danielvici123/esp-projekt
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Attempted adding of 'Salting' for the password, a method which adds random numbers or letters to make rainbowtable password cracking impossible, not tested yet

Browse Source
This commit is contained in:
Esad Mustafoski
2025-02-02 12:33:47 +01:00
parent 3c6fdd0b59
commit 4c80caa52a
4 changed files with 399 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
api/helpers.ts
View File

@@ -1,18 +1,16 @@
/// <reference lib="deno.ns" /> /// <reference lib="deno.ns" />
/**
/**
* @author Esad Mustafoski * @author Esad Mustafoski
* @file api/helpers.ts * @file api/helpers.ts
* @description Helper functions for the API * @description Helper functions for the API
*
*/ */
import { Context } from "https://deno.land/x/oak/mod.ts"; import { Context } from "https://deno.land/x/oak/mod.ts";
import { encodeHex } from "jsr:@std/encoding/hex"; import { encodeHex } from "jsr:@std/encoding/hex";
// import { hash } from "node:crypto"; // import { hash } from "node:crypto";
export type ApiResponse = { export type ApiResponse = {
status: number; status: number;
body: unknown; body: unknown;
}; };
// --- Helper Functions --- // // --- Helper Functions --- //
@@ -22,9 +20,9 @@ export type ApiResponse = {
* Status is the HTTP Status code * Status is the HTTP Status code
* Body is the response body/message/data. * Body is the response body/message/data.
*/ */
const sendResponse = (ctx: Context, {status, body}: ApiResponse): void => { const sendResponse = (ctx: Context, { status, body }: ApiResponse): void => {
ctx.response.status = status; ctx.response.status = status;
ctx.response.body = body as any; ctx.response.body = body as any;
}; };
/** /**
@@ -32,24 +30,41 @@ const sendResponse = (ctx: Context, {status, body}: ApiResponse): void => {
* @see sendResponse * @see sendResponse
*/ */
const errorResponse = (ctx: Context, status: number, message: string): void => { const errorResponse = (ctx: Context, status: number, message: string): void => {
sendResponse(ctx, { status, body: { error: message } }); sendResponse(ctx, { status, body: { error: message } });
}; };
/** /**
* @description Hashing Function for Passwords/etc * @description password "Salter", used to salt the passwords before the hash, this salt will be
* @param password The password to hash * returned seperately to save the salt in the DB
* @param password The password to salt
* @returns {saltedPassword: string, salt: string} Password with the salt + Salt seperately, both strings
*/ */
const hashPassword = async(password: string): Promise<string> => { const saltPassword = async (
const to_hash = password; password: string,
const buffer = new TextEncoder().encode(to_hash); ): Promise<{ saltedPassword: string; salt: string }> => {
const hash_buffer = await crypto.subtle.digest("SHA-256", buffer); const saltBytes = new Uint8Array(16); // 16 bytes = 128 bits for randomness
const hash = await encodeHex(hash_buffer); await crypto.getRandomValues(saltBytes);
const salt = encodeHex(saltBytes);
return hash;
}
export { const saltedPassword = `${password}${salt}`;
sendResponse,
errorResponse, return {
hashPassword saltedPassword,
salt,
};
}; };
/**
* @description Hashing Function for Passwords/etc
* @param password The password to hash
* @returns {hash: string} The hashed password as a string
*/
const hashPassword = async (password: string): Promise<string> => {
const to_hash = password;
const buffer = new TextEncoder().encode(to_hash);
const hash_buffer = await crypto.subtle.digest("SHA-256", buffer);
const hash = await encodeHex(hash_buffer);
return hash;
};
export { errorResponse, hashPassword, saltPassword, sendResponse };

294
api/main.ts
View File

@@ -1,11 +1,16 @@
/// <reference lib="deno.ns" /> /// <reference lib="deno.ns" />
/** /**
* @author Esad Mustafoski * @author Esad Mustafoski
* Main API file, Handles all the routing/api stuff * @ðescription Main API file, Handles all the routing/api stuff
*/ */
// +++ IMPORTS ------------------------------------------------------ // // +++ IMPORTS ------------------------------------------------------ //
import { Application, Router, Context, Next } from "https://deno.land/x/oak/mod.ts"; import {
Application,
Context,
Next,
Router,
} from "https://deno.land/x/oak/mod.ts";
import { oakCors } from "https://deno.land/x/cors/mod.ts"; import { oakCors } from "https://deno.land/x/cors/mod.ts";
import * as db_utils from "../database/utils.ts"; import * as db_utils from "../database/utils.ts";
import * as helper_utils from "./helpers.ts"; import * as helper_utils from "./helpers.ts";
@@ -14,11 +19,11 @@ import * as helper_utils from "./helpers.ts";
const router = new Router(); const router = new Router();
const app = new Application(); const app = new Application();
// For the future // unused for now
type ApiResponse = { type ApiResponse = {
status: number; status: number;
body: unknown; body: unknown;
} };
// +++ ROUTER ------------------------------------------------------- // // +++ ROUTER ------------------------------------------------------- //
// Creates the routes for the API server. // Creates the routes for the API server.
