f0bm/src/inc/routes/register.mjs

import db from "../sql.mjs";
import lib from "../lib.mjs";

export default (router, tpl) => {
    router.get(/^\/register(\/)?$/, async (req, res) => {
        if (req.cookies.session) {
            return res.writeHead(302, { "Location": "/" }).end();
        }
        res.reply({
            body: tpl.render("register", { theme: req.cookies.theme ?? "f0ck" })
        });
    });

    router.post(/^\/register(\/)?$/, async (req, res) => {
        const { username, password, password_confirm, token } = req.post;

        const renderError = (msg) => {
            return res.reply({
                body: tpl.render("register", { theme: req.cookies.theme ?? "f0ck", error: msg })
            });
        };

        if (!username || !password || !token) return renderError("All fields are required");
        if (password !== password_confirm) return renderError("Passwords do not match");
        if (username.length < 3) return renderError("Username too short");

        // Password complexity check
        if (password.length < 20) return renderError("Password must be at least 20 characters long");

        // Check token
        const tokenRow = await db`
        select * from invite_tokens where token = ${token} and is_used = false
    `;

        if (tokenRow.length === 0) {
            return renderError("Invalid or used invite token");
        }

        // Check user existence
        const existing = await db`select id from "user" where "login" = ${username.toLowerCase()}`;
        if (existing.length > 0) return renderError("Username taken");

        // Create User
        const hash = await lib.hash(password);
        const ts = ~~(Date.now() / 1e3);

        // Note: Creating user. Assuming columns based on typical structure.
        // Need to check 'user' table columns to be safe, but usually: login, password, user (display name), created_at, admin
        // I'll assume 'user' is display name and 'login' is lowercase

        const newUser = await db`
        insert into "user" ("login", "password", "user", "created_at", "admin")
        values (${username.toLowerCase()}, ${hash}, ${username}, to_timestamp(${ts}), false)
        returning id
    `;
        const userId = newUser[0].id;

        // Mark token used
        await db`
        update invite_tokens 
        set is_used = true, used_by = ${userId}
        where id = ${tokenRow[0].id}
    `;

        // Get a valid avatar ID (default to 1)
        const avatarRow = await db`select id from items where id = 1`;
        const avatarId = avatarRow.length > 0 ? 1 : (await db`select id from items limit 1`)[0].id;

        await db`
        insert into user_options (user_id, mode, theme, fullscreen, avatar)
        values (${userId}, 3, 'amoled', 0, ${avatarId})
    `;

        // Redirect to home with login success message
        return res.writeHead(302, { "Location": "/?login=success" }).end();
    });

    return router;
};