Merged private changes

.dockerignore

@@ -0,0 +1,7 @@
+.git*
+
+tools*
+mysql*
+letsencrypt*
+
+.env*

.envdev

@@ -5,7 +5,7 @@ WEB_PORT=3200
 DB_HOSTNAME=database
 DB_DATABASE=auth
 DB_USERNAME=auth
-DB_PASSWORD=venusaur
+DB_PASSWORD=charizard
 
 MAIL_SMTP=smtp.example.com
 [email protected]

Dockerfile

@@ -2,8 +2,8 @@
 FROM node:15
 WORKDIR "/app"
 COPY package*.json ./
-RUN npm install --production
 COPY . /app
+RUN npm install --production
 EXPOSE 3200
 USER node
 ENTRYPOINT ["bash", "-c"]

server/admin/ban-user.js

@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			},
 			admin: {
 				[Op.not]: true
@@ -27,7 +27,7 @@ const route = async (req, res) => {
 	//forcibly logout
 	tokens.destroy({
 		where: {
-			username: req.body.username
+			username: req.body.username || ''
 		}
 	});
 

server/admin/default-account.js

@@ -25,15 +25,16 @@ module.exports = async () => {
 	});
 
 	if (adminRecord == null) {
+		const webAddress = process.env.WEB_ADDRESS == 'localhost' ? 'example.com' : process.env.WEB_ADDRESS; //can't log in as "localhost"
 		await accounts.create({
-			email: `${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}`,
+			email: `${process.env.ADMIN_DEFAULT_USERNAME}@${webAddress}`,
 			username: `${process.env.ADMIN_DEFAULT_USERNAME}`,
 			hash: await bcrypt.hash(`${process.env.ADMIN_DEFAULT_PASSWORD}`, await bcrypt.genSalt(11)),
 			type: 'normal',
 			admin: true,
 			mod: true
 		});
 
-		console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
+		console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${webAddress}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
 	}
 };

server/admin/grant-admin.js

@@ -10,7 +10,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/admin/grant-mod.js

@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/admin/index.js

@@ -12,7 +12,7 @@ router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			username: req.user.username
+			username: req.user.username || ''
 		}
 	});
 

server/admin/remove-admin.js

@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/admin/remove-mod.js

@@ -10,7 +10,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});

server/auth/account-delete.js

@@ -11,7 +11,7 @@ const { accounts } = require('../database/models');
 const route = async (req, res) => {
 	const account = await accounts.findOne({
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 
@@ -30,7 +30,7 @@ const route = async (req, res) => {
 	},
 	{
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 

server/auth/account-query.js

@@ -4,7 +4,7 @@ const { accounts } = require('../database/models');
 const route = async (req, res) => {
 	const account = await accounts.findOne({
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 

server/auth/account-update.js

@@ -16,7 +16,7 @@ const route = async (req, res) => {
 		hash: hash
 	}, {
 		where: {
-			id: req.user.id
+			index: req.user.index
 		}
 	});
 

server/auth/index.js

@@ -20,7 +20,7 @@ router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			username: req.user.username
+			username: req.user.username || ''
 		}
 	});
 

server/auth/login.js

@@ -19,7 +19,7 @@ const route = async (req, res) => {
 	//get the existing account
 	const account = await accounts.findOne({
 		where: {
-			email: req.body.email
+			email: req.body.email || ''
 		}
 	});
 
@@ -38,7 +38,7 @@ const route = async (req, res) => {
 	//cancel deletion if any
 	await accounts.update({ deletion: null }, {
 		where: {
-			id: account.id
+			index: account.index
 		}
 	});
 
@@ -48,7 +48,7 @@ const route = async (req, res) => {
 	}
 
 	//generate the JWT
-	const tokens = generate(account.id, account.username, account.type, account.admin, account.mod);
+	const tokens = generate(account.index, account.username, account.type, account.admin, account.mod);
 
 	//finally
 	res.status(200).json(tokens);

server/auth/signup.js

@@ -70,7 +70,7 @@ const validateDetails = async (body) => {
 	//check for existing username
 	const usernameRecord = await accounts.findOne({
 		where: {
-			username: body.username
+			username: body.username || ''
 		}
 	});
 

server/auth/validation.js

@@ -5,7 +5,7 @@ const route = async (req, res) => {
 	//get the existing pending signup
 	const info = await pendingSignups.findOne({
 		where: {
-			username: req.query.username
+			username: req.query.username || ''
 		}
 	});
 
@@ -29,7 +29,7 @@ const route = async (req, res) => {
 	//delete the pending signup
 	pendingSignups.destroy({
 		where: {
-			username: req.query.username
+			username: req.query.username || ''
 		}
 	});
 

server/database/models/accounts.js

@@ -2,7 +2,7 @@ const Sequelize = require('sequelize');
 const sequelize = require('..');
 
 module.exports = sequelize.define('accounts', {
-	id: {
+	index: {
 		type: Sequelize.INTEGER(11),
 		allowNull: false,
 		autoIncrement: true,

server/database/models/tokens.js

@@ -3,5 +3,5 @@ const sequelize = require('..');
 
 module.exports = sequelize.define('tokens', {
 	token: 'varchar(320)',
-	username: 'varchar(320)'
+	username: 'varchar(320)' //TODO: why username?
 });

server/server.js

@@ -5,11 +5,10 @@ require('dotenv').config();
 const express = require('express');
 const app = express();
 const server = require('http').Server(app);
-const bodyParser = require('body-parser');
 const cors = require('cors');
 
 //config
-app.use(bodyParser.json());
+app.use(express.json());
 app.use(cors());
 
 //database connection

server/utilities/token-generate.js

@@ -2,9 +2,9 @@ const jwt = require('jsonwebtoken');
 const { tokens } = require('../database/models');
 
 //generates a JWT token based on the given arguments
-module.exports = (id, username, type, admin, mod) => {
+module.exports = (index, username, type, admin, mod) => {
 	const content = {
-		id,
+		index,
 		username,
 		type,
 		admin,

server/utilities/token-refresh.js

@@ -24,7 +24,7 @@ module.exports = (token, callback) => {
 			return callback(403);
 		}
 
-		const result = generate(user.id, user.username, user.type, user.admin, user.mod);
+		const result = generate(user.index, user.username, user.type, user.admin, user.mod);
 
 		destroy(token);
 

server/utilities/validate-username.js

@@ -6,11 +6,11 @@ module.exports = username => {
 	if (username.length < 8 && username.length > 100) {
 		return false;
 	}
-	
+
 	if (!isAlpha(username)) {
 		return false;
 	}
-	
+
 	return true;
 }