some small changes for auth scripts

2026-01-03 04:52:26 +00:00 · 2025-08-05 22:09:55 +03:00
parent d3eb483461
commit 1c2c4c1356
4 changed files with 201 additions and 83 deletions
--- a/com/Auth/DeleteUnit.lua
+++ b/com/Auth/DeleteUnit.lua
@@ -0,0 +1,96 @@
+-- com/DeleteUnit.lua
+
+---@diagnostic disable: redefined-local
+local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true})
+local log = require("internal.log")
+local session = require("internal.session")
+local crypt = require("internal.crypt.bcrypt")
+
+local function close_db()
+  if db then
+    db:close()
+    db = nil
+  end
+end
+
+local function error_response(message, code, data)
+  session.response.error = {
+    code = code or nil,
+    message = message,
+    data = data or nil
+  }
+  close_db()
+end
+
+if not session.request.params then
+  return error_response("no params provided")
+end
+
+if not session.request.params.token then
+  return error_response("access denied")
+end
+
+if session.request.params.token ~= require("_config").token() then
+  return error_response("access denied")
+end
+
+local params = session.request.params
+
+if not (params.username and params.email and params.password) then
+  return error_response("no username/email/password provided")
+end
+
+local existing, err = db:query(
+  "SELECT password FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1",
+  {
+    params.email,
+    params.username
+  }
+)
+
+if err ~= nil then
+  log.error("Password fetch failed: " .. tostring(err))
+  return error_response("Database query failed: " .. tostring(err))
+end
+
+if not existing or #existing == 0 then
+  return error_response("Unit not found")
+end
+
+local hashed_password = existing[1].password
+
+local ok = crypt.compare(hashed_password, params.password)
+if not ok then
+  log.warn("Wrong password attempt for: " .. params.username)
+  return error_response("Invalid password")
+end
+
+local ctx, err = db:exec(
+  [[
+    UPDATE users
+    SET deleted = 1,
+        deleted_at = CURRENT_TIMESTAMP
+    WHERE email = ? AND username = ? AND deleted = 0
+  ]],
+  { params.email, params.username }
+)
+
+if err ~= nil then
+  log.error("Soft delete failed: " .. tostring(err))
+  return error_response("Soft delete failed: " .. tostring(err))
+end
+
+local res, err = ctx:wait()
+if err ~= nil then
+  log.error("Soft delete confirmation failed: " .. tostring(err))
+  return error_response("Soft delete confirmation failed: " .. tostring(err))
+end
+
+session.response.result = {
+  rows_affected = res,
+  message = "Unit soft-deleted successfully"
+}
+
+log.info("user " .. params.username .. " soft-deleted successfully")
+
+close_db()
--- a/com/Auth/GetAccess.lua
+++ b/com/Auth/GetAccess.lua
@@ -1,3 +1,5 @@
+-- com/GetAccess
+
 ---@diagnostic disable: redefined-local
 local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true})
 local log = require("internal.log")
@@ -13,7 +15,7 @@ end

 local function error_response(message, code, data)
  session.response.error = {
-    code = code or -32600,
+    code = code or nil,
    message = message,
    data = data or nil
  }
@@ -25,13 +27,24 @@ if not params then
  return error_response("No params provided")
 end

+if not session.request.params.token then
+  return error_response("access denied")
+end
+
+if session.request.params.token ~= require("_config").token() then
+  return error_response("access denied")
+end
+
 if not (params.username and params.email and params.password) then
-  return error_response("Missing username, email or password", -32602)
+  return error_response("Missing username, email or password")
 end

 local unit, err = db:query(
-  "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? LIMIT 1",
-  {params.email, params.username}
+  "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1",
+  {
+    params.email,
+    params.username
+  }
 )

 if err then
@@ -40,7 +53,7 @@ if err then
 end

 if not unit or #unit == 0 then
-  return error_response("Unit not found", -32604)
+  return error_response("Unit not found")
 end

 unit = unit[1]
@@ -48,7 +61,7 @@ unit = unit[1]
 local ok = crypt.compare(unit.password, params.password)
 if not ok then
  log.warn("Login failed: wrong password for " .. params.username)
-  return error_response("Invalid password", -32605)
+  return error_response("Invalid password")
 end

