krgamestudios/auth-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Patched some holes when poking with curl

Browse Source
This commit is contained in:
Kayne Ruse
2021-07-24 20:04:35 +10:00
parent 46ded91c41
commit c63e14ddf3
8 changed files with 49 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/auth/account-delete.js
+11 -3
View File
@@ -9,18 +9,26 @@ const { accounts } = require('../database/models');
//auth/deletion
const route = async (req, res) => {
if (!req.body.password) {
return res.status(401).end('Missing password');
}
const account = await accounts.findOne({
where: {
index: req.user.index
index: req.user.index || ''
}
});
if (!account) {
return res.status(401).end('Missing account');
}
//compare the user's password
const compare = utils.promisify(bcrypt.compare);
const match = await compare(req.body.password || '', account.hash);
const match = await compare(req.body.password, account.hash);
if (!match) {
return res.status(401).send('incorrect password');
return res.status(401).send('Incorrect password');
}
//set the deletion time (2 days from now)