danielvici123/esp-projekt
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Attempted adding of 'Salting' for the password, a method which adds random numbers or letters to make rainbowtable password cracking impossible, not tested yet

Browse Source
This commit is contained in:
Esad Mustafoski
2025-02-02 12:33:47 +01:00
parent 3c6fdd0b59
commit 4c80caa52a
4 changed files with 399 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
database/create_db.ts
View File

@@ -15,7 +15,7 @@ const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite");
const db = new DB(dbPath);
export function createDatabase(): void {
db.execute(`
db.execute(`
CREATE TABLE IF NOT EXISTS accounts (
uuid INTEGER PRIMARY KEY AUTOINCREMENT,
user_group TEXT,
@@ -24,6 +24,7 @@ export function createDatabase(): void {
user_username TEXT,
user_e-mail TEXT,
password TEXT,
password_salt TEXT,
firstname TEXT,
surname TEXT,
account_created TEXT,
@@ -50,28 +51,34 @@ export function createDatabase(): void {
likes INTEGER
)
`);
};
}
// Sample data generated using AI, does not work yet and will be adjusted
export function insertSampleData(): void {
db.query(`INSERT INTO accounts (user_group, user_bio, user_displayname, user_username, user_email, password, firstname, surname, account_created, followers, following, contacts) VALUES
('admin', 'Admin bio', 'Admin User', 'admin', 'admin@example.com', 'hashedpass1', 'Admin', 'User', '2024-01-01', '[]', '[]', '[]', '[]'),
('user', 'I love coding!', 'John Dev', 'johndev', 'john@example.com', 'hashedpass2', 'John', 'Smith', '2024-01-02', '[]', '[3,4]', '[1,2]', '[]'),
('user', 'Photography enthusiast', 'Alice', 'alice_photo', 'alice@example.com', 'hashedpass3', 'Alice', 'Johnson', '2024-01-03', '[5]', '[1]', '[2]', '[]')
`);
db.query(
`INSERT INTO accounts (user_group, user_bio, user_displayname, user_username, user_email, password, password_salt, firstname, surname, account_created, followers, following, contacts) VALUES
('admin', 'Admin bio', 'Admin User', 'admin', 'admin@example.com', 'hashedpass1', 'salt1', 'Admin', 'User', '2024-01-01', '[]', '[]', '[]', '[]'),
('user', 'I love coding!', 'John Dev', 'johndev', 'john@example.com', 'hashedpass2', 'salt2', 'John', 'Smith', '2024-01-02', '[]', '[3,4]', '[1,2]', '[]'),
('user', 'Photography enthusiast', 'Alice', 'alice_photo', 'alice@example.com', 'hashedpass3', 'salt3', 'Alice', 'Johnson', '2024-01-03', '[5]', '[1]', '[2]', '[]')
`,
);
db.query(`INSERT INTO posts (user_id, created_at, post_text, likes, comments) VALUES
db.query(
`INSERT INTO posts (user_id, created_at, post_text, likes, comments) VALUES
(1, '2024-01-15 10:00:00', 'First post about programming!', 5, 2),
(1, '2024-01-15 11:30:00', 'Check out this new feature', 10, 3),
(2, '2024-01-16 09:15:00', 'Just learned about TypeScript', 8, 1),
(3, '2024-01-16 14:20:00', 'Posted my new photo collection', 15, 4)
`);
`,
);
db.query(`INSERT INTO comments (post_id, author_user_id, date_created_at, text, likes) VALUES
db.query(
`INSERT INTO comments (post_id, author_user_id, date_created_at, text, likes) VALUES
(1, 2, '2024-01-15 10:05:00', 'Great post!', 3),
(1, 3, '2024-01-15 10:10:00', 'Very informative', 2),
(2, 3, '2024-01-15 11:35:00', 'Nice feature', 4),
(3, 1, '2024-01-16 09:20:00', 'TypeScript is awesome', 5),
(4, 2, '2024-01-16 14:25:00', 'Beautiful photos!', 6)
`);
};
`,
);
}

322
database/utils.ts
View File

@@ -11,10 +11,9 @@ import { dirname, fromFileUrl, join } from "https://deno.land/std/path/mod.ts";
import * as db_create from "./create_db.ts";
// +++ VARIABLES ---------------------------------------------------- //
// __dirname Is never getting used again, It's only needed because the DB Import
// _dirname Is never getting used again, It's only needed because the DB Import
// from SQLite doesn't like relative paths, so I use this as
// A Workaround
const _dirname: string = dirname(fromFileUrl(import.meta.url));
const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite");
const db = new DB(dbPath);
@@ -22,119 +21,126 @@ const db = new DB(dbPath);
// +++ INTERFACES --------------------------------------------------- //
// Used in the Functions to define the return type/Avoid type errors
interface Post {
posts_uuid: number;
user_id: number;
created_at: string;
post_text: string;
likes: number;
comments: number;
posts_uuid: number;
user_id: number;
created_at: string;
post_text: string;
likes: number;
comments: number;
}
interface Accounts {
user_id: number;
user_group: string;
bio: string;
displayname: string;
username: string;
user_email: string;
password: string;
firstname: string;
surname: string;
account_created: string;
blocked_users: string;
followers: string;
following: string;
contacts: string;
user_id: number;
user_group: string;
bio: string;
displayname: string;
