nekoya/web
nekoya/web
1
0
Fork 0
mirror of https://gitlab.com/nekoya/web.git synced 2024-11-14 02:16:19 +01:00
Code Issues Projects Releases Packages 1 Wiki Activity

Add OTP Feature

Browse source
This commit is contained in:
Moe Poi ~ 2022-04-05 17:43:39 +07:00
parent 8489b1a274
commit 272656e80d
1 changed files with 139 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

171
routes/api.js
View file

@ -6,6 +6,7 @@ const router = express.Router();
const db = require("../modules/db"); const db = require("../modules/db");
const mail = require("../modules/mail"); const mail = require("../modules/mail");
const telegram = require("../modules/telegram");
const auth = require("../auth/auth"); const auth = require("../auth/auth");
const saltRounds = 10; const saltRounds = 10;
@ -77,6 +78,10 @@ router.post("/register", async (req, res) => {
email: req.body.email, email: req.body.email,
password: encryptedPassword, password: encryptedPassword,
session: "[]", session: "[]",
otp: 0,
otpcode: 0,
otpto: 0,
otpservice: "",
}; };
conn.query( conn.query(
"INSERT INTO users SET ?", "INSERT INTO users SET ?",
@ -192,39 +197,68 @@ router.post("/login", async (req, res) => {
message: "Sorry You haven't verified your email", message: "Sorry You haven't verified your email",
}); });
} else { } else {
let token = randtoken.generate(256); if (response[0].otp == 1) {
let session = JSON.parse(response[0].session); let otpcode = Math.floor(100000 + Math.random() * 900000);
session.push({ telegram.send(
user_agent: req.body.ua || req.headers["user-agent"], response[0].otpto,
ip: req.body.ip || `<b>OTP CODE</b>\n\n<code>${otpcode}</code>`
req.headers["x-forwarded-for"] || );
req.socket.remoteAddress, conn.query(
session: token, 'UPDATE users SET ? WHERE email ="' + req.body.email + '"', {
}); otpcode: otpcode,
conn.query( },
'UPDATE users SET ? WHERE email ="' + req.body.email + '"', { function (err, result) {
session: JSON.stringify(session), if (err) {
}, res.status(400);
function (err, result) { res.json({
if (err) { message: "Bad Request",
res.status(400); });
res.json({ } else {
message: "Bad Request", res.status(200);
}); res.json({
} else { message: "OTP Verification Sent ~",
res.status(200); otp: response[0].otp == 1 ? true : false,
res.json({ token: response[0].token
id: response[0].id, });
first_name: response[0].first_name, }
last_name: response[0].last_name, db.disconnect(conn);
email: response[0].email,
verify: response[0].verify == 1 ? true : false,
session_token: token,
});
} }
db.disconnect(conn); );
} } else {
); let token = randtoken.generate(256);
let session = JSON.parse(response[0].session);
session.push({
user_agent: req.body.ua || req.headers["user-agent"],
ip: req.body.ip ||
req.headers["x-forwarded-for"] ||
req.socket.remoteAddress,
session: token,
});
conn.query(
'UPDATE users SET ? WHERE email ="' + req.body.email + '"', {
session: JSON.stringify(session),
},
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
id: response[0].id,
first_name: response[0].first_name,
last_name: response[0].last_name,
email: response[0].email,
verify: response[0].verify == 1 ? true : false,
session_token: token,
});
}
db.disconnect(conn);
}
);
}
} }
} else { } else {
res.status(401); res.status(401);
@ -245,6 +279,79 @@ router.post("/login", async (req, res) => {
} }
}); });
router.post("/otp-submit", async (req, res) => {
if (!req.body.code || !req.body.token) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
conn.query(
"SELECT * FROM users WHERE token = ?",
[req.body.token],
async function (error, response, fields) {
if (!response[0]) {
res.status(401);
res.json({
message: "Unauthorized",
});
} else {
conn.query(
"SELECT * FROM users WHERE otpcode = ?",
[req.body.code],
async function (error, response, fields) {
if (!response[0]) {
res.status(403);
res.json({
message: "Invalid OTP Code",
});
} else {
let token = randtoken.generate(256);
let session = JSON.parse(response[0].session);
session.push({
user_agent: req.headers["user-agent"],
ip: req.body.ip ||
req.headers["x-forwarded-for"] ||
req.socket.remoteAddress,
session: token,
});
conn.query(
'UPDATE users SET ? WHERE otpcode ="' + req.body.code + '"', {
session: JSON.stringify(session),
otpcode: 0,
token: randtoken.generate(64)
},
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(200);
res.json({
id: response[0].id,
first_name: response[0].first_name,
last_name: response[0].last_name,
email: response[0].email,
verify: response[0].verify == 1 ? true : false,
otp: response[0].otp == 1 ? true : false,
session_token: token,
});
}
db.disconnect(conn);
}
);
}
}
);
}
}
);
}
});
router.post("/verify-mail", async (req, res) => { router.post("/verify-mail", async (req, res) => {
const conn = db.connect(); const conn = db.connect();
conn.query( conn.query(