2023-09-13 19:56:58 +00:00
const core = require ( "./core" ) ;
2023-11-15 18:49:09 +00:00
const bcrypt = require ( "bcrypt" ) ;
const validate = require ( "../form_validation" ) ;
2023-09-13 19:56:58 +00:00
2023-11-15 18:49:09 +00:00
async function postRegister ( req , res ) {
const { username , password } = req . body ; // Get the username and password from the request body
2023-09-13 19:56:58 +00:00
2023-11-15 18:49:09 +00:00
const form _validation = await validate . registerUser ( username , password ) ; // Check form for errors
2023-09-21 00:41:57 +00:00
2023-11-15 18:49:09 +00:00
// User registration disabled?
// We also check if the server was setup. If it was not set up, the server will proceed anyways.
2024-03-22 09:24:19 +00:00
if ( ! core . settings [ "ACCOUNT_REGISTRATION" ] && core . settings [ "SETUP_COMPLETE" ] ) return res . json ( { success : false , message : "Account registrations are disabled" } ) ;
2023-09-13 19:56:58 +00:00
2023-11-15 18:49:09 +00:00
// User data valid?
if ( ! form _validation . success ) return res . json ( { success : false , message : form _validation . message } ) ;
2023-09-13 19:56:58 +00:00
2023-11-15 18:49:09 +00:00
// If setup incomplete, set the user role to Admin. This is the initial user so it will be the master user.
const role = core . settings [ "SETUP_COMPLETE" ] ? undefined : "ADMIN" ;
2023-09-13 19:56:58 +00:00
2023-11-15 18:49:09 +00:00
const hashed _password = await bcrypt . hash ( password , 10 ) ; // Hash the password for security :^)
res . json ( await core . registerUser ( username , hashed _password , { role : role } ) ) ;
2023-09-13 19:56:58 +00:00
}
2023-11-15 18:49:09 +00:00
async function postLogin ( req , res ) {
const { username , password } = req . body ; // Get the username and password from the request body
2023-09-13 19:56:58 +00:00
2023-10-27 22:26:28 +00:00
// Get the user by username
const existing _user = await core . getUser ( { username : username } ) ;
2023-11-15 18:49:09 +00:00
if ( ! existing _user . success ) return res . json ( { success : false , message : existing _user . message } ) ;
2023-09-21 00:41:57 +00:00
2023-11-15 18:49:09 +00:00
// Check the password
const password _match = await bcrypt . compare ( password , existing _user . data . password ) ;
if ( ! password _match ) return res . json ( { success : false , message : "Incorrect password" } ) ;
2023-09-21 00:41:57 +00:00
2023-11-15 18:49:09 +00:00
// Send the cookies to the user & return successful
req . session . user = { username : username , id : existing _user . data . id } ;
res . json ( { success : true } ) ;
2023-11-08 10:08:40 +00:00
}
2023-11-15 18:49:09 +00:00
async function postSetting ( request , response ) {
const user = await core . getUser ( { id : request . session . user . id } ) ;
2023-11-08 10:08:40 +00:00
2023-11-15 18:49:09 +00:00
if ( ! user . success ) return response . json ( { success : false , message : user . message } ) ;
if ( user . data . role !== "ADMIN" ) return response . json ( { success : false , message : "User is not permitted" } ) ;
2023-11-08 10:08:40 +00:00
2023-11-28 20:52:19 +00:00
response . json ( await core . postSetting ( request . body . setting _name , request . body . value ) ) ;
2023-11-08 10:08:40 +00:00
}
2023-11-15 18:49:09 +00:00
async function deleteImage ( req , res ) {
// TODO: Permissions for deleting image
return res . json ( await core . deleteImage ( req . body , req . session . user . id ) ) ;
2023-11-08 10:08:40 +00:00
}
2023-11-15 18:49:09 +00:00
async function postBlog ( req , res ) {
// Get user
const user = await core . getUser ( { id : req . session . user . id } ) ;
if ( ! user . success ) return user ;
// TODO: Permissions for uploading posts
// Can user upload?
// const permissions = await permissions.postBlog(user);
// TODO: Validation for uploading posts
// Validate blog info
const valid = await validate . postBlog ( req . body ) ;
// Upload blog post
return res . json ( await core . postBlog ( valid . data , req . session . user . id ) ) ;
2023-11-08 10:08:40 +00:00
}
2023-11-15 18:49:09 +00:00
async function deleteBlog ( req , res ) {
// TODO: Permissions for deleting blog
return res . json ( await core . deleteBlog ( req . body . id , req . session . user . id ) ) ;
2023-11-08 10:08:40 +00:00
}
2023-11-15 18:49:09 +00:00
async function patchBlog ( req , res ) {
2024-03-22 09:24:19 +00:00
// FIXME: validate does not return post id
// Can user change post?
// User is admin, or user is author
// Validate blog info
const valid = await validate . postBlog ( req . body ) ;
2023-11-15 18:49:09 +00:00
// TODO: Permissions for updating blog
2024-03-22 09:24:19 +00:00
return res . json ( await core . updateBlog ( { ... valid . data , id : req . body . id } , req . session . user . id ) ) ;
2023-11-15 18:49:09 +00:00
}
module . exports = { postRegister , postLogin , postSetting , deleteImage , postBlog , deleteBlog , patchBlog } ;