mirror of
https://github.com/Akif9748/akf-forum.git
synced 2024-11-22 12:00:41 +03:00
change pass & email
This commit is contained in:
parent
138b585482
commit
31b9249cf8
4 changed files with 63 additions and 5 deletions
|
@ -1,7 +1,7 @@
|
||||||
const { UserModel, BanModel } = require("../../../models");
|
const { UserModel, BanModel } = require("../../../models");
|
||||||
const { Router } = require("express");
|
const { Router } = require("express");
|
||||||
const multer = require("multer");
|
const multer = require("multer");
|
||||||
const { themes } = require("../../../lib")
|
const { themes, emailRegEx } = require("../../../lib")
|
||||||
const app = Router();
|
const app = Router();
|
||||||
const { join } = require("path");
|
const { join } = require("path");
|
||||||
app.param("id", async (req, res, next, id) => {
|
app.param("id", async (req, res, next, id) => {
|
||||||
|
@ -37,7 +37,7 @@ app.patch("/:id", async (req, res) => {
|
||||||
if (req.user.id !== member.id && !user.admin) return res.error(403, "You have not got permission for this.");
|
if (req.user.id !== member.id && !user.admin) return res.error(403, "You have not got permission for this.");
|
||||||
if (!Object.keys(req.body).some(Boolean)) return res.error(400, "Missing member informations in request body.");
|
if (!Object.keys(req.body).some(Boolean)) return res.error(400, "Missing member informations in request body.");
|
||||||
|
|
||||||
const { name, about, admin, deleted, hideLastSeen, theme } = req.body;
|
const { name, about, admin, deleted, hideLastSeen, theme, email } = req.body;
|
||||||
|
|
||||||
if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request.");
|
if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request.");
|
||||||
const { names, desp } = req.app.get("limits");
|
const { names, desp } = req.app.get("limits");
|
||||||
|
@ -54,6 +54,12 @@ app.patch("/:id", async (req, res) => {
|
||||||
if (theme && themes.some(t => t.codename === theme.codename))
|
if (theme && themes.some(t => t.codename === theme.codename))
|
||||||
member.theme = theme;
|
member.theme = theme;
|
||||||
|
|
||||||
|
if (email) {
|
||||||
|
if (!emailRegEx.test(email)) return res.error(400, "E-mail is not valid");
|
||||||
|
if (await UserModel.exists({ email })) return res.error(400, "E-mail is already in use");
|
||||||
|
member.email = email;
|
||||||
|
}
|
||||||
|
|
||||||
if (typeof admin === "boolean" || ["false", "true"].includes(admin)) member.admin = admin;
|
if (typeof admin === "boolean" || ["false", "true"].includes(admin)) member.admin = admin;
|
||||||
if (deleted === false) member.deleted = false;
|
if (deleted === false) member.deleted = false;
|
||||||
|
|
||||||
|
|
28
src/routes/security.js
Normal file
28
src/routes/security.js
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
const { UserModel } = require("../models");
|
||||||
|
const { Router } = require("express")
|
||||||
|
const bcrypt = require("bcrypt");
|
||||||
|
const { RL} = require('../lib');
|
||||||
|
const app = Router();
|
||||||
|
|
||||||
|
app.use(async (req, res, next) => {
|
||||||
|
if (!req.user) return res.error(403, "You are not logged in");
|
||||||
|
next();
|
||||||
|
});
|
||||||
|
|
||||||
|
app.get("/", (req, res) => res.reply("security"));
|
||||||
|
|
||||||
|
app.post("/", RL(24 * 60 * 60_000, 5), async (req, res) => {
|
||||||
|
|
||||||
|
let { old_password, password } = req.body;
|
||||||
|
if (!old_password || !password) return res.error(400, "You forgot entering some values");
|
||||||
|
const { names } = req.app.get("limits");
|
||||||
|
if (password.length < 3 || password.length > names) return res.error(400, "Password must be between 3 - 25 characters");
|
||||||
|
const user = await UserModel.get(req.user.id, "+password");
|
||||||
|
if (!await bcrypt.compare(old_password, user.password)) return res.error(401, 'Incorrect password!');
|
||||||
|
user.password = await bcrypt.hash(password, 10);
|
||||||
|
await user.save();
|
||||||
|
res.send("Password changed");
|
||||||
|
|
||||||
|
});
|
||||||
|
|
||||||
|
module.exports = app;
|
|
@ -15,8 +15,8 @@
|
||||||
</h1>
|
</h1>
|
||||||
|
|
||||||
<form id="form" style="box-shadow:none">
|
<form id="form" style="box-shadow:none">
|
||||||
<input type="text" name="name" placeholder="<%=member.name%>" class="input">
|
<input type="text" name="name" placeholder="<%= member.name %>" class="input">
|
||||||
|
<input type="email" name="email" placeholder="<%= member.email %>" class="input">
|
||||||
<textarea id="textarea" class="input" name="about" rows="4" cols="60" name="content" placeholder="<%=member.about%>"></textarea>
|
<textarea id="textarea" class="input" name="about" rows="4" cols="60" name="content" placeholder="<%=member.about%>"></textarea>
|
||||||
<% if (user?.admin){ %>
|
<% if (user?.admin){ %>
|
||||||
Is Admin? <input id='admin' type='checkbox' value='true' name='admin' <%=member.admin ? "checked": ""%>>
|
Is Admin? <input id='admin' type='checkbox' value='true' name='admin' <%=member.admin ? "checked": ""%>>
|
||||||
|
@ -40,7 +40,8 @@
|
||||||
const res = await request("/api/users/<%=member.id%>", "PATCH", {
|
const res = await request("/api/users/<%=member.id%>", "PATCH", {
|
||||||
name: formdata.get("name"),
|
name: formdata.get("name"),
|
||||||
about: simplemde.value(),
|
about: simplemde.value(),
|
||||||
admin: formdata.get("admin")
|
admin: formdata.get("admin"),
|
||||||
|
email: formdata.get("email")
|
||||||
});
|
});
|
||||||
simplemde.clearAutosavedValue();
|
simplemde.clearAutosavedValue();
|
||||||
|
|
||||||
|
|
23
src/themes/common/views/security.ejs
Normal file
23
src/themes/common/views/security.ejs
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
|
||||||
|
<%- include(dataset.getFile(dataset.theme.codename +"/views/extra/meta"), {title: "Log in!" }) %>
|
||||||
|
|
||||||
|
<body style="text-align: center;">
|
||||||
|
|
||||||
|
<%- include(dataset.getFile(dataset.theme.codename +"/views/extra/navbar")) %>
|
||||||
|
|
||||||
|
|
||||||
|
<h1 class="title">Change password</h1>
|
||||||
|
|
||||||
|
<form class="login" action="/security" method="post">
|
||||||
|
<input type="password" name="old_password" placeholder="Old Password" class="input" required>
|
||||||
|
<input type="password" name="password" placeholder="Password" class="input" required>
|
||||||
|
<input type="submit" style="width:100%" class="btn-primary" value="Change it">
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<%- include(dataset.getFile(dataset.theme.codename +"/views/extra/footer")) %>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
Loading…
Reference in a new issue