mirror of
https://git.sr.ht/~roxwize/mipilin
synced 2025-05-07 22:13:07 +00:00
169 lines
5.4 KiB
TypeScript
169 lines
5.4 KiB
TypeScript
import { Express } from "express";
|
|
import bcrypt from "bcrypt";
|
|
import { render } from "./util.js";
|
|
import { NodePgDatabase } from "drizzle-orm/node-postgres";
|
|
import { follows, inviteCodes, profiles, users } from "../db/schema.js";
|
|
import { eq } from "drizzle-orm";
|
|
|
|
//! TEMP Also not sanitized like at all
|
|
//! Also make sure user isnt logged in before doing this
|
|
export default function(app: Express, db: NodePgDatabase) {
|
|
app.get("/register", (req, res) => {
|
|
if (req.session["loggedIn"]) {
|
|
res.redirect("/");
|
|
return;
|
|
}
|
|
render(db, "register", "sign up", res, req);
|
|
});
|
|
app.post("/register", async (req, res) => {
|
|
if (req.session["loggedIn"]) {
|
|
res.redirect("/");
|
|
return;
|
|
}
|
|
// validation
|
|
if (!req.body.name || !req.body.referral || !req.body.email || !req.body.pass) {
|
|
req.flash("error", "A required field wasn't filled in.");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
if (req.body.referral.length < 22) {
|
|
req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
if (req.body.name.length < 3) {
|
|
req.flash("error", "Username can't be shorter than 3 characters");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
if (req.body.name.length > 26) {
|
|
req.flash("error", "Username can't be longer than 26 characters");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
|
|
//! dumb
|
|
req.body.name = req.body.name.trim();
|
|
const match = req.body.name.match(/[A-Z0-9_-]+/i);
|
|
if (match?.[0] !== req.body.name) {
|
|
req.flash(
|
|
"error",
|
|
"Username can only contain letters, numbers, underscores, hyphens, and periods!!"
|
|
);
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
if (!req.body.email || !req.body.pass) {
|
|
req.flash("error", "Email or password not provided");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
|
|
// field conflicts
|
|
if (
|
|
(await db.select().from(users).where(eq(users.name, req.body.name)))
|
|
.length > 0
|
|
) {
|
|
req.flash("error", "That username is taken MORON");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
//! ew
|
|
if (
|
|
(await db.select().from(users).where(eq(users.email, req.body.email)))
|
|
.length > 0
|
|
) {
|
|
req.flash("error", "A user with that email already exists");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
|
|
// invite code checking
|
|
const code = (await db.select({ expires: inviteCodes.expires, confers: inviteCodes.confers }).from(inviteCodes).where(eq(inviteCodes.token, req.body.referral)).limit(1))[0];
|
|
if (!code) {
|
|
req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
const expiration = code.expires.getTime();
|
|
if (expiration > 0 && Date.now() >= expiration) {
|
|
req.flash("error", "That code is expired.");
|
|
res.redirect("/register");
|
|
return;
|
|
}
|
|
// we're verified now so get that dumb fucker out of the database
|
|
await db.delete(inviteCodes).where(eq(inviteCodes.token, req.body.referral));
|
|
|
|
const hash = await bcrypt.hash(req.body.pass, 10);
|
|
const { uid } = (
|
|
await db
|
|
.insert(users)
|
|
//@ts-expect-error
|
|
.values({
|
|
name: req.body.name,
|
|
email: req.body.email, //! Not actually validating this like at all???
|
|
pass: hash,
|
|
status: code.confers,
|
|
registered: new Date(Date.now())
|
|
})
|
|
.returning({ uid: users.id })
|
|
)[0];
|
|
await db.insert(profiles).values({ user: uid });
|
|
|
|
// Follow me by default ;w;;;
|
|
//! Also this assumes that im at id 1 which might not be true ever
|
|
await db.insert(follows).values({
|
|
userId: 1,
|
|
followerId: uid
|
|
});
|
|
|
|
req.session["loggedIn"] = true;
|
|
req.session["status"] = code.confers;
|
|
req.session["user"] = req.body.name;
|
|
req.session["uid"] = uid;
|
|
req.flash(
|
|
"success",
|
|
"Welcome to mipilin. After two weeks in development, hopefully it will have been worth the wait. Please let me know what you think after you have had a chance to use the website. I can be reached at gaben@roxwize.xyz, and my favorite mood is hormonal. Thanks, and have fun!"
|
|
);
|
|
res.redirect("/");
|
|
});
|
|
|
|
app.get("/login", async (req, res) => {
|
|
if (req.session["loggedIn"]) {
|
|
res.redirect("/");
|
|
return;
|
|
}
|
|
render(db, "login", "log in", res, req);
|
|
});
|
|
app.post("/login", async (req, res) => {
|
|
if (req.session["loggedIn"]) {
|
|
res.redirect("/");
|
|
return;
|
|
}
|
|
const user = (
|
|
await db.select().from(users).where(eq(users.name, req.body.name))
|
|
)[0];
|
|
if (!user) {
|
|
req.flash("error", "The username or password is invalid! I'm sorry! :(");
|
|
res.redirect("/login");
|
|
return;
|
|
}
|
|
if (!(await bcrypt.compare(req.body.pass, user.pass))) {
|
|
req.flash("error", "The username or password is invalid! I'm sorry! :(");
|
|
res.redirect("/login");
|
|
return;
|
|
}
|
|
req.session["loggedIn"] = true;
|
|
req.session["status"] = user.status;
|
|
req.session["user"] = user.name;
|
|
req.session["uid"] = user.id;
|
|
req.flash("success", "You're logged in! Welcome back!!");
|
|
res.redirect("/dashboard");
|
|
});
|
|
app.get("/logout", (req, res) => {
|
|
req.session["loggedIn"] = false;
|
|
delete req.session["user"];
|
|
req.flash("info", "Good bye!");
|
|
res.redirect("/");
|
|
});
|
|
}
|