/* Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Copyright (C) 2023 Spacebar and Spacebar Contributors This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ import { Router, Request, Response } from "express"; import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail, Config, UserModifySchema, generateToken, } from "@spacebar/util"; import { route } from "@spacebar/api"; import bcrypt from "bcrypt"; const router: Router = Router(); router.get("/", route({}), async (req: Request, res: Response) => { res.json( await User.findOne({ select: PrivateUserProjection, where: { id: req.user_id }, }), ); }); router.patch( "/", route({ body: "UserModifySchema" }), async (req: Request, res: Response) => { const body = req.body as UserModifySchema; const user = await User.findOneOrFail({ where: { id: req.user_id }, select: [...PrivateUserProjection, "data"], }); // Populated on password change let newToken: string | undefined; if (body.avatar) body.avatar = await handleFile( `/avatars/${req.user_id}`, body.avatar as string, ); if (body.banner) body.banner = await handleFile( `/banners/${req.user_id}`, body.banner as string, ); if (body.password) { if (user.data?.hash) { const same_password = await bcrypt.compare( body.password, user.data.hash || "", ); if (!same_password) { throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD", }, }); } } else { user.data.hash = await bcrypt.hash(body.password, 12); } } if (body.email) { body.email = adjustEmail(body.email); if (!body.email && Config.get().register.email.required) throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID", }, }); if (!body.password) throw FieldErrors({ password: { message: req.t("auth:register.INVALID_PASSWORD"), code: "INVALID_PASSWORD", }, }); } if (body.new_password) { if (!body.password && !user.email) { throw FieldErrors({ password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED"), }, }); } user.data.hash = await bcrypt.hash(body.new_password, 12); user.data.valid_tokens_since = new Date(); newToken = (await generateToken(user.id)) as string; } if (body.username) { const check_username = body?.username?.replace(/\s/g, ""); if (!check_username) { throw FieldErrors({ username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED"), }, }); } const { maxUsername } = Config.get().limits.user; if (check_username.length > maxUsername) { throw FieldErrors({ username: { code: "USERNAME_INVALID", message: `Username must be less than ${maxUsername} in length`, }, }); } } if (body.discriminator) { if ( await User.findOne({ where: { discriminator: body.discriminator, username: body.username || user.username, }, }) ) { throw FieldErrors({ discriminator: { code: "INVALID_DISCRIMINATOR", message: "This discriminator is already in use.", }, }); } } user.assign(body); user.validate(); await user.save(); // eslint-disable-next-line @typescript-eslint/ban-ts-comment //@ts-ignore delete user.data; // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", user_id: req.user_id, data: user, } as UserUpdateEvent); res.json({ ...user, newToken, }); }, ); export default router; // {"message": "Invalid two-factor code", "code": 60008}