matthew/satyr
1
0
Fork 0
mirror of https://git.waldn.net/git/knotteye/satyr.git synced 2025-12-22 01:32:17 +00:00
Code Issues Projects Releases Wiki Activity

I don't even know.

Browse Source 
Filled out API for user management
Proper escaping of user input for SQL queries (stream keys aren't user input)
Filled out frontend with profile management, vods, etc.
I don't remember there's probably more, fuck.
This commit is contained in:
knotteye
2019-10-05 14:34:57 -05:00
parent eefa7c8dc7
commit f9e4a7a5c6
25 changed files with 323 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/api.ts
View File

@@ -5,35 +5,44 @@ function init(conf: object){
config = conf;
}
async function register(name: string, password: string, streamer: boolean) {
if(!config.registration){
return {"error":"registration disabled"};
}
else {
if(name.includes(';') || name.includes(' ')) return {"error":"illegal characters"};
let s: boolean;
if(streamer && config.streamKeys) s = true;
else s = false;
let r: boolean = await db.addUser(name, password, s, false);
if(r) return {"success":""};
else return {"error":""};
async function register(name: string, password: string, confirm: string) {
if(!config.registration) return {"error":"registration disabled"};
if(name.includes(';') || name.includes(' ') || name.includes('\'')) return {"error":"illegal characters"};
if(password !== confirm) return {"error":"mismatched passwords"};
for(let i=0;i<config.restrictedNames.length;i++){
if (name === config.restrictedNames[i]) return {"error":"restricted name"};
}
let r: boolean = await db.addUser(name, password);
if(r) return {"success":""};
return {"error":""};
}
async function login(name: string, pass: string) {
return await db.validatePassword(name, pass);
async function update(name: string, password: string, title: string, bio: string, record: boolean){
if(!name || !password) return {"error":"Insufficient parameters"};
let auth: boolean = await db.validatePassword(name, password);
if(!auth) return {"error":"Username or Password Incorrect"};
await db.query('UPDATE user_meta set title='+db.raw.escape(title)+', about='+db.raw.escape(bio)+' where username='+db.raw.escape(name));
if(!record) await db.query('UPDATE users set record_flag=false where username='+db.raw.escape(name));
else await db.query('UPDATE users set record_flag=true where username='+db.raw.escape(name));
return {"success":""};
}
async function users(num: number) {
return await db.query('select username from users limit '+num);
async function changepwd(name: string, password: string, newpwd: string){
if(!name || !password) return {"error":"Insufficient parameters"};
let auth: boolean = await db.validatePassword(name, password);
if(!auth) return {"error":"Username or Password Incorrect"};
let newhash: string = await db.hash(newpwd);
await db.query('UPDATE users set password_hash='+db.raw.escape(newhash)+'where username='+db.raw.escape(name)+' limit 1');
return {"success":""};
}
async function user(name: string) {
async function changesk(name: string, password: string){
if(!name || !password) return {"error":"Insufficient parameters"};
let auth: boolean = await db.validatePassword(name, password);
if(!auth) return {"error":"Username or Password Incorrect"};
let key: string = await db.genKey();
await db.query('UPDATE users set stream_key='+db.raw.escape(key)+'where username='+db.raw.escape(name)+' limit 1');
return {"success":key};
}
async function instance() {
}
export { init, register };
export { init, register, update, changepwd, changesk };