-
Notifications
You must be signed in to change notification settings - Fork 4
/
index.js
148 lines (131 loc) · 5.33 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
// Basic Imports
const config = require("./config.json");
const express = require("express");
const app = express();
const chalk = require('chalk');
const utils = require('hyperz-utils');
const bcrypt = require('bcrypt');
// MySQL Setup
const mysql = require('mysql');
config.sql.charset = "utf8mb4";
let con = mysql.createConnection(config.sql); // set = 0 to disable
// Backend Initialization
const backend = require('./backend.js');
backend.init(app, con);
// Passport Initialization
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
passport.serializeUser(function(user, done) { done(null, user) });
passport.deserializeUser(function(obj, done) { done(null, obj) });
passport.use(new LocalStrategy({ usernameField: 'email' }, backend.authenticateUserLocal))
if(config.discord.enabled) {
const DiscordStrategy = require('passport-discord-hyperz').Strategy;
passport.use(new DiscordStrategy({
clientID: config.discord.oauthId,
clientSecret: config.discord.oauthToken,
callbackURL: `${(config.domain.endsWith('/') ? config.domain.slice(0, -1) : config.domain)}/auth/discord/callback`, // THIS IS THE CALLBACK URL
scope: ['identify', 'guilds', 'email'],
prompt: 'consent'
}, function(accessToken, refreshToken, profile, done) {
process.nextTick(function() {
return done(null, profile);
});
}));
app.get('/auth/discord', passport.authenticate('discord'));
app.get('/auth/discord/callback', passport.authenticate('discord', {failureRedirect: '/'}), async function(req, res) {
req.session?.loginRef ? res.redirect(req.session.loginRef) : res.redirect('/');
delete req.session?.loginRef
});
};
// Routing
app.get('', async function(req, res) {
backend.resetAppLocals(app);
res.render('index.ejs');
});
app.get('/login', backend.checkNotAuth, async function(req, res) {
backend.resetAppLocals(app);
res.render('login.ejs');
});
app.get('/cookies', async function(req, res) {
await backend.resetAppLocals(app);
res.render('cookies.ejs');
});
app.get('/privacy', async function(req, res) {
await backend.resetAppLocals(app);
res.render('privacy.ejs');
});
app.get('/account', backend.checkAuth, async function(req, res) {
backend.resetAppLocals(app);
res.render('account.ejs', { user: req.user });
});
// YOU SHOULD DELETE THIS BEFORE PRODUCTION BUILD
app.get('/userdata', backend.checkAuth, async function(req, res) {
backend.resetAppLocals(app);
res.type('json').send(JSON.stringify(req.user, null, 4) + '\n');
});
app.post('/register', backend.checkNotAuth, async (req, res) => {
await backend.resetAppLocals(app);
for(let name of Object.keys(req.body)) {
req.body[name] = await utils.sanitize(req.body[name]);
};
try {
let userid = await backend.generateUserId(7);
let hashedPassword = await bcrypt.hash(req.body.password, 13);
con.query(`SELECT * FROM users WHERE email="${req.body.email}"`, async function (err, row) {
if(err) throw err;
if(!row[0]) {
con.query(`SELECT * FROM sitesettings`, async function(err, row) {
if(err) throw err;
if(!row[0]) return console.log('No site settings found.');
con.query(`INSERT INTO users (id, email, password) VALUES ("${userid}", "${req.body.email}", "${hashedPassword}")`, async function (err, row) {
if(err) throw err;
});
res.redirect('/login')
});
} else {
res.redirect('/login')
};
});
} catch {
res.redirect('/register')
};
});
app.post('/backend/update/password', backend.checkAuth, async function(req, res) {
await backend.resetAppLocals(app);
if(req.body.password !== req.body.confpassword) return res.send('Your passwords do not match...');
let hashedPassword = await bcrypt.hash(req.body.confpassword, 13);
con.query(`SELECT * FROM users WHERE id="${req.user.id}"`, async function(err, row) {
if(err) throw err;
con.query(`UPDATE users SET password="${hashedPassword}" WHERE id="${req.user.id}"`, function(err, row) { if(err) throw err; });
req.logout(function(err) {
if(err) { return next(err); }
});
res.redirect('/login');
});
});
app.post('/auth/local', backend.checkNotAuth, passport.authenticate('local', {
successRedirect: '/account',
failureRedirect: '/login',
failureFlash: true
}));
config.ownerIds.forEach(function(item) {
if(item != 'YOUR_USER_ID') {
con.query(`SELECT * FROM staff WHERE userid="${item}"`, function(err, row) {
if(err) throw err;
if(row[0]) return;
con.query(`INSERT INTO staff (userid) VALUES ("${item}")`, function(err, row) {
if(err) throw err;
});
});
};
});
// MAKE SURE THIS IS LAST FOR 404 PAGE REDIRECT
app.get('*', function(req, res){
res.render('404.ejs');
});
// Server Initialization
app.listen(config.port)
// Rejection Handler
process.on('unhandledRejection', (err) => {
if(config.debugMode) console.log(chalk.red(err));
});