leca
/
minecraft-launcher-registration
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added can_have_cloak assertion

This commit is contained in:
leca 2025-01-23 11:48:59 +03:00
parent 1b09267e47
commit 8e269f1a8e
4 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/middlewares/auth.js
View File

@ -2,6 +2,8 @@ import fs from 'fs';
import dotenv from 'dotenv';
import jwt from 'jsonwebtoken';
import UserService from '../services/user.js';
dotenv.config({path: ".env"});
const authenticate = async (req, res, next) => {
@ -29,4 +31,11 @@ const validateInviteToken = async (req, res, next) => {
next();
};
export default {authenticate, validateInviteToken};
const canHaveCloak = async (req, res, next) => {
const { username } = jwt.decode(req.session.jwt);
if (!(await UserService.canHaveCloak(username)))
return res.status(403).send("You cannot have cloak");
next();
}
export default {authenticate, validateInviteToken, canHaveCloak};

15
src/middlewares/existance.js
View File

@ -1,5 +1,10 @@
import dotenv from 'dotenv';
import jwt from 'jsonwebtoken';
import UserService from '../services/user.js';
dotenv.config({path: ".env"});
const userDoesNotExist = async (req, res, next) => {
const { username } = req.body;
@ -11,7 +16,15 @@ const userDoesNotExist = async (req, res, next) => {
};
const userExist = async (req, res, next) => {
const { username } = req.body;
let username;
if (req.body.username) {
username = req.body.username;
} else if (req.session.jwt) {
if (!req.session.jwt || !jwt.verify(req.session.jwt, process.env.SECRET)) {
return res.status(403).send("Unauthorized");
}
username = jwt.decode(req.session.jwt).username;
}
if (!(await UserService.exists(username))) {
return res.status(401).send("Such user does not exists!");

4
src/routers/api.js
View File

@ -12,7 +12,7 @@ const ApiRouter = new Router();
ApiRouter.post('/register', requiredParameters.requireUsername, requiredParameters.requirePassword, auth.validateInviteToken, existance.userDoesNotExist, UserController.register);
ApiRouter.post('/login', requiredParameters.requireUsername, requiredParameters.requirePassword, existance.userExist, UserController.login);
ApiRouter.get('/logout', auth.authenticate, UserController.logout);
ApiRouter.post('/uploadSkin', auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadSkin);
ApiRouter.post('/uploadCape', auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadCape);
ApiRouter.post('/uploadSkin', existance.userExist, auth.authenticate, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadSkin);
ApiRouter.post('/uploadCape', existance.userExist, auth.authenticate, auth.canHaveCloak, utils.upload.single('file'), requiredParameters.requireFile, UserController.uploadCape);
export default ApiRouter;

5
src/routers/user.js
View File

@ -19,9 +19,12 @@ UserRouter.get('/register', async (req, res) => {
});
UserRouter.get(['/', '/login'], async (req, res) => {
if(req.session.jwt && jwt.verify(req.session.jwt, process.env.SECRET))
if(req.session.jwt && jwt.verify(req.session.jwt, process.env.SECRET)) {
console.log(req.session.jwt)
return res.redirect("/index");
}
return res.render("login.pug");
});