@@ -27,13 +32,17 @@ type ApiResponse = {
// Docs Routes // Docs Routes
router router
.get("/", (ctx) => { ctx.response.body = "For endpoints, use /api/{name}"; }) .get("/", (ctx) => {
.get("/api", (ctx) => { ctx.response.body = "For API Documentation, visit /docs"; }) ctx.response.body = "For endpoints, use /api/{name}";
})
.get("/api", (ctx) => {
ctx.response.body = "For API Documentation, visit /docs";
});
// Account routes // -- Account routes --
router router
.post("/api/account/login", api_login) // TODO .post("/api/account/login", api_login)
.post("/api/account/register", api_register) // TODO .post("/api/account/register", api_register)
.post("/api/account/logout", () => {}) // TODO .post("/api/account/logout", () => {}) // TODO
.post("/api/account/password/forgot", () => {}) // TODO .post("/api/account/password/forgot", () => {}) // TODO
.post("/api/account/password/reset", () => {}) // TODO .post("/api/account/password/reset", () => {}) // TODO
@@ -41,177 +50,196 @@ router
.post("/api/account/email/change-email", () => {}) // TODO .post("/api/account/email/change-email", () => {}) // TODO
.post("/api/account/email/verify-email", () => {}) // TODO .post("/api/account/email/verify-email", () => {}) // TODO
.post("/api/account/delete-account", () => {}) // TODO .post("/api/account/delete-account", () => {}) // TODO
.post("/api/account/block", () => {}) // TODO .post("/api/account/block", () => {}); // TODO
// Auth Routes // -- Auth Routes --
router router
.get("/api/auth", () => {}) // TODO .get("/api/auth", () => {}) // TODO
.get("/api/auth/verify", () => {}) // TODO .get("/api/auth/verify", () => {}) // TODO
.get("/api/auth/refresh", () => {}) // TODO .get("/api/auth/refresh", () => {}); // TODO
// User routes // -- User routes --
router router
.get("/api/users", api_getAllUsers) .get("/api/users", api_getAllUsers)
.get("/api/user/:id/info", api_user_getInfo); // @error GEHT NICHT .get("/api/user/:id/info", api_user_getInfo);
// Post routes // -- Post routes --
router router
.get("/api/posts", api_posts_getAll); .get("/api/posts", api_posts_getAll);
// +++ FUNCTIONS ----------------------------------------------------- // // +++ FUNCTIONS ----------------------------------------------------- //
/**
* @description Stands between the client and the API
* It checks if the client is authorized to access the API with a token/Multiple tokens
* Currently not implemented
* Middleware
*/
async function authenticator(ctx: Context, next: Next): Promise<void> { async function authenticator(ctx: Context, next: Next): Promise<void> {
const authHeader = ctx.request.headers.get('Authorization'); const authHeader = ctx.request.headers.get("Authorization");
if (!authHeader) { if (!authHeader) {
ctx.response.status = 401; ctx.response.status = 401;
ctx.response.body = { error: "No header" }; ctx.response.body = { error: "No header" };
return; return;
} }
const match = authHeader.match(/^Bearer (.+)$/);
if (!match) {
ctx.response.status = 401;
ctx.response.body = { error: "Invalid format" };
return;
}
const token = match[1]; const match = authHeader.match(/^Bearer (.+)$/);
if (!match) {
ctx.response.status = 401;
ctx.response.body = { error: "Invalid format" };
return;
}
try { const token = match[1];
// Token logic missing, not tried or attempted yet.
