-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new api to change name and password
- Loading branch information
Showing
4 changed files
with
122 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| import { Handlers } from "$fresh/server.ts"; | ||
| import { User } from "../../../db.ts"; | ||
| import { get_task_manager } from "../../../server.ts"; | ||
| import { get_string } from "../../../server/parse_form.ts"; | ||
| import { BUser } from "../../../server/user.ts"; | ||
| import { return_data, return_error } from "../../../server/utils.ts"; | ||
|
|
||
| export const handler: Handlers = { | ||
| async POST(req, ctx) { | ||
| const user = <User | undefined> ctx.state.user; | ||
| if (!user) { | ||
| return return_error(403, "Permission denied."); | ||
| } | ||
| let d: FormData | null = null; | ||
| try { | ||
| d = await req.formData(); | ||
| } catch (_) { | ||
| return return_error(1, "Invalid parameters."); | ||
| } | ||
| const username = await get_string(d.get("username")); | ||
| if (!username) return return_error(2, "User name not specified."); | ||
| if (user.username == username) { | ||
| return return_error(3, "Name not changed."); | ||
| } | ||
| const m = get_task_manager(); | ||
| const u = m.db.get_user_by_name(username); | ||
| if (u) { | ||
| return return_error( | ||
| 4, | ||
| "User name is already used by other user, please use another name.", | ||
| ); | ||
| } | ||
| user.username = username; | ||
| m.db.update_user(user); | ||
| return return_data<BUser>({ | ||
| id: user.id, | ||
| is_admin: user.is_admin, | ||
| permissions: user.permissions, | ||
| username: user.username, | ||
| }); | ||
| }, | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| import { Handlers } from "$fresh/server.ts"; | ||
| import isEqual from "lodash/isEqual"; | ||
| import pbkdf2Hmac from "pbkdf2-hmac"; | ||
| import { decodeBase64 } from "std/encoding/base64.ts"; | ||
| import { User } from "../../../db.ts"; | ||
| import { get_task_manager } from "../../../server.ts"; | ||
| import { get_string, parse_int } from "../../../server/parse_form.ts"; | ||
| import { return_data, return_error } from "../../../server/utils.ts"; | ||
| import { cache_mutex, timestamp_cache } from "../token.ts"; | ||
|
|
||
| export const handler: Handlers = { | ||
| async POST(req, ctx) { | ||
| const user = <User | undefined> ctx.state.user; | ||
| if (!user) { | ||
| return return_error(403, "Permission denied."); | ||
| } | ||
| let d: FormData | null = null; | ||
| try { | ||
| d = await req.formData(); | ||
| } catch (_) { | ||
| return return_error(1, "Invalid parameters."); | ||
| } | ||
| const oldp = await get_string(d.get("old")); | ||
| if (!oldp) return return_error(2, "Old password is needed."); | ||
| let old: Uint8Array | null = null; | ||
| try { | ||
| old = decodeBase64(oldp); | ||
| } catch (_) { | ||
| return return_error( | ||
| 3, | ||
| "Failed to decode old password with base64.", | ||
| ); | ||
| } | ||
| if (old.length !== 64) { | ||
| return return_error(3, "Old password need 64 bytes."); | ||
| } | ||
| const t = await parse_int(d.get("t"), null); | ||
| if (t === null) return return_error(2, "t not specified."); | ||
| const now = Date.now(); | ||
| if (t > now + 60000 || t < now - 60000) { | ||
| return return_error(4, "Time is not corrected."); | ||
| } | ||
| const newp = await get_string(d.get("new")); | ||
| if (!newp) return return_error(2, "New password not specified."); | ||
| const pa = new Uint8Array( | ||
| await pbkdf2Hmac(user.password, t.toString(), 1000, 64, "SHA-512"), | ||
| ); | ||
| if (!isEqual(pa, old)) { | ||
| return return_error(5, "Incorrect password"); | ||
| } | ||
| await cache_mutex.acquire(); | ||
| try { | ||
| timestamp_cache.clear_expired(user.username, now); | ||
| if (timestamp_cache.is_in_cache(user.username, t)) { | ||
| return return_error(6, "This request has been used."); | ||
| } | ||
| timestamp_cache.add(user.username, t); | ||
| } finally { | ||
| cache_mutex.release(); | ||
| } | ||
| user.password = new Uint8Array( | ||
| await pbkdf2Hmac( | ||
| newp, | ||
| "eh-downloader-salt", | ||
| 210000, | ||
| 64, | ||
| "SHA-512", | ||
| ), | ||
| ); | ||
| const m = get_task_manager(); | ||
| m.db.update_user(user); | ||
| return return_data(true); | ||
| }, | ||
| }; |