Merged private changes

.dockerignore

@@ -0,0 +1,7 @@
+.git*
+
+tools*
+mysql*
+letsencrypt*
+
+.env*

.envdev

@@ -5,7 +5,7 @@ WEB_PORT=3200
 DB_HOSTNAME=database
 DB_DATABASE=auth
 DB_USERNAME=auth
-DB_PASSWORD=venusaur
+DB_PASSWORD=charizard
 
 MAIL_SMTP=smtp.example.com
 MAIL_USERNAME=foobar@example.com

Dockerfile

@@ -2,8 +2,8 @@
 FROM node:15
 WORKDIR "/app"
 COPY package*.json ./
-RUN npm install --production
 COPY . /app
+RUN npm install --production
 EXPOSE 3200
 USER node
 ENTRYPOINT ["bash", "-c"]

package-lock.json

@@ -1,26 +1,25 @@
 {
   "name": "auth-server",
-  "version": "1.0.0",
+  "version": "1.3.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
-      "version": "1.0.0",
+      "version": "1.3.1",
       "license": "ISC",
       "dependencies": {
         "bcryptjs": "^2.4.3",
-        "body-parser": "^1.19.0",
         "cors": "^2.8.5",
-        "dotenv": "^8.2.0",
+        "dotenv": "^8.6.0",
         "express": "^4.17.1",
         "jsonwebtoken": "^8.5.1",
-        "mariadb": "^2.5.2",
+        "mariadb": "^2.5.4",
         "node-cron": "^2.0.3",
-        "nodemailer": "^6.5.0",
+        "nodemailer": "^6.6.3",
-        "sequelize": "^6.5.0"
+        "sequelize": "^6.6.5"
       },
       "devDependencies": {
-        "nodemon": "^2.0.7"
+        "nodemon": "^2.0.12"
       }
     },
     "node_modules/@sindresorhus/is": {
@@ -732,20 +731,6 @@
         "node": ">= 0.6"
       }
     },
-    "node_modules/fsevents": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
-      "dev": true,
-      "hasInstallScript": true,
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
-      }
-    },
     "node_modules/get-stream": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz",
@@ -2729,13 +2714,6 @@
       "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
       "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
     },
-    "fsevents": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
-      "dev": true,
-      "optional": true
-    },
     "get-stream": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz",

server/admin/ban-user.js

@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			},
 			admin: {
 				[Op.not]: true
@@ -27,7 +27,7 @@ const route = async (req, res) => {
 	//forcibly logout
 	tokens.destroy({
 		where: {
-			username: req.body.username
+			username: req.body.username || ''
 		}
 	});
 

server/admin/default-account.js

@@ -25,8 +25,9 @@ module.exports = async () => {
 	});
 
 	if (adminRecord == null) {
+		const webAddress = process.env.WEB_ADDRESS == 'localhost' ? 'example.com' : process.env.WEB_ADDRESS; //can't log in as "localhost"
 		await accounts.create({
-			email: `${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}`,
+			email: `${process.env.ADMIN_DEFAULT_USERNAME}@${webAddress}`,
 			username: `${process.env.ADMIN_DEFAULT_USERNAME}`,
 			hash: await bcrypt.hash(`${process.env.ADMIN_DEFAULT_PASSWORD}`, await bcrypt.genSalt(11)),
 			type: 'normal',
@@ -34,6 +35,6 @@ module.exports = async () => {
 			mod: true
 		});
 
-		console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
+		console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${webAddress}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
 	}
 };

server/admin/grant-admin.js

@@ -10,7 +10,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/admin/grant-mod.js

@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/admin/index.js

@@ -12,7 +12,7 @@ router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			username: req.user.username
+			username: req.user.username || ''
 		}
 	});
 

server/admin/remove-admin.js

@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/admin/remove-mod.js

@@ -10,7 +10,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/auth/account-delete.js

