SteelTech/atums.world
1
0
Fork 0
forked from atums.world/backend
Code Pull requests Activity

add invites, fix apiauth query, use luxon for date management, change readme

Browse source
This commit is contained in:
creations 2025-03-03 18:31:26 -05:00
parent 9fcaac4dfb
commit 9a91f1e7e3
Signed by: creations
GPG key ID: 8F553AA4320FC711
10 changed files with 436 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

77
src/routes/api/auth/register.ts
View file

@ -6,7 +6,6 @@ import {
isValidUsername,
} from "@config/sql/users";
import { password as bunPassword, type ReservedSQL, sql } from "bun";
import type { UUID } from "crypto";
import { logger } from "@/helpers/logger";
import { sessionManager } from "@/helpers/sessions";
@ -56,14 +55,14 @@ async function handler(
const reservation: ReservedSQL = await sql.reserve();
let firstUser: boolean = false;
let invitedBy: UUID | null = null;
let inviteData: Invite | null = null;
let roles: string[] = [];
try {
const registrationEnabled: boolean =
(await getSetting("registrationEnabled", reservation)) === "true";
(await getSetting("enable_registration", reservation)) === "true";
const invitationsEnabled: boolean =
(await getSetting("invitationsEnabled", reservation)) === "true";
(await getSetting("enable_invitations", reservation)) === "true";
firstUser =
Number(
@ -87,23 +86,30 @@ async function handler(
}
roles.push("user");
if (firstUser) {
roles.push("admin");
if (firstUser) roles.push("admin");
const result: { usernameExists: boolean; emailExists: boolean }[] =
await reservation`
SELECT
EXISTS(SELECT 1 FROM users WHERE LOWER(username) = LOWER(${username})) AS "usernameExists",
EXISTS(SELECT 1 FROM users WHERE LOWER(email) = LOWER(${email})) AS "emailExists";
`;
const { usernameExists, emailExists } = result[0] || {};
if (usernameExists || emailExists) {
errors.push("Username or email already exists");
}
const { usernameExists, emailExists } = await reservation`
SELECT
EXISTS(SELECT 1 FROM users WHERE LOWER(username) = LOWER(${username})) AS usernameExists,
EXISTS(SELECT 1 FROM users WHERE LOWER(email) = LOWER(${email})) AS emailExists;
`;
if (usernameExists) errors.push("Username already exists");
if (emailExists) errors.push("Email already exists");
if (invite) {
invitedBy = (
await reservation`SELECT user_id FROM invites WHERE invite = ${invite};`
)[0]?.id;
if (!invitedBy) errors.push("Invalid invite code");
const result: Invite[] =
await reservation`SELECT * FROM invites WHERE id = ${invite};`;
if (!result || result.length === 0) {
errors.push("Invalid invite");
}
inviteData = result[0];
}
} catch (error) {
errors.push("An error occurred while checking for existing users");
@ -129,13 +135,25 @@ async function handler(
(await getSetting("default_timezone", reservation)) || "UTC";
try {
user = (
await reservation`
const result: User[] = await reservation`
INSERT INTO users (username, email, password, invited_by, roles, timezone)
VALUES (${username}, ${email}, ${hashedPassword}, ${invitedBy}, ARRAY[${roles.join(",")}]::TEXT[], ${defaultTimezone})
VALUES (${username}, ${email}, ${hashedPassword}, ${inviteData?.created_by}, ARRAY[${roles.join(",")}]::TEXT[], ${defaultTimezone})
RETURNING *;
`
)[0];
`;
if (result.length === 0) {
logger.error("User was not created");
return Response.json(
{
success: false,
code: 500,
error: "An error occurred with the user registration",
},
{ status: 500 },
);
}
user = result[0];
if (!user) {
logger.error("User was not created");
@ -149,8 +167,17 @@ async function handler(
);
}
if (invitedBy) {
await reservation`DELETE FROM invites WHERE invite = ${invite};`;
if (invite) {
const maxUses: number = Number(inviteData?.max_uses) || 1;
const uses: number = Number(inviteData?.uses) || 0;
if (uses + 1 >= maxUses) {
await reservation`DELETE FROM invites WHERE id = ${inviteData?.id};`;
} else {
await reservation`UPDATE invites SET uses = ${uses + 1} WHERE id = ${inviteData?.id};`;
}
if (inviteData?.role) roles.push(inviteData.role);
}
} catch (error) {
logger.error([

