diff --git a/com/Auth/DeleteUnit.lua b/com/Auth/DeleteUnit.lua deleted file mode 100644 index adaa1ab..0000000 --- a/com/Auth/DeleteUnit.lua +++ /dev/null @@ -1,119 +0,0 @@ --- com/DeleteUnit.lua - ----@diagnostic disable: redefined-local -local db = require("internal.database.sqlite").connect("db/user-database.db", {log = true}) -local log = require("internal.log") -local session = require("internal.session") -local crypt = require("internal.crypt.bcrypt") -local jwt = require("internal.crypt.jwt") -local sha256 = require("internal.crypt.sha256") - -local params = session.request.params.get() -local token = session.request.headers.get("authorization") - -local function close_db() - if db then - db:close() - db = nil - end -end - -local function error_response(message, code, data) - session.response.error = { - code = code or nil, - message = message, - data = data or nil - } - close_db() -end - -if not token or type(token) ~= "string" then - return error_response("Access denied") -end - -local prefix = "Bearer " -if token:sub(1, #prefix) ~= prefix then - return error_response("Invalid Authorization scheme") -end - -local access_token = token:sub(#prefix + 1) - -local err, data = jwt.decode(access_token, { secret = require("_config").token() }) - -if err or not data then - session.response.error = { - message = err - } - return -end - --- if data.session_uuid ~= session.id then --- return error_response("Access denied") --- end - --- if data.key ~= sha256.sum(session.request.address .. session.id .. session.request.headers.get("user-agent", "noagent")) then --- return error_response("Access denied") --- end - -if not params then - return error_response("no params provided") -end - -if not (params.username and params.email and params.password) then - return error_response("no username/email/password provided") -end - -local existing, err = db:query( - "SELECT password FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1", - { - params.email, - params.username - } -) - -if err ~= nil then - log.error("Password fetch failed: " .. tostring(err)) - return error_response("Database query failed: " .. tostring(err)) -end - -if not existing or #existing == 0 then - return error_response("Unit not found") -end - -local hashed_password = existing[1].password - -local ok = crypt.compare(hashed_password, params.password) -if not ok then - log.warn("Wrong password attempt for: " .. params.username) - return error_response("Invalid password") -end - -local ctx, err = db:exec( - [[ - UPDATE users - SET deleted = 1, - deleted_at = CURRENT_TIMESTAMP - WHERE email = ? AND username = ? AND deleted = 0 - ]], - { params.email, params.username } -) - -if err ~= nil then - log.error("Soft delete failed: " .. tostring(err)) - return error_response("Soft delete failed: " .. tostring(err)) -end - -local res, err = ctx:wait() -if err ~= nil then - log.error("Soft delete confirmation failed: " .. tostring(err)) - return error_response("Soft delete confirmation failed: " .. tostring(err)) -end - -session.response.result = { - rows_affected = res, - message = "Unit soft-deleted successfully" -} - -log.info("user " .. params.username .. " soft-deleted successfully") - -close_db() diff --git a/com/Auth/GetAccess.lua b/com/Auth/GetAccess.lua deleted file mode 100644 index 14da4bf..0000000 --- a/com/Auth/GetAccess.lua +++ /dev/null @@ -1,76 +0,0 @@ --- com/GetAccess - ----@diagnostic disable: redefined-local -local db = require("internal.database.sqlite").connect("db/user-database.db", {log = true}) -local log = require("internal.log") -local session = require("internal.session") -local crypt = require("internal.crypt.bcrypt") -local jwt = require("internal.crypt.jwt") -local sha256 = require("internal.crypt.sha256") - -local params = session.request.params.get() -local secret = require("_config").token() - -local function close_db() - if db then - db:close() - db = nil - end -end - -local function error_response(message, code, data) - session.response.error = { - code = code or nil, - message = message, - data = data or nil - } - close_db() -end - -if not params then - return error_response("No params provided") -end - -if not (params.username and params.email and params.password) then - return error_response("Missing username, email or password") -end - -local unit, err = db:query( - "SELECT id, username, email, password, created_at FROM users WHERE email = ? AND username = ? AND deleted = 0 LIMIT 1", - { - params.email, - params.username - } -) - -if err then - log.error("DB query error: " .. tostring(err)) - return error_response("Database query failed") -end - -if not unit or #unit == 0 then - return error_response("Unit not found") -end - -unit = unit[1] - -local ok = crypt.compare(unit.password, params.password) -if not ok then - log.warn("Login failed: wrong password for " .. params.username) - return error_response("Invalid password") -end - -local token = jwt.encode({ - secret = secret, - payload = { session_uuid = session.id, - admin_user = params.username, - key = sha256.sum(session.request.address .. session.id .. session.request.headers.get("user-agent", "noagent")) - }, - expires_in = 3600 -}) - -session.response.result = { - access_token = token -} - -close_db() diff --git a/com/Auth/PutNewUnit.lua b/com/Auth/PutNewUnit.lua deleted file mode 100644 index 3a140f4..0000000 --- a/com/Auth/PutNewUnit.lua +++ /dev/null @@ -1,109 +0,0 @@ --- com/PutNewUnit.lua - ----@diagnostic disable: redefined-local -local db = require("internal.database.sqlite").connect("db/user-database.db", {log = true}) -local log = require("internal.log") -local session = require("internal.session") -local crypt = require("internal.crypt.bcrypt") -local jwt = require("internal.crypt.jwt") -local sha256 = require("internal.crypt.sha256") - -local params = session.request.params.get() -local token = session.request.headers.get("authorization") - -local function close_db() - if db then - db:close() - db = nil - end -end - -local function error_response(message, code, data) - session.response.error = { - code = code or nil, - message = message, - data = data or nil - } - close_db() -end - -if not token or type(token) ~= "string" then - return error_response("Access denied") -end - -local prefix = "Bearer " -if token:sub(1, #prefix) ~= prefix then - return error_response("Invalid Authorization scheme") -end - -local access_token = token:sub(#prefix + 1) - -local err, data = jwt.decode(access_token, { secret = require("_config").token() }) - -if err or not data then - session.response.error = { - message = err - } - return -end - -if data.session_uuid ~= session.id then - return error_response("Access denied") -end - -if data.key ~= sha256.sum(session.request.address .. session.id .. session.request.headers.get("user-agent", "noagent")) then - return error_response("Access denied") -end - -if not params then - return error_response("no params provided") -end - -if not (params.username and params.email and params.password) then - return error_response("no username/email/password provided") -end - -local hashPass = crypt.generate(params.password, crypt.DefaultCost) - -local existing, err = db:query("SELECT 1 FROM users WHERE deleted = 0 AND (email = ? OR username = ?) LIMIT 1", { - params.email, - params.username -}) - -if err ~= nil then - log.error("Email check failed: "..tostring(err)) - return error_response("Database check failed: "..tostring(err)) -end - -if existing and #existing > 0 then - return error_response("Unit already exists") -end - -local ctx, err = db:exec( - "INSERT INTO users (username, email, password, first_name, last_name, phone_number) VALUES (?, ?, ?, ?, ?, ?)", - { - params.username, - params.email, - hashPass, - params.first_name or "", - params.last_name or "", - params.phone_number or "" - } -) -if err ~= nil then - log.error("Insert failed: "..tostring(err)) - return error_response("Insert failed: "..tostring(err)) -end - -local res, err = ctx:wait() -if err ~= nil then - log.error("Insert confirmation failed: "..tostring(err)) - return error_response("Insert confirmation failed: "..tostring(err)) -end - -session.response.result = { - rows_affected = res, - message = "Unit created successfully" -} - -close_db() \ No newline at end of file