From 81b314ac55e9ab0cd603dda48473c0fe3db6c42e Mon Sep 17 00:00:00 2001
From: Nicolai Ort <info@nicolai-ort.com>
Date: Sat, 14 Aug 2021 10:26:44 +0200
Subject: [PATCH] Working registration/auth

---
 .env                                 |  3 +-
 migrations/20210812194727_init_db.js |  2 +-
 src/server.js                        | 45 +++++++++++++++++++++++-----
 3 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/.env b/.env
index 10dbfcf..d398cdf 100644
--- a/.env
+++ b/.env
@@ -1,2 +1,3 @@
 SSL=false
-RECOGNIZE_PROVIDERS=false
\ No newline at end of file
+DISABLE_PROVIDERS=false
+ENABLE_REGISTER=true
\ No newline at end of file
diff --git a/migrations/20210812194727_init_db.js b/migrations/20210812194727_init_db.js
index 1515a0e..ee15d9f 100644
--- a/migrations/20210812194727_init_db.js
+++ b/migrations/20210812194727_init_db.js
@@ -2,7 +2,7 @@
 exports.up = function(knex) {
   return knex.schema.createTable('users', function (table) {
     table.increments('id');
-    table.string('name');
+    table.string('username');
     table.string('email').unique();
     table.string('password');
     table.timestamps();
diff --git a/src/server.js b/src/server.js
index de24302..3252ba3 100644
--- a/src/server.js
+++ b/src/server.js
@@ -6,7 +6,8 @@ const argon2 = require('argon2');
 let config = {
     domain: process.env.DOMAIN || "localhost:3000",
     https: (process.env.SSL === 'true') || false,
-    recognizeProviders: (process.env.RECOGNIZE_PROVIDERS === 'true') || true,
+    recognizeProviders: !(process.env.DISABLE_PROVIDERS === 'true'),
+    registrationEnabled: (process.env.ENABLE_REGISTER === 'true'),
     getBaseUrl() {
         if (config.https) {
             return `https://${config.domain}`;
@@ -161,6 +162,39 @@ fastify.get('/api/:shortcode', async (req, res) => {
     }
 });
 
+//User registration
+fastify.post('/api/register', async (req, res) => {
+    if (!config.registrationEnabled) {
+        res.statusCode = 400;
+        return "Registration was disabled by your admin";
+    }
+
+    const username = req.body?.username;
+    let password = req.body?.password;
+
+    //Check
+    if (!username || !password) {
+        res.statusCode = 400;
+        return "Missing username or password";
+    }
+
+    const exists = await knex.select('username')
+        .from('users')
+        .where('username', '=', username)
+        .limit(1);
+    if (exists.length != 0) {
+        res.statusCode = 400;
+        return "User already exists";
+    }
+
+    password = await argon2.hash(password);
+
+    //Create a new db entry
+    await knex('users').insert({ username, password });
+
+    return "Done!"
+});
+
 fastify.after(() => {
     //Get url api route
     fastify.get('/api/:shortcode/visits', { onRequest: fastify.basicAuth }, async (req, res) => {
@@ -249,18 +283,15 @@ async function validate(username, password, req, reply) {
         return new Error('Sorry only authorized users can do that.')
     }
 
-    const user = await knex.select('name', 'password')
+    const user = await knex.select('username', 'password')
         .from('users')
-        .where('name', '=', username)
+        .where('username', '=', username)
         .limit(1);
 
     if (user.length == 0) {
         return new Error('Sorry m8, looks like you are not on the inivtation list');
     }
-
-    password = await argon2.hash(password);
-
-    if (password != user[0].password) {
+    if (!(await argon2.verify(user[0].password, password))) {
         return new Error('Wrong credentials');
     }
 }