From 2a1f82b374b4186a79dbe4cfa934891754371fd3 Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Sat, 11 Jun 2022 12:08:20 +0200
Subject: [PATCH] added changeUsername api endpoint

---
 server.js | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 0031b11..dd76a87 100644
--- a/server.js
+++ b/server.js
@@ -508,6 +508,59 @@ router.post("/api/changePW", async function(req,res) {
   setTimeout(function(){if(!sent_res)res.json({"error":"timeout"})},3000);
 })
 
+router.post("/api/changeUsername", async function(req,res) {
+  if((typeof req.body.newUsername) != "string") {
+    res.json({"error":"incorrect username"})
+    return
+  }
+  if((typeof req.body.currentPW) != "string") {
+    res.json({"error":"incorrect password..."})
+    console.log(typeof req.body.currentPW);
+    return
+  }
+  if(100 < req.body.newUsername.length) {
+    res.status(400)
+    res.json({"error":"username is too long"})
+    return
+  }
+
+  if(req.body.newUsername == res.locals.username) {
+    res.status(400)
+    res.json({"error":"username can't be the current one"})
+    return
+  }
+
+  let hashed_pw = SHA256(req.body.currentPW,res.locals.username,HASHES_DB)
+  let hashed_new_pw = SHA256(req.body.currentPW,req.body.newUsername,HASHES_DB)
+
+  let sql = `select * from zerotwohub.users where User_Name=?;`
+  let values = [res.locals.username]
+  con.query(sql, values, function (err, result) {
+    if (err) throw err;
+    if(result[0] && result[0].User_PW == hashed_pw) {
+      let sql = `update zerotwohub.users set User_PW=?,User_Name=? where User_Name=? and User_PW=?;`
+      let values = [hashed_new_pw,req.body.newUsername,res.locals.username,hashed_pw]
+      con.query(sql, values, function (err, result) {
+        if (err) throw err;
+        let ip = req.socket.remoteAddress
+        let setTo = req.body.newUsername + " " + SHA256(req.body.currentPW,req.body.newUsername,HASHES_COOKIE)
+        let cookiesigned = signature.sign(setTo, cookiesecret+ip);
+        res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
+        //updated username in the users table, but not yet on posts
+        let sql = `update zerotwohub.posts set post_user_name=? where post_user_name=?;`
+        let values = [req.body.newUsername,res.locals.username,hashed_pw]
+        con.query(sql, values, function (err, result) {
+          res.json({"success":"successfully changed username"})
+        });
+
+      })
+    } else {
+      res.json({"error":"invalid password"})
+      console.log(result);
+    }
+  });
+})
+
 
 
 
@@ -673,7 +726,7 @@ router.post("/login",async function(req,res) {
 
   let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;`
   con.query(userexistssql,[encodeURIComponent(username),hashed_pw],function(error,result) {
-    if(result && result[0] && result[0].User_Name && result[0].User_Name==encodeURIComponent(username) && result[0].User_PW && result[0].User_PW == hashed_pw) {
+    if(result && result[0]) {
       let ip = req.socket.remoteAddress
       let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);