remove user admin routes

2024-02-19 23:24:28 +01:00 · 2024-02-19 23:24:28 +01:00 · c22a7f0e99
commit c22a7f0e99
parent 4fdfacd7be
4 changed files with 0 additions and 146 deletions
--- a/src/routes/api/user/admin/users/+server.ts
+++ b/src/routes/api/user/admin/users/+server.ts
@ -1,23 +0,0 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { error } from '@sveltejs/kit';
 import { dbConnect, dbDisconnect } from '../../../../../utils/db';
 import { User } from '../../../../../models/User';
 import { get_username } from '$lib/js/get_username';
 // header: use for bearer token for now
 // recipe json in body
 export const POST: RequestHandler = async ({cookies}) => {
 	const requesting_user = await get_username(cookies)
 	await dbConnect()
 	let res = await User.findOne({username: requesting_user}, 'access').lean()
 	if(!res.access.contains("admin")){
 		await dbDisconnect()
 		throw error(401, {message: "Your user does not have the permissions to do this"})
 	}
 	else{
 		let res = await User.find({}, 'username access').lean()
 		await dbDisconnect()
 		return { res }
 	}
 };
--- a/src/routes/api/user/change_pw/+server.ts
+++ b/src/routes/api/user/change_pw/+server.ts
@ -1,36 +0,0 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { error } from '@sveltejs/kit';
 import { verify }  from 'argon2';
 import { hashPassword } from '$lib/js/hashPassword'
 import {randomBytes} from 'crypto'
 import { PEPPER } from '$env/static/private';
 import { User } from '../../../../models/User';
 import { dbConnect, dbDisconnect } from '../../../../utils/db';
 // header: use for bearer token for now
 // recipe json in body
 export const POST: RequestHandler = async ({request}) => {
 	const {username, old_password, new_password, new_password_rep} = await request.json()
  if(new_password != new_password_rep){
    throw error(400, 'new passwords do not match!')
  }
 	await dbConnect();
 	const user = await User.findOne({username: username});
  console.log("Found user:", user)
  const isMatch = await verify(user.pass_hash, old_password + PEPPER, {salt: user.salt})
  console.log("isMatch:", isMatch)
  if(isMatch){
 		const salt = randomBytes(32).toString('hex'); // Generate a random salt
    const pass_hash = await hashPassword(new_password + PEPPER, salt)
    await User.findOneAndUpdate({username: username}, {pass_hash: pass_hash, salt: salt})
    await dbDisconnect()
 	  return new Response(JSON.stringify({message: "Password updated successfully"}),
                        {status: 200})
  }
  else{
 	  await dbDisconnect();
    throw error(401, "Wrong old password")
 	}
 };
--- a/src/routes/api/user/login/+server.ts
+++ b/src/routes/api/user/login/+server.ts
@ -1,46 +0,0 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { error } from '@sveltejs/kit';
 import pkg from 'jsonwebtoken';
 const { sign } = pkg;
 import { verify} from 'argon2';
 import { COOKIE_SECRET } from '$env/static/private'
 import { PEPPER } from '$env/static/private'
 import { dbConnect, dbDisconnect } from '../../../../utils/db';
 import { User } from '../../../../models/User';
 // header: use for bearer token for now
 // recipe json in body
 export const POST: RequestHandler = async ({request}) => {
 	const {username, password} = await request.json()
 	await dbConnect()
 	let res = await User.findOne({username: username}, 'pass_hash salt').lean()
 	await dbDisconnect()
 	if(!res){
 		console.log("NOT FOUND")
 		throw error(401, {message: "wrong password or user does not exist"})
 	}
 	const stored_pw = res.pass_hash
 	const salt = res.salt
 	const isMatch = await verify(stored_pw, password + PEPPER, {salt})
 	if(!isMatch){
 		throw error(401, {message: "wrong password or user does not exist"})
 	}
 	res = await createJWT(username)
 	return new Response(JSON.stringify(res))
 };
 async function createJWT(username) {
 	const payload = {
  	  username: username,
  	};
  	const masterSecret = COOKIE_SECRET;
  	const secretKey = masterSecret;
  	const jwt = sign(payload, secretKey);
 	console.log(jwt)
  	return jwt
 }
--- a/src/routes/api/user/register/+server.ts
+++ b/src/routes/api/user/register/+server.ts
@ -1,41 +0,0 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { error } from '@sveltejs/kit';
 import { randomBytes } from 'crypto';
 import { ALLOW_REGISTRATION } from '$env/static/private';
 import { PEPPER } from '$env/static/private';
 import {hashPassword} from '$lib/js/hashPassword'
 import { User } from '../../../../models/User';
 import { dbConnect, dbDisconnect } from '../../../../utils/db';
 // header: use for bearer token for now
 // recipe json in body
 export const POST: RequestHandler = async ({request}) => {
 	if(ALLOW_REGISTRATION){
 		const {username, password} = await request.json()
 		const salt = randomBytes(32).toString('hex'); // Generate a random salt
 		const pass_hash =  await hashPassword(password + PEPPER, salt)
 		await dbConnect();
 		try{
 			await User.create({
 					username: username,
 					pass_hash: pass_hash,
 					salt: salt,
 					access: [],
 			})
 		}catch(e){
 			await dbDisconnect();
 			throw error(400, e);
 		}
 		await dbDisconnect();
 		return new Response(JSON.stringify({message: "User added successfully"}),
 				    	{status: 200}
 			);
 	}
 	else{
 		throw error(401, "user registration currently closed")
 	}
 };