await next(); try {
} catch (error) { // Token logic missing, not tried or attempted yet.
ctx.response.status = 401; await next();
ctx.response.body = { error: "Invalid token" }; } catch (error) {
} ctx.response.status = 401;
ctx.response.body = { error: "Invalid token" };
}
} }
async function tokenChecker(ctx: Context, next: Next): Promise<void> { async function tokenChecker(ctx: Context, next: Next): Promise<void> {
// logic below (TODO): // logic below (TODO):
/** /**
* 1. check if the token is valid * 1. check if the token is valid
* 2. if valid, set the user in the context * 2. if valid, set the user in the context
* 3. if not valid, return 401 * 3. if not valid, return 401
* 4. if token is missing, return 401 * 4. if: token missing, expired, blacklisted, !DB, !user or !correct user, return 401 with associated error
* 5. if token is expired, return 401 * eg: wrong user: 401 -> "Token not associated with this user"
* 6. if token is blacklisted, return 401 */
* 7. if token is not in the database, return 401
* 8. if token is not associated with a user, return 401
* 9. if token is not associated with the correct user, return 401
*/
} }
async function api_getAllUsers(ctx: Context): Promise<void> { async function api_getAllUsers(ctx: Context): Promise<void> {
const getUsers = await db_utils.getAllUsersFromDB(); const getUsers = await db_utils.getAllUsersFromDB();
ctx.response.body = getUsers; ctx.response.body = getUsers;
} }
// Users // Users
async function api_user_getInfo(ctx: any): Promise<void> { async function api_user_getInfo(ctx: any): Promise<void> {
const id = ctx.params.id; const id = ctx.params.id;
if (!id) { if (!id) {
ctx.response.status = 400; // Bad Request status ctx.response.status = 400;
ctx.response.body = { error: "User ID required" }; ctx.response.body = { error: "User ID required" };
return; return;
}
try {
const user = await db_utils.getAllUserInfoByID(id);
if (user === null || user === undefined) {
helper_utils.errorResponse(ctx, 404, "User not found");
return;
} }
try { ctx.response.body = user;
const user = await db_utils.getAllUserInfoByID(id); } catch (error) {
if (user === null || user === undefined) { helper_utils.errorResponse(ctx, 500, error as string);
helper_utils.errorResponse(ctx, 404, "User not found"); }
return;
}
ctx.response.body = user;
} catch (error) {
helper_utils.errorResponse(ctx, 500, "Internal Server Error");
}
} }
// Posts // Posts
async function api_posts_getAll(ctx: Context): Promise<void> { async function api_posts_getAll(ctx: Context): Promise<void> {
const posts = await db_utils.getPostsFromDB(); const posts = await db_utils.getPostsFromDB();
ctx.response.body = posts; ctx.response.body = posts;
} }
// Comments // Comments (missing)
// login/register // login/register
async function api_register(ctx: Context): Promise<void> { async function api_register(ctx: Context): Promise<void> {
try { try {
const body = ctx.request.body; const body = ctx.request.body;
const result = await body.json(); const result = await body.json();
const { username, password, userGroup, displayname, user_email, firstname, surname} = result; const {
const account_created = `${Math.floor(Date.now() / 1000)}-${new Date().toLocaleDateString('en-GB').split('/').join('-')}`; username,
password,
userGroup,
displayname,
user_email,
firstname,
surname,
} = result;
const account_created = `${Math.floor(Date.now() / 1000)}-${
new Date().toLocaleDateString("en-GB").split("/").join("-")
}`;
if (
if ( !username || !password || !userGroup || !displayname || !user_email || !firstname || !surname) { !username || !password || !userGroup || !displayname || !user_email ||
helper_utils.errorResponse(ctx, 400, "Missing required fields"); !firstname || !surname
return; ) {
} helper_utils.errorResponse(ctx, 400, "Missing required fields");
return;
const hash = await helper_utils.hashPassword(password);
const userId = await db_utils.registerUser(username, hash, userGroup, displayname, user_email, firstname, surname, account_created);
