added ability to change password

2025-01-31 17:53:27 +03:00 · 2025-01-31 17:53:27 +03:00 · 100b060aa7
parent f5a89a59c7
commit 100b060aa7
5 changed files with 58 additions and 2 deletions
--- a/public/js/skin3d.js
+++ b/public/js/skin3d.js
@ -38,10 +38,34 @@ const uploadCape = async (event) => {
       window.location = window.location.href+'?eraseCache=true';
 }

+const changePassword = async (event) => {
+	event.preventDefault();
+
+	const oldPassword = document.getElementById("oldPassword").value
+	const newPassword = document.getElementById("newPassword").value
+
+	if (oldPassword == newPassword) {
+		alert("You cannod change your password to the same!")
+		return;
+	}
+
+	await fetch(`/api/changePassword`, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({
+			oldPassword,
+			newPassword
+		})
+	});
+	alert("Password has been changed!");
+}
+

 window.onload = async function() {
 	document.getElementById("skinForm").addEventListener("submit", uploadSkin)
-
+	document.getElementById("passwordChangeForm").addEventListener("submit", changePassword);
 	if (document.getElementById("cape")) {
    	document.getElementById("cape").addEventListener("click", () => { set_cape_type("cape") }, false);
    	document.getElementById("cape").checked = true;
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@ -15,7 +15,7 @@ class UserController {

        if (password != passwordConfirm) return res.status(400).send("Passwords do not match");

-        let hashedPassword = await bcrypt.hash(password, 8);
+        const hashedPassword = await bcrypt.hash(password, 8);

        await UserService.register(username, hashedPassword);

@ -39,6 +39,24 @@ class UserController {
        return res.redirect("/index");
    }

+    async changePassword(req, res) {
+        const token = req.session.jwt;
+        const username = jwt.decode(token).username;
+        const { oldPassword, newPassword } = req.body;
+
+        const storedPassword = await UserService.getPassword(username);
+
+        if (!bcrypt.compareSync(oldPassword, storedPassword)) {
+            return res.status(403).send("Password is not correct");
+        }
+
+        const newHashedPassword = await bcrypt.hash(newPassword, 8);
+
+        await UserService.changePassword(username, newHashedPassword);
+
+        return res.status(200).send("Successful");
+    }
+
    async logout(req, res) {
        req.session.destroy();
        return res.redirect("/login");
--- a/src/routers/api.js
+++ b/src/routers/api.js
@ -12,7 +12,9 @@ const ApiRouter = new Router();
 ApiRouter.post('/register', requiredParameters.requireUsername, requiredParameters.requirePassword, auth.validateInviteToken, existance.userDoesNotExist, UserController.register);
 ApiRouter.post('/login', requiredParameters.requireUsername, requiredParameters.requirePassword, existance.userExist, UserController.login);
 ApiRouter.get('/logout', auth.authenticate, UserController.logout);
+ApiRouter.post('/changepassword', auth.authenticate, existance.userExist, UserController.changePassword);
 ApiRouter.post('/uploadSkin', existance.userExist, auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadSkin);
 ApiRouter.post('/uploadCape', existance.userExist, auth.authenticate, auth.canHaveCloak, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadCape);
 ApiRouter.get('/getUsername', existance.userExist, auth.authenticate, UserController.getUsername);
+
 export default ApiRouter;
--- a/src/services/user.js
+++ b/src/services/user.js
@ -16,6 +16,10 @@ class UserService {
    async canHaveCloak(username) {
        return (await db.query("SELECT can_have_cloak FROM users WHERE username = $1", [username])).rows[0].can_have_cloak;
    }
+
+    async changePassword(username, newPassword) {
+        await db.query("UPDATE users SET password = $1 WHERE username = $2", [newPassword, username]);
+    }
 };

 export default new UserService();
--- a/views/index.pug
+++ b/views/index.pug
@ -28,5 +28,13 @@ html
                    form(target="hiddenFrame" id="capeForm")
                        input(type="file" name="file" id="capeFile")
                        input(type="submit" value="Загрузить")
+                form(target="hiddenFrame" id="passwordChangeForm")
+                    input(type="password", name="oldPassword", id="oldPassword")
+                    label(for="oldPassword") Старый пароль
+                    br()
+                    input(type="password", name="newPassword", id="newPassword")
+                    label(for="oldPassword") Новый пароль
+                    br()
+                    input(type="submit" value="Сменить")
                button(onclick="window.location.href='/api/logout'" value="Выйти" id="exitButton") Выйти