yet-another-blog/backend/core/internal_api.js

const core = require("./core");
const bcrypt = require("bcrypt");
const validate = require("../form_validation");

async function postRegister(req, res) {
  const { username, password } = req.body; // Get the username and password from the request body

  const form_validation = await validate.registerUser(username, password); // Check form for errors

  // User registration disabled?
  // We also check if the server was setup. If it was not set up, the server will proceed anyways.
  if (!core.settings["ACCOUNT_REGISTRATION"] && core.settings["SETUP_COMPLETE"]) return res.json({ success: false, message: "Account registrations are disabled" });

  // User data valid?
  if (!form_validation.success) return res.json({ success: false, message: form_validation.message });

  // If setup incomplete, set the user role to Admin. This is the initial user so it will be the master user.
  const role = core.settings["SETUP_COMPLETE"] ? undefined : "ADMIN";

  const hashed_password = await bcrypt.hash(password, 10); // Hash the password for security :^)
  res.json(await core.registerUser(username, hashed_password, { role: role }));
}
async function postLogin(req, res) {
  const { username, password } = req.body; // Get the username and password from the request body

  // Get the user by username
  const existing_user = await core.getUser({ username: username });
  if (!existing_user.success) return res.json({ success: false, message: existing_user.message });

  // Check the password
  const password_match = await bcrypt.compare(password, existing_user.data.password);
  if (!password_match) return res.json({ success: false, message: "Incorrect password" });

  // Send the cookies to the user & return successful
  req.session.user = { username: username, id: existing_user.data.id };
  res.json({ success: true });
}
async function postSetting(request, response) {
  const user = await core.getUser({ id: request.session.user.id });

  // TODO: Permissions for changing settings
  if (!user.success) return response.json({ success: false, message: user.message });
  if (user.data.role !== "ADMIN") return response.json({ success: false, message: "User is not permitted" });

  response.json(await core.postSetting(request.body.setting_name, request.body.value));
}
async function deleteImage(req, res) {
  // TODO: Permissions for deleting image
  return res.json(await core.deleteImage(req.body, req.session.user.id));
}
async function postBlog(req, res) {
  // Get user
  const user = await core.getUser({ id: req.session.user.id });
  if (!user.success) return user;

  // TODO: Permissions for uploading posts
  // Can user upload?
  // const permissions = await permissions.postBlog(user);

  // TODO: Validation for uploading posts
  // Validate blog info
  const valid = await validate.postBlog(req.body);

  // Upload blog post
  return res.json(await core.postBlog(valid.data, req.session.user.id));
}
async function deleteBlog(req, res) {
  // TODO: Permissions for deleting blog
  return res.json(await core.deleteBlog(req.body.id, req.session.user.id));
}
async function patchBlog(req, res) {
  // FIXME: validate does not return post id
  // Can user change post?
  // User is admin, or user is author

  // Validate blog info
  const valid = await validate.postBlog(req.body);

  // TODO: Permissions for updating blog
  return res.json(await core.updateBlog({ ...valid.data, id: req.body.id }, req.session.user.id));
}