helper_utils.sendResponse(ctx, { status: 200, body: `Registered under name: ${userId}` });
} catch (error) {
console.log(error);
helper_utils.errorResponse(ctx, 500, "Invalid request");
return;
} }
// First salt the password
const { saltedPassword, salt } = await helper_utils.saltPassword(password);
// Then hash the salted password
const hash = await helper_utils.hashPassword(saltedPassword);
const userId = await db_utils.registerUser(
username,
hash,
salt,
userGroup,
displayname,
user_email,
firstname,
surname,
account_created,
);
helper_utils.sendResponse(ctx, {
status: 200,
body: `Registered under name: ${userId}`,
});
} catch (error) {
console.log(error);
helper_utils.errorResponse(ctx, 500, "Invalid request");
return;
}
} }
async function api_login(ctx: Context): Promise<string> { async function api_login(ctx: Context): Promise<string> {
try { try {
const body = ctx.request.body; const body = ctx.request.body;
const result = await body.json(); const result = await body.json();
const { username, password } = result; const { username, password } = result;
if (!username || !password) { if (!username || !password) {
helper_utils.errorResponse(ctx, 400, "Missing required fields"); helper_utils.errorResponse(ctx, 400, "Missing required fields");
return "Error"; return "Error";
}
const user = await db_utils.getUserByUsername(username);
if (!user) {
helper_utils.errorResponse(ctx, 404, "User not found");
return "Error";
}
const hash = await helper_utils.hashPassword(password);
if (user.password !== hash) {
helper_utils.errorResponse(ctx, 401, "Invalid password");
return "Error";
}
} catch (error) {
console.log(error);
helper_utils.errorResponse(ctx, 500, "Invalid request");
return "Error";
} }
const user = await db_utils.getUserByUsername(username);
if (!user) {
helper_utils.errorResponse(ctx, 404, "User not found");
return "Error";
}
// Get the stored salt for this user
const storedSalt = user.password_salt;
// Salt the provided password with the stored salt
const saltedPassword = `${password}${storedSalt}`;
// Hash the salted password
const hash = await helper_utils.hashPassword(saltedPassword);
// Compare with stored hash
if (user.password !== hash) {
helper_utils.errorResponse(ctx, 401, "Invalid password");
return "Error";
}
helper_utils.sendResponse(ctx, { status: 200, body: "Success" }); helper_utils.sendResponse(ctx, { status: 200, body: "Success" });
return "Success"; return "Success";
} catch (error) {
console.log(error);
helper_utils.errorResponse(ctx, 500, "Invalid request");
return "Error";
}
} }
// Filtering
// +++ APP ---------------------------------------------------------- // // +++ APP ---------------------------------------------------------- //
app.use(oakCors({ app.use(oakCors({
origin: '*', origin: "*",
credentials: true, credentials: true,
})); }));
app.use(router.routes()); app.use(router.routes());
app.use(router.allowedMethods()); app.use(router.allowedMethods());

31
database/create_db.ts
View File

@@ -15,7 +15,7 @@ const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite");
const db = new DB(dbPath); const db = new DB(dbPath);
export function createDatabase(): void { export function createDatabase(): void {
db.execute(` db.execute(`
CREATE TABLE IF NOT EXISTS accounts ( CREATE TABLE IF NOT EXISTS accounts (
uuid INTEGER PRIMARY KEY AUTOINCREMENT, uuid INTEGER PRIMARY KEY AUTOINCREMENT,
user_group TEXT, user_group TEXT,
@@ -24,6 +24,7 @@ export function createDatabase(): void {
user_username TEXT, user_username TEXT,
user_e-mail TEXT, user_e-mail TEXT,
password TEXT, password TEXT,
password_salt TEXT,
firstname TEXT, firstname TEXT,
surname TEXT, surname TEXT,
account_created TEXT, account_created TEXT,
@@ -50,28 +51,34 @@ export function createDatabase(): void {
likes INTEGER likes INTEGER
) )
`); `);
}; }
// Sample data generated using AI, does not work yet and will be adjusted // Sample data generated using AI, does not work yet and will be adjusted
export function insertSampleData(): void { export function insertSampleData(): void {
