Spacebar/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2024-09-21 18:21:36 +02:00
Code Issues Releases Activity

added disable route & check if user is disabled

Browse Source
This commit is contained in:
xnacly 2021-08-10 20:55:47 +02:00
parent b4e973c3ca
commit d5a9e2c378
3 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
locales/en/auth.json
View File

@ -1,7 +1,8 @@
{
"login": {
"INVALID_LOGIN": "E-Mail or Phone not found",
"INVALID_PASSWORD": "Invalid Password"
"INVALID_PASSWORD": "Invalid Password",
"ACCOUNT_DISABLED": "This account is disabled"
},
"register": {
"REGISTRATION_DISABLED": "New user registration is disabled",

12
src/routes/auth/login.ts
View File

@ -9,7 +9,8 @@ import RateLimit from "../../middlewares/RateLimit";
const router: Router = Router();
export default router;
// TODO: check if user is deleted/restricted
// TODO: check if user is deleted --> prohibit login
router.post(
"/",
RateLimit({ count: 5, window: 60, onylIp: true }),
@ -22,7 +23,7 @@ router.post(
$gift_code_sku_id: String
}),
async (req: Request, res: Response) => {
const { login, password, captcha_key } = req.body;
const { login, password, captcha_key, undelete } = req.body;
const email = adjustEmail(login);
const query: any[] = [{ phone: login }];
if (email) query.push({ email });
@ -62,6 +63,13 @@ router.post(
throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } });
});
if (user.disabled && undelete) {
// undelete refers to un'disable' here
await UserModel.updateOne({ id: req.user_id }, { disabled: false }).exec();
} else if (user.disabled) {
return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 });
}
// the salt is saved in the password refer to bcrypt docs
const same_password = await bcrypt.compare(password, user.user_data.hash || "");
if (!same_password) {

14
src/routes/users/@me/disable.ts
View File

@ -1,10 +1,20 @@
import { UserModel } from "@fosscord/server-util";
import { Router, Response, Request } from "express";
import bcrypt from "bcrypt";
const router = Router();
router.post("/", (req: Request, res: Response) => {
// TODO:
router.post("/", async (req: Request, res: Response) => {
const user = await UserModel.findOne({ id: req.user_id }).exec(); //User object
let correctpass = await bcrypt.compare(req.body.password, user!.user_data.hash); //Not sure if user typed right password :/
if (correctpass) {
await UserModel.updateOne({ id: req.user_id }, { disabled: true }).exec();
res.sendStatus(204);
} else {
res.status(400).json({ message: "Password does not match", code: 50018 });
}
});
export default router;