instrunet_backend/UserInteractions.js

import bodyParser from "body-parser";

import express from "express";

import session from "express-session";

import cwh from "./Singletons.js";

export default function UserInteractions(opts) {
    async function sha256(message) {
        // encode as UTF-8
        const msgBuffer = new TextEncoder().encode(message);

        // hash the message
        const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);

        // convert ArrayBuffer to Array
        const hashArray = Array.from(new Uint8Array(hashBuffer));

        // convert bytes to hex string
        const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
        return hashHex;
    }

    let app = opts.app;
    app.use(session({
        secret: "rtifhg5878fj",
        resave: false,
        saveUninitialized: false,
        cookie: {
            sameSite: "lax", secure: "auto"
        }
    }))
    app.use(bodyParser.json({"limit": "200mb"}));
    app.use(express.json());

    let db = opts.db;

    app.options("/*", (req, res) => {

        res.set(cwh).end("FUCK YOU CORS")
    })
    app.get("/delacc", async (req, res) => {
        if (!req.session.uuid) {
            res.set(cwh).status(500).json({code: 500, R: "IO"})
            return
        }
        let uuid = req.session.uuid;
        db.execute("DELETE FROM user WHERE uuid = ?", [uuid], async (err, rows) => {
            if (err) {
                res.set(cwh).status(500).json({code: 500, R: "ERR"})
                req.session.destroy()
            } else {
                req.session.destroy()
                res.set(cwh).status(200).json({code: 200, R: "SUCCESS"})

            }

        })
    })
    app.get("/userapi", (req, res) => {
        if (req.query.getname) {
            db.execute("SELECT username from user where uuid = ?", [req.query.uuid], (err, result) => {
                res.set(cwh).end(result[0].username);

            })
        } else {
            if (!req.session.uuid) {
                res.set(cwh).status(500).json({code: 500, R: "IO"})
                return
            }
            db.execute("SELECT username, email from user where uuid = ?", [req.session.uuid], (err, result) => {
                res.set(cwh).end(JSON.stringify({
                    uuid: req.session.uuid,
                    username: result[0].username,
                    email: result[0].email,
                }));

            })
        }

    })
    app.get("/logout", (req, res) => {
        req.session.destroy()
        res.set(cwh).status(200)
    })
    app.post("/login", async function (req, res) {
        if (!req.body.username || !req.body.password) {
            res.set(cwh).status(500).json({code: 500, R: "IO"})

        } else {
            db.execute("SELECT uuid from user where username = ? and password = ?", [req.body.username, await sha256(req.body.password)], function (err, result) {
                if (result.length === 0) {
                    res.set(cwh).status(500).json({code: 500, R: "DNE"})
                    return;
                }
                req.session.uuid = result[0].uuid;

                res.set(cwh).status(200).json({
                    code: 200,
                    R: "SS",
                    uid: result[0].uuid
                });
            })

        }

    })
    app.post("/playlist-owned", async function (req, res) {
        if (!req.session.uuid) {
            res.set(cwh).status(500).json({code: 500, R: "AD"})
            return;
        }
        db.execute("SELECT * from playlist where owner = ?", [req.session.uuid], function (err, result) {
            if (err) {
                console.log(err);
                res.set(cwh).status(500).json({code: 500, R: "AD"})
                return;
            }
            res.set(cwh).json(result);

        })


    })
    app.get("/playlist", async function (req, res) {

        db.execute("SELECT * FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) {
            if (err) {
                console.log(err);
                res.set(cwh).status(500).json({code: 500, R: "AD"})
                return;
            }
            if (result.length === 0) {
                res.set(cwh).status(404).json({code: 404, R: "DNF"})
                return;
            }

            res.set(cwh).json(result[0]);

        })
    })
    app.post("/remove-playlist", async function (req, res) {
        if (!req.session.uuid) {
            res.set(cwh).status(500).json({code: 500, R: "AD"})
            return;
        }
        if (req.body.playlistuuid) {
            db.execute("SELECT owner FROM playlist WHERE uuid = ?", [req.body.playlistuuid], function (err, result) {
                if(result.length === 0) {
                    res.set(cwh).status(200).json({code: 301, R: "DNM"})

                }
                if (result[0].owner === req.session.uuid) {
                    db.execute("DELETE FROM  playlist  WHERE uuid = ?", [req.body.playlistuuid], (err, result) => {
                        if (err) {
                            console.log(err);
                            res.set(cwh).status(500).json({code: 500, R: "Err"})
                            return
                        }
                        res.set(cwh).status(200).json({code: 200, R: "SS"})

                    })
                } else {
                    res.set(cwh).status(403).json({code: 403, R: "Forbidden"})
                }
            })
        }
    })
    app.post("/upload-playlist", async function (req, res) {
        if (!req.session.uuid) {
            res.set(cwh).status(500).json({code: 500, R: "AD"})
            return;
        }
        if (req.body.playlistuuid) {
            db.execute("SELECT owner FROM playlist WHERE uuid = ?", [req.body.playlistuuid], function (err, result) {
                if (result[0].owner === req.session.uuid) {
                    db.execute("UPDATE playlist SET content = ?, private = ?, tmb = ?, title = ? WHERE uuid = ?", [req.body.content, req.body.private, Buffer.from( Object.values(req.body.tmb.data)), req.body.title, req.body.playlistuuid], (err, result) => {
                        if (err) {
                            console.log(err);
                            res.set(cwh).status(500).json({code: 500, R: "Err"})

                        }
                    })
                } else {
                    res.set(cwh).status(403).json({code: 403, R: "Forbidden"})
                }
            })
        } else {
            let key = crypto.randomUUID();
            db.execute("INSERT INTO playlist(owner, uuid, content, private, tmb, title) values (?,?,?,?,?,?)", [req.session.uuid, key, req.body.content, req.body.private, req.body.tmb, req.body.title], function (err, result) {
                if (err) {
                    console.log(err);
                    res.set(cwh).status(500).json({code: 500, R: "AD"})
                    return;
                }

                res.set(cwh).json({
                    code: 200, R: "SS", UUID: key
                });

            })
        }

    })

    app.post("/register", function (req, res) {
        db.execute("SELECT uuid FROM user WHERE username = ?", [req.body.username], async function (err, rows) {
            if (!req.body.username || !req.body.password) {
                res.set(cwh).status(500).json({code: 500, R: "PE"})
                return;
            }
            if (err) {
                console.log(err);
                res.set(cwh).status(500).json({code: 500, R: "UNE"});
                return;
            }
            if (rows.length === 0) {
                db.execute("INSERT INTO user (uuid, username, email, password, avatar, time) values (?,?,?,?,?,?)", [crypto.randomUUID(), req.body.username, !req.body.email ? null : req.body.email, await sha256(req.body.password), null, Date.now()]);
                res.status(200).set(cwh).json({code: 200, R: "SS"});

                return;
            }
            res.set(cwh).status(500).json({code: 500, R: "UE"});
            return;
        })
    })
}