db.query(`INSERT INTO accounts (user_group, user_bio, user_displayname, user_username, user_email, password, firstname, surname, account_created, followers, following, contacts) VALUES db.query(
('admin', 'Admin bio', 'Admin User', 'admin', 'admin@example.com', 'hashedpass1', 'Admin', 'User', '2024-01-01', '[]', '[]', '[]', '[]'), `INSERT INTO accounts (user_group, user_bio, user_displayname, user_username, user_email, password, password_salt, firstname, surname, account_created, followers, following, contacts) VALUES
('user', 'I love coding!', 'John Dev', 'johndev', 'john@example.com', 'hashedpass2', 'John', 'Smith', '2024-01-02', '[]', '[3,4]', '[1,2]', '[]'), ('admin', 'Admin bio', 'Admin User', 'admin', 'admin@example.com', 'hashedpass1', 'salt1', 'Admin', 'User', '2024-01-01', '[]', '[]', '[]', '[]'),
('user', 'Photography enthusiast', 'Alice', 'alice_photo', 'alice@example.com', 'hashedpass3', 'Alice', 'Johnson', '2024-01-03', '[5]', '[1]', '[2]', '[]') ('user', 'I love coding!', 'John Dev', 'johndev', 'john@example.com', 'hashedpass2', 'salt2', 'John', 'Smith', '2024-01-02', '[]', '[3,4]', '[1,2]', '[]'),
`); ('user', 'Photography enthusiast', 'Alice', 'alice_photo', 'alice@example.com', 'hashedpass3', 'salt3', 'Alice', 'Johnson', '2024-01-03', '[5]', '[1]', '[2]', '[]')
`,
);
db.query(`INSERT INTO posts (user_id, created_at, post_text, likes, comments) VALUES db.query(
`INSERT INTO posts (user_id, created_at, post_text, likes, comments) VALUES
(1, '2024-01-15 10:00:00', 'First post about programming!', 5, 2), (1, '2024-01-15 10:00:00', 'First post about programming!', 5, 2),
(1, '2024-01-15 11:30:00', 'Check out this new feature', 10, 3), (1, '2024-01-15 11:30:00', 'Check out this new feature', 10, 3),
(2, '2024-01-16 09:15:00', 'Just learned about TypeScript', 8, 1), (2, '2024-01-16 09:15:00', 'Just learned about TypeScript', 8, 1),
(3, '2024-01-16 14:20:00', 'Posted my new photo collection', 15, 4) (3, '2024-01-16 14:20:00', 'Posted my new photo collection', 15, 4)
`); `,
);
db.query(`INSERT INTO comments (post_id, author_user_id, date_created_at, text, likes) VALUES db.query(
`INSERT INTO comments (post_id, author_user_id, date_created_at, text, likes) VALUES
(1, 2, '2024-01-15 10:05:00', 'Great post!', 3), (1, 2, '2024-01-15 10:05:00', 'Great post!', 3),
(1, 3, '2024-01-15 10:10:00', 'Very informative', 2), (1, 3, '2024-01-15 10:10:00', 'Very informative', 2),
(2, 3, '2024-01-15 11:35:00', 'Nice feature', 4), (2, 3, '2024-01-15 11:35:00', 'Nice feature', 4),
(3, 1, '2024-01-16 09:20:00', 'TypeScript is awesome', 5), (3, 1, '2024-01-16 09:20:00', 'TypeScript is awesome', 5),
(4, 2, '2024-01-16 14:25:00', 'Beautiful photos!', 6) (4, 2, '2024-01-16 14:25:00', 'Beautiful photos!', 6)
`); `,
}; );
}

322
database/utils.ts
View File

@@ -11,10 +11,9 @@ import { dirname, fromFileUrl, join } from "https://deno.land/std/path/mod.ts";
import * as db_create from "./create_db.ts"; import * as db_create from "./create_db.ts";
// +++ VARIABLES ---------------------------------------------------- // // +++ VARIABLES ---------------------------------------------------- //
// __dirname Is never getting used again, It's only needed because the DB Import // _dirname Is never getting used again, It's only needed because the DB Import
// from SQLite doesn't like relative paths, so I use this as // from SQLite doesn't like relative paths, so I use this as
// A Workaround // A Workaround
const _dirname: string = dirname(fromFileUrl(import.meta.url)); const _dirname: string = dirname(fromFileUrl(import.meta.url));
const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite"); const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite");
const db = new DB(dbPath); const db = new DB(dbPath);
@@ -22,119 +21,126 @@ const db = new DB(dbPath);
// +++ INTERFACES --------------------------------------------------- // // +++ INTERFACES --------------------------------------------------- //
// Used in the Functions to define the return type/Avoid type errors // Used in the Functions to define the return type/Avoid type errors
