83 lines
3.4 KiB
JavaScript
83 lines
3.4 KiB
JavaScript
const core = require("./core");
|
|
const bcrypt = require("bcrypt");
|
|
const validate = require("../form_validation");
|
|
|
|
async function postRegister(req, res) {
|
|
const { username, password } = req.body; // Get the username and password from the request body
|
|
|
|
const form_validation = await validate.registerUser(username, password); // Check form for errors
|
|
|
|
// User registration disabled?
|
|
// We also check if the server was setup. If it was not set up, the server will proceed anyways.
|
|
if (!core.settings["ACCOUNT_REGISTRATION"] && core.settings["SETUP_COMPLETE"]) return res.json({ success: false, message: "Account registrations are disabled" });
|
|
|
|
// User data valid?
|
|
if (!form_validation.success) return res.json({ success: false, message: form_validation.message });
|
|
|
|
// If setup incomplete, set the user role to Admin. This is the initial user so it will be the master user.
|
|
const role = core.settings["SETUP_COMPLETE"] ? undefined : "ADMIN";
|
|
|
|
const hashed_password = await bcrypt.hash(password, 10); // Hash the password for security :^)
|
|
res.json(await core.registerUser(username, hashed_password, { role: role }));
|
|
}
|
|
async function postLogin(req, res) {
|
|
const { username, password } = req.body; // Get the username and password from the request body
|
|
|
|
// Get the user by username
|
|
const existing_user = await core.getUser({ username: username });
|
|
if (!existing_user.success) return res.json({ success: false, message: existing_user.message });
|
|
|
|
// Check the password
|
|
const password_match = await bcrypt.compare(password, existing_user.data.password);
|
|
if (!password_match) return res.json({ success: false, message: "Incorrect password" });
|
|
|
|
// Send the cookies to the user & return successful
|
|
req.session.user = { username: username, id: existing_user.data.id };
|
|
res.json({ success: true });
|
|
}
|
|
async function postSetting(request, response) {
|
|
const user = await core.getUser({ id: request.session.user.id });
|
|
|
|
if (!user.success) return response.json({ success: false, message: user.message });
|
|
if (user.data.role !== "ADMIN") return response.json({ success: false, message: "User is not permitted" });
|
|
|
|
response.json(await core.postSetting(request.body.setting_name, request.body.value));
|
|
}
|
|
async function deleteImage(req, res) {
|
|
// TODO: Permissions for deleting image
|
|
return res.json(await core.deleteImage(req.body, req.session.user.id));
|
|
}
|
|
async function postBlog(req, res) {
|
|
// Get user
|
|
const user = await core.getUser({ id: req.session.user.id });
|
|
if (!user.success) return user;
|
|
|
|
// TODO: Permissions for uploading posts
|
|
// Can user upload?
|
|
// const permissions = await permissions.postBlog(user);
|
|
|
|
// TODO: Validation for uploading posts
|
|
// Validate blog info
|
|
const valid = await validate.postBlog(req.body);
|
|
|
|
// Upload blog post
|
|
return res.json(await core.postBlog(valid.data, req.session.user.id));
|
|
}
|
|
async function deleteBlog(req, res) {
|
|
// TODO: Permissions for deleting blog
|
|
return res.json(await core.deleteBlog(req.body.id, req.session.user.id));
|
|
}
|
|
async function patchBlog(req, res) {
|
|
// FIXME: validate does not return post id
|
|
// Can user change post?
|
|
// User is admin, or user is author
|
|
|
|
// Validate blog info
|
|
const valid = await validate.postBlog(req.body);
|
|
|
|
// TODO: Permissions for updating blog
|
|
return res.json(await core.updateBlog({ ...valid.data, id: req.body.id }, req.session.user.id));
|
|
}
|
|
|
|
module.exports = { postRegister, postLogin, postSetting, deleteImage, postBlog, deleteBlog, patchBlog };
|