mirror of
https://git.sr.ht/~roxwize/mipilin
synced 2025-05-07 22:13:07 +00:00
invite cooooddeesss
Signed-off-by: roxwize <rae@roxwize.xyz>
This commit is contained in:
parent
7b563f5c31
commit
5abe0b5fad
GPG key ID:
5B1A0FAB9BAB81EE
22 changed files with 2326 additions and 16 deletions
60
routes/admin.ts
Normal file
60
routes/admin.ts
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
import { NodePgDatabase } from "drizzle-orm/node-postgres";
|
||||
import { Express } from "express";
|
||||
import { createInviteCode, render } from "./util.js";
|
||||
import { inviteCodes, users } from "../db/schema.js";
|
||||
import { desc, eq } from "drizzle-orm";
|
||||
import dayjs from "dayjs";
|
||||
|
||||
export default function (app: Express, db: NodePgDatabase) {
|
||||
app.get("/mod", async (req, res) => {
|
||||
if (!req.session["loggedIn"] || !req.session["moderator"]) {
|
||||
res.redirect("/");
|
||||
return;
|
||||
}
|
||||
|
||||
const now = dayjs();
|
||||
const codes = (
|
||||
await db
|
||||
.select({ expires: inviteCodes.expires, token: inviteCodes.token, uname: users.name })
|
||||
.from(inviteCodes)
|
||||
.leftJoin(users, eq(inviteCodes.user, users.id))
|
||||
.orderBy(desc(inviteCodes.granted))
|
||||
).map((e) => {
|
||||
return {
|
||||
expires: e.expires,
|
||||
token: e.token,
|
||||
uname: e.uname,
|
||||
expiresString: now.to(dayjs(e.expires))
|
||||
};
|
||||
});
|
||||
render(db, "admin", "Admin Panel", res, req, { codes });
|
||||
});
|
||||
|
||||
app.post("/mod/codes/delete", async (req, res) => {
|
||||
if (!req.session["loggedIn"] || !req.session["moderator"]) {
|
||||
res.redirect("/");
|
||||
return;
|
||||
}
|
||||
|
||||
await db.delete(inviteCodes).where(eq(inviteCodes.token, req.body.token));
|
||||
req.flash("success", "Deleted.");
|
||||
res.redirect("/mod");
|
||||
})
|
||||
app.post("/mod/codes/create", async (req, res) => {
|
||||
if (!req.session["loggedIn"] || !req.session["moderator"]) {
|
||||
res.redirect("/");
|
||||
return;
|
||||
}
|
||||
|
||||
const expiration = new Date(req.body.expiration || 0);
|
||||
if (req.body.expiration && expiration.getTime() <= Date.now()) {
|
||||
req.flash("error", "Chosen expiration date is in the past.");
|
||||
res.redirect("/mod");
|
||||
return;
|
||||
}
|
||||
const code = await createInviteCode(db, req.session["uid"], expiration);
|
||||
|
||||
req.flash("success", `Your code has been created as <b>${code}</b>.`);
|
||||
res.redirect("/mod");
|
||||
});
|
||||
}
|
||||
|
|
@ -2,7 +2,7 @@ import { Express } from "express";
|
|||
import bcrypt from "bcrypt";
|
||||
import { render } from "./util.js";
|
||||
import { NodePgDatabase } from "drizzle-orm/node-postgres";
|
||||
import { profiles, users } from "../db/schema.js";
|
||||
import { inviteCodes, profiles, users } from "../db/schema.js";
|
||||
import { eq } from "drizzle-orm";
|
||||
|
||||
//! TEMP Also not sanitized like at all
|
||||
|
|
@ -20,6 +20,12 @@ export default function(app: Express, db: NodePgDatabase) {
|
|||
res.redirect("/");
|
||||
return;
|
||||
}
|
||||
// validation
|
||||
if (req.body.referral.length < 22) {
|
||||
req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
|
||||
res.redirect("/register");
|
||||
return;
|
||||
}
|
||||
if (req.body.name.length < 3) {
|
||||
req.flash("error", "Username can't be shorter than 3 characters");
|
||||
res.redirect("/register");
|
||||
|
|
@ -43,7 +49,24 @@ export default function(app: Express, db: NodePgDatabase) {
|
|||
res.redirect("/register");
|
||||
return;
|
||||
}
|
||||
|
||||
// invite code checking
|
||||
const code = (await db.select({ expires: inviteCodes.expires, confersModerator: inviteCodes.confersModerator }).from(inviteCodes).where(eq(inviteCodes.token, req.body.referral)).limit(1))[0];
|
||||
if (!code) {
|
||||
req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
|
||||
res.redirect("/register");
|
||||
return;
|
||||
}
|
||||
const expiration = code.expires.getTime();
|
||||
if (expiration > 0 && Date.now() >= expiration) {
|
||||
req.flash("error", "That code is expired.");
|
||||
res.redirect("/register");
|
||||
return;
|
||||
}
|
||||
// we're verified now so get that dumb fucker out of the database
|
||||
await db.delete(inviteCodes).where(eq(inviteCodes.token, req.body.referral));
|
||||
|
||||
// field conflicts
|
||||
if (
|
||||
(await db.select().from(users).where(eq(users.name, req.body.name)))
|
||||
.length > 0
|
||||
|
|
@ -66,10 +89,12 @@ export default function(app: Express, db: NodePgDatabase) {
|
|||
const { uid } = (
|
||||
await db
|
||||
.insert(users)
|
||||
//@ts-expect-error
|
||||
.values({
|
||||
name: req.body.name,
|
||||
email: req.body.email, //! Not actually validating this like at all???
