diff --git a/components/app/windows/news.vue b/components/app/windows/news.vue index fcad498..cb82713 100644 --- a/components/app/windows/news.vue +++ b/components/app/windows/news.vue @@ -168,9 +168,11 @@ const jaccardSimilarity = (v1: any, v2: any) => { return intersection.size / union.size; }; -const findRel = async (title: string) => { +/* +const findRel = +async (title: string) => { const req = await fetch("/api/sort"); -}; +};*/ // Check words const checkIfEmptyArray = []; diff --git a/components/app/windows/settings.vue b/components/app/windows/settings.vue index f7dd10a..2977b23 100644 --- a/components/app/windows/settings.vue +++ b/components/app/windows/settings.vue @@ -99,6 +99,8 @@ const deleteAccount = async () => { const req = await fetch("/api/user/sendUserChanges", { method: "DELETE", }); + const res = await res.json(); + console.log(res); }; const submitChangeAction = async (action: string) => { diff --git a/i18n/locales/en.json b/i18n/locales/en.json index 3ae4afe..420e742 100644 --- a/i18n/locales/en.json +++ b/i18n/locales/en.json @@ -138,7 +138,7 @@ "opennewwindow": "This will open a new window", "similararticles": "Similar Articles", "similarity": "Similarity", - "nosimilararticles": "There isn't any similar articles.", + "nosimilararticles": "There aren't any similar articles.", "articleopenpart1": "This will open a open a new window about this new org", "articleopenpart2": "" } diff --git a/server/api/user/delete.ts b/server/api/user/delete.ts deleted file mode 100644 index 5f9e934..0000000 --- a/server/api/user/delete.ts +++ /dev/null @@ -1 +0,0 @@ -export default defineEventHandler(async (event) => {}); diff --git a/server/api/user/logout.ts b/server/api/user/logout.ts index 2cef4b0..6e28a81 100644 --- a/server/api/user/logout.ts +++ b/server/api/user/logout.ts @@ -1,15 +1,16 @@ +import getUserTokenMinusSQLInjection from "~/server/components/getUserToken"; + export default defineEventHandler(async (event) => { - const loginCookie = getCookie(event, "session"); - const lastCheckCookie = getCookie(event, "last_check"); - const nowDate = new Date().toLocaleString(); + const loginCookie = await getUserTokenMinusSQLInjection(event); try { - if (loginCookie) { + if (false) { deleteCookie(event, "token"); return { success: true, error: null, }; } + return "testing"; } catch (e) { return { success: false, diff --git a/server/api/user/sendUserChanges.delete.ts b/server/api/user/sendUserChanges.delete.ts index c958230..d6883fd 100644 --- a/server/api/user/sendUserChanges.delete.ts +++ b/server/api/user/sendUserChanges.delete.ts @@ -1,6 +1,34 @@ +import sql from "~/server/components/postgres"; +import getUserTokenMinusSQLInjection from "~/server/components/getUserToken"; export default defineEventHandler(async (event) => { - const userToken = getCookie(event, "token"); - return { - token: userToken, - }; + try { + const userToken = await getUserTokenMinusSQLInjection(event); + if (userToken.error.length !== 0) { + return { + error: userToken.error, + }; + } + // REMOVE OLD TOKENS + const removeToken = await sql` + DELETE FROM usertokens + WHERE username = ${userToken.user} + `; + console.log(removeToken); + // DELETE USER + const deleteUserAccount = await sql` + DELETE FROM users + WHERE username = ${userToken.user} + `; + console.log(deleteUserAccount); + deleteCookie(event, "token"); + return { + success: true, + }; + } catch (e) { + console.log(e); + return { + error: "INTERNAL_SERVER_ERROR", + e: e.message, + }; + } }); diff --git a/server/api/user/sendUserChanges.post.ts b/server/api/user/sendUserChanges.post.ts index 3148a15..1dc17a4 100644 --- a/server/api/user/sendUserChanges.post.ts +++ b/server/api/user/sendUserChanges.post.ts @@ -1,17 +1,9 @@ import sql from "~/server/components/postgres"; +import getUserTokenMinusSQLInjection from "~/server/components/getUserToken"; export default defineEventHandler(async (event) => { // Check user data. - const userToken = getCookie(event, "token"); - if (!userToken) { - return { - error: "ERR_NOT_ALLOWED", - }; - } - const checkUserToken = await sql` - select * from usertokens - where token=${userToken} - `; - if (checkUserToken.length === 0) { + const token = await getUserTokenMinusSQLInjection(event); + if (token.error.length !