126
src/routes/api/invite/create.ts Normal file
View file

@ -0,0 +1,126 @@
import { getSetting } from "@config/sql/settings";
import { sql } from "bun";
import { generateRandomString, getNewTimeUTC } from "@/helpers/char";
import { logger } from "@/helpers/logger";
const routeDef: RouteDef = {
method: "POST",
accepts: "application/json",
returns: "application/json",
needsBody: "json",
};
async function handler(
request: ExtendedRequest,
requestBody: unknown,
): Promise<Response> {
if (!request.session) {
return Response.json(
{
success: false,
code: 403,
error: "Unauthorized",
},
{ status: 403 },
);
}
if (!getSetting("enable_invitations")) {
return Response.json(
{
success: false,
code: 403,
error: "Invitations are disabled",
},
{ status: 403 },
);
}
const isAdmin: boolean = request.session.roles.includes("admin");
if (!isAdmin && !getSetting("allow_user_invites")) {
return Response.json(
{
success: false,
code: 403,
error: "User invitations are disabled",
},
{ status: 403 },
);
}
const { expires, max_uses, role } = requestBody as {
expires?: string;
max_uses?: number;
role?: string;
};
if (role && !isAdmin) {
return Response.json(
{
success: false,
code: 403,
error: "You must be an admin to set the role",
},
{ status: 403 },
);
}
const expirationDate: string | null = expires
? getNewTimeUTC(expires)
: null;
const maxUses: number = Number(max_uses) || 1;
const inviteRole: string = role || "user";
let invite: Invite | null = null;
try {
const result: Invite[] = await sql`
INSERT INTO invites (created_by, expiration, max_uses, role, id)
VALUES (${request.session.id}, ${expirationDate}, ${maxUses}, ${inviteRole}, ${generateRandomString(15)})
RETURNING *;
`;
if (result.length === 0) {
logger.error("Invite failed to create");
return Response.json(
{
success: false,
code: 500,
error: "Invite was not created",
},
{ status: 500 },
);
}
invite = result[0];
} catch (error) {
logger.error(["Error creating invite:", error as Error]);
return Response.json(
{
success: false,
code: 500,
error: "An error occurred while creating the invite",
},
{ status: 500 },
);
}
return Response.json(
{
success: true,
code: 200,
invite: {
code: invite.id,
expiration: invite.expiration,
max_uses: invite.max_uses,
role: invite.role,
},
},
{ status: 200 },
);
}
export { handler, routeDef };

92
src/routes/api/invite/delete[invite].ts Normal file
View file

@ -0,0 +1,92 @@
import { type ReservedSQL, sql } from "bun";
import { logger } from "@/helpers/logger";
const routeDef: RouteDef = {
method: "DELETE",
accepts: "*/*",
returns: "application/json",
};
async function handler(request: ExtendedRequest): Promise<Response> {
if (!request.session) {
return Response.json(
{
success: false,
code: 403,
error: "Unauthorized",
},
{ status: 403 },
);
}
const isAdmin: boolean = request.session.roles.includes("admin");
const { invite } = request.params as { invite: string };
if (!invite) {
return Response.json(
{
success: false,
code: 400,
error: "Expected invite",
},
{ status: 400 },
);
}
const reservation: ReservedSQL = await sql.reserve();
let inviteData: Invite | null = null;
try {
const result: Invite[] =
await reservation`SELECT * FROM invites WHERE id = ${invite};`;
if (result.length === 0) {
return Response.json(
{
success: false,
code: 400,
error: "Invalid invite",
},
{ status: 400 },
);
}
inviteData = result[0];
if (!isAdmin && inviteData.created_by !== request.session.id) {
return Response.json(
{
success: false,
code: 403,
error: "Unauthorized",
},
{ status: 403 },
);
}
await reservation`DELETE FROM invites WHERE id = ${inviteData.id};`;
} catch (error) {
logger.error(["Could not get the invite:", error as Error]);
return Response.json(
{
success: false,
code: 500,
error: "Internal server error",
},
{ status: 500 },
);
}
return Response.json(
{
success: true,
code: 200,
message: "Invite deleted",
},
{ status: 200 },
);
}
export { handler, routeDef };