web/routes/api.js

840 lines
35 KiB
JavaScript
Raw Permalink Normal View History

const express = require("express");
2021-11-16 07:18:59 +01:00
const bcrypt = require("bcrypt");
const randtoken = require("rand-token");
2021-11-21 08:17:49 +01:00
2021-11-16 07:18:59 +01:00
const router = express.Router();
2021-11-21 08:17:49 +01:00
const db = require("../modules/db");
const mail = require("../modules/mail");
2022-04-05 12:43:39 +02:00
const telegram = require("../modules/telegram");
2021-11-21 08:17:49 +01:00
const auth = require("../auth/auth");
2021-11-16 07:18:59 +01:00
const saltRounds = 10;
2021-11-15 10:59:21 +01:00
2021-11-17 09:32:44 +01:00
let config;
try {
2021-11-20 03:09:06 +01:00
config = require("../config");
2021-11-17 09:32:44 +01:00
} catch (e) {
2021-11-20 03:09:06 +01:00
console.log("No config file found");
process.exit(0);
2021-11-17 09:32:44 +01:00
}
router.get("/getproducts", (req, res) => {
2021-11-20 03:09:06 +01:00
const conn = db.connect();
conn.execute("SELECT * FROM `products`", [], function (err, results) {
res.json(results);
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-20 03:09:06 +01:00
});
});
2021-11-15 10:59:21 +01:00
router.get("/getproduct", (req, res) => {
2021-11-20 03:09:06 +01:00
const conn = db.connect();
conn.execute(
"SELECT * FROM `products` WHERE `ID` = ?",
[req.query.id],
function (err, results) {
res.json(results);
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-20 03:09:06 +01:00
}
);
});
2021-11-15 10:59:21 +01:00
router.post("/register", async (req, res) => {
2021-11-20 03:09:06 +01:00
if (
!req.body.email ||
!req.body.password ||
!req.body.first_name ||
!req.body.last_name
) {
res.status(400);
res.json({
message: "Bad Request",
2021-11-20 03:09:06 +01:00
});
} else {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE email = ?",
[req.body.email],
async function (error, response, fields) {
if (error) {
2021-11-20 03:09:06 +01:00
res.status(400);
res.json({
message: "Bad Request",
});
2021-11-16 07:18:59 +01:00
} else {
2021-11-20 03:09:06 +01:00
if (response.length > 0) {
res.status(400);
res.json({
2021-11-20 03:09:06 +01:00
message: "Bad Request",
});
2021-11-20 03:09:06 +01:00
} else {
const encryptedPassword = await bcrypt.hash(
req.body.password,
saltRounds
);
2022-04-07 06:49:21 +02:00
let otptoken = randtoken.generate(64);
2021-11-20 03:09:06 +01:00
var users = {
first_name: req.body.first_name,
last_name: req.body.last_name,
email: req.body.email,
password: encryptedPassword,
session: "[]",
2022-04-05 12:43:39 +02:00
otp: 0,
otpcode: 0,
2022-04-07 06:49:21 +02:00
otptoken: otptoken,
2022-04-05 12:43:39 +02:00
otpto: 0,
otpservice: "",
2021-11-20 03:09:06 +01:00
};
conn.query(
"INSERT INTO users SET ?",
users,
function (error, response, fields) {
if (error) {
res.status(400);
res.json({
message: "Bad Request",
});
2021-11-16 07:18:59 +01:00
} else {
2021-11-20 03:09:06 +01:00
conn.query(
'SELECT * FROM users WHERE email ="' + req.body.email + '"',
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
}
if (result.length > 0) {
var token = randtoken.generate(20);
if (result[0].verify == 0) {
let subject = "Account Verification - Nekoya";
2022-04-07 07:19:11 +02:00
let content = `<p>Hello!!! Please click this link <a href="${config.url}/verify-mail?token=${token}">link</a> to verify your account!!! Thanks!!!</p>`;
2021-11-20 03:09:06 +01:00
var sent = mail.send(
req.body.email,
subject,
content
);
if (sent != "0") {
var data = {
token: token,
};
conn.query(
'UPDATE users SET ? WHERE email ="' +
req.body.email +
'"',
data,
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
message: "Register Verification Sent ~",
});
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-20 03:09:06 +01:00
}
);
} else {
res.status(400);
res.json({
message: "Bad Request",
});
}
}
} else {
res.status(400);
res.json({
message: "Bad Request",
});
}
}
);
2021-11-16 07:18:59 +01:00
}
2021-11-20 03:09:06 +01:00
}
);
2021-11-17 09:22:12 +01:00
}
}
2021-11-20 03:09:06 +01:00
}
);
}
});