 session.response.result = {
--- a/com/Auth/NewUnit.lua
+++ b/com/Auth/NewUnit.lua
@@ -1,77 +0,0 @@
---@diagnostic disable: redefined-local
-local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true})
-local log = require("internal.log")
-local session = require("internal.session")
-local crypt = require("internal.crypt.bcrypt")
-
-if not session.request.params then
-  session.response.error = {
-    message = "no params provided"
-  }
-  return
-end
-
-local params = session.request.params
-
-if not (params.username and params.email and params.password) then
-  session.response.error = {
-    message = "no username/email/password provided"
-  }
-  return
-end
-
-local hashPass = crypt.generate(params.password, crypt.DefaultCost)
-
-local existing, err = db:query("SELECT 1 FROM users WHERE email = ? OR username = ? LIMIT 1", {
-  params.email,
-  params.username
-})
-if err ~= nil then
-  session.response.error = {
-    message = "Database check failed: "..tostring(err)
-  }
-  log.error("Email check failed: "..tostring(err))
-  return
-end
-
-if existing and #existing > 0 then
-  session.response.error = {
-    code = -32604,
-    message = "Unit already exists"
-  }
-  return
-end
-
-local ctx, err = db:exec(
-  "INSERT INTO users (username, email, password) VALUES (?, ?, ?)",
-  {
-    params.username,
-    params.email,
-    hashPass
-  }
-)
-if err ~= nil then
-  session.response.error = {
-    code = -32605,
-    message = "Insert failed: "..tostring(err)
-  }
-  log.error("Insert failed: "..tostring(err))
-  return
-end
-
-local res, err = ctx:wait()
-if err ~= nil then
-  session.response.error = {
-    code = -32606,
-    message = "Insert confirmation failed: "..tostring(err)
-  }
-  log.error("Insert confirmation failed: "..tostring(err))
-  return
-end
-
-session.response.result = {
-  rows_affected = res,
-  message = "Unit created successfully"
-}
-
-db:close()
--- a/com/Auth/PutNewUnit.lua
+++ b/com/Auth/PutNewUnit.lua
@@ -0,0 +1,86 @@
+-- com/PutNewUnit.lua
+
+---@diagnostic disable: redefined-local
+local db = require("internal.database-sqlite").connect("db/user-database.db", {log = true})
+local log = require("internal.log")
+local session = require("internal.session")
+local crypt = require("internal.crypt.bcrypt")
+
+local function close_db()
+  if db then
+    db:close()
+    db = nil
+  end
+end
+
+local function error_response(message, code, data)
+  session.response.error = {
+    code = code or nil,
+    message = message,
+    data = data or nil
+  }
+  close_db()
+end
+
+if not session.request.params then
+  return error_response("no params provided")
+end
+
+if not session.request.params.token then
+  return error_response("access denied")
+end
+
+if session.request.params.token ~= require("_config").token() then
+  return error_response("access denied")
+end
+
+local params = session.request.params
+if not (params.username and params.email and params.password) then
+  return error_response("no username/email/password provided")
+end
+
+local hashPass = crypt.generate(params.password, crypt.DefaultCost)
+
+local existing, err = db:query("SELECT 1 FROM users WHERE deleted = 0 AND (email = ? OR username = ? OR phone_number = ?) LIMIT 1", {
+  params.email,
+  params.username,
+  params.phone_number
+})
+
+if err ~= nil then
+  log.error("Email check failed: "..tostring(err))
+  return error_response("Database check failed: "..tostring(err))
+end
+
+if existing and #existing > 0 then
+  return error_response("Unit already exists")
+end
+
+local ctx, err = db:exec(
+  "INSERT INTO users (username, email, password, first_name, last_name, phone_number) VALUES (?, ?, ?, ?, ?, ?)",
+  {
+    params.username,
+    params.email,
+    hashPass,
+    params.first_name or "",
+    params.last_name or "",
+    params.phone_number or ""
+  }
+)
+if err ~= nil then
+  log.error("Insert failed: "..tostring(err))
+  return error_response("Insert failed: "..tostring(err))
+end
+
+local res, err = ctx:wait()
+if err ~= nil then
+  log.error("Insert confirmation failed: "..tostring(err))
+  return error_response("Insert confirmation failed: "..tostring(err))
+end
+
+session.response.result = {
+  rows_affected = res,
+  message = "Unit created successfully"
+}
+
+close_db()