api/controllers/UserController.ts

/**
* This file is part of SudoBot.
* 
* Copyright (C) 2021-2022 OSN Inc.
*
* SudoBot is free software; you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by 
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* 
* SudoBot is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License 
* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
*/

import Request from "../Request";
import User from "../../models/User";
import Controller from "../Controller";
import { body } from 'express-validator';
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
import KeyValuePair from "../../types/KeyValuePair";
import { NextFunction, Response as ExpressResponse } from "express";
import ValidatorError from "../middleware/ValidatorError";
import RequireAuth from "../middleware/RequireAuth";
import { User as DiscordUser } from "discord.js";
import Response from "../Response";

function RequireAdmin(request: Request, response: ExpressResponse, next: NextFunction) {
    if (!request.user?.isAdmin) {
        response.status(403).send({ error: "Forbidden", code: 403 });
        return;
    }

    next();
}

export default class UserController extends Controller {
    middleware(): KeyValuePair<Function[]> {
        return {
            index: [RequireAuth, RequireAdmin],
            create: [
                RequireAuth,
                RequireAdmin,
                body(["password"]).isLength({ min: 2 }), 
                body(["username"]).custom(async username => {
                    const user = await User.findOne({ username });

                    if (user) {
                        return Promise.reject("Username is already in use");
                    }

                    return username;
                }),
                body(["discord_id"]).custom(value => /\d+/g.test(value) ? value : Promise.reject("Invalid Snowflake Given"))
            ],
            login: [
                body(["username", "password"]).isLength({ min: 2 }),
            ],
            delete: [
                RequireAuth,
                body(["username", "password"]).isLength({ min: 2 }),
            ]
        };
    }

    globalMiddleware(): Function[] {
        return [ValidatorError];
    }

    public async index() {
        return await User.find().select(["_id", "username", "createdAt"]).limit(30);
    }

    public async create(request: Request) {
        const user = new User();

        user.username = request.body.username;
        user.discord_id = request.body.discord_id;
        user.createdAt = new Date();
        user.tokenUpdatedAt = new Date();

        try {
            await user.save();
        }
        catch (e) {
            return { error: "DB validation error", error_type: 'db_validation' };
        }

        const salt = await bcrypt.genSalt();
        user.password = await bcrypt.hash(request.body.password, salt);

        const token = await jwt.sign({
            username: user.username,
            discord_id: user.discord_id,
            _id: user.id
        }, process.env.JWT_SECRET!, {
            expiresIn: "2 days",
            issuer: "SudoBot API",
        });

        user.token = token;
        
        try {
            await user.save();
        }
        catch (e) {
            return { error: "Token signing error", error_type: 'token_signing' };
        }

        user.password = undefined;
        return user;
    }

    public async delete(request: Request) {
        const { username, password } = request.body;
        const user = await User.findOne({ username });

        if (!user) {
            return { error: "Username is incorrect." };
        }

        if (!(await bcrypt.compare(password, user.password!))) {
            return { error: "Password is incorrect." };
        }

        await user.delete();

        user.password = undefined;
        user.token = undefined;
        user.tokenUpdatedAt = undefined;

        return {
            message: "Account deletion successful",
            user
        };
    }

    public async login(request: Request) {
        const { username, password } = request.body;
        const user = await User.findOne({ username });

        if (!user) {
            return new Response(400, { error: "Username or password is incorrect." });
        }

        if (!(await bcrypt.compare(password, user.password!))) {
            return new Response(401, { error: "Username or password is incorrect." });
        }

        let { token } = user;

        try {
            if (!token) {
                throw new Error("Token is not set");
            }

            if (!jwt.verify(token, process.env.JWT_SECRET!)) {
                throw new Error("Token is not valid");
            }
        }
        catch (e) {
            console.log(e);    
            
            const newToken = await jwt.sign({
                username: user.username,
                discord_id: user.discord_id,
                _id: user.id
            }, process.env.JWT_SECRET!, {
                expiresIn: "2 days",
                issuer: "SudoBot API",
            });    

            token = newToken;
            user.tokenUpdatedAt = new Date();
            user.token = newToken;
            await user.save();
        }

        let discordUser: DiscordUser | undefined;

        try {
            discordUser = await this.client.users.fetch(user.discord_id);
        }
        catch (e) {
            console.log(e);
        }

        console.log(this.client.guilds.cache.map(g => g.id));
        console.log(user.guilds);

