code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

added /api/getalluserinformation endpoint

Browse Source 
new endpoint shows all user information that is being stored
This commit is contained in:
Mystikfluu 2022-06-02 22:47:28 +02:00
parent 543c86072f
commit 00e5ed3c21
1 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
server.js
View File

@ -153,6 +153,18 @@ function unsign(text,req,res) {
return unsigned return unsigned
} }
function getunsigned(req,res) {
let cookie = req.cookies.AUTH_COOKIE
if(!cookie){
res.status(400)
res.json({"error":"you are not logged in! (no cookie)"})
return
}
let unsigned = unsign(cookie,req,res)
if(!unsigned)return
return decodeURIComponent(unsigned)
}
var API_CALLS = {} var API_CALLS = {}
var USER_CALLS = {} var USER_CALLS = {}
var SESSIONS = {} var SESSIONS = {}
@ -252,15 +264,8 @@ START /API/*
router.use("/api/*",async function(req,res,next) { router.use("/api/*",async function(req,res,next) {
if(!increaseAPICall(req,res))return; if(!increaseAPICall(req,res))return;
let cookie = req.cookies.AUTH_COOKIE let unsigned = getunsigned(req,res)
if(!cookie){
res.status(400)
res.json({"error":"you are not logged in! (no cookie)"})
return
}
let unsigned = unsign(cookie,req,res)
if(!unsigned)return if(!unsigned)return
unsigned = decodeURIComponent(unsigned)
let sql = `select User_Name,User_Bio from zerotwohub.users where User_Name=? and User_PW=?;` let sql = `select User_Name,User_Bio from zerotwohub.users where User_Name=? and User_PW=?;`
let values = unsigned.split(" ") let values = unsigned.split(" ")
values[1] = SHA256(values[1],values[0],HASHES_DIFF) values[1] = SHA256(values[1],values[0],HASHES_DIFF)
@ -283,6 +288,26 @@ router.get("/api/getuser",async function(req,res) {
res.json({"username":res.locals.username,"bio":res.locals.bio}) res.json({"username":res.locals.username,"bio":res.locals.bio})
}) })
router.get("/api/getalluserinformation",async function(req,res) {
let unsigned = getunsigned(req,res)
if(!unsigned)return
unsigned = decodeURIComponent(unsigned)
let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;`
let values = unsigned.split(" ")
values[1] = SHA256(values[1],values[0],HASHES_DIFF)
values[0] = b64(values[0])
con.query(sql, values, function (err, result) {
if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == values[0]) {
res.status(200)
res.json(result[0])
} else {
res.status(400)
res.json({"error":"you cannot access the api without being logged in"})
}
});
})
router.get("/api/getotheruser",async function(req,res) { router.get("/api/getotheruser",async function(req,res) {
//already counted due to the /api/* handler //already counted due to the /api/* handler
let username = b64(req.query.user) let username = b64(req.query.user)