SileNce/discord_bot_mgmt
1
0
Fork 0
mirror of https://github.com/SileNce5k/discord_bot_mgmt.git synced 2025-04-20 03:26:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove TODOs as they're now converted into github issues

Browse source
This commit is contained in:
SileNce5k 2025-01-10 19:09:55 +01:00
parent c0af804da1
commit 55766d0404
Signed by: SileNce
GPG key ID: B0A142BB4291B204
1 changed files with 6 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
backend/server.js
View file

@ -14,22 +14,12 @@ app.use(cookieParser())
// app.use((req, res, next) => {
// // TODO: This middleware will authenticate users so I don't have to do it in every specific page.
// // Use https://expressjs.com/en/5x/api.html#res.locals to pass authenticated user and stuff.
// next()
// })
// TODO: Convert to typescript
const frontendPath = { const frontendPath = {
views: path.join(__dirname, "..", "frontend", "views"), views: path.join(__dirname, "..", "frontend", "views"),
public: path.join(__dirname, "..", "frontend", "public") public: path.join(__dirname, "..", "frontend", "public")
} }
function _frontendPath(isPublic, file){ // TODO: Improve these. function _frontendPath(isPublic, file){
if(isPublic) if(isPublic)
return path.join(frontendPath.public, file) return path.join(frontendPath.public, file)
return path.join(frontendPath.views, file) return path.join(frontendPath.views, file)
@ -39,12 +29,10 @@ function _frontendPath(isPublic, file){ // TODO: Improve these.
app.use(express.static(frontendPath.public)); app.use(express.static(frontendPath.public));
app.set('views', frontendPath.views); app.set('views', frontendPath.views);
// TODO: Check if the sql runs fail before doing stuff
const databasePath = "data/database.db"; const databasePath = "data/database.db";
const db = require('better-sqlite3')(databasePath); const db = require('better-sqlite3')(databasePath);
// CREATE tables
db.prepare(` db.prepare(`
CREATE TABLE IF NOT EXISTS users ( CREATE TABLE IF NOT EXISTS users (
@ -71,7 +59,7 @@ function verifyAuthToken(authToken){
const authenticatedUser = db.prepare("SELECT * FROM tokens WHERE token = ?").get(authToken); const authenticatedUser = db.prepare("SELECT * FROM tokens WHERE token = ?").get(authToken);
if(!authenticatedUser) return false; if(!authenticatedUser) return false;
if(authenticatedUser.token !== authToken) return false; if(authenticatedUser.token !== authToken) return false;
return authenticatedUser; // TODO: Check if token has expired (if expires_at has past) return authenticatedUser;
} }
function getUser(userid){ function getUser(userid){
@ -84,7 +72,7 @@ app.get('/users/:id/settings', (req, res) => {
let userId = Number(req.params.id); let userId = Number(req.params.id);
if(authenticatedUser){ if(authenticatedUser){
if(authenticatedUser.user_id === userId){ if(authenticatedUser.user_id === userId){
res.render("user_settings", {id: userId}) // TODO: Finish the settings page. res.render("user_settings", {id: userId})
}else { }else {
res.redirect(`/users/${authenticatedUser.user_id}/settings`) res.redirect(`/users/${authenticatedUser.user_id}/settings`)
} }
@ -94,7 +82,6 @@ app.get('/users/:id/settings', (req, res) => {
}) })
app.get('/register', (req, res) => { app.get('/register', (req, res) => {
// TODO: Check if logged in first.
if(verifyAuthToken(req.cookies.auth_token)){ if(verifyAuthToken(req.cookies.auth_token)){
res.redirect("/"); res.redirect("/");
return; return;
@ -133,7 +120,7 @@ app.post('/api/v1/login', async (req, res,) => {
let user = db.prepare("SELECT user_id, hashed_password FROM users WHERE username = ?").get(username); let user = db.prepare("SELECT user_id, hashed_password FROM users WHERE username = ?").get(username);
if(!user){ if(!user){
res.redirect("/login?invalid=yes") // TODO: Make it so the url bar still shows /login on this res.redirect("/login?invalid=yes")
}else { }else {
let isVerified = false; let isVerified = false;
try { try {
@ -146,7 +133,7 @@ app.post('/api/v1/login', async (req, res,) => {
const maxAge = 2592000000 // 30 days in milliseconds. const maxAge = 2592000000 // 30 days in milliseconds.
const maxAgeTimestamp = new Date().valueOf() + maxAge const maxAgeTimestamp = new Date().valueOf() + maxAge
const token = crypto.randomBytes(128).toString('base64') const token = crypto.randomBytes(128).toString('base64')
db.prepare("INSERT INTO tokens ( token, user_id, expires_at ) VALUES (?, ?, ?)").run(token, user.user_id, maxAgeTimestamp) // TODO: Check if this fails before setting cookie. db.prepare("INSERT INTO tokens ( token, user_id, expires_at ) VALUES (?, ?, ?)").run(token, user.user_id, maxAgeTimestamp)
res.cookie("auth_token", token, {maxAge: maxAge, secure: true, httpOnly: true, sameSite: 'lax'}).redirect("/") res.cookie("auth_token", token, {maxAge: maxAge, secure: true, httpOnly: true, sameSite: 'lax'}).redirect("/")
}else{ }else{
res.redirect("/login?invalid=yes") res.redirect("/login?invalid=yes")
@ -155,7 +142,7 @@ app.post('/api/v1/login', async (req, res,) => {
}) })
app.post('/api/v1/register', async (req, res) => { // TODO: Create checks for requirements like min pw length, min username length. Do some email validation?. app.post('/api/v1/register', async (req, res) => {
let username = req.body.username; let username = req.body.username;
const password = req.body.password; const password = req.body.password;
const email = req.body.email; const email = req.body.email;
@ -165,7 +152,6 @@ app.post('/api/v1/register', async (req, res) => { // TODO: Create checks for re
const hashed_password = await argon2.hash(password); const hashed_password = await argon2.hash(password);
const createdAt = new Date().getTime(); const createdAt = new Date().getTime();
const isVerified = 0; const isVerified = 0;
// TODO: Check if username already exists, will crash because username has to be unique in database
db.prepare("INSERT INTO users (username, hashed_password, email, created_at, is_verified) VALUES (?, ?, ?, ?, ?)").run(username, hashed_password, email, createdAt, isVerified) db.prepare("INSERT INTO users (username, hashed_password, email, created_at, is_verified) VALUES (?, ?, ?, ?, ?)").run(username, hashed_password, email, createdAt, isVerified)
res.redirect("/login"); res.redirect("/login");
} }