SileNce/discord_bot_mgmt
1
0
Fork 0
mirror of https://github.com/SileNce5k/discord_bot_mgmt.git synced 2025-04-19 19:16:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SileNce:09165e0544b35ccc21e44e00590d1078a3078215
Branches Tags
SileNce:development
..
compare: SileNce:7b35e1e2b50b082f1af52a9db952f3151b1482b1
Branches Tags
SileNce:development

2 commits
09165e0544 ... 7b35e1e2b5

Author SHA1 Message Date
SileNce5k
7b35e1e2b5
Check if token has expired before verifying it 
Closes #5
 2025-01-26 03:16:53 +01:00
SileNce5k
b08c811faa
Check if sql runs fail before doing stuff 
Closes #4
 2025-01-26 03:13:32 +01:00
1 changed files with 29 additions and 6 deletions
Show stats Expand all files Collapse all files

31
backend/server.js
View file

@ -60,14 +60,28 @@ db.prepare(`
function verifyAuthToken(authToken){
const authenticatedUser = db.prepare("SELECT * FROM tokens WHERE token = ?").get(authToken);
let authenticatedUser;
try {
authenticatedUser = db.prepare("SELECT * FROM tokens WHERE token = ?").get(authToken);
} catch (error) {
console.error(error)
return false;
}
if(!authenticatedUser) return false;
if(authenticatedUser.token !== authToken) return false;
if(authenticatedUser.expires_at <= new Date().valueOf()) return false;
return authenticatedUser;
}
function getUser(userid){
const user = db.prepare("SELECT user_id, username, email, created_at, is_verified FROM users WHERE user_id = ?").get(userid)
let user;
try {
user = db.prepare("SELECT user_id, username, email, created_at, is_verified FROM users WHERE user_id = ?").get(userid)
} catch (error) {
console.error(error);
return false;
}
return user;
}
@ -121,8 +135,12 @@ app.get('/login', (req, res) => {
app.post('/api/v1/login', async (req, res,) => {
const username = req.body.username;
const password = req.body.password;
let user = db.prepare("SELECT user_id, hashed_password FROM users WHERE username = ?").get(username);
let user;
try {
user = db.prepare("SELECT user_id, hashed_password FROM users WHERE username = ?").get(username);
} catch (error) {
console.error(error)
}
if(!user){
res.redirect("/login?invalid=yes")
}else {
@ -137,8 +155,13 @@ app.post('/api/v1/login', async (req, res,) => {
const maxAge = 2592000000 // 30 days in milliseconds.
const maxAgeTimestamp = new Date().valueOf() + maxAge
const token = crypto.randomBytes(128).toString('base64')
try { // TODO: Improve this logic...
db.prepare("INSERT INTO tokens ( token, user_id, expires_at ) VALUES (?, ?, ?)").run(token, user.user_id, maxAgeTimestamp)
res.cookie("auth_token", token, {maxAge: maxAge, secure: true, httpOnly: true, sameSite: 'lax'}).redirect("/")
} catch (error) {
console.log(error)
res.redirect("/")
}
}else{
res.redirect("/login?invalid=yes")
}