interface Post { interface Post {
posts_uuid: number; posts_uuid: number;
user_id: number; user_id: number;
created_at: string; created_at: string;
post_text: string; post_text: string;
likes: number; likes: number;
comments: number; comments: number;
} }
interface Accounts { interface Accounts {
user_id: number; user_id: number;
user_group: string; user_group: string;
bio: string; bio: string;
displayname: string; displayname: string;
username: string; username: string;
user_email: string; user_email: string;
password: string; password: string;
firstname: string; password_salt: string;
surname: string; firstname: string;
account_created: string; surname: string;
blocked_users: string; account_created: string;
followers: string; blocked_users: string;
following: string; followers: string;
contacts: string; following: string;
contacts: string;
} }
interface Comments { interface Comments {
comment_id: number; comment_id: number;
post_id: number; post_id: number;
author_user_id: number; author_user_id: number;
date_created_at: string; date_created_at: string;
text: string; text: string;
likes: number; likes: number;
} }
// +++ Helper ------------------------------------------------------ // // +++ Helper ------------------------------------------------------ //
function mapPostRow(row: Row): Post { function mapPostRow(row: Row): Post {
const [posts_uuid, user_id, created_at, post_text, likes, comments] = row; const [posts_uuid, user_id, created_at, post_text, likes, comments] = row;
return { return {
posts_uuid: Number(posts_uuid), posts_uuid: Number(posts_uuid),
user_id: Number(user_id), user_id: Number(user_id),
created_at: String(created_at), created_at: String(created_at),
post_text: String(post_text), post_text: String(post_text),
likes: Number(likes), likes: Number(likes),
comments: Number(comments), comments: Number(comments),
}; };
} }
function mapAccountRow(row: Row): Accounts { function mapAccountRow(row: Row): Accounts {
const [ const [
user_id, user_id,
user_group, user_group,
bio, bio,
displayname, displayname,
username, username,
user_email, user_email,
password, password,
firstname, password_salt,
surname, firstname,
account_created, surname,
blocked_users, account_created,
followers, blocked_users,
following, followers,
contacts, following,
] = row; contacts,
return { ] = row;
user_id: Number(user_id), return {
user_group: String(user_group), user_id: Number(user_id),
bio: String(bio), user_group: String(user_group),
displayname: String(displayname), bio: String(bio),
username: String(username), displayname: String(displayname),
user_email: String(user_email), username: String(username),
password: String(password), user_email: String(user_email),
firstname: String(firstname), password: String(password),
surname: String(surname), password_salt: String(password_salt),
account_created: String(account_created), firstname: String(firstname),
blocked_users: String(blocked_users), surname: String(surname),
followers: String(followers), account_created: String(account_created),
following: String(following), blocked_users: String(blocked_users),
contacts: String(contacts), followers: String(followers),
}; following: String(following),
contacts: String(contacts),
};
} }
function mapCommentRow(row: Row): Comments { function mapCommentRow(row: Row): Comments {
const [ const [
comment_id, comment_id,
post_id, post_id,
author_user_id, author_user_id,
date_created_at, date_created_at,
text, text,
likes, likes,
] = row; ] = row;
return { return {
comment_id: Number(comment_id), comment_id: Number(comment_id),
post_id: Number(post_id), post_id: Number(post_id),
author_user_id: Number(author_user_id), author_user_id: Number(author_user_id),
date_created_at: String(date_created_at), date_created_at: String(date_created_at),
text: String(text), text: String(text),
likes: Number(likes), likes: Number(likes),
}; };
} }
// "T" is a generic type, it can be anything and makes the function "flexible"(?) // "T" is a generic type, it can be anything and makes the function "flexible"(?)
