rae/mipilin
rae/mipilin
1
0
Fork 0
mirror of https://git.sr.ht/~roxwize/mipilin synced 2025-05-10 15:33:04 +00:00
Code Issues Activity

invite cooooddeesss

Browse source 
Signed-off-by: roxwize <rae@roxwize.xyz>
This commit is contained in:
Rae 5e 2024-12-10 22:27:43 -05:00
parent 7b563f5c31
commit 5abe0b5fad
Signed by: rae
GPG key ID: 5B1A0FAB9BAB81EE
22 changed files with 2326 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

43
routes/login.ts
View file

@ -2,7 +2,7 @@ import { Express } from "express";
import bcrypt from "bcrypt";
import { render } from "./util.js";
import { NodePgDatabase } from "drizzle-orm/node-postgres";
import { profiles, users } from "../db/schema.js";
import { inviteCodes, profiles, users } from "../db/schema.js";
import { eq } from "drizzle-orm";
//! TEMP Also not sanitized like at all
@ -20,6 +20,12 @@ export default function(app: Express, db: NodePgDatabase) {
res.redirect("/");
return;
}
// validation
if (req.body.referral.length < 22) {
req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
res.redirect("/register");
return;
}
if (req.body.name.length < 3) {
req.flash("error", "Username can't be shorter than 3 characters");
res.redirect("/register");
@ -43,7 +49,24 @@ export default function(app: Express, db: NodePgDatabase) {
res.redirect("/register");
return;
}
// invite code checking
const code = (await db.select({ expires: inviteCodes.expires, confersModerator: inviteCodes.confersModerator }).from(inviteCodes).where(eq(inviteCodes.token, req.body.referral)).limit(1))[0];
if (!code) {
req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
res.redirect("/register");
return;
}
const expiration = code.expires.getTime();
if (expiration > 0 && Date.now() >= expiration) {
req.flash("error", "That code is expired.");
res.redirect("/register");
return;
}
// we're verified now so get that dumb fucker out of the database
await db.delete(inviteCodes).where(eq(inviteCodes.token, req.body.referral));
// field conflicts
if (
(await db.select().from(users).where(eq(users.name, req.body.name)))
.length > 0
@ -66,10 +89,12 @@ export default function(app: Express, db: NodePgDatabase) {
const { uid } = (
await db
.insert(users)
//@ts-expect-error
.values({
name: req.body.name,
email: req.body.email, //! Not actually validating this like at all???
pass: hash,
moderator: code.confersModerator,
registered: new Date(Date.now())
})
.returning({ uid: users.id })
@ -77,6 +102,7 @@ export default function(app: Express, db: NodePgDatabase) {
await db.insert(profiles).values({ user: uid });
req.session["loggedIn"] = true;
req.session["moderator"] = code.confersModerator;
req.session["user"] = req.body.name;
req.session["uid"] = uid;
req.flash(
@ -106,16 +132,17 @@ export default function(app: Express, db: NodePgDatabase) {
res.redirect("/login");
return;
}
if (await bcrypt.compare(req.body.pass, user.pass)) {
req.session["loggedIn"] = true;
req.session["user"] = user.name;
req.session["uid"] = user.id;
req.flash("success", "You're logged in! Welcome back!!");
res.redirect("/dashboard");
} else {
if (!(await bcrypt.compare(req.body.pass, user.pass))) {
req.flash("error", "The username or password is invalid! I'm sorry! :(");
res.redirect("/login");
return;
}
req.session["loggedIn"] = true;
req.session["moderator"] = user.moderator;
req.session["user"] = user.name;
req.session["uid"] = user.id;
req.flash("success", "You're logged in! Welcome back!!");
res.redirect("/dashboard");
});
app.get("/logout", (req, res) => {
req.session["loggedIn"] = false;