2021-11-16 07:18:59 +01:00
router.post("/login", async (req, res) => {
2021-11-20 03:09:06 +01:00
if (!req.body.email || !req.body.password) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE email = ?",
[req.body.email],
async function (error, response, fields) {
if (!response[0]) {
res.status(205);
res.json({
message: "Sorry Your email is not registered in our system",
});
2021-11-17 09:51:52 +01:00
} else {
2021-11-20 03:09:06 +01:00
const passCheck = await bcrypt.compare(
req.body.password,
response[0].password
);
if (error) {
res.status(400);
res.json({
2021-11-20 03:09:06 +01:00
message: "Bad Request",
});
2021-11-20 03:09:06 +01:00
} else {
if (response.length > 0) {
if (passCheck) {
if (response[0].verify == 0) {
res.status(204);
res.json({
message: "Sorry You haven't verified your email",
});
} else {
2022-04-05 12:43:39 +02:00
if (response[0].otp == 1) {
2022-04-07 06:49:21 +02:00
let otptoken = randtoken.generate(64);
2022-04-05 12:43:39 +02:00
let otpcode = Math.floor(100000 + Math.random() * 900000);
telegram.send(
response[0].otpto,
`<b>OTP CODE</b>\n\n<code>${otpcode}</code>`
);
conn.query(
'UPDATE users SET ? WHERE email ="' + req.body.email + '"', {
otpcode: otpcode,
2022-04-07 06:49:21 +02:00
otptoken: otptoken,
2022-04-05 12:43:39 +02:00
},
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
message: "OTP Verification Sent ~",
otp: response[0].otp == 1 ? true : false,
2022-04-07 06:49:21 +02:00
token: otptoken,
2022-04-05 12:43:39 +02:00
});
}
db.disconnect(conn);
2021-11-20 03:09:06 +01:00
}
2022-04-05 12:43:39 +02:00
);
} else {
let token = randtoken.generate(256);
let session = JSON.parse(response[0].session);
session.push({
user_agent: req.body.ua || req.headers["user-agent"],
ip: req.body.ip ||
req.headers["x-forwarded-for"] ||
req.socket.remoteAddress,
session: token,
});
conn.query(
'UPDATE users SET ? WHERE email ="' + req.body.email + '"', {
session: JSON.stringify(session),
},
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
id: response[0].id,
first_name: response[0].first_name,
last_name: response[0].last_name,
email: response[0].email,
verify: response[0].verify == 1 ? true : false,
2022-04-07 06:14:59 +02:00
otp: response[0].otp == 1 ? true : false,
2022-04-05 12:43:39 +02:00
session_token: token,
});
}
db.disconnect(conn);
}
);
}
2021-11-20 03:09:06 +01:00
}
} else {
res.status(401);
res.json({
message: "Unauthorized",
});
}
} else {
res.status(400);
res.json({
message: "Bad Request",
});
}
}
2021-11-17 09:51:52 +01:00
}
}
2021-11-20 03:09:06 +01:00
);
}
});
2022-04-05 12:43:39 +02:00
router.post("/otp-submit", async (req, res) => {
if (!req.body.code || !req.body.token) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
conn.query(
2022-04-07 06:49:21 +02:00
"SELECT * FROM users WHERE otptoken = ?",
2022-04-05 12:43:39 +02:00
[req.body.token],
async function (error, response, fields) {
if (!response[0]) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
conn.query(
"SELECT * FROM users WHERE otpcode = ?",
[req.body.code],
async function (error, response, fields) {
if (!response[0]) {
res.status(403);
res.json({
message: "Invalid OTP Code",
});
} else {
let token = randtoken.generate(256);
let session = JSON.parse(response[0].session);
session.push({
user_agent: req.headers["user-agent"],
ip: req.body.ip ||
req.headers["x-forwarded-for"] ||
req.socket.remoteAddress,
session: token,
});
conn.query(
'UPDATE users SET ? WHERE otpcode ="' + req.body.code + '"', {
session: JSON.stringify(session),
otpcode: 0,
2022-04-07 06:49:21 +02:00
otptoken: randtoken.generate(64)
2022-04-05 12:43:39 +02:00
},
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
id: response[0].id,
first_name: response[0].first_name,
last_name: response[0].last_name,
email: response[0].email,
verify: response[0].verify == 1 ? true : false,
otp: response[0].otp == 1 ? true : false,
session_token: token,
});
}
db.disconnect(conn);
}
);
}
}
);
}
}
);
}
});
2022-04-07 06:39:23 +02:00
router.post("/otp-toggle", async (req, res) => {