        return {
            message: "Login successful",
            username,
            token,
            user: discordUser,
            expires: new Date(user.tokenUpdatedAt!.getTime() + (2 * 24 * 60 * 60 * 1000)),
            guilds: this.client.guilds.cache.filter(g => user.guilds.includes(g.id))
        };
    }
}
1	/**
2	* This file is part of SudoBot.
3	*
4	* Copyright (C) 2021-2022 OSN Inc.
5	*
6	* SudoBot is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU Affero General Public License as published by
8	* the Free Software Foundation, either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* SudoBot is distributed in the hope that it will be useful, but
12	* WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU Affero General Public License for more details.
15	*
16	* You should have received a copy of the GNU Affero General Public License
17	* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18	*/
19
20	import Request from "../Request";
21	import User from "../../models/User";
22	import Controller from "../Controller";
23	import { body } from 'express-validator';
24	import bcrypt from 'bcrypt';
25	import jwt from 'jsonwebtoken';
26	import KeyValuePair from "../../types/KeyValuePair";
27	import { NextFunction, Response as ExpressResponse } from "express";
28	import ValidatorError from "../middleware/ValidatorError";
29	import RequireAuth from "../middleware/RequireAuth";
30	import { User as DiscordUser } from "discord.js";
31	import Response from "../Response";
32
33	function RequireAdmin(request: Request, response: ExpressResponse, next: NextFunction) {
34	if (!request.user?.isAdmin) {
35	response.status(403).send({ error: "Forbidden", code: 403 });
36	return;
37	}
38
39	next();
40	}
41
42	export default class UserController extends Controller {
43	middleware(): KeyValuePair<Function[]> {
44	return {
45	index: [RequireAuth, RequireAdmin],
46	create: [
47	RequireAuth,
48	RequireAdmin,
49	body(["password"]).isLength({ min: 2 }),
50	body(["username"]).custom(async username => {
51	const user = await User.findOne({ username });
52
53	if (user) {
54	return Promise.reject("Username is already in use");
55	}
56
57	return username;
58	}),
59	body(["discord_id"]).custom(value => /\d+/g.test(value) ? value : Promise.reject("Invalid Snowflake Given"))
60	],
61	login: [
62	body(["username", "password"]).isLength({ min: 2 }),
63	],
64	delete: [
65	RequireAuth,
66	body(["username", "password"]).isLength({ min: 2 }),
67	]
68	};
69	}
70
71	globalMiddleware(): Function[] {
72	return [ValidatorError];
73	}
74
75	public async index() {
76	return await User.find().select(["_id", "username", "createdAt"]).limit(30);
77	}
78
79	public async create(request: Request) {
80	const user = new User();
81
82	user.username = request.body.username;
83	user.discord_id = request.body.discord_id;
84	user.createdAt = new Date();
85	user.tokenUpdatedAt = new Date();
86
87	try {
88	await user.save();
89	}
90	catch (e) {
91	return { error: "DB validation error", error_type: 'db_validation' };
92	}
93
94	const salt = await bcrypt.genSalt();
95	user.password = await bcrypt.hash(request.body.password, salt);
96
97	const token = await jwt.sign({
98	username: user.username,
99	discord_id: user.discord_id,
100	_id: user.id
101	}, process.env.JWT_SECRET!, {
102	expiresIn: "2 days",
103	issuer: "SudoBot API",
104	});
105
106	user.token = token;
107
108	try {
109	await user.save();
110	}
111	catch (e) {
112	return { error: "Token signing error", error_type: 'token_signing' };
113	}
114
115	user.password = undefined;
116	return user;
117	}
118
119	public async delete(request: Request) {
120	const { username, password } = request.body;
121	const user = await User.findOne({ username });
122
123	if (!user) {
124	return { error: "Username is incorrect." };
125	}
126
127	if (!(await bcrypt.compare(password, user.password!))) {
128	return { error: "Password is incorrect." };
129	}
130
131	await user.delete();
132
133	user.password = undefined;
134	user.token = undefined;
135	user.tokenUpdatedAt = undefined;
136
137	return {
138	message: "Account deletion successful",
139	user
140	};
141	}
142
143	public async login(request: Request) {
144	const { username, password } = request.body;
145	const user = await User.findOne({ username });
146
147	if (!user) {
148	return new Response(400, { error: "Username or password is incorrect." });
149	}
150
151	if (!(await bcrypt.compare(password, user.password!))) {
152	return new Response(401, { error: "Username or password is incorrect." });
153	}
154
155	let { token } = user;
156
157	try {
158	if (!token) {
159	throw new Error("Token is not set");
160	}
161
162	if (!jwt.verify(token, process.env.JWT_SECRET!)) {
163	throw new Error("Token is not valid");
164	}
165	}
166	catch (e) {
167	console.log(e);
168
169	const newToken = await jwt.sign({
170	username: user.username,
171	discord_id: user.discord_id,
172	_id: user.id
173	}, process.env.JWT_SECRET!, {
174	expiresIn: "2 days",
175	issuer: "SudoBot API",
176	});
177
178	token = newToken;
179	user.tokenUpdatedAt = new Date();
180	user.token = newToken;
181	await user.save();
182	}
183
184	let discordUser: DiscordUser \| undefined;
185
186	try {
187	discordUser = await this.client.users.fetch(user.discord_id);
188	}
189	catch (e) {
190	console.log(e);
191	}
192
193	console.log(this.client.guilds.cache.map(g => g.id));
194	console.log(user.guilds);
195
196	return {
197	message: "Login successful",
198	username,
199	token,
200	user: discordUser,
201	expires: new Date(user.tokenUpdatedAt!.getTime() + (2 * 24 * 60 * 60 * 1000)),
202	guilds: this.client.guilds.cache.filter(g => user.guilds.includes(g.id))
203	};
204	}
205	}