guillm/wf-radio
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Added crypto and new validation utils (keeping legacy until new one is finished)

Browse source
This commit is contained in:
Gu://em_ 2025-04-24 18:49:20 +02:00
parent 0374d7bccb
commit b7f01446d7
6 changed files with 184 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/services/authService.js
View file

@ -3,7 +3,7 @@ const jwt = require("jsonwebtoken");
const userModel = require("../models/user"); const userModel = require("../models/user");
const AppError = require("../utils/appError"); const AppError = require("../utils/appError");
const configManager = require("../utils/configManager"); const configManager = require("../utils/configManager");
const validate = require("../utils/validate"); const validate = require("../utils/validate_legacy");
const JWT_Secret = configManager.getJWTSecret(); const JWT_Secret = configManager.getJWTSecret();

2
src/services/modService.js
View file

@ -1,6 +1,6 @@
const model = require("../models/mod"); const model = require("../models/mod");
const AppError = require("../utils/appError"); const AppError = require("../utils/appError");
const { validateModData } = require("../utils/validate"); const { validateModData } = require("../utils/validate_legacy");
const { mdToHtml } = require("../utils/convert"); const { mdToHtml } = require("../utils/convert");
const { sanitizeModData } = require("../utils/sanitize"); const { sanitizeModData } = require("../utils/sanitize");

2
src/services/userService.js
View file

@ -1,6 +1,6 @@
const model = require("../models/user"); const model = require("../models/user");
const AppError = require("../utils/appError"); const AppError = require("../utils/appError");
const { validateUserData } = require("../utils/validate"); const { validateUserData } = require("../utils/validate_legacy");
const { sanitizeUserData } = require("../utils/sanitize"); const { sanitizeUserData } = require("../utils/sanitize");
async function getAllUsers() { async function getAllUsers() {

61
src/utils/crypto.js Normal file
View file

@ -0,0 +1,61 @@
// --- Imports ---
const jwt = require("jsonwebtoken");
const bcrypt = require("bcrypt");
const { getConfig, getJWTSecret } = require("./configManager");
// --- Config ---
// Declarations
let JWT_Secret;
let token_expiry;
// Constant values
const saltRounds = 12;
// Load
(async () => {
const config = await getConfig();
JWT_Secret = await getJWTSecret();
token_expiry = config.auth.tokenExpiry;
signature_algorithm = config.auth.signatureAlgorithm;
})();
// --- Functions ---
async function hashPassword(passwd) {
const hash = bcrypt.hashSync(passwd, saltRounds);
return hash;
}
async function passwordsMatch(password, hashed_password) {
return await bcrypt.compare(password, hashed_password);
}
async function signToken(payload, options = null) {
if (options == null) {
return jwt.sign(payload, JWT_Secret, { expiresIn: token_expiry, });
}
else {
return jwt.sign(payload, JWT_Secret, options);
}
}
function verifyToken(token) {
return new Promise( async (resolve, reject) => {
await jwt.verify( token, JWT_Secret, (err, user) => {
if (err) {
reject(err);
} else {
resolve(user);
}
});
});
}
// --- Exports ---
module.exports = { passwordsMatch, hashPassword, verifyToken, signToken };