@@ -11,7 +11,7 @@ const { accounts } = require('../database/models');
 const route = async (req, res) => {
 	const account = await accounts.findOne({
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 
@@ -30,7 +30,7 @@ const route = async (req, res) => {
 	},
 	{
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 

server/auth/account-query.js

@@ -4,7 +4,7 @@ const { accounts } = require('../database/models');
 const route = async (req, res) => {
 	const account = await accounts.findOne({
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 

server/auth/account-update.js

@@ -16,7 +16,7 @@ const route = async (req, res) => {
 		hash: hash
 	}, {
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 

server/auth/index.js

@@ -20,7 +20,7 @@ router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			username: req.user.username
+			username: req.user.username || ''
 		}
 	});
 

server/auth/login.js

@@ -19,7 +19,7 @@ const route = async (req, res) => {
 	//get the existing account
 	const account = await accounts.findOne({
 		where: {
-			email: req.body.email
+			email: req.body.email || ''
 		}
 	});
 
@@ -38,7 +38,7 @@ const route = async (req, res) => {
 	//cancel deletion if any
 	await accounts.update({ deletion: null }, {
 		where: {
-			id: account.id
+			index: account.index
 		}
 	});
 
@@ -48,7 +48,7 @@ const route = async (req, res) => {
 	}
 
 	//generate the JWT
-	const tokens = generate(account.id, account.username, account.type, account.admin, account.mod);
+	const tokens = generate(account.index, account.username, account.type, account.admin, account.mod);
 
 	//finally
 	res.status(200).json(tokens);

server/auth/signup.js

@@ -70,7 +70,7 @@ const validateDetails = async (body) => {
 	//check for existing username
 	const usernameRecord = await accounts.findOne({
 		where: {
-			username: body.username
+			username: body.username || ''
 		}
 	});
 

server/auth/validation.js

@@ -5,7 +5,7 @@ const route = async (req, res) => {
 	//get the existing pending signup
 	const info = await pendingSignups.findOne({
 		where: {
-			username: req.query.username
+			username: req.query.username || ''
 		}
 	});
 
@@ -29,7 +29,7 @@ const route = async (req, res) => {
 	//delete the pending signup
 	pendingSignups.destroy({
 		where: {
-			username: req.query.username
+			username: req.query.username || ''
 		}
 	});
 

server/database/models/accounts.js

@@ -2,7 +2,7 @@ const Sequelize = require('sequelize');
 const sequelize = require('..');
 
 module.exports = sequelize.define('accounts', {
-	id: {
+	index: {
 		type: Sequelize.INTEGER(11),
 		allowNull: false,
 		autoIncrement: true,

server/database/models/tokens.js

@@ -3,5 +3,5 @@ const sequelize = require('..');
 
 module.exports = sequelize.define('tokens', {
 	token: 'varchar(320)',
-	username: 'varchar(320)'
+	username: 'varchar(320)' //TODO: why username?
 });

server/server.js

@@ -5,11 +5,10 @@ require('dotenv').config();
 const express = require('express');
 const app = express();
 const server = require('http').Server(app);
-const bodyParser = require('body-parser');
 const cors = require('cors');
 
 //config
-app.use(bodyParser.json());
+app.use(express.json());
 app.use(cors());
 
 //database connection

server/utilities/token-generate.js

@@ -2,9 +2,9 @@ const jwt = require('jsonwebtoken');
 const { tokens } = require('../database/models');
 
 //generates a JWT token based on the given arguments
-module.exports = (id, username, type, admin, mod) => {
+module.exports = (index, username, type, admin, mod) => {
 	const content = {
-		id,
+		index,
 		username,
 		type,
 		admin,

server/utilities/token-refresh.js

@@ -24,7 +24,7 @@ module.exports = (token, callback) => {
 			return callback(403);
 		}
 
-		const result = generate(user.id, user.username, user.type, user.admin, user.mod);
+		const result = generate(user.index, user.username, user.type, user.admin, user.mod);
 
 		destroy(token);