forked from kaverti/website
124 lines
5.1 KiB
JavaScript
124 lines
5.1 KiB
JavaScript
let express = require('express')
|
|
let router = express.Router()
|
|
const auth = require('../lib/auth')
|
|
const Errors = require('../lib/errors.js')
|
|
let {
|
|
User, Ip, Ban
|
|
} = require('../models')
|
|
const cryptoRandomString = require("crypto-random-string")
|
|
const rateLimit = require("express-rate-limit");
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
const emailLimiter = rateLimit({
|
|
windowMs: 60000,
|
|
max: 1, // limit each IP to 100 requests per windowMs
|
|
message: "{\"errors\":[{\"name\":\"rateLimit\",\"message\":\"You may only make 1 request to this endpoint per minute.\",\"status\":429}]}"
|
|
});
|
|
|
|
const registerLimit = rateLimit({
|
|
windowMs: 60000 * 5, // 5 minutes
|
|
max: 1, // limit each IP to 100 requests per windowMs
|
|
message: "{\"errors\":[{\"name\":\"rateLimit\",\"message\":\"You may only make 1 request to this endpoint every 5 minutes.\",\"status\":429}]}"
|
|
});
|
|
router.post('/oidfhuisadhi8243', emailLimiter, async(req, res, next) => {
|
|
try {
|
|
await Ban.isIpBanned(req.ip)
|
|
|
|
let userParams = {
|
|
username: req.body.username,
|
|
email: req.body.email,
|
|
hash: req.body.password,
|
|
passkey: req.body.passkey,
|
|
admin: false,
|
|
bodyColor: '#ffffff',
|
|
headColor: '#ffffff',
|
|
leftLegColor: '#ffffff',
|
|
rightLegColor: '#ffffff',
|
|
leftArmColor: '#ffffff',
|
|
rightArmColor: '#ffffff',
|
|
koins: '250',
|
|
currency2: '0',
|
|
picture: 'default',
|
|
developerMode: false,
|
|
emailVerified: false,
|
|
theme: 'light',
|
|
emailToken: cryptoRandomString({length: 16})
|
|
}
|
|
let user = await User.create(userParams)
|
|
await Ip.createIfNotExists(req.ip, user)
|
|
|
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
|
res.json({
|
|
accessToken
|
|
});
|
|
} catch (e) { next(e) }
|
|
})
|
|
router.post('/null', emailLimiter, async(req, res, next) => {
|
|
try {
|
|
await Ban.isIpBanned(req.ip)
|
|
|
|
let userParams = {
|
|
username: req.body.username,
|
|
email: req.body.email,
|
|
hash: req.body.password,
|
|
passkey: req.body.passkey,
|
|
admin: false,
|
|
bodyColor: '#ffffff',
|
|
headColor: '#ffffff',
|
|
leftLegColor: '#ffffff',
|
|
rightLegColor: '#ffffff',
|
|
leftArmColor: '#ffffff',
|
|
rightArmColor: '#ffffff',
|
|
koins: '250',
|
|
currency2: '0',
|
|
picture: 'default',
|
|
developerMode: false,
|
|
emailVerified: false,
|
|
theme: 'light',
|
|
emailToken: cryptoRandomString({length: 16})
|
|
}
|
|
let user = await User.create(userParams)
|
|
await Ip.createIfNotExists(req.ip, user)
|
|
|
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
|
res.json({
|
|
accessToken
|
|
});
|
|
} catch (e) { next(e) }
|
|
})
|
|
router.post('/register', emailLimiter, async(req, res, next) => {
|
|
try {
|
|
await Ban.isIpBanned(req.ip)
|
|
|
|
let userParams = {
|
|
username: req.body.username,
|
|
email: req.body.email,
|
|
hash: req.body.password,
|
|
passkey: req.body.passkey,
|
|
admin: false,
|
|
bodyColor: '#ffffff',
|
|
headColor: '#ffffff',
|
|
leftLegColor: '#ffffff',
|
|
rightLegColor: '#ffffff',
|
|
leftArmColor: '#ffffff',
|
|
rightArmColor: '#ffffff',
|
|
koins: '250',
|
|
currency2: '0',
|
|
picture: 'default',
|
|
developerMode: false,
|
|
emailVerified: false,
|
|
theme: 'light',
|
|
emailToken: cryptoRandomString({length: 16})
|
|
}
|
|
let user = await User.create(userParams)
|
|
await Ip.createIfNotExists(req.ip, user)
|
|
|
|
const accessToken = jwt.sign({ username: user.username, admin: user.admin, executive: user.executive, email: user.email, UserId: user.id, loggedIn: true, bot: user.bot, offset: user.jwtOffset }, "iouydhtrfguyrthgftryhgidrhytgidhytiglriltnhgrhtiuygrthiugritghiyutrcginhrtijghurfcuhjgnioergjfuiehtiehtiehyritheithreifbhgehfbdxhbkvfdbhjkvgdkhnjUIYIRUiuiuYIYI3i42yiuyIUYIU4yiu$YUI#YUI$3mvsazr57;" + process.env.SESSION_SECRET);
|
|
res.json({
|
|
accessToken
|
|
});
|
|
} catch (e) { next(e) }
|
|
})
|
|
|
|
module.exports = router
|