diff --git a/src/routes/api/user/admin/users/+server.ts b/src/routes/api/user/admin/users/+server.ts deleted file mode 100644 index 0926f05..0000000 --- a/src/routes/api/user/admin/users/+server.ts +++ /dev/null @@ -1,23 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; - -import { dbConnect, dbDisconnect } from '../../../../../utils/db'; -import { User } from '../../../../../models/User'; -import { get_username } from '$lib/js/get_username'; - -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({cookies}) => { - const requesting_user = await get_username(cookies) - await dbConnect() - let res = await User.findOne({username: requesting_user}, 'access').lean() - if(!res.access.contains("admin")){ - await dbDisconnect() - throw error(401, {message: "Your user does not have the permissions to do this"}) - } - else{ - let res = await User.find({}, 'username access').lean() - await dbDisconnect() - return { res } - } -}; diff --git a/src/routes/api/user/change_pw/+server.ts b/src/routes/api/user/change_pw/+server.ts deleted file mode 100644 index ecdf129..0000000 --- a/src/routes/api/user/change_pw/+server.ts +++ /dev/null @@ -1,36 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import { verify } from 'argon2'; -import { hashPassword } from '$lib/js/hashPassword' -import {randomBytes} from 'crypto' - -import { PEPPER } from '$env/static/private'; - -import { User } from '../../../../models/User'; -import { dbConnect, dbDisconnect } from '../../../../utils/db'; - -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request}) => { - const {username, old_password, new_password, new_password_rep} = await request.json() - if(new_password != new_password_rep){ - throw error(400, 'new passwords do not match!') - } - await dbConnect(); - const user = await User.findOne({username: username}); - console.log("Found user:", user) - const isMatch = await verify(user.pass_hash, old_password + PEPPER, {salt: user.salt}) - console.log("isMatch:", isMatch) - if(isMatch){ - const salt = randomBytes(32).toString('hex'); // Generate a random salt - const pass_hash = await hashPassword(new_password + PEPPER, salt) - await User.findOneAndUpdate({username: username}, {pass_hash: pass_hash, salt: salt}) - await dbDisconnect() - return new Response(JSON.stringify({message: "Password updated successfully"}), - {status: 200}) - } - else{ - await dbDisconnect(); - throw error(401, "Wrong old password") - } -}; diff --git a/src/routes/api/user/login/+server.ts b/src/routes/api/user/login/+server.ts deleted file mode 100644 index e5e24d5..0000000 --- a/src/routes/api/user/login/+server.ts +++ /dev/null @@ -1,46 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import pkg from 'jsonwebtoken'; -const { sign } = pkg; -import { verify} from 'argon2'; -import { COOKIE_SECRET } from '$env/static/private' -import { PEPPER } from '$env/static/private' - -import { dbConnect, dbDisconnect } from '../../../../utils/db'; -import { User } from '../../../../models/User'; - -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request}) => { - const {username, password} = await request.json() - await dbConnect() - let res = await User.findOne({username: username}, 'pass_hash salt').lean() - await dbDisconnect() - if(!res){ - console.log("NOT FOUND") - throw error(401, {message: "wrong password or user does not exist"}) - } - - const stored_pw = res.pass_hash - const salt = res.salt - - const isMatch = await verify(stored_pw, password + PEPPER, {salt}) - if(!isMatch){ - throw error(401, {message: "wrong password or user does not exist"}) - } - - res = await createJWT(username) - return new Response(JSON.stringify(res)) -}; - -async function createJWT(username) { - const payload = { - username: username, - }; - - const masterSecret = COOKIE_SECRET; - const secretKey = masterSecret; - const jwt = sign(payload, secretKey); - console.log(jwt) - return jwt -} diff --git a/src/routes/api/user/register/+server.ts b/src/routes/api/user/register/+server.ts deleted file mode 100644 index 9bc0b6d..0000000 --- a/src/routes/api/user/register/+server.ts +++ /dev/null @@ -1,41 +0,0 @@ -import type { RequestHandler } from '@sveltejs/kit'; -import { error } from '@sveltejs/kit'; -import { randomBytes } from 'crypto'; -import { ALLOW_REGISTRATION } from '$env/static/private'; -import { PEPPER } from '$env/static/private'; -import {hashPassword} from '$lib/js/hashPassword' - -import { User } from '../../../../models/User'; -import { dbConnect, dbDisconnect } from '../../../../utils/db'; - -// header: use for bearer token for now -// recipe json in body -export const POST: RequestHandler = async ({request}) => { - if(ALLOW_REGISTRATION){ - const {username, password} = await request.json() - const salt = randomBytes(32).toString('hex'); // Generate a random salt - - const pass_hash = await hashPassword(password + PEPPER, salt) - await dbConnect(); - try{ - await User.create({ - username: username, - pass_hash: pass_hash, - salt: salt, - access: [], - }) - }catch(e){ - await dbDisconnect(); - throw error(400, e); - } - await dbDisconnect(); - return new Response(JSON.stringify({message: "User added successfully"}), - {status: 200} - ); - } - else{ - throw error(401, "user registration currently closed") - } - - -};