== 0) { return { error: "ERR_NOT_ALLOWED", }; @@ -37,26 +29,11 @@ export default defineEventHandler(async (event) => { ` UPDATE user_other_data SET ${requestChange} = $1 WHERE username = $2`, - [apiKeyqq[0], checkUserToken[0].username], + [apiKeyqq[0], token.user], ); - - /** - * // Example of how requestChange might be validated - const allowedColumns = ['groq_api_key', 'another_column_name']; - - if (!allowedColumns.includes(requestChange)) { - throw new Error('Invalid column name provided'); - } - - const sqlC = await sql` - UPDATE user_other_data SET ${sql.identifier([requestChange])} = ${apiKeyqq[0]} - WHERE username = ${checkUserToken[0].username}`; - */ return { - body: body, - allowed: allowed, - data: body.value.match(clearBadDataRegex), sqlC: sqlC, + success: true, }; } }); diff --git a/server/api/user/submitGroqKey.ts b/server/api/user/submitGroqKey.ts index 31e36cb..c46f2c6 100644 --- a/server/api/user/submitGroqKey.ts +++ b/server/api/user/submitGroqKey.ts @@ -1,19 +1,11 @@ import sql from "~/server/components/postgres"; +import getUserTokenMinusSQLInjection from "~/server/components/getUserToken"; export default defineEventHandler(async (event) => { // Check user data. - const userToken = getCookie(event, "token"); - if (!userToken) { + const user = getUserTokenMinusSQLInjection(event); + if (user.error.length !== 0) { return { - error: "ERR_NOT_ALLOWED", - }; - } - const checkUserToken = await sql` - select * from usertokens - where token=${userToken} - `; - if (checkUserToken.length === 0) { - return { - error: "ERR_NOT_ALLOWED", + error: user.error, }; } // Actual function @@ -26,7 +18,7 @@ export default defineEventHandler(async (event) => { ` UPDATE user_other_data SET ${requestChange} = $1 WHERE username = $2`, - [apiKeyqq[0], checkUserToken[0].username], + [apiKeyqq[0], user.user], ); return { body: body, diff --git a/server/components/getUserToken.ts b/server/components/getUserToken.ts new file mode 100644 index 0000000..b40e4c6 --- /dev/null +++ b/server/components/getUserToken.ts @@ -0,0 +1,35 @@ +import sql from "~/server/components/postgres"; +export default async function getUserTokenMinusSQLInjection(event) { + const userToken = await getCookie(event, "token"); + if (!userToken) { + return { + token: null, + user: null, + error: "NO_TOKEN", + }; + } + const uuidRegex = + /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i; + if (!uuidRegex.test(userToken)) { + return { + token: null, + user: null, + error: "INVALID_TOKEN_FORMAT", + }; + } + const getUser = await sql` + select * from usertokens + where token = ${userToken}`; + if (getUser.length === 0) { + return { + token: null, + user: null, + error: "NOT_AUTHED", + }; + } + return { + token: userToken, + user: getUser[0].username, + error: "", + }; +} diff --git a/server_fixes.md b/server_fixes.md index c72b6e7..e6965ce 100644 --- a/server_fixes.md +++ b/server_fixes.md @@ -17,7 +17,7 @@ And also I wrote a super stupid cron fix, which is below. ## My stupid cron fix: Cron Job: ``` -0 1 * * * "bun run /hardpushrevolvconf.ts" > /dev/null +0 * * * * "bun run /hardpushrevolvconf.ts" > /dev/null ``` Here is the script I used to force the change of my resolv.conf file: