| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301 |
- import bodyParser from "body-parser";
- import express from "express";
- import session from "express-session";
- import cwh from "./Singletons.js";
- import fs from "fs";
- import webp from "webp-converter";
- import {detectBufferMime} from "mime-detect";
- export default function UserInteractions(opts) {
- async function sha256(message) {
- // encode as UTF-8
- const msgBuffer = new TextEncoder().encode(message);
- // hash the message
- const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
- // convert ArrayBuffer to Array
- const hashArray = Array.from(new Uint8Array(hashBuffer));
- // convert bytes to hex string
- const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
- return hashHex;
- }
- let app = opts.app;
- app.use(session({
- secret: "rtifhg5878fj",
- resave: false,
- saveUninitialized: false,
- cookie: {
- sameSite: "lax", secure: "auto"
- }
- }))
- app.use(bodyParser.json({"limit": "200mb"}));
- app.use(express.json());
- let db = opts.db;
- app.options("/*", (req, res) => {
- res.set(cwh).end("FUCK YOU CORS")
- })
- app.get("/delacc", async (req, res) => {
- if (!req.session.uuid) {
- res.set(cwh).status(500).json({code: 500, R: "IO"})
- return
- }
- let uuid = req.session.uuid;
- db.execute("DELETE FROM user WHERE uuid = ?", [uuid], async (err, rows) => {
- if (err) {
- res.set(cwh).status(500).json({code: 500, R: "ERR"})
- req.session.destroy()
- } else {
- req.session.destroy()
- res.set(cwh).status(200).json({code: 200, R: "SUCCESS"})
- }
- })
- })
- app.get("/userapi", (req, res) => {
- if (req.query.getname) {
- db.execute("SELECT username from user where uuid = ?", [req.query.uuid], (err, result) => {
- res.set(cwh).end(result[0].username);
- })
- } else {
- if (!req.session.uuid) {
- res.set(cwh).status(500).json({code: 500, R: "IO"})
- return
- }
- db.execute("SELECT username, email from user where uuid = ?", [req.session.uuid], (err, result) => {
- res.set(cwh).end(JSON.stringify({
- uuid: req.session.uuid,
- username: result[0].username,
- email: result[0].email,
- }));
- })
- }
- })
- app.get("/logout", (req, res) => {
- req.session.destroy()
- res.set(cwh).status(200)
- })
- app.post("/login", async function (req, res) {
- if (!req.body.username || !req.body.password) {
- res.set(cwh).status(500).json({code: 500, R: "IO"})
- } else {
- db.execute("SELECT uuid from user where username = ? and password = ?", [req.body.username, await sha256(req.body.password)], function (err, result) {
- if (result.length === 0) {
- res.set(cwh).status(500).json({code: 500, R: "DNE"})
- return;
- }
- req.session.uuid = result[0].uuid;
- res.set(cwh).status(200).json({
- code: 200,
- R: "SS",
- uid: result[0].uuid
- });
- })
- }
- })
- app.post("/playlist-owned", async function (req, res) {
- if (!req.session.uuid) {
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- db.execute("SELECT * from playlist where owner = ?", [req.session.uuid], function (err, result) {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- res.set(cwh).json(result);
- })
- })
- app.get("/playlist", async function (req, res) {
- db.execute("SELECT owner, uuid, content, private FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- if (result.length === 0) {
- res.set(cwh).status(404).json({code: 404, R: "DNF"})
- return;
- }
- res.set(cwh).json(result[0]);
- })
- })
- app.get("/playlist-name", async function (req, res) {
- db.execute("SELECT title FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- if (result.length === 0) {
- res.set(cwh).status(404).json({code: 404, R: "DNF"})
- return;
- }
- res.set(cwh).end(result[0].title);
- })
- })
- app.get('/playlist-tmb', async function (req, res) {
- db.execute("SELECT tmb FROM playlist where uuid=?", [req.query.playlistuuid], function (err, result) {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- if (result.length === 0) {
- res.set(cwh).status(404).json({code: 404, R: "DNF"})
- return;
- }
- res.set(cwh).json(result[0]);
- })
- })
- app.post("/remove-playlist", async function (req, res) {
- if (!req.session.uuid) {
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- if (req.body.playlistuuid) {
- db.execute("SELECT owner FROM playlist WHERE uuid = ?", [req.body.playlistuuid], function (err, result) {
- if (result.length === 0) {
- res.set(cwh).status(200).json({code: 301, R: "DNM"})
- }
- if (result[0].owner === req.session.uuid) {
- db.execute("DELETE FROM playlist WHERE uuid = ?", [req.body.playlistuuid], (err, result) => {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "Err"})
- return
- }
- res.set(cwh).status(200).json({code: 200, R: "SS"})
- })
- } else {
- res.set(cwh).status(403).json({code: 403, R: "Forbidden"})
- }
- })
- }
- })
- app.post("/upload-playlist", async function (req, res) {
- if (!req.session.uuid) {
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- if (req.body.playlistuuid) {
- db.execute("SELECT owner FROM playlist WHERE uuid = ?", [req.body.playlistuuid], async function (err, result) {
- if (["image/png", "image/webp", "image/jpeg","image/jpg", "image/bmp"].indexOf((await detectBufferMime(Buffer.from(Object.values(req.body.tmb.data))))) === -1) {
- res.set(cwh).status(500).json({code: 500, R: "ILLEGAL IMAGE"})
- return;
- }
- if (result[0].owner === req.session.uuid) {
- let uuid = crypto.randomUUID();
- fs.writeFileSync("tmp/"+uuid, Buffer.from(Object.values(req.body.tmb.data)));
- try{
- await webp.cwebp("tmp/"+uuid, "tmp/"+uuid+".webp", "-q 80 -size 100000 -mt -metadata all", "-v")
- }catch(e){
- console.log(e)
- res.set(cwh).status(500).json({code: 500, R: "Err"})
- fs.rm("tmp/"+uuid, (err) => {
- if (err) {
- console.log(err);
- }
- });
- fs.rm("tmp/"+uuid+".webp", (err) => {
- if (err) {
- console.log(err);
- }
- });
- return;
- }
- let pl_cover = fs.readFileSync("tmp/"+uuid+".webp");
- fs.rm("tmp/"+uuid, (err) => {
- if (err) {
- console.log(err);
- }
- });
- fs.rm("tmp/"+uuid+".webp", (err) => {
- if (err) {
- console.log(err);
- }
- });
- res.set(cwh).status(200).json({code: 200, R: "SS"})
- db.execute("UPDATE playlist SET content = ?, private = ?, tmb = ?, title = ? WHERE uuid = ?", [req.body.content, req.body.private, pl_cover, req.body.title, req.body.playlistuuid], (err, result) => {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "Err"})
- }
- })
- } else {
- res.set(cwh).status(403).json({code: 403, R: "Forbidden"})
- }
- })
- } else {
- let key = crypto.randomUUID();
- db.execute("INSERT INTO playlist(owner, uuid, content, private, tmb, title) values (?,?,?,?,?,?)", [req.session.uuid, key, req.body.content, req.body.private, req.body.tmb, req.body.title], function (err, result) {
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "AD"})
- return;
- }
- res.set(cwh).json({
- code: 200, R: "SS", UUID: key
- });
- })
- }
- })
- app.post("/register", function (req, res) {
- db.execute("SELECT uuid FROM user WHERE username = ?", [req.body.username], async function (err, rows) {
- if (!req.body.username || !req.body.password) {
- res.set(cwh).status(500).json({code: 500, R: "PE"})
- return;
- }
- if (err) {
- console.log(err);
- res.set(cwh).status(500).json({code: 500, R: "UNE"});
- return;
- }
- if (rows.length === 0) {
- db.execute("INSERT INTO user (uuid, username, email, password, avatar, time) values (?,?,?,?,?,?)", [crypto.randomUUID(), req.body.username, !req.body.email ? null : req.body.email, await sha256(req.body.password), null, Date.now()]);
- res.status(200).set(cwh).json({code: 200, R: "SS"});
- return;
- }
- res.set(cwh).status(500).json({code: 500, R: "UE"});
- return;
- })
- })
- }
|
