diff --git a/com/Auth/DeleteUnit.lua b/com/Auth/DeleteUnit.lua new file mode 100644 index 0000000..53b3f0f --- /dev/null +++ b/com/Auth/DeleteUnit.lua @@ -0,0 +1,96 @@ +-- com/DeleteUnit.lua + +---@diagnostic disable: redefined-local +local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true}) +local log = require("internal.log") +local session = require("internal.session") +local crypt = require("internal.crypt.bcrypt") + +local function close_db() + if db then + db:close() + db = nil + end +end + +local function error_response(message, code, data) + session.response.error = { + code = code or nil, + message = message, + data = data or nil + } + close_db() +end + +if not session.request.params then + return error_response("no params provided") +end + +if not session.request.params.token then + return error_response("access denied") +end + +if session.request.params.token ~= require("_config").token() then + return error_response("access denied") +end + +local params = session.request.params + +if not (params.username and params.email and params.password) then + return error_response("no username/email/password provided") +end + +local existing, err = db:query( + "SELECT password FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1", + { + params.email, + params.username + } +) + +if err ~= nil then + log.error("Password fetch failed: " .. tostring(err)) + return error_response("Database query failed: " .. tostring(err)) +end + +if not existing or #existing == 0 then + return error_response("Unit not found") +end + +local hashed_password = existing[1].password + +local ok = crypt.compare(hashed_password, params.password) +if not ok then + log.warn("Wrong password attempt for: " .. params.username) + return error_response("Invalid password") +end + +local ctx, err = db:exec( + [[ + UPDATE users + SET deleted = 1, + deleted_at = CURRENT_TIMESTAMP + WHERE email = ? AND username = ? AND deleted = 0 + ]], + { params.email, params.username } +) + +if err ~= nil then + log.error("Soft delete failed: " .. tostring(err)) + return error_response("Soft delete failed: " .. tostring(err)) +end + +local res, err = ctx:wait() +if err ~= nil then + log.error("Soft delete confirmation failed: " .. tostring(err)) + return error_response("Soft delete confirmation failed: " .. tostring(err)) +end + +session.response.result = { + rows_affected = res, + message = "Unit soft-deleted successfully" +} + +log.info("user " .. params.username .. " soft-deleted successfully") + +close_db() diff --git a/com/Auth/GetAccess.lua b/com/Auth/GetAccess.lua index 9876131..945b3e0 100644 --- a/com/Auth/GetAccess.lua +++ b/com/Auth/GetAccess.lua @@ -1,3 +1,5 @@ +-- com/GetAccess + ---@diagnostic disable: redefined-local local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true}) local log = require("internal.log") @@ -13,7 +15,7 @@ end local function error_response(message, code, data) session.response.error = { - code = code or -32600, + code = code or nil, message = message, data = data or nil } @@ -25,13 +27,24 @@ if not params then return error_response("No params provided") end +if not session.request.params.token then + return error_response("access denied") +end + +if session.request.params.token ~= require("_config").token() then + return error_response("access denied") +end + if not (params.username and params.email and params.password) then - return error_response("Missing username, email or password", -32602) + return error_response("Missing username, email or password") end local unit, err = db:query( - "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? LIMIT 1", - {params.email, params.username} + "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1", + { + params.email, + params.username + } ) if err then @@ -40,7 +53,7 @@ if err then end if not unit or #unit == 0 then - return error_response("Unit not found", -32604) + return error_response("Unit not found") end unit = unit[1] @@ -48,7 +61,7 @@ unit = unit[1] local ok = crypt.compare(unit.password, params.password) if not ok then log.warn("Login failed: wrong password for " .. params.username) - return error_response("Invalid password", -32605) + return error_response("Invalid password") end session.response.result = { diff --git a/com/Auth/NewUnit.lua b/com/Auth/NewUnit.lua deleted file mode 100644 index b92a5be..0000000 --- a/com/Auth/NewUnit.lua +++ /dev/null @@ -1,77 +0,0 @@ ----@diagnostic disable: redefined-local -local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true}) -local log = require("internal.log") -local session = require("internal.session") -local crypt = require("internal.crypt.bcrypt") - -if not session.request.params then - session.response.error = { - message = "no params provided" - } - return -end - -local params = session.request.params - -if not (params.username and params.email and params.password) then - session.response.error = { - message = "no username/email/password provided" - } - return -end - -local hashPass = crypt.generate(params.password, crypt.DefaultCost) - -local existing, err = db:query("SELECT 1 FROM users WHERE email = ? OR username = ? LIMIT 1", { - params.email, - params.username -}) -if err ~= nil then - session.response.error = { - message = "Database check failed: "..tostring(err) - } - log.error("Email check failed: "..tostring(err)) - return -end - -if existing and #existing > 0 then - session.response.error = { - code = -32604, - message = "Unit already exists" - } - return -end - -local ctx, err = db:exec( - "INSERT INTO users (username, email, password) VALUES (?, ?, ?)", - { - params.username, - params.email, - hashPass - } -) -if err ~= nil then - session.response.error = { - code = -32605, - message = "Insert failed: "..tostring(err) - } - log.error("Insert failed: "..tostring(err)) - return -end - -local res, err = ctx:wait() -if err ~= nil then - session.response.error = { - code = -32606, - message = "Insert confirmation failed: "..tostring(err) - } - log.error("Insert confirmation failed: "..tostring(err)) - return -end - -session.response.result = { - rows_affected = res, - message = "Unit created successfully" -} - -db:close() \ No newline at end of file diff --git a/com/Auth/PutNewUnit.lua b/com/Auth/PutNewUnit.lua new file mode 100644 index 0000000..415e64b --- /dev/null +++ b/com/Auth/PutNewUnit.lua @@ -0,0 +1,86 @@ +-- com/PutNewUnit.lua + +---@diagnostic disable: redefined-local +local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true}) +local log = require("internal.log") +local session = require("internal.session") +local crypt = require("internal.crypt.bcrypt") + +local function close_db() + if db then + db:close() + db = nil + end +end + +local function error_response(message, code, data) + session.response.error = { + code = code or nil, + message = message, + data = data or nil + } + close_db() +end + +if not session.request.params then + return error_response("no params provided") +end + +if not session.request.params.token then + return error_response("access denied") +end + +if session.request.params.token ~= require("_config").token() then + return error_response("access denied") +end + +local params = session.request.params +if not (params.username and params.email and params.password) then + return error_response("no username/email/password provided") +end + +local hashPass = crypt.generate(params.password, crypt.DefaultCost) + +local existing, err = db:query("SELECT 1 FROM users WHERE deleted = 0 AND (email = ? OR username = ? OR phone_number = ?) LIMIT 1", { + params.email, + params.username, + params.phone_number +}) + +if err ~= nil then + log.error("Email check failed: "..tostring(err)) + return error_response("Database check failed: "..tostring(err)) +end + +if existing and #existing > 0 then + return error_response("Unit already exists") +end + +local ctx, err = db:exec( + "INSERT INTO users (username, email, password, first_name, last_name, phone_number) VALUES (?, ?, ?, ?, ?, ?)", + { + params.username, + params.email, + hashPass, + params.first_name or "", + params.last_name or "", + params.phone_number or "" + } +) +if err ~= nil then + log.error("Insert failed: "..tostring(err)) + return error_response("Insert failed: "..tostring(err)) +end + +local res, err = ctx:wait() +if err ~= nil then + log.error("Insert confirmation failed: "..tostring(err)) + return error_response("Insert confirmation failed: "..tostring(err)) +end + +session.response.result = { + rows_affected = res, + message = "Unit created successfully" +} + +close_db() \ No newline at end of file