Converted the account system to an auth system

2021-03-07 00:41:19 +11:00
parent 725842f672
commit 2e024f71c3
27 changed files with 4495 additions and 7 deletions
@@ -0,0 +1,144 @@
+//libraries
+const bcrypt = require('bcryptjs');
+const nodemailer = require('nodemailer');
+const Sequelize = require('sequelize');
+const Op = Sequelize.Op;
+
+const { accounts, pendingSignups } = require('../database/models');
+
+
+//utilities
+const uuid = require('../utilities/uuid');
+const validateEmail = require('../utilities/validate-email');
+const validateUsername = require('../utilities/validate-username');
+
+//auth/signup
+const route = async (req, res) => {
+	//validate the given details
+	const validateErr = await validateDetails(req.body);
+	if (validateErr) {
+		return res.status(401).send(validateErr);
+	}
+
+	//generate the password hash
+	const hash = await bcrypt.hash(req.body.password, await bcrypt.genSalt(11));
+
+	//generate the validation field
+	const token = uuid();
+
+	//register signup
+	const signupErr = await registerPendingSignup(req.body, hash, token);
+	if (signupErr) {
+		return res.status(500).send(signupErr);
+	}
+
+	//send the validation email
+	const emailErr = await sendValidationEmail(req.body.email, req.body.username, token);
+	if (emailErr) {
+		return res.status(500).send(emailErr);
+	}
+
+	//finally
+	res.status(200).send("Validation email sent!");
+	return null;
+}
+
+const validateDetails = async (body) => {
+	//basic formatting
+	if (!validateEmail(body.email)) {
+		return 'invalid email';
+	}
+
+	if (!validateUsername(body.username)) {
+		return 'invalid username';
+	}
+
+	//check for existing (banned)
+	//TODO: re-add banned email checks
+
+	//check for existing email
+	const emailRecord = await accounts.findOne({
+		where: {
+			email: body.email
+		}
+	});
+
+	if (emailRecord) {
+		return 'email already exists';
+	}
+
+	//check for existing username
+	const usernameRecord = await accounts.findOne({
+		where: {
+			username: body.username
+		}
+	});
+
+	if (usernameRecord) {
+		return 'username already exists';
+	}
+
+	return null;
+};
+
+const registerPendingSignup = async (body, hash, token) => {
+	const record = await pendingSignups.upsert({
+		email: body.email,
+		username: body.username,
+		hash: hash,
+		contact: body.contact,
+		token: token
+	});
+
+	return null;
+};
+
+const sendValidationEmail = async (email, username, token) => {
+	const addr = `${process.env.WEB_PROTOCOL}://${process.env.WEB_ADDRESS}/auth/validation?username=${username}&token=${token}`;
+	const msg = `Hello ${username}!
+
+Please visit the following link to validate your account: ${addr}
+
+You can contact us directly at our physical mailing address here: ${process.env.MAIL_PHYSICAL}
+`;
+
+	let transporter, info;
+
+	//what exactly is a transport?
+	try {
+		transporter = nodemailer.createTransport({
+			host: process.env.MAIL_SMTP,
+			port: 465,
+			secure: true,
+			auth: {
+			  user: process.env.MAIL_USERNAME,
+			  pass: process.env.MAIL_PASSWORD
+			},
+		});
+	}
+	catch(e) {
+		return `failed to create a mail transport: ${e}`;
+	}
+
+	// send mail with defined transport object
+	try {
+		info = await transporter.sendMail({
+			from: `signup@${process.env.WEB_ADDRESS}`, //WARNING: google overwrites this
+			to: email,
+			subject: 'Email Validation',
+			text: msg
+		});
+	}
+	catch(e) {
+		return `failed to send validation mail: ${e}`;
+	}
+
+	if (info.accepted[0] != email) {
+		return 'validation email failed to send';
+	}
+
+	return null;
+};
+
+module.exports = route;
+