if (!req.query.key && !req.query.session_token) {
2022-04-07 06:39:23 +02:00
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
2022-04-07 06:39:23 +02:00
if (status) {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE token = ?",
[_key],
2022-04-07 06:39:23 +02:00
async function (error, response, fields) {
if (error) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
let otp = response[0].otp == 1 ? true : false;
if (otp) {
otp = false;
} else {
otp = true;
}
conn.query(
'UPDATE users SET ? WHERE token ="' + _key + '"', {
2022-04-07 06:39:23 +02:00
otp: otp == true ? 1 : 0,
},
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
message: `Success set OTP to ${otp}`,
2022-04-07 06:49:21 +02:00
otp: otp,
2022-04-07 06:39:23 +02:00
});
}
db.disconnect(conn);
}
);
}
}
);
}
});
}
});
2021-11-21 08:05:15 +01:00
router.post("/verify-mail", async (req, res) => {
2021-11-21 07:34:33 +01:00
const conn = db.connect();
conn.query(
2021-11-21 08:31:58 +01:00
'SELECT * FROM users WHERE token ="' + req.body.token + '"',
2021-11-21 07:34:33 +01:00
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
}
if (result.length > 0) {
if (result[0].verify == 0) {
var data = {
verify: 1,
2021-11-21 08:05:15 +01:00
token: randtoken.generate(64),
2021-11-21 07:34:33 +01:00
};
2021-11-21 08:31:58 +01:00
conn.query(
2021-11-21 07:34:33 +01:00
'UPDATE users SET ? WHERE email ="' + result[0].email + '"',
data,
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
message: "Verified ~",
});
2021-11-20 03:09:06 +01:00
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-21 07:34:33 +01:00
}
);
2021-11-20 03:09:06 +01:00
} else {
2021-11-21 07:34:33 +01:00
res.status(403);
2021-11-20 03:09:06 +01:00
res.json({
2021-11-21 07:34:33 +01:00
message: "Forbidden",
2021-11-20 03:09:06 +01:00
});
}
2021-11-21 07:34:33 +01:00
} else {
res.status(400);
res.json({
message: "Bad Request",
});
2021-11-17 09:51:52 +01:00
}
}
2021-11-21 07:34:33 +01:00
);
2021-11-20 03:09:06 +01:00
});
2021-11-21 07:40:10 +01:00
router.post("/request-reset-password", async (req, res) => {
if (!req.body.email) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE email = ?",
[req.body.email],
async function (error, response, fields) {
if (!response[0]) {
res.status(205);
res.json({
message: "Sorry Your email is not registered in our system",
});
} else {
let subject = "Reset Password - Nekoya";
2022-04-07 07:19:11 +02:00
let content = `<p>Hello!!! Please click this link <a href="${config.url}/reset-password?token=${response[0].token}">link</a> to reset your account password!!! Thanks!!!</p>`;
2021-11-21 07:40:10 +01:00
var sent = mail.send(
req.body.email,
subject,
content
);
if (sent != "0") {
res.status(200);
res.json({
message: "Reset Password Verification Sent ~",
});
} else {
res.status(400);
res.json({
message: "Bad Request",
});
}
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-21 07:40:10 +01:00
}
);
}
});
router.post("/reset-password", async (req, res) => {
if (!req.query.token) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
auth.auth_checker(req.query.token).then((status) => {
if (status) {
if (!req.body.password) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
conn.query(
'SELECT * FROM users WHERE token ="' + req.query.token + '"',
async function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
}
if (result.length > 0) {
const encryptedPassword = await bcrypt.hash(
req.body.password,
saltRounds
);
var data = {
password: encryptedPassword,
token: randtoken.generate(64),
};
conn.query(
'UPDATE users SET ? WHERE email ="' + result[0].email + '"',
data,
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
message: "Success Reset Password ~",
});
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-21 07:40:10 +01:00
}
);
} else {
res.status(400);
res.json({
message: "Bad Request",
});
}
}
);
}
} else {
res.status(401);
res.json({
message: "Unauthorized",
});
}
});
}
});
2022-04-30 17:51:07 +02:00
router.post("/sessions", async (req, res) => {
