1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
import { Request, Response, Router } from "express";
import { route } from "@fosscord/api";
import { Application, Config, FieldErrors, generateToken, OrmUtils, Snowflake, trimSpecial, User } from "@fosscord/util";
import { HTTPError } from "lambert-server";
import { verifyToken } from "node-2fa";
const router: Router = Router();
router.post("/", route({}), async (req: Request, res: Response) => {
const app = await Application.findOne({where: {id: req.params.id}});
if(!app) return res.status(404);
const username = trimSpecial(app.name);
const discriminator = await User.generateDiscriminator(username);
if (!discriminator) {
// We've failed to generate a valid and unused discriminator
throw FieldErrors({
username: {
code: "USERNAME_TOO_MANY_USERS",
message: req?.t("auth:register.USERNAME_TOO_MANY_USERS"),
},
});
}
const user = OrmUtils.mergeDeep(new User(), {
created_at: new Date(),
username: username,
discriminator,
id: app.id,
bot: true,
system: false,
premium_since: new Date(),
desktop: false,
mobile: false,
premium: true,
premium_type: 2,
bio: app.description,
mfa_enabled: false,
totp_secret: "",
totp_backup_codes: [],
verified: true,
disabled: false,
deleted: false,
email: null,
rights: Config.get().security.defaultRights,
nsfw_allowed: true,
public_flags: "0",
flags: "0",
data: {
hash: null,
valid_tokens_since: new Date(),
},
settings: {},
extended_settings: {},
fingerprints: [],
notes: {},
});
await user.save();
app.bot = user;
await app.save();
res.send().status(204)
});
router.post("/reset", route({}), async (req: Request, res: Response) => {
let bot = await User.findOne({where: {id: req.params.id}});
let owner = await User.findOne({where: {id: req.user_id}});
if(!bot) return res.status(404);
if(owner?.totp_secret && (!req.body.code || verifyToken(owner.totp_secret, req.body.code))) {
throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
}
bot.data = { hash: undefined, valid_tokens_since: new Date() };
await bot.save();
let token = await generateToken(bot.id);
res.json({token}).status(200);
});
router.patch("/", route({}), async (req: Request, res: Response) => {
delete req.body.avatar;
let app = OrmUtils.mergeDeep(await User.findOne({where: {id: req.params.id}}), req.body);
await app.save();
res.json(app).status(200);
});
export default router;
|