if (!request.user.profile.admin && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) { |
| console.error('Change password failed: Incorrect password'); |
| return response.status(403).json({ error: 'Incorrect password' }); |
| } |
|
|
| if (request.body.newPassword) { |
| const salt = getPasswordSalt(); |
| user.password = getPasswordHash(request.body.newPassword, salt); |
| user.salt = salt; |
| } else { |
| user.password = ''; |
| user.salt = ''; |
| } |
|
|
| await storage.setItem(toKey(request.body.handle), user); |
| return response.sendStatus(204); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/backup', async (request, response) => { |
| try { |
| const handle = request.body.handle; |
|
|
| if (!handle) { |
| console.warn('Backup failed: Missing required fields'); |
| return response.status(400).json({ error: 'Missing required fields' }); |
| } |
|
|
| if (handle !== request.user.profile.handle && !request.user.profile.admin) { |
| console.error('Backup failed: Unauthorized'); |
| return response.status(403).json({ error: 'Unauthorized' }); |
| } |
|
|
| await createBackupArchive(handle, response); |
| } catch (error) { |
| console.error('Backup failed', error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/reset-settings', async (request, response) => { |
| try { |
| const password = request.body.password; |
|
|
| if (request.user.profile.password && request.user.profile.password !== getPasswordHash(password, request.user.profile.salt)) { |
| console.warn('Reset settings failed: Incorrect password'); |
| return response.status(403).json({ error: 'Incorrect password' }); |
| } |
|
|
| const pathToFile = path.join(request.user.directories.root, SETTINGS_FILE); |
| await fsPromises.rm(pathToFile, { force: true }); |
| await checkForNewContent([request.user.directories], [CONTENT_TYPES.SETTINGS]); |
|
|
| return response.sendStatus(204); |
| } catch (error) { |
| console.error('Reset settings failed', error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/change-name', async (request, response) => { |
| try { |
| if (!request.body.name || !request.body.handle) { |
| console.warn('Change name failed: Missing required fields'); |
| return response.status(400).json({ error: 'Missing required fields' }); |
| } |
|
|
| if (request.body.handle !== request.user.profile.handle && !request.user.profile.admin) { |
| console.error('Change name failed: Unauthorized'); |
| return response.status(403).json({ error: 'Unauthorized' }); |
| } |
|
|
| |
| const user = await storage.getItem(toKey(request.body.handle)); |
|
|
| if (!user) { |
| console.warn('Change name failed: User not found'); |
| return response.status(404).json({ error: 'User not found' }); |
| } |
|
|
| user.name = request.body.name; |
| await storage.setItem(toKey(request.body.handle), user); |
|
|
| return response.sendStatus(204); |
| } catch (error) { |
| console.error('Change name failed', error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/reset-step1', async (request, response) => { |
| try { |
| const resetCode = String(crypto.randomInt(1000, 9999)); |
| console.log(); |
| console.log(color.magenta(`${request.user.profile.name}, your account reset code is: `) + color.red(resetCode)); |
| console.log(); |
| RESET_CACHE.set(request.user.profile.handle, resetCode); |
| return response.sendStatus(204); |
| } catch (error) { |
| console.error('Recover step 1 failed:', error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/reset-step2', async (request, response) => { |
| try { |
| if (!request.body.code) { |
| console.warn('Recover step 2 failed: Missing required fields'); |
| return response.status(400).json({ error: 'Missing required fields' }); |
| } |
|
|
| if (request.user.profile.password && request.user.profile.password !== getPasswordHash(request.body.password, request.user.profile.salt)) { |
| console.warn('Recover step 2 failed: Incorrect password'); |
| return response.status(400).json({ error: 'Incorrect password' }); |
| } |
|
|
| const code = RESET_CACHE.get(request.user.profile.handle); |
|
|
| if (!code || code !== request.body.code) { |
| console.warn('Recover step 2 failed: Incorrect code'); |
| return response.status(400).json({ error: 'Incorrect code' }); |
| } |
|
|
| console.info('Resetting account data:', request.user.profile.handle); |
| await fsPromises.rm(request.user.directories.root, { recursive: true, force: true }); |
|
|
| await ensurePublicDirectoriesExist(); |
| await checkForNewContent([request.user.directories]); |
|
|
| RESET_CACHE.remove(request.user.profile.handle); |
| return response.sendStatus(204); |
| } catch (error) { |
| console.error('Recover step 2 failed:', error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
