1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
const express = require("express");
const bcrypt = require("bcrypt");
const db = require("../db");
const app = express.Router();
// TODO: Change passwords
// TODO: Login (+ Frontend, cookie, etc)
app.use("/", express.static(__dirname + "/public"));
app.post("/api/login", async (req, res) => {
const { username, password } = req.body;
if (!(username && password)) return res.send("error");
const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]);
if (!user.password) return res.send("error");
const loggedIn = await bcrypt.compare(password, user.password);
if (loggedIn) {
req.session.loggedIn = true;
req.session.uid = user.id;
}
return res.send(LoggedIn);
});
app.put("/api/password", async (req, res) => {
const { pwd, newPwd } = req.body;
if (!(pwd && newPwd)) return res.send("error");
const user = await db.query("SELECT id, password FROM users WHERE username = ?", [username]);
if (!user.password) return res.send("error");
if (!((await bcrypt.compare(pwd, user.password)) && user.id === req.session.uid && req.session.loggedIn))
return res.send("error");
try {
const newHash = await bcrypt.hash(newPwd, 12);
await db.query("UPDATE users SET password = ? WHERE id = ?", [newHash, req.session.uid]);
res.send("ok");
} catch (e) {
console.error(e);
res.send("error");
}
});
app.get("/api/list", async (req, res) => {
const users = await db.query("SELECT id, name, middlename, surname FROM users");
res.json(users);
});
module.exports = app;
|