username: string;
user_email: string;
password: string;
password_salt: string;
firstname: string;
surname: string;
account_created: string;
blocked_users: string;
followers: string;
following: string;
contacts: string;
}
interface Comments {
comment_id: number;
post_id: number;
author_user_id: number;
date_created_at: string;
text: string;
likes: number;
comment_id: number;
post_id: number;
author_user_id: number;
date_created_at: string;
text: string;
likes: number;
}
// +++ Helper ------------------------------------------------------ //
function mapPostRow(row: Row): Post {
const [posts_uuid, user_id, created_at, post_text, likes, comments] = row;
return {
posts_uuid: Number(posts_uuid),
user_id: Number(user_id),
created_at: String(created_at),
post_text: String(post_text),
likes: Number(likes),
comments: Number(comments),
};
const [posts_uuid, user_id, created_at, post_text, likes, comments] = row;
return {
posts_uuid: Number(posts_uuid),
user_id: Number(user_id),
created_at: String(created_at),
post_text: String(post_text),
likes: Number(likes),
comments: Number(comments),
};
}
function mapAccountRow(row: Row): Accounts {
const [
user_id,
user_group,
bio,
displayname,
username,
user_email,
password,
firstname,
surname,
account_created,
blocked_users,
followers,
following,
contacts,
] = row;
return {
user_id: Number(user_id),
user_group: String(user_group),
bio: String(bio),
displayname: String(displayname),
username: String(username),
user_email: String(user_email),
password: String(password),
firstname: String(firstname),
surname: String(surname),
account_created: String(account_created),
blocked_users: String(blocked_users),
followers: String(followers),
following: String(following),
contacts: String(contacts),
};
const [
user_id,
user_group,
bio,
displayname,
username,
user_email,
password,
password_salt,
firstname,
surname,
account_created,
blocked_users,
followers,
following,
contacts,
] = row;
return {
user_id: Number(user_id),
user_group: String(user_group),
bio: String(bio),
displayname: String(displayname),
username: String(username),
user_email: String(user_email),
password: String(password),
password_salt: String(password_salt),
firstname: String(firstname),
surname: String(surname),
account_created: String(account_created),
blocked_users: String(blocked_users),
followers: String(followers),
following: String(following),
contacts: String(contacts),
};
}
function mapCommentRow(row: Row): Comments {
const [
comment_id,
post_id,
author_user_id,
date_created_at,
text,
likes,
] = row;
return {
comment_id: Number(comment_id),
post_id: Number(post_id),
author_user_id: Number(author_user_id),
date_created_at: String(date_created_at),
text: String(text),
likes: Number(likes),
};
const [
comment_id,
post_id,
author_user_id,
date_created_at,
text,
likes,
] = row;
return {
comment_id: Number(comment_id),
post_id: Number(post_id),
author_user_id: Number(author_user_id),
date_created_at: String(date_created_at),
text: String(text),
likes: Number(likes),
};
}
// "T" is a generic type, it can be anything and makes the function "flexible"(?)
async function queryDatabase<T>(query: string, params: any[], mapRow: (row: Row) => T,): Promise<T[]> {
const results: T[] = [];
try {
const rows = await db.query(query, params);
for (const row of rows) {
results.push(mapRow(row));
}
} catch (error) {
console.error("Database query error:", error);
async function queryDatabase<T>(
query: string,
params: any[],
mapRow: (row: Row) => T,
): Promise<T[]> {
const results: T[] = [];
try {
const rows = await db.query(query, params);
for (const row of rows) {
results.push(mapRow(row));
}
return results;
} catch (error) {
console.error("Database query error:", error);
}
return results;
}
// +++ FUNCTIONS --------------------------------------------------- //
@@ -144,11 +150,11 @@ async function queryDatabase<T>(query: string, params: any[], mapRow: (row: Row)
* @file ./create_db.ts
*/
function insertSamples(): void {
db_create.insertSampleData();
db_create.insertSampleData();
}
function createDatabaseIfNotExist(): void {
db_create.createDatabase();
db_create.createDatabase();
}
/**
@@ -158,30 +164,30 @@ function createDatabaseIfNotExist(): void {
* @returns Array of all Posts in the Database
*/
async function getPostsFromDB(user_uuid?: string): Promise<Post[]> {
const query = user_uuid
? `SELECT * FROM posts WHERE user_id = ?`
: `SELECT * FROM posts`;
const params = user_uuid ? [user_uuid] : [];
return await queryDatabase<Post>(query, params, mapPostRow);
}
const query = user_uuid
? `SELECT * FROM posts WHERE user_id = ?`
: `SELECT * FROM posts`;
const params = user_uuid ? [user_uuid] : [];
return await queryDatabase<Post>(query, params, mapPostRow);
}
/**
* @returns Array of all Users in the Database
*/
