nekoya/web
nekoya/web
1
0
Fork 0
mirror of https://gitlab.com/nekoya/web.git synced 2024-11-13 01:46:23 +01:00
Code Issues Projects Releases Packages 1 Wiki Activity

Add support API authentication via session token

Browse source
This commit is contained in:
Moe Poi ~ 2022-04-28 14:49:24 +07:00
parent 16b864cfe5
commit bd4a0a060f
1 changed files with 35 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
routes/api.js
View file

@ -358,18 +358,26 @@ router.post("/otp-submit", async (req, res) => {
}); });
router.post("/otp-toggle", async (req, res) => { router.post("/otp-toggle", async (req, res) => {
if (!req.query.key) { if (!req.query.key && !req.query.session_token) {
res.status(401); res.status(401);
res.json({ res.json({
message: "Unauthorized", message: "Unauthorized",
}); });
} else { } else {
auth.auth_checker(req.query.key).then((status) => { let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
if (status) { if (status) {
const conn = db.connect(); const conn = db.connect();
conn.query( conn.query(
"SELECT * FROM users WHERE token = ?", "SELECT * FROM users WHERE token = ?",
[req.query.key], [_key],
async function (error, response, fields) { async function (error, response, fields) {
if (error) { if (error) {
res.status(401); res.status(401);
@ -384,7 +392,7 @@ router.post("/otp-toggle", async (req, res) => {
otp = true; otp = true;
} }
conn.query( conn.query(
'UPDATE users SET ? WHERE token ="' + req.query.key + '"', { 'UPDATE users SET ? WHERE token ="' + _key + '"', {
otp: otp == true ? 1 : 0, otp: otp == true ? 1 : 0,
}, },
function (err, result) { function (err, result) {
@ -577,13 +585,21 @@ router.post("/reset-password", async (req, res) => {
}); });
router.post("/checkout", async (req, res) => { router.post("/checkout", async (req, res) => {
if (!req.query.key) { if (!req.query.key && !req.query.session_token) {
res.status(401); res.status(401);
res.json({ res.json({
message: "Unauthorized", message: "Unauthorized",
}); });
} else { } else {
auth.auth_checker(req.query.key).then((status) => { let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
if (status) { if (status) {
if ( if (
!req.body.firstName || !req.body.firstName ||
@ -608,7 +624,7 @@ router.post("/checkout", async (req, res) => {
const conn = db.connect(); const conn = db.connect();
conn.query( conn.query(
"SELECT * FROM users WHERE token = ?", "SELECT * FROM users WHERE token = ?",
[req.query.key], [_key],
async function (error, resp, fields) { async function (error, resp, fields) {
if (error) { if (error) {
res.status(401); res.status(401);
@ -680,19 +696,28 @@ router.post("/checkout", async (req, res) => {
}); });
router.post("/transaction", async (req, res) => { router.post("/transaction", async (req, res) => {
if (!req.query.key) { if (!req.query.key && !req.query.session_token) {
res.status(401); res.status(401);
res.json({ res.json({
message: "Unauthorized", message: "Unauthorized",
}); });
} else { } else {
auth.auth_checker(req.query.key).then((status) => { let _key;
if (req.query.session_token) {
_key = await auth.session_converter(req.query.session_token).then((key) => {
return key;
});
} else if (req.query.key) {
_key = req.query.key;
}
auth.auth_checker(_key).then((status) => {
if (status) { if (status) {
const conn = db.connect(); const conn = db.connect();
conn.query( conn.query(
"SELECT * FROM users WHERE token = ?", "SELECT * FROM users WHERE token = ?",
[req.query.key], [_key],
async function (error, response, fields) { async function (error, response, fields) {
console.log(response[0]);
if (error) { if (error) {
res.status(401); res.status(401);
res.json({ res.json({