feat: Add invite token-based user registration and an admin interface for token management.
This commit is contained in:
x
76
src/inc/routes/register.mjs
Normal file
76
src/inc/routes/register.mjs
Normal file
@@ -0,0 +1,76 @@
|
||||
import db from "../sql.mjs";
|
||||
import lib from "../lib.mjs";
|
||||
|
||||
export default (router, tpl) => {
|
||||
router.get(/^\/register(\/)?$/, async (req, res) => {
|
||||
if (req.cookies.session) {
|
||||
return res.writeHead(302, { "Location": "/" }).end();
|
||||
}
|
||||
res.reply({
|
||||
body: tpl.render("register", { theme: req.cookies.theme ?? "f0ck" })
|
||||
});
|
||||
});
|
||||
|
||||
router.post(/^\/register(\/)?$/, async (req, res) => {
|
||||
const { username, password, password_confirm, token } = req.post;
|
||||
|
||||
const renderError = (msg) => {
|
||||
return res.reply({
|
||||
body: tpl.render("register", { theme: req.cookies.theme ?? "f0ck", error: msg })
|
||||
});
|
||||
};
|
||||
|
||||
if (!username || !password || !token) return renderError("All fields are required");
|
||||
if (password !== password_confirm) return renderError("Passwords do not match");
|
||||
if (username.length < 3) return renderError("Username too short");
|
||||
|
||||
// Check token
|
||||
const tokenRow = await db`
|
||||
select * from invite_tokens where token = ${token} and is_used = false
|
||||
`;
|
||||
|
||||
if (tokenRow.length === 0) {
|
||||
return renderError("Invalid or used invite token");
|
||||
}
|
||||
|
||||
// Check user existence
|
||||
const existing = await db`select id from "user" where "login" = ${username.toLowerCase()}`;
|
||||
if (existing.length > 0) return renderError("Username taken");
|
||||
|
||||
// Create User
|
||||
const hash = await lib.hash(password);
|
||||
const ts = ~~(Date.now() / 1e3);
|
||||
|
||||
// Note: Creating user. Assuming columns based on typical structure.
|
||||
// Need to check 'user' table columns to be safe, but usually: login, password, user (display name), created_at, admin
|
||||
// I'll assume 'user' is display name and 'login' is lowercase
|
||||
|
||||
const newUser = await db`
|
||||
insert into "user" ("login", "password", "user", "created_at", "admin")
|
||||
values (${username.toLowerCase()}, ${hash}, ${username}, ${ts}, false)
|
||||
returning id
|
||||
`;
|
||||
const userId = newUser[0].id;
|
||||
|
||||
// Mark token used
|
||||
await db`
|
||||
update invite_tokens
|
||||
set is_used = true, used_by = ${userId}
|
||||
where id = ${tokenRow[0].id}
|
||||
`;
|
||||
|
||||
// Get a valid avatar ID (default to 1 or whatever exists)
|
||||
const avatarRow = await db`select id from items limit 1`;
|
||||
const avatarId = avatarRow.length > 0 ? avatarRow[0].id : 1; // Fallback to 1, though checking length is safer
|
||||
|
||||
await db`
|
||||
insert into user_options (user_id, mode, theme, fullscreen, avatar)
|
||||
values (${userId}, 0, 'f0ck', 0, ${avatarId})
|
||||
`;
|
||||
|
||||
// Redirect to login
|
||||
return res.writeHead(302, { "Location": "/login" }).end();
|
||||
});
|
||||
|
||||
return router;
|
||||
};
|
||||
Reference in New Issue
Block a user