module.exports = { postRegister, postLogin, postSetting, deleteImage, postBlog, deleteBlog, patchBlog };
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00			`const core = require("./core");`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`const bcrypt = require("bcrypt");`
			`const validate = require("../form_validation");`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function postRegister(req, res) {`
			`const { username, password } = req.body; // Get the username and password from the request body`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`const form_validation = await validate.registerUser(username, password); // Check form for errors`
Admin page Toggle account registration 2023-09-21 00:41:57 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// User registration disabled?`
			`// We also check if the server was setup. If it was not set up, the server will proceed anyways.`
Post-tags (#9) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/9 Co-authored-by: Armored Dragon <publicmail@armoreddragon.com> Co-committed-by: Armored Dragon <publicmail@armoreddragon.com> 2024-03-22 09:24:19 +00:00			`if (!core.settings["ACCOUNT_REGISTRATION"] && core.settings["SETUP_COMPLETE"]) return res.json({ success: false, message: "Account registrations are disabled" });`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// User data valid?`
			`if (!form_validation.success) return res.json({ success: false, message: form_validation.message });`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// If setup incomplete, set the user role to Admin. This is the initial user so it will be the master user.`
			`const role = core.settings["SETUP_COMPLETE"] ? undefined : "ADMIN";`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`const hashed_password = await bcrypt.hash(password, 10); // Hash the password for security :^)`
			`res.json(await core.registerUser(username, hashed_password, { role: role }));`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00			`}`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function postLogin(req, res) {`
			`const { username, password } = req.body; // Get the username and password from the request body`
Init User accounts Login & registration 2023-09-13 19:56:58 +00:00
Basic Cleanup (#1) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/1 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-10-27 22:26:28 +00:00			`// Get the user by username`
			`const existing_user = await core.getUser({ username: username });`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`if (!existing_user.success) return res.json({ success: false, message: existing_user.message });`
Admin page Toggle account registration 2023-09-21 00:41:57 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// Check the password`
			`const password_match = await bcrypt.compare(password, existing_user.data.password);`
			`if (!password_match) return res.json({ success: false, message: "Incorrect password" });`
Admin page Toggle account registration 2023-09-21 00:41:57 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// Send the cookies to the user & return successful`
			`req.session.user = { username: username, id: existing_user.data.id };`
			`res.json({ success: true });`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00			`}`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function postSetting(request, response) {`
			`const user = await core.getUser({ id: request.session.user.id });`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// TODO: Permissions for changing settings`
			`if (!user.success) return response.json({ success: false, message: user.message });`
			`if (user.data.role !== "ADMIN") return response.json({ success: false, message: "User is not permitted" });`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00
Admin page refresh. (#6) Added settings and options. Settings parsing catch. Fix postSetting API responses. Adjusted spinner visibility toggle. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/6 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-28 20:52:19 +00:00			`response.json(await core.postSetting(request.body.setting_name, request.body.value));`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00			`}`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function deleteImage(req, res) {`
			`// TODO: Permissions for deleting image`
			`return res.json(await core.deleteImage(req.body, req.session.user.id));`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00			`}`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function postBlog(req, res) {`
			`// Get user`
			`const user = await core.getUser({ id: req.session.user.id });`
			`if (!user.success) return user;`

			`// TODO: Permissions for uploading posts`
			`// Can user upload?`
			`// const permissions = await permissions.postBlog(user);`

			`// TODO: Validation for uploading posts`
			`// Validate blog info`
			`const valid = await validate.postBlog(req.body);`

			`// Upload blog post`
			`return res.json(await core.postBlog(valid.data, req.session.user.id));`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00			`}`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function deleteBlog(req, res) {`
			`// TODO: Permissions for deleting blog`
			`return res.json(await core.deleteBlog(req.body.id, req.session.user.id));`
Blog Uploading support (#2) Provides basic functionality when uploading blog posts. Pending cleanup. Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/2 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-08 10:08:40 +00:00			`}`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`async function patchBlog(req, res) {`
Post-tags (#9) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/9 Co-authored-by: Armored Dragon <publicmail@armoreddragon.com> Co-committed-by: Armored Dragon <publicmail@armoreddragon.com> 2024-03-22 09:24:19 +00:00			`// FIXME: validate does not return post id`
			`// Can user change post?`
			`// User is admin, or user is author`

			`// Validate blog info`
			`const valid = await validate.postBlog(req.body);`

database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`// TODO: Permissions for updating blog`
Post-tags (#9) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/9 Co-authored-by: Armored Dragon <publicmail@armoreddragon.com> Co-committed-by: Armored Dragon <publicmail@armoreddragon.com> 2024-03-22 09:24:19 +00:00			`return res.json(await core.updateBlog({ ...valid.data, id: req.body.id }, req.session.user.id));`
database cleanup (#3) Reviewed-on: https://git.armoreddragon.com/ArmoredDragon/yet-another-blog/pulls/3 Co-authored-by: Armored-Dragon <forgejo3829105@armoreddragon.com> Co-committed-by: Armored-Dragon <forgejo3829105@armoreddragon.com> 2023-11-15 18:49:09 +00:00			`}`

			`module.exports = { postRegister, postLogin, postSetting, deleteImage, postBlog, deleteBlog, patchBlog };`