async function getAllUsersFromDB(): Promise<Accounts[]> {
const query = `SELECT * FROM accounts`;
return await queryDatabase<Accounts>(query, [], mapAccountRow);
const query = `SELECT * FROM accounts`;
return await queryDatabase<Accounts>(query, [], mapAccountRow);
}
/**
* @param username
* @param username
* @returns Returns the Accounts for the User with the given username
*/
async function getUserByUsername(username: string): Promise<Accounts> {
const query = `SELECT * FROM accounts WHERE user_username = '${username}'`;
const params:string[] = [];
const result = await queryDatabase<Accounts>(query, params, mapAccountRow);
return result[0];
const query = `SELECT * FROM accounts WHERE user_username = '${username}'`;
const params: string[] = [];
const result = await queryDatabase<Accounts>(query, params, mapAccountRow);
return result[0];
}
/**
@@ -191,11 +197,11 @@ async function getUserByUsername(username: string): Promise<Accounts> {
* @returns Array of Comments for the Post, or an empty Array if there are no Comments
*/
async function getCommentsFromDB(post_id?: number): Promise<Comments[]> {
const query = post_id
? `SELECT * FROM comments WHERE post_id = ?`
: `SELECT * FROM comments`;
const params = post_id ? [post_id] : [];
return await queryDatabase<Comments>(query, params, mapCommentRow);
const query = post_id
? `SELECT * FROM comments WHERE post_id = ?`
: `SELECT * FROM comments`;
const params = post_id ? [post_id] : [];
return await queryDatabase<Comments>(query, params, mapCommentRow);
}
/**
@@ -203,7 +209,7 @@ async function getCommentsFromDB(post_id?: number): Promise<Comments[]> {
* @returns Array of Comments for the Comment, or an empty Array if there are no Comments
*/
function getCommentsForComments(comment_id: number) {
// Will be rewritten to use the queryDatabase function
// Will be rewritten to use the queryDatabase function
}
/**
@@ -213,7 +219,7 @@ function getCommentsForComments(comment_id: number) {
* Might be required for Administrating the User
*/
async function getAllUserInfoByID(user_id: string) {
// Will be rewritten to use the queryDatabase function
// Will be rewritten to use the queryDatabase function
}
/**
@@ -222,47 +228,79 @@ async function getAllUserInfoByID(user_id: string) {
*/
// Filter Functions, Not yet implemented
function filterForImagePosts(posts_to_filter: Array<any>) {
return [];
return [];
}
function filterForVideoPosts(posts_to_filter: Array<any>) {
return [];
return [];
}
function filterForTextPosts(posts_to_filter: Array<any>) {
return [];
return [];
}
// Register/Login/User
/**
* @param user The name of the User to add
* @param password The password of the User to add
* @returns Array of Posts from the User, or an empty Array if the User doesn't exist or has no Posts
* @param user The username of the User to add
* @param password The hashed password of the User to add
* @param salt The salt used for the password
* @returns "noUser" if user exists, "newUser" if registration successful
*/
function registerUser (user: string, password: string, userGroup: string, displayname: string, user_email: string, firstname: string, surname: string, account_created: string): string {
const query_user_exists = `SELECT * FROM accounts WHERE user_username = '${user}'`;
if (!query_user_exists) {
return "noUser";
}
function registerUser(
user: string,
password: string,
salt: string,
userGroup: string,
displayname: string,
user_email: string,
firstname: string,
surname: string,
account_created: string,
): string {
const query_user_exists =
`SELECT * FROM accounts WHERE user_username = '${user}'`;
if (!query_user_exists) {
return "noUser";
}
const query_add_user = `INSERT INTO accounts (user_username, password, user_group, user_displayname, user_email, firstname, surname, account_created) VALUES ('${user}', '${password}', '${userGroup}', '${displayname}', '${user_email}', '${firstname}', '${surname}', '${account_created}')`;
db.query(query_add_user);
console.log(`New user: ${user}`)
const query_add_user = `
INSERT INTO accounts (
user_username,
password,
password_salt,
user_group,
user_displayname,
user_email,
firstname,
surname,
account_created
) VALUES (
'${user}',
'${password}',
'${salt}',
'${userGroup}',
'${displayname}',
'${user_email}',
'${firstname}',
'${surname}',
'${account_created}'
)`;
db.query(query_add_user);
console.log(`New user: ${user}`);
return "newUser";
return "newUser";
}
// Exporting all functions as this is a module
export {
registerUser,
createDatabaseIfNotExist,
getAllUserInfoByID,
getAllUsersFromDB,
getUserByUsername,
getCommentsForComments,
getCommentsFromDB,
getPostsFromDB,
insertSamples,
createDatabaseIfNotExist,
getAllUserInfoByID,
getAllUsersFromDB,
getCommentsForComments,
getCommentsFromDB,
getPostsFromDB,
getUserByUsername,
insertSamples,
registerUser,
};