Working registration/auth

2021-08-14 10:26:44 +02:00 · 2021-08-14 10:26:44 +02:00 · 81b314ac55
parent cd9400fec3
commit 81b314ac55
3 changed files with 41 additions and 9 deletions
--- a/.env
+++ b/.env
@ -1,2 +1,3 @@
 SSL=false
-RECOGNIZE_PROVIDERS=false
+DISABLE_PROVIDERS=false
+ENABLE_REGISTER=true
--- a/migrations/20210812194727_init_db.js
+++ b/migrations/20210812194727_init_db.js
@ -2,7 +2,7 @@
 exports.up = function(knex) {
  return knex.schema.createTable('users', function (table) {
    table.increments('id');
-    table.string('name');
+    table.string('username');
    table.string('email').unique();
    table.string('password');
    table.timestamps();
--- a/src/server.js
+++ b/src/server.js
@ -6,7 +6,8 @@ const argon2 = require('argon2');
 let config = {
    domain: process.env.DOMAIN || "localhost:3000",
    https: (process.env.SSL === 'true') || false,
-    recognizeProviders: (process.env.RECOGNIZE_PROVIDERS === 'true') || true,
+    recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'),
+    registrationEnabled: (process.env.ENABLE_REGISTER === 'true'),
    getBaseUrl() {
        if (config.https) {
            return `https://${config.domain}`;
@ -161,6 +162,39 @@ fastify.get('/api/:shortcode', async (req, res) => {
    }
 });

+//User registration
+fastify.post('/api/register', async (req, res) => {
+    if (!config.registrationEnabled) {
+        res.statusCode = 400;
+        return "Registration was disabled by your admin";
+    }
+
+    const username = req.body?.username;
+    let password = req.body?.password;
+
+    //Check
+    if (!username || !password) {
+        res.statusCode = 400;
+        return "Missing username or password";
+    }
+
+    const exists = await knex.select('username')
+        .from('users')
+        .where('username', '=', username)
+        .limit(1);
+    if (exists.length != 0) {
+        res.statusCode = 400;
+        return "User already exists";
+    }
+
+    password = await argon2.hash(password);
+
+    //Create a new db entry
+    await knex('users').insert({ username, password });
+
+    return "Done!"
+});
+
 fastify.after(() => {
    //Get url api route
    fastify.get('/api/:shortcode/visits', { onRequest: fastify.basicAuth }, async (req, res) => {
@ -249,18 +283,15 @@ async function validate(username, password, req, reply) {
        return new Error('Sorry only authorized users can do that.')
    }

-    const user = await knex.select('name', 'password')
+    const user = await knex.select('username', 'password')
        .from('users')
-        .where('name', '=', username)
+        .where('username', '=', username)
        .limit(1);

    if (user.length == 0) {
        return new Error('Sorry m8, looks like you are not on the inivtation list');
    }
-
-    password = await argon2.hash(password);
-
-    if (password != user[0].password) {
+    if (!(await argon2.verify(user[0].password, password))) {
        return new Error('Wrong credentials');
    }
 }