if (!req.query.key && !req.query.session_token) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
if (status) {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE token = ?",
[_key],
async function (error, response, fields) {
if (error) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
res.status(200);
res.json(JSON.parse(response[0].session));
}
}
);
}
});
}
});
2021-11-20 03:09:06 +01:00
router.post("/checkout", async (req, res) => {
if (!req.query.key && !req.query.session_token) {
2021-11-21 08:05:15 +01:00
res.status(401);
res.json({
2021-11-21 08:05:15 +01:00
message: "Unauthorized",
});
2021-11-20 03:09:06 +01:00
} else {
let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
2021-11-21 08:05:15 +01:00
if (status) {
if (
!req.body.firstName ||
!req.body.lastName ||
!req.body.phoneNumber ||
!req.body.streetAddress1 ||
!req.body.streetAddress2 ||
!req.body.region ||
!req.body.province ||
!req.body.city ||
!req.body.district ||
!req.body.subDistrict ||
!req.body.postalCode ||
!req.body.logistic ||
!req.body.data
) {
2021-11-20 03:09:06 +01:00
res.status(400);
res.json({
message: "Bad Request",
});
} else {
2021-11-21 08:05:15 +01:00
const conn = db.connect();
2021-11-20 03:09:06 +01:00
conn.query(
2021-11-21 08:05:15 +01:00
"SELECT * FROM users WHERE token = ?",
[_key],
2021-11-21 08:05:15 +01:00
async function (error, resp, fields) {
if (error) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
var data = {
firstName: req.body.firstName,
lastName: req.body.lastName,
phoneNumber: req.body.phoneNumber,
streetAddress1: req.body.streetAddress1,
streetAddress2: req.body.streetAddress2,
region: req.body.region,
province: req.body.province,
city: req.body.city,
district: req.body.district,
subDistrict: req.body.subDistrict,
postalCode: req.body.postalCode,
logistic: req.body.logistic,
paymentMethod: '-',
data: req.body.data,
userId: resp[0].id,
paid: '0',
status: 'pending'
};
conn.query(
"INSERT INTO transactions SET ?",
data,
function (error, response, fields) {
if (error) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
conn.query(
'SELECT * FROM transactions WHERE id ="' + response.insertId + '"',
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(201);
res.json({
'order_id': result[0].id,
'data': result[0].data
});
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-21 08:05:15 +01:00
});
}
}
);
}
}
);
}
} else {
res.status(401);
res.json({
message: "Unauthorized",
});
}
});
}
});
2021-11-21 08:12:10 +01:00
router.post("/transaction", async (req, res) => {
if (!req.query.key && !req.query.session_token) {
2021-11-21 08:12:10 +01:00
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
2021-11-21 08:12:10 +01:00
if (status) {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE token = ?",
[_key],
2021-11-21 08:12:10 +01:00
async function (error, response, fields) {
if (error) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
conn.query(
"SELECT * FROM transactions WHERE userId = ?",
[response[0].id],
async function (error, resp, fields) {
if (error) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json(resp);
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-21 08:12:10 +01:00
}
);
}
}
);
} else {
res.status(401);
res.json({
message: "Unauthorized",
});
}
});
}
});
2021-11-21 08:05:15 +01:00
router.get("/subscribe", (req, res) => {
if (!req.query.email) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
conn.execute(
"SELECT * FROM `subscribe` WHERE `email` = ?",
[req.query.email],
function (err, results) {
if (!results[0]) {
let data = {
email: req.query.email,
type: "email"
};
conn.query(
"INSERT INTO subscribe SET ?",
data,
function (err, resp) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(201);
res.json({
message: "Success",
});
}
2021-11-21 18:33:56 +01:00
db.disconnect(conn);
2021-11-21 06:30:35 +01:00
}
2021-11-21 08:05:15 +01:00
);
} else {
res.status(200);
res.json({
message: "Success",
2021-11-21 06:30:35 +01:00
});
}
}
);
}
});
2021-11-21 08:05:15 +01:00
2021-11-20 03:09:06 +01:00
module.exports = router;