async function queryDatabase<T>(query: string, params: any[], mapRow: (row: Row) => T,): Promise<T[]> { async function queryDatabase<T>(
const results: T[] = []; query: string,
try { params: any[],
const rows = await db.query(query, params); mapRow: (row: Row) => T,
for (const row of rows) { ): Promise<T[]> {
results.push(mapRow(row)); const results: T[] = [];
} try {
} catch (error) { const rows = await db.query(query, params);
console.error("Database query error:", error); for (const row of rows) {
results.push(mapRow(row));
} }
return results; } catch (error) {
console.error("Database query error:", error);
}
return results;
} }
// +++ FUNCTIONS --------------------------------------------------- // // +++ FUNCTIONS --------------------------------------------------- //
@@ -144,11 +150,11 @@ async function queryDatabase<T>(query: string, params: any[], mapRow: (row: Row)
* @file ./create_db.ts * @file ./create_db.ts
*/ */
function insertSamples(): void { function insertSamples(): void {
db_create.insertSampleData(); db_create.insertSampleData();
} }
function createDatabaseIfNotExist(): void { function createDatabaseIfNotExist(): void {
db_create.createDatabase(); db_create.createDatabase();
} }
/** /**
@@ -158,30 +164,30 @@ function createDatabaseIfNotExist(): void {
* @returns Array of all Posts in the Database * @returns Array of all Posts in the Database
*/ */
async function getPostsFromDB(user_uuid?: string): Promise<Post[]> { async function getPostsFromDB(user_uuid?: string): Promise<Post[]> {
const query = user_uuid const query = user_uuid
? `SELECT * FROM posts WHERE user_id = ?` ? `SELECT * FROM posts WHERE user_id = ?`
: `SELECT * FROM posts`; : `SELECT * FROM posts`;
const params = user_uuid ? [user_uuid] : []; const params = user_uuid ? [user_uuid] : [];
return await queryDatabase<Post>(query, params, mapPostRow); return await queryDatabase<Post>(query, params, mapPostRow);
} }
/** /**
* @returns Array of all Users in the Database * @returns Array of all Users in the Database
*/ */
async function getAllUsersFromDB(): Promise<Accounts[]> { async function getAllUsersFromDB(): Promise<Accounts[]> {
const query = `SELECT * FROM accounts`; const query = `SELECT * FROM accounts`;
return await queryDatabase<Accounts>(query, [], mapAccountRow); return await queryDatabase<Accounts>(query, [], mapAccountRow);
} }
/** /**
* @param username * @param username
* @returns Returns the Accounts for the User with the given username * @returns Returns the Accounts for the User with the given username
*/ */
async function getUserByUsername(username: string): Promise<Accounts> { async function getUserByUsername(username: string): Promise<Accounts> {
const query = `SELECT * FROM accounts WHERE user_username = '${username}'`; const query = `SELECT * FROM accounts WHERE user_username = '${username}'`;
const params:string[] = []; const params: string[] = [];
const result = await queryDatabase<Accounts>(query, params, mapAccountRow); const result = await queryDatabase<Accounts>(query, params, mapAccountRow);
return result[0]; return result[0];
} }
/** /**
@@ -191,11 +197,11 @@ async function getUserByUsername(username: string): Promise<Accounts> {
* @returns Array of Comments for the Post, or an empty Array if there are no Comments * @returns Array of Comments for the Post, or an empty Array if there are no Comments
*/ */
async function getCommentsFromDB(post_id?: number): Promise<Comments[]> { async function getCommentsFromDB(post_id?: number): Promise<Comments[]> {
const query = post_id const query = post_id
? `SELECT * FROM comments WHERE post_id = ?` ? `SELECT * FROM comments WHERE post_id = ?`
: `SELECT * FROM comments`; : `SELECT * FROM comments`;
const params = post_id ? [post_id] : []; const params = post_id ? [post_id] : [];
return await queryDatabase<Comments>(query, params, mapCommentRow); return await queryDatabase<Comments>(query, params, mapCommentRow);
