import bodyParser from "body-parser"; import express from "express"; import session from "express-session"; import cwh from "./Singletons.js"; import fs from "fs"; import webp from "webp-converter"; export default function UserInteractions(opts) { async function sha256(message) { // encode as UTF-8 const msgBuffer = new TextEncoder().encode(message); // hash the message const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer); // convert ArrayBuffer to Array const hashArray = Array.from(new Uint8Array(hashBuffer)); // convert bytes to hex string const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); return hashHex; } let app = opts.app; app.use(session({ secret: "rtifhg5878fj", resave: false, saveUninitialized: false, cookie: { sameSite: "lax", secure: "auto" } })) app.use(bodyParser.json({"limit": "200mb"})); app.use(express.json()); let db = opts.db; app.options("/*", (req, res) => { res.set(cwh).end("FUCK YOU CORS") }) app.get("/delacc", async (req, res) => { if (!req.session.uuid) { res.set(cwh).status(500).json({code: 500, R: "IO"}) return } let uuid = req.session.uuid; db.execute("DELETE FROM user WHERE uuid = ?", [uuid], async (err, rows) => { if (err) { res.set(cwh).status(500).json({code: 500, R: "ERR"}) req.session.destroy() } else { req.session.destroy() res.set(cwh).status(200).json({code: 200, R: "SUCCESS"}) } }) }) app.get("/userapi", (req, res) => { if (req.query.getname) { db.execute("SELECT username from user where uuid = ?", [req.query.uuid], (err, result) => { res.set(cwh).end(result[0].username); }) } else { if (!req.session.uuid) { res.set(cwh).status(500).json({code: 500, R: "IO"}) return } db.execute("SELECT username, email from user where uuid = ?", [req.session.uuid], (err, result) => { res.set(cwh).end(JSON.stringify({ uuid: req.session.uuid, username: result[0].username, email: result[0].email, })); }) } }) app.get("/logout", (req, res) => { req.session.destroy() res.set(cwh).status(200) }) app.post("/login", async function (req, res) { if (!req.body.username || !req.body.password) { res.set(cwh).status(500).json({code: 500, R: "IO"}) } else { db.execute("SELECT uuid from user where username = ? and password = ?", [req.body.username, await sha256(req.body.password)], function (err, result) { if (result.length === 0) { res.set(cwh).status(500).json({code: 500, R: "DNE"}) return; } req.session.uuid = result[0].uuid; res.set(cwh).status(200).json({ code: 200, R: "SS", uid: result[0].uuid }); }) } }) app.post("/playlist-owned", async function (req, res) { if (!req.session.uuid) { res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } db.execute("SELECT * from playlist where owner = ?", [req.session.uuid], function (err, result) { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } res.set(cwh).json(result); }) }) app.get("/playlist", async function (req, res) { db.execute("SELECT owner, uuid, content, private FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } if (result.length === 0) { res.set(cwh).status(404).json({code: 404, R: "DNF"}) return; } res.set(cwh).json(result[0]); }) }) app.get("/playlist-name", async function (req, res) { db.execute("SELECT title FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } if (result.length === 0) { res.set(cwh).status(404).json({code: 404, R: "DNF"}) return; } res.set(cwh).end(result[0].title); }) }) app.get('/playlist-tmb', async function (req, res) { db.execute("SELECT tmb FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } if (result.length === 0) { res.set(cwh).status(404).json({code: 404, R: "DNF"}) return; } res.set(cwh).json(result[0]); }) }) app.post("/remove-playlist", async function (req, res) { if (!req.session.uuid) { res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } if (req.body.playlistuuid) { db.execute("SELECT owner FROM playlist WHERE uuid = ?", [req.body.playlistuuid], function (err, result) { if (result.length === 0) { res.set(cwh).status(200).json({code: 301, R: "DNM"}) } if (result[0].owner === req.session.uuid) { db.execute("DELETE FROM playlist WHERE uuid = ?", [req.body.playlistuuid], (err, result) => { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "Err"}) return } res.set(cwh).status(200).json({code: 200, R: "SS"}) }) } else { res.set(cwh).status(403).json({code: 403, R: "Forbidden"}) } }) } }) app.post("/upload-playlist", async function (req, res) { if (!req.session.uuid) { res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } if (req.body.playlistuuid) { db.execute("SELECT owner FROM playlist WHERE uuid = ?", [req.body.playlistuuid], async function (err, result) { if (result[0].owner === req.session.uuid) { let uuid = crypto.randomUUID(); fs.writeFileSync("tmp/"+uuid, Buffer.from(Object.values(req.body.tmb.data))); try{ await webp.cwebp("tmp/"+uuid, "tmp/"+uuid+".webp", "-q 80 -size 100000 -mt -metadata all", "-v") }catch(e){ console.log(e) res.set(cwh).status(500).json({code: 500, R: "Err"}) fs.rm("tmp/"+uuid, (err) => { if (err) { console.log(err); } }); fs.rm("tmp/"+uuid+".webp", (err) => { if (err) { console.log(err); } }); return; } let pl_cover = fs.readFileSync("tmp/"+uuid+".webp"); fs.rm("tmp/"+uuid, (err) => { if (err) { console.log(err); } }); fs.rm("tmp/"+uuid+".webp", (err) => { if (err) { console.log(err); } }); res.set(cwh).status(200).json({code: 200, R: "SS"}) db.execute("UPDATE playlist SET content = ?, private = ?, tmb = ?, title = ? WHERE uuid = ?", [req.body.content, req.body.private, pl_cover, req.body.title, req.body.playlistuuid], (err, result) => { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "Err"}) } }) } else { res.set(cwh).status(403).json({code: 403, R: "Forbidden"}) } }) } else { let key = crypto.randomUUID(); db.execute("INSERT INTO playlist(owner, uuid, content, private, tmb, title) values (?,?,?,?,?,?)", [req.session.uuid, key, req.body.content, req.body.private, req.body.tmb, req.body.title], function (err, result) { if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "AD"}) return; } res.set(cwh).json({ code: 200, R: "SS", UUID: key }); }) } }) app.post("/register", function (req, res) { db.execute("SELECT uuid FROM user WHERE username = ?", [req.body.username], async function (err, rows) { if (!req.body.username || !req.body.password) { res.set(cwh).status(500).json({code: 500, R: "PE"}) return; } if (err) { console.log(err); res.set(cwh).status(500).json({code: 500, R: "UNE"}); return; } if (rows.length === 0) { db.execute("INSERT INTO user (uuid, username, email, password, avatar, time) values (?,?,?,?,?,?)", [crypto.randomUUID(), req.body.username, !req.body.email ? null : req.body.email, await sha256(req.body.password), null, Date.now()]); res.status(200).set(cwh).json({code: 200, R: "SS"}); return; } res.set(cwh).status(500).json({code: 500, R: "UE"}); return; }) }) }