|
||||
pass: hash,
|
||||
moderator: code.confersModerator,
|
||||
registered: new Date(Date.now())
|
||||
})
|
||||
.returning({ uid: users.id })
|
||||
|
|
@ -77,6 +102,7 @@ export default function(app: Express, db: NodePgDatabase) {
|
|||
await db.insert(profiles).values({ user: uid });
|
||||
|
||||
req.session["loggedIn"] = true;
|
||||
req.session["moderator"] = code.confersModerator;
|
||||
req.session["user"] = req.body.name;
|
||||
req.session["uid"] = uid;
|
||||
req.flash(
|
||||
|
|
@ -106,16 +132,17 @@ export default function(app: Express, db: NodePgDatabase) {
|
|||
res.redirect("/login");
|
||||
return;
|
||||
}
|
||||
if (await bcrypt.compare(req.body.pass, user.pass)) {
|
||||
req.session["loggedIn"] = true;
|
||||
req.session["user"] = user.name;
|
||||
req.session["uid"] = user.id;
|
||||
req.flash("success", "You're logged in! Welcome back!!");
|
||||
res.redirect("/dashboard");
|
||||
} else {
|
||||
if (!(await bcrypt.compare(req.body.pass, user.pass))) {
|
||||
req.flash("error", "The username or password is invalid! I'm sorry! :(");
|
||||
res.redirect("/login");
|
||||
return;
|
||||
}
|
||||
req.session["loggedIn"] = true;
|
||||
req.session["moderator"] = user.moderator;
|
||||
req.session["user"] = user.name;
|
||||
req.session["uid"] = user.id;
|
||||
req.flash("success", "You're logged in! Welcome back!!");
|
||||
res.redirect("/dashboard");
|
||||
});
|
||||
app.get("/logout", (req, res) => {
|
||||
req.session["loggedIn"] = false;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
import { NodePgDatabase } from "drizzle-orm/node-postgres";
|
||||
import type { Request, Response } from "express";
|
||||
import { updates } from "../db/schema.js";
|
||||
import { desc, eq } from "drizzle-orm";
|
||||
import { inviteCodes, updates } from "../db/schema.js";
|
||||
import { count, desc, eq } from "drizzle-orm";
|
||||
import fs from "node:fs/promises";
|
||||
|
||||
const nonceChars =
|
||||
|
|
@ -62,3 +62,29 @@ export async function render(
|
|||
};
|
||||
res.render(page, { ...o, ...stuff });
|
||||
}
|
||||
|
||||
const inviteCodeChars = "abcdefghijklmnopqrstuvwxyz0123456789"
|
||||
export async function createInviteCode(db: NodePgDatabase, user: number, expires: Date, confersModerator = false) {
|
||||
let existingToken = 1, token: string;
|
||||
while (existingToken) {
|
||||
token = user.toString().padStart(4, "0") + "-"
|
||||
for (let i = 0; i < 17; i++) {
|
||||
if ((i + 1) % 6 === 0) {
|
||||
token += "-";
|
||||
continue;
|
||||
}
|
||||
token += inviteCodeChars[Math.floor(Math.random() * inviteCodeChars.length)];
|
||||
}
|
||||
existingToken = (await db.select({ value: count() }).from(inviteCodes).where(eq(inviteCodes.token, token)))[0].value;
|
||||
}
|
||||
|
||||
//@ts-expect-error
|
||||
await db.insert(inviteCodes).values({
|
||||
token,
|
||||
user: user || undefined,
|
||||
granted: new Date(Date.now()),
|
||||
expires,
|
||||
confersModerator
|
||||
});
|
||||
return token;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue