aboutsummaryrefslogtreecommitdiff
path: root/auth/index.js
diff options
context:
space:
mode:
Diffstat (limited to 'auth/index.js')
-rw-r--r--auth/index.js22
1 files changed, 12 insertions, 10 deletions
diff --git a/auth/index.js b/auth/index.js
index 8e61e51..bfff5e1 100644
--- a/auth/index.js
+++ b/auth/index.js
@@ -16,7 +16,7 @@ app.use(
"/",
(req, res, next) => {
// Very important, don't change :)
- if (!req.session.loggedIn || req.path.startsWith("/api")) next();
+ if (!req.session.loggedIn || req.path.startsWith("/api") || /.*?\.[html|js|css]/.test(req.path)) next();
else res.redirect("/");
},
express.static(__dirname + "/public"),
@@ -39,20 +39,20 @@ app.post("/api/login", async (req, res) => {
app.use("/api/logout", (req, res) => req.session.destroy() & res.redirect("/"));
-app.put("/api/password", checkUser, async (req, res) => {
- const { pwd, newPwd } = req.body;
- if (!(pwd && newPwd)) return res.redirect("/auth");
- const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]);
+app.post("/api/password", checkUser, async (req, res) => {
+ const { oldPassword, newPassword, newPasswordRep } = req.body;
+ if (!(oldPassword && newPassword && newPasswordRep) || newPassword !== newPasswordRep) return res.send("error");
+ const user = (await db.query("SELECT id, password FROM users WHERE id = ?", [req.session.uid]))[0];
if (!user.password) return res.send("error");
- if (!((await bcrypt.compare(pwd, user.password)) && user.id === req.session.uid && req.session.loggedIn))
- return res.redirect("/auth");
+ if (req.session.loggedIn && user.id === req.session.uid) return res.redirect("/auth");
+ if (!(await bcrypt.compare(oldPassword, user.password))) return res.send("error");
try {
- const newHash = await bcrypt.hash(newPwd, 12);
+ const newHash = await bcrypt.hash(newPassword, 12);
await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]);
- res.redirect("/auth");
+ res.redirect("/");
} catch (e) {
console.error(e);
- res.redirect("/auth");
+ res.send("error");
}
});
@@ -70,4 +70,6 @@ app.get("/api/list", checkUser, async (req, res) => {
res.json(users);
});
+app.get("/api/status", (req, res) => res.json({ loggedIn: req.session.loggedIn }));
+
module.exports = { auth: app, checkUser };