change pass & email

This commit is contained in:
Akif9748 2023-05-26 19:40:14 +03:00
parent 138b585482
commit 31b9249cf8
4 changed files with 63 additions and 5 deletions

View file

@ -1,7 +1,7 @@
const { UserModel, BanModel } = require("../../../models"); const { UserModel, BanModel } = require("../../../models");
const { Router } = require("express"); const { Router } = require("express");
const multer = require("multer"); const multer = require("multer");
const { themes } = require("../../../lib") const { themes, emailRegEx } = require("../../../lib")
const app = Router(); const app = Router();
const { join } = require("path"); const { join } = require("path");
app.param("id", async (req, res, next, id) => { app.param("id", async (req, res, next, id) => {
@ -37,7 +37,7 @@ app.patch("/:id", async (req, res) => {
if (req.user.id !== member.id && !user.admin) return res.error(403, "You have not got permission for this."); if (req.user.id !== member.id && !user.admin) return res.error(403, "You have not got permission for this.");
if (!Object.keys(req.body).some(Boolean)) return res.error(400, "Missing member informations in request body."); if (!Object.keys(req.body).some(Boolean)) return res.error(400, "Missing member informations in request body.");
const { name, about, admin, deleted, hideLastSeen, theme } = req.body; const { name, about, admin, deleted, hideLastSeen, theme, email } = req.body;
if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request."); if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request.");
const { names, desp } = req.app.get("limits"); const { names, desp } = req.app.get("limits");
@ -54,6 +54,12 @@ app.patch("/:id", async (req, res) => {
if (theme && themes.some(t => t.codename === theme.codename)) if (theme && themes.some(t => t.codename === theme.codename))
member.theme = theme; member.theme = theme;
if (email) {
if (!emailRegEx.test(email)) return res.error(400, "E-mail is not valid");
if (await UserModel.exists({ email })) return res.error(400, "E-mail is already in use");
member.email = email;
}
if (typeof admin === "boolean" || ["false", "true"].includes(admin)) member.admin = admin; if (typeof admin === "boolean" || ["false", "true"].includes(admin)) member.admin = admin;
if (deleted === false) member.deleted = false; if (deleted === false) member.deleted = false;

28
src/routes/security.js Normal file
View file

@ -0,0 +1,28 @@
const { UserModel } = require("../models");
const { Router } = require("express")
const bcrypt = require("bcrypt");
const { RL} = require('../lib');
const app = Router();
app.use(async (req, res, next) => {
if (!req.user) return res.error(403, "You are not logged in");
next();
});
app.get("/", (req, res) => res.reply("security"));
app.post("/", RL(24 * 60 * 60_000, 5), async (req, res) => {
let { old_password, password } = req.body;
if (!old_password || !password) return res.error(400, "You forgot entering some values");
const { names } = req.app.get("limits");
if (password.length < 3 || password.length > names) return res.error(400, "Password must be between 3 - 25 characters");
const user = await UserModel.get(req.user.id, "+password");
if (!await bcrypt.compare(old_password, user.password)) return res.error(401, 'Incorrect password!');
user.password = await bcrypt.hash(password, 10);
await user.save();
res.send("Password changed");
});
module.exports = app;

View file

@ -16,7 +16,7 @@
<form id="form" style="box-shadow:none"> <form id="form" style="box-shadow:none">
<input type="text" name="name" placeholder="<%= member.name %>" class="input"> <input type="text" name="name" placeholder="<%= member.name %>" class="input">
<input type="email" name="email" placeholder="<%= member.email %>" class="input">
<textarea id="textarea" class="input" name="about" rows="4" cols="60" name="content" placeholder="<%=member.about%>"></textarea> <textarea id="textarea" class="input" name="about" rows="4" cols="60" name="content" placeholder="<%=member.about%>"></textarea>
<% if (user?.admin){ %> <% if (user?.admin){ %>
Is Admin? <input id='admin' type='checkbox' value='true' name='admin' <%=member.admin ? "checked": ""%>> Is Admin? <input id='admin' type='checkbox' value='true' name='admin' <%=member.admin ? "checked": ""%>>
@ -40,7 +40,8 @@
const res = await request("/api/users/<%=member.id%>", "PATCH", { const res = await request("/api/users/<%=member.id%>", "PATCH", {
name: formdata.get("name"), name: formdata.get("name"),
about: simplemde.value(), about: simplemde.value(),
admin: formdata.get("admin") admin: formdata.get("admin"),
email: formdata.get("email")
}); });
simplemde.clearAutosavedValue(); simplemde.clearAutosavedValue();

View file

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html lang="en">
<%- include(dataset.getFile(dataset.theme.codename +"/views/extra/meta"), {title: "Log in!" }) %>
<body style="text-align: center;">
<%- include(dataset.getFile(dataset.theme.codename +"/views/extra/navbar")) %>
<h1 class="title">Change password</h1>
<form class="login" action="/security" method="post">
<input type="password" name="old_password" placeholder="Old Password" class="input" required>
<input type="password" name="password" placeholder="Password" class="input" required>
<input type="submit" style="width:100%" class="btn-primary" value="Change it">
</form>
<%- include(dataset.getFile(dataset.theme.codename +"/views/extra/footer")) %>
</body>
</html>