From 272656e80d27113260850967fc96509e78ee02f2 Mon Sep 17 00:00:00 2001 From: Moe Date: Tue, 5 Apr 2022 17:43:39 +0700 Subject: [PATCH] Add OTP Feature --- routes/api.js | 171 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 139 insertions(+), 32 deletions(-) diff --git a/routes/api.js b/routes/api.js index c847126..703fa80 100644 --- a/routes/api.js +++ b/routes/api.js @@ -6,6 +6,7 @@ const router = express.Router(); const db = require("../modules/db"); const mail = require("../modules/mail"); +const telegram = require("../modules/telegram"); const auth = require("../auth/auth"); const saltRounds = 10; @@ -77,6 +78,10 @@ router.post("/register", async (req, res) => { email: req.body.email, password: encryptedPassword, session: "[]", + otp: 0, + otpcode: 0, + otpto: 0, + otpservice: "", }; conn.query( "INSERT INTO users SET ?", @@ -192,39 +197,68 @@ router.post("/login", async (req, res) => { message: "Sorry You haven't verified your email", }); } else { - let token = randtoken.generate(256); - let session = JSON.parse(response[0].session); - session.push({ - user_agent: req.body.ua || req.headers["user-agent"], - ip: req.body.ip || - req.headers["x-forwarded-for"] || - req.socket.remoteAddress, - session: token, - }); - conn.query( - 'UPDATE users SET ? WHERE email ="' + req.body.email + '"', { - session: JSON.stringify(session), - }, - function (err, result) { - if (err) { - res.status(400); - res.json({ - message: "Bad Request", - }); - } else { - res.status(200); - res.json({ - id: response[0].id, - first_name: response[0].first_name, - last_name: response[0].last_name, - email: response[0].email, - verify: response[0].verify == 1 ? true : false, - session_token: token, - }); + if (response[0].otp == 1) { + let otpcode = Math.floor(100000 + Math.random() * 900000); + telegram.send( + response[0].otpto, + `OTP CODE\n\n${otpcode}` + ); + conn.query( + 'UPDATE users SET ? WHERE email ="' + req.body.email + '"', { + otpcode: otpcode, + }, + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + res.status(200); + res.json({ + message: "OTP Verification Sent ~", + otp: response[0].otp == 1 ? true : false, + token: response[0].token + }); + } + db.disconnect(conn); } - db.disconnect(conn); - } - ); + ); + } else { + let token = randtoken.generate(256); + let session = JSON.parse(response[0].session); + session.push({ + user_agent: req.body.ua || req.headers["user-agent"], + ip: req.body.ip || + req.headers["x-forwarded-for"] || + req.socket.remoteAddress, + session: token, + }); + conn.query( + 'UPDATE users SET ? WHERE email ="' + req.body.email + '"', { + session: JSON.stringify(session), + }, + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + res.status(200); + res.json({ + id: response[0].id, + first_name: response[0].first_name, + last_name: response[0].last_name, + email: response[0].email, + verify: response[0].verify == 1 ? true : false, + session_token: token, + }); + } + db.disconnect(conn); + } + ); + } } } else { res.status(401); @@ -245,6 +279,79 @@ router.post("/login", async (req, res) => { } }); +router.post("/otp-submit", async (req, res) => { + if (!req.body.code || !req.body.token) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + const conn = db.connect(); + conn.query( + "SELECT * FROM users WHERE token = ?", + [req.body.token], + async function (error, response, fields) { + if (!response[0]) { + res.status(401); + res.json({ + message: "Unauthorized", + }); + } else { + conn.query( + "SELECT * FROM users WHERE otpcode = ?", + [req.body.code], + async function (error, response, fields) { + if (!response[0]) { + res.status(403); + res.json({ + message: "Invalid OTP Code", + }); + } else { + let token = randtoken.generate(256); + let session = JSON.parse(response[0].session); + session.push({ + user_agent: req.headers["user-agent"], + ip: req.body.ip || + req.headers["x-forwarded-for"] || + req.socket.remoteAddress, + session: token, + }); + conn.query( + 'UPDATE users SET ? WHERE otpcode ="' + req.body.code + '"', { + session: JSON.stringify(session), + otpcode: 0, + token: randtoken.generate(64) + }, + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + res.status(200); + res.json({ + id: response[0].id, + first_name: response[0].first_name, + last_name: response[0].last_name, + email: response[0].email, + verify: response[0].verify == 1 ? true : false, + otp: response[0].otp == 1 ? true : false, + session_token: token, + }); + } + db.disconnect(conn); + } + ); + } + } + ); + } + } + ); + } +}); + router.post("/verify-mail", async (req, res) => { const conn = db.connect(); conn.query(