SileNce/discord_bot_mgmt
1
0
Fork 0
mirror of https://github.com/SileNce5k/discord_bot_mgmt.git synced 2025-04-20 03:26:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SileNce:7b35e1e2b50b082f1af52a9db952f3151b1482b1
Branches Tags
SileNce:development
..
compare: SileNce:09165e0544b35ccc21e44e00590d1078a3078215
Branches Tags
SileNce:development

No commits in common. "7b35e1e2b50b082f1af52a9db952f3151b1482b1" and "09165e0544b35ccc21e44e00590d1078a3078215" have entirely different histories.
7b35e1e2b5 ... 09165e0544

1 changed files with 6 additions and 29 deletions
Show stats Expand all files Collapse all files

35
backend/server.js
View file

@ -60,28 +60,14 @@ db.prepare(`
function verifyAuthToken(authToken){
let authenticatedUser;
try {
authenticatedUser = db.prepare("SELECT * FROM tokens WHERE token = ?").get(authToken);
} catch (error) {
console.error(error)
return false;
}
const authenticatedUser = db.prepare("SELECT * FROM tokens WHERE token = ?").get(authToken);
if(!authenticatedUser) return false;
if(authenticatedUser.token !== authToken) return false;
if(authenticatedUser.expires_at <= new Date().valueOf()) return false;
return authenticatedUser;
}
function getUser(userid){
let user;
try {
user = db.prepare("SELECT user_id, username, email, created_at, is_verified FROM users WHERE user_id = ?").get(userid)
} catch (error) {
console.error(error);
return false;
}
const user = db.prepare("SELECT user_id, username, email, created_at, is_verified FROM users WHERE user_id = ?").get(userid)
return user;
}
@ -135,12 +121,8 @@ app.get('/login', (req, res) => {
app.post('/api/v1/login', async (req, res,) => {
const username = req.body.username;
const password = req.body.password;
let user;
try {
user = db.prepare("SELECT user_id, hashed_password FROM users WHERE username = ?").get(username);
} catch (error) {
console.error(error)
}
let user = db.prepare("SELECT user_id, hashed_password FROM users WHERE username = ?").get(username);
if(!user){
res.redirect("/login?invalid=yes")
}else {
@ -155,13 +137,8 @@ app.post('/api/v1/login', async (req, res,) => {
const maxAge = 2592000000 // 30 days in milliseconds.
const maxAgeTimestamp = new Date().valueOf() + maxAge
const token = crypto.randomBytes(128).toString('base64')
try { // TODO: Improve this logic...
db.prepare("INSERT INTO tokens ( token, user_id, expires_at ) VALUES (?, ?, ?)").run(token, user.user_id, maxAgeTimestamp)
res.cookie("auth_token", token, {maxAge: maxAge, secure: true, httpOnly: true, sameSite: 'lax'}).redirect("/")
} catch (error) {
console.log(error)
res.redirect("/")
}
db.prepare("INSERT INTO tokens ( token, user_id, expires_at ) VALUES (?, ?, ?)").run(token, user.user_id, maxAgeTimestamp)
res.cookie("auth_token", token, {maxAge: maxAge, secure: true, httpOnly: true, sameSite: 'lax'}).redirect("/")
}else{
res.redirect("/login?invalid=yes")
}