} }
/** /**
@@ -203,7 +209,7 @@ async function getCommentsFromDB(post_id?: number): Promise<Comments[]> {
* @returns Array of Comments for the Comment, or an empty Array if there are no Comments * @returns Array of Comments for the Comment, or an empty Array if there are no Comments
*/ */
function getCommentsForComments(comment_id: number) { function getCommentsForComments(comment_id: number) {
// Will be rewritten to use the queryDatabase function // Will be rewritten to use the queryDatabase function
} }
/** /**
@@ -213,7 +219,7 @@ function getCommentsForComments(comment_id: number) {
* Might be required for Administrating the User * Might be required for Administrating the User
*/ */
async function getAllUserInfoByID(user_id: string) { async function getAllUserInfoByID(user_id: string) {
// Will be rewritten to use the queryDatabase function // Will be rewritten to use the queryDatabase function
} }
/** /**
@@ -222,47 +228,79 @@ async function getAllUserInfoByID(user_id: string) {
*/ */
// Filter Functions, Not yet implemented // Filter Functions, Not yet implemented
function filterForImagePosts(posts_to_filter: Array<any>) { function filterForImagePosts(posts_to_filter: Array<any>) {
return []; return [];
} }
function filterForVideoPosts(posts_to_filter: Array<any>) { function filterForVideoPosts(posts_to_filter: Array<any>) {
return []; return [];
} }
function filterForTextPosts(posts_to_filter: Array<any>) { function filterForTextPosts(posts_to_filter: Array<any>) {
return []; return [];
} }
// Register/Login/User // Register/Login/User
/** /**
* @param user The name of the User to add * @param user The username of the User to add
* @param password The password of the User to add * @param password The hashed password of the User to add
* @returns Array of Posts from the User, or an empty Array if the User doesn't exist or has no Posts * @param salt The salt used for the password
* @returns "noUser" if user exists, "newUser" if registration successful
*/ */
function registerUser (user: string, password: string, userGroup: string, displayname: string, user_email: string, firstname: string, surname: string, account_created: string): string { function registerUser(
const query_user_exists = `SELECT * FROM accounts WHERE user_username = '${user}'`; user: string,
if (!query_user_exists) { password: string,
return "noUser"; salt: string,
} userGroup: string,
displayname: string,
user_email: string,
firstname: string,
surname: string,
account_created: string,
): string {
const query_user_exists =
`SELECT * FROM accounts WHERE user_username = '${user}'`;
if (!query_user_exists) {
return "noUser";
}
const query_add_user = `INSERT INTO accounts (user_username, password, user_group, user_displayname, user_email, firstname, surname, account_created) VALUES ('${user}', '${password}', '${userGroup}', '${displayname}', '${user_email}', '${firstname}', '${surname}', '${account_created}')`; const query_add_user = `
db.query(query_add_user); INSERT INTO accounts (
console.log(`New user: ${user}`) user_username,
password,
password_salt,
user_group,
user_displayname,
user_email,
firstname,
surname,
account_created
) VALUES (
'${user}',
'${password}',
'${salt}',
'${userGroup}',
'${displayname}',
'${user_email}',
'${firstname}',
'${surname}',
'${account_created}'
)`;
db.query(query_add_user);
console.log(`New user: ${user}`);
return "newUser"; return "newUser";
} }
// Exporting all functions as this is a module // Exporting all functions as this is a module
export { export {
registerUser, createDatabaseIfNotExist,
createDatabaseIfNotExist, getAllUserInfoByID,
getAllUserInfoByID, getAllUsersFromDB,
getAllUsersFromDB, getCommentsForComments,
getUserByUsername, getCommentsFromDB,
getCommentsForComments, getPostsFromDB,
getCommentsFromDB, getUserByUsername,
getPostsFromDB, insertSamples,
insertSamples, registerUser,
}; };