89
src/utils/validate.js
View file

@ -1,82 +1,32 @@
const mod_model = require("../models/mod"); // --- Imports ---
const user_model = require("../models/user");
const AppError = require("./appError"); const AppError = require("./appError");
async function validateModData(mod_data) {
//TODO WIP
// Check fields existence
const not_null = mod_data &&
Object.keys(mod_data).length == 5 &&
mod_data.name &&
mod_data.displayName &&
mod_data.author &&
mod_data.versions != null;
// mod_data.otherInfos != null && // --- Functions ---
// Object.keys(mod_data.otherInfos).length == 0 &&
// mod_data.otherInfos.description != null &&
// mod_data.otherInfos.links != null &&
// mod_data.otherInfos.tags != null &&
// mod_data.otherInfos.screenshots != null &&
// mod_data.otherInfos.license != null &&
// mod_data.otherInfos.changelogs != null;
if (!not_null) { async function validateNewModData(mod_data) {
console.debug("Item is missing expected fields:", mod_data);
throw new AppError(400, "Bad request", "Missing expected fields");
}
// Check fields format (check if sanitized)
const is_valid_name = /^[a-zA-Z0-9_]+$/.test(mod_data.name);
const is_valid_displayName = true;
// const is_valid_displayName = /^[a-zA-Z0-9_]+$/.test(mod_data.name); // Temporary
// const
const is_valid = is_valid_name && is_valid_displayName;
if (!is_valid) {
console.debug("Fields are not following the expected formats");
throw new AppError(400, "Bad request", "The provided fields don't match the expected format");
}
// Check if mod already exists
const exists = await mod_model.exists(mod_data.name);
if (exists) {
console.debug("Error: Item already exists");
throw new AppError(403, "Forbidden", "Content with this name already exists");
}
}
async function validateUserData(user_data) {
throw new AppError(501, "Not implemented"); throw new AppError(501, "Not implemented");
//TODO //TODO
// try {
// node_schemas.validateNewModData(node_data);
// } catch (err) {
// throw new AppError(400, "Missing or invalid fields", "Bad request", err);
// }
// Check fields existence
// ...
if (!not_null) {
console.debug("Missing expected fields:", mod_data);
throw new AppError(400, "Bad request: Missing expected fields");
} }
// Check fields format (check if sanitized)
const is_valid_username = /^[a-zA-Z0-9_]+$/.test(user_data.username);
// const is_valid_email = ...
// ...
const is_valid = is_valid_username && is_valid_email; async function validateNewUserData(user_data) {
if (!is_valid) {
console.debug("Fields are not following the expected formats"); throw new AppError(501, "Not implemented");
throw new AppError(400, "Bad request: The provided fields don't match the expected format"); //TODO
} // try {
// node_schemas.validateNewUserData(node_data);
// } catch (err) {
// throw new AppError(400, "Missing or invalid fields", "Bad request", err);
// }
// Check if user already exists
const exists = await user_model.exists(user_data.username);
if (exists) {
console.debug("Error: User already exists");
throw new AppError(403, "Forbidden: User with this name already exists");
}
} }
async function validateCretendials(identifier, password) { async function validateCretendials(identifier, password) {
@ -84,6 +34,9 @@ async function validateCretendials(identifier, password) {
throw new AppError(501, "Not implemented"); throw new AppError(501, "Not implemented");
} }
// --- Utils ---
async function isEmail(text) { async function isEmail(text) {
const email_regex = /^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/; const email_regex = /^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/;
return email_regex.test(text); return email_regex.test(text);
@ -95,4 +48,4 @@ async function isID(text) {
} }
module.exports = { validateModData, validateUserData, isEmail, isID }; module.exports = { validateNewModData, validateNewUserData, isEmail, isID };

98
src/utils/validate_legacy.js Normal file
View file

@ -0,0 +1,98 @@
const mod_model = require("../models/mod");
const user_model = require("../models/user");
const AppError = require("./appError");
async function validateModData(mod_data) {
//TODO WIP
// Check fields existence
const not_null = mod_data &&
Object.keys(mod_data).length == 5 &&
mod_data.name &&
mod_data.displayName &&
mod_data.author &&
mod_data.versions != null;
// mod_data.otherInfos != null &&
// Object.keys(mod_data.otherInfos).length == 0 &&
// mod_data.otherInfos.description != null &&
// mod_data.otherInfos.links != null &&
// mod_data.otherInfos.tags != null &&
// mod_data.otherInfos.screenshots != null &&
// mod_data.otherInfos.license != null &&
// mod_data.otherInfos.changelogs != null;
if (!not_null) {
console.debug("Item is missing expected fields:", mod_data);
throw new AppError(400, "Bad request", "Missing expected fields");
}
// Check fields format (check if sanitized)
const is_valid_name = /^[a-zA-Z0-9_]+$/.test(mod_data.name);
const is_valid_displayName = true;
// const is_valid_displayName = /^[a-zA-Z0-9_]+$/.test(mod_data.name); // Temporary
// const
const is_valid = is_valid_name && is_valid_displayName;
if (!is_valid) {
console.debug("Fields are not following the expected formats");
throw new AppError(400, "Bad request", "The provided fields don't match the expected format");
}
// Check if mod already exists
const exists = await mod_model.exists(mod_data.name);
if (exists) {
console.debug("Error: Item already exists");
throw new AppError(403, "Forbidden", "Content with this name already exists");
}
}
async function validateUserData(user_data) {
throw new AppError(501, "Not implemented");
//TODO
// Check fields existence
// ...
if (!not_null) {
console.debug("Missing expected fields:", mod_data);
throw new AppError(400, "Bad request: Missing expected fields");
}
// Check fields format (check if sanitized)
const is_valid_username = /^[a-zA-Z0-9_]+$/.test(user_data.username);
// const is_valid_email = ...
// ...
const is_valid = is_valid_username && is_valid_email;
if (!is_valid) {
console.debug("Fields are not following the expected formats");
throw new AppError(400, "Bad request: The provided fields don't match the expected format");
}
// Check if user already exists
const exists = await user_model.exists(user_data.username);
if (exists) {
console.debug("Error: User already exists");
throw new AppError(403, "Forbidden: User with this name already exists");
}
}
async function validateCretendials(identifier, password) {
throw new AppError(501, "Not implemented");
}
async function isEmail(text) {
const email_regex = /^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/;
return email_regex.test(text);
}
async function isID(text) {
const id_regex = /[a-zA-Z0-9_]+/;
return id_regex.test(text);
}
module.exports = { validateModData, validateUserData, isEmail, isID };