filesafe/controllers/authController.js

const config = require('../config.js')
const db = require('knex')(config.database)
const bcrypt = require('bcrypt')
const randomstring = require('randomstring')
const utils = require('./utilsController.js')

const authController = {}

authController.verify = async (req, res, next) => {
  const username = req.body.username
  const password = req.body.password

  if (username === undefined) { return res.json({ success: false, description: 'No username provided.' }) }
  if (password === undefined) { return res.json({ success: false, description: 'No password provided.' }) }

  const user = await db.table('users').where('username', username).first()
  if (!user) { return res.json({ success: false, description: 'Username doesn\'t exist.' }) }
  if (user.enabled === false || user.enabled === 0) {
    return res.json({
      success: false,
      description: 'This account has been disabled.'
    })
  }

  bcrypt.compare(password, user.password, (error, result) => {
    if (error) {
      console.log(error)
      return res.json({ success: false, description: 'There was an error.' })
    }
    if (result === false) { return res.json({ success: false, description: 'Wrong password.' }) }
    return res.json({ success: true, token: user.token })
  })
}

authController.register = async (req, res, next) => {
  if (config.enableUserAccounts === false) {
    return res.json({ success: false, description: 'Register is disabled at the moment.' })
  }

  const username = req.body.username
  const password = req.body.password

  if (username === undefined) { return res.json({ success: false, description: 'No username provided.' }) }
  if (password === undefined) { return res.json({ success: false, description: 'No password provided.' }) }

  if (username.length < 4 || username.length > 32) {
    return res.json({ success: false, description: 'Username must have 4-32 characters.' })
  }
  if (password.length < 6 || password.length > 64) {
    return res.json({ success: false, description: 'Password must have 6-64 characters.' })
  }

  const user = await db.table('users').where('username', username).first()
  if (user) { return res.json({ success: false, description: 'Username already exists.' }) }

  bcrypt.hash(password, 10, async (error, hash) => {
    if (error) {
      console.log(error)
      return res.json({ success: false, description: 'Error generating password hash (╯°□°）╯︵ ┻━┻.' })
    }
    const token = randomstring.generate(64)
    await db.table('users').insert({
      username,
      password: hash,
      token,
      enabled: 1
    })
    return res.json({ success: true, token })
  })
}

authController.changePassword = async (req, res, next) => {
  const user = await utils.authorize(req, res)
  if (!user) { return }

  const password = req.body.password
  if (password === undefined) { return res.json({ success: false, description: 'No password provided.' }) }

  if (password.length < 6 || password.length > 64) {
    return res.json({ success: false, description: 'Password must have 6-64 characters.' })
  }

  bcrypt.hash(password, 10, async (error, hash) => {
    if (error) {
      console.log(error)
      return res.json({ success: false, description: 'Error generating password hash (╯°□°）╯︵ ┻━┻.' })
    }

    await db.table('users').where('id', user.id).update({ password: hash })
    return res.json({ success: true })
  })
}

authController.getFileLengthConfig = async (req, res, next) => {
  const user = await utils.authorize(req, res)
  if (!user) { return }
  return res.json({ success: true, fileLength: user.fileLength, config: config.uploads.fileLength })
}

authController.changeFileLength = async (req, res, next) => {
  if (config.uploads.fileLength.userChangeable === false) {
    return res.json({ success: false, description: 'Changing file name length is disabled at the moment.' })
  }

  const user = await utils.authorize(req, res)
  if (!user) { return }

  const fileLength = parseInt(req.body.fileLength)
  if (fileLength === undefined) { return res.json({ success: false, description: 'No file name length provided.' }) }
  if (isNaN(fileLength)) { return res.json({ success: false, description: 'File name length is not a valid number.' }) }

  if (fileLength < config.uploads.fileLength.min || fileLength > config.uploads.fileLength.max) {
    return res.json({ success: false, description: `File name length must be ${config.uploads.fileLength.min} to ${config.uploads.fileLength.max} characters.` })
  }

  if (fileLength === user.fileLength) {
    return res.json({ success: true })
  }

  await db.table('users').where('id', user.id).update({ fileLength })
  return res.json({ success: true })
}

module.exports = authController