added changeUsername api endpoint

2022-06-11 12:08:20 +02:00 · 2022-06-11 12:08:20 +02:00 · 2a1f82b374
commit 2a1f82b374
parent acf89d59f0
1 changed files with 54 additions and 1 deletions
--- a/server.js
+++ b/server.js
@ -508,6 +508,59 @@ router.post("/api/changePW", async function(req,res) {
  setTimeout(function(){if(!sent_res)res.json({"error":"timeout"})},3000);
 })

+router.post("/api/changeUsername", async function(req,res) {
+  if((typeof req.body.newUsername) != "string") {
+    res.json({"error":"incorrect username"})
+    return
+  }
+  if((typeof req.body.currentPW) != "string") {
+    res.json({"error":"incorrect password..."})
+    console.log(typeof req.body.currentPW);
+    return
+  }
+  if(100 < req.body.newUsername.length) {
+    res.status(400)
+    res.json({"error":"username is too long"})
+    return
+  }
+
+  if(req.body.newUsername == res.locals.username) {
+    res.status(400)
+    res.json({"error":"username can't be the current one"})
+    return
+  }
+
+  let hashed_pw = SHA256(req.body.currentPW,res.locals.username,HASHES_DB)
+  let hashed_new_pw = SHA256(req.body.currentPW,req.body.newUsername,HASHES_DB)
+
+  let sql = `select * from zerotwohub.users where User_Name=?;`
+  let values = [res.locals.username]
+  con.query(sql, values, function (err, result) {
+    if (err) throw err;
+    if(result[0] && result[0].User_PW == hashed_pw) {
+      let sql = `update zerotwohub.users set User_PW=?,User_Name=? where User_Name=? and User_PW=?;`
+      let values = [hashed_new_pw,req.body.newUsername,res.locals.username,hashed_pw]
+      con.query(sql, values, function (err, result) {
+        if (err) throw err;
+        let ip = req.socket.remoteAddress
+        let setTo = req.body.newUsername + " " + SHA256(req.body.currentPW,req.body.newUsername,HASHES_COOKIE)
+        let cookiesigned = signature.sign(setTo, cookiesecret+ip);
+        res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
+        //updated username in the users table, but not yet on posts
+        let sql = `update zerotwohub.posts set post_user_name=? where post_user_name=?;`
+        let values = [req.body.newUsername,res.locals.username,hashed_pw]
+        con.query(sql, values, function (err, result) {
+          res.json({"success":"successfully changed username"})
+        });
+
+      })
+    } else {
+      res.json({"error":"invalid password"})
+      console.log(result);
+    }
+  });
+})
+



@ -673,7 +726,7 @@ router.post("/login",async function(req,res) {

  let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;`
  con.query(userexistssql,[encodeURIComponent(username),hashed_pw],function(error,result) {
-    if(result && result[0] && result[0].User_Name && result[0].User_Name==encodeURIComponent(username) && result[0].User_PW && result[0].User_PW == hashed_pw) {
+    if(result && result[0]) {
      let ip = req.socket.remoteAddress
      let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
      let cookiesigned = signature.sign(setTo, cookiesecret+ip);