@vandenberghinc/volt 1.1.26 → 1.1.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/backend/dist/cjs/{blacklist.d.ts → backend/src/blacklist.d.ts} +5 -3
- package/backend/dist/cjs/{blacklist.js → backend/src/blacklist.js} +8 -5
- package/backend/dist/cjs/{cli.js → backend/src/cli.js} +29 -47
- package/backend/dist/cjs/backend/src/database/collection.d.ts +1543 -0
- package/backend/dist/cjs/backend/src/database/collection.js +3042 -0
- package/backend/dist/cjs/backend/src/database/database.d.ts +66 -0
- package/backend/dist/cjs/{database → backend/src/database}/database.js +48 -43
- package/backend/dist/cjs/backend/src/database/filters/filters.d.ts +6 -0
- package/backend/dist/cjs/backend/src/database/filters/filters.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter.d.ts +223 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_test.js +443 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_test_v0.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v0.d.ts +50 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v0.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v1.d.ts +76 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v1.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v2.d.ts +75 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v2.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v3.d.ts +219 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_filter_v3.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_update_filter.d.ts +165 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_update_filter.js +15 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_update_filter_test.d.ts +5 -0
- package/backend/dist/cjs/backend/src/database/filters/strict_update_filter_test.js +355 -0
- package/backend/dist/cjs/backend/src/database/flatten.d.ts +75 -0
- package/backend/dist/cjs/{logger.js → backend/src/database/flatten.js} +18 -7
- package/backend/dist/cjs/backend/src/database/flatten_test.js +175 -0
- package/backend/dist/cjs/backend/src/database/quota/quota.d.ts +461 -0
- package/backend/dist/cjs/backend/src/database/quota/quota.js +1014 -0
- package/backend/dist/cjs/backend/src/database/quota/quota_v1.d.ts +534 -0
- package/backend/dist/cjs/backend/src/database/quota/quota_v1.js +1087 -0
- package/backend/dist/cjs/backend/src/database/quota/safe_int.d.ts +293 -0
- package/backend/dist/cjs/backend/src/database/quota/safe_int.js +573 -0
- package/backend/dist/{esm → cjs/backend/src}/endpoint.d.ts +69 -46
- package/backend/dist/cjs/{endpoint.js → backend/src/endpoint.js} +87 -101
- package/backend/dist/cjs/backend/src/errors/index.d.ts +7 -0
- package/backend/dist/cjs/backend/src/errors/index.js +25 -0
- package/backend/dist/{esm/utils.d.ts → cjs/backend/src/errors/internal_external.d.ts} +14 -22
- package/backend/dist/cjs/backend/src/errors/internal_external.js +85 -0
- package/backend/dist/cjs/backend/src/errors/invalid_usage_error.d.ts +38 -0
- package/backend/dist/cjs/{mutex.js → backend/src/errors/invalid_usage_error.js} +20 -37
- package/backend/dist/cjs/backend/src/errors/system_error.d.ts +230 -0
- package/backend/dist/cjs/backend/src/errors/system_error.js +393 -0
- package/backend/dist/cjs/backend/src/events.d.ts +54 -0
- package/backend/dist/cjs/backend/src/events.js +15 -0
- package/backend/dist/cjs/{frontend.js → backend/src/frontend.js} +1 -1
- package/backend/dist/cjs/{image_endpoint.d.ts → backend/src/image_endpoint.d.ts} +16 -1
- package/backend/dist/cjs/{image_endpoint.js → backend/src/image_endpoint.js} +3 -5
- package/backend/dist/cjs/backend/src/logger.d.ts +5 -0
- package/backend/dist/cjs/backend/src/logger.js +15 -0
- package/backend/dist/cjs/backend/src/meta.d.ts +64 -0
- package/backend/dist/cjs/{meta.js → backend/src/meta.js} +9 -12
- package/backend/dist/cjs/backend/src/payments/paddle.d.ts +326 -0
- package/backend/dist/cjs/{payments → backend/src/payments}/paddle.js +377 -327
- package/backend/dist/cjs/backend/src/plugins/browser.d.ts +1 -0
- package/backend/dist/cjs/backend/src/plugins/browser.js +15 -0
- package/backend/dist/cjs/backend/src/plugins/mail/mail.d.ts +248 -0
- package/backend/dist/cjs/backend/src/plugins/mail/mail.js +379 -0
- package/backend/dist/{esm → cjs/backend/src}/plugins/mail/ui.d.ts +23 -0
- package/backend/dist/cjs/backend/src/plugins/pdf.d.ts +1 -0
- package/backend/dist/cjs/backend/src/rate_limit.d.ts +145 -0
- package/backend/dist/cjs/backend/src/rate_limit.js +549 -0
- package/backend/dist/cjs/{route.d.ts → backend/src/route.d.ts} +3 -10
- package/backend/dist/cjs/{route.js → backend/src/route.js} +23 -21
- package/backend/dist/cjs/backend/src/server.d.ts +485 -0
- package/backend/dist/cjs/{server.js → backend/src/server.js} +688 -873
- package/backend/dist/cjs/backend/src/splash_screen.d.ts +80 -0
- package/backend/dist/cjs/{splash_screen.js → backend/src/splash_screen.js} +24 -3
- package/backend/dist/cjs/backend/src/status.d.ts +74 -0
- package/backend/dist/cjs/{status.js → backend/src/status.js} +64 -64
- package/backend/dist/cjs/backend/src/stream.d.ts +376 -0
- package/backend/dist/cjs/{stream.js → backend/src/stream.js} +299 -276
- package/backend/dist/cjs/backend/src/users.d.ts +807 -0
- package/backend/dist/cjs/backend/src/users.js +1971 -0
- package/backend/dist/cjs/backend/src/utils.d.ts +16 -0
- package/backend/dist/cjs/{utils.js → backend/src/utils.js} +14 -77
- package/backend/dist/{esm → cjs/backend/src}/view.d.ts +33 -11
- package/backend/dist/cjs/backend/src/view.js +508 -0
- package/backend/dist/{esm → cjs/backend/src}/volt.d.ts +10 -1
- package/backend/dist/cjs/{volt.js → backend/src/volt.js} +8 -5
- package/backend/dist/cjs/frontend/src/modules/request.d.ts +70 -0
- package/backend/dist/cjs/frontend/src/modules/request.js +99 -0
- package/backend/dist/esm/{blacklist.d.ts → backend/src/blacklist.d.ts} +5 -3
- package/backend/dist/esm/{blacklist.js → backend/src/blacklist.js} +9 -6
- package/backend/dist/esm/{cli.js → backend/src/cli.js} +43 -60
- package/backend/dist/esm/backend/src/database/collection.d.ts +1543 -0
- package/backend/dist/esm/backend/src/database/collection.js +3510 -0
- package/backend/dist/esm/backend/src/database/database.d.ts +66 -0
- package/backend/dist/esm/{database → backend/src/database}/database.js +62 -103
- package/backend/dist/esm/backend/src/database/document.d.ts +1 -0
- package/backend/dist/esm/backend/src/database/document.js +558 -0
- package/backend/dist/esm/backend/src/database/filters/filters.d.ts +6 -0
- package/backend/dist/esm/backend/src/database/filters/filters.js +1 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter.d.ts +223 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter.js +3 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_test.d.ts +1 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_test.js +505 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_test_v0.d.ts +1 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_test_v0.js +712 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v0.d.ts +50 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v0.js +5 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v1.d.ts +76 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v1.js +44 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v2.d.ts +75 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v2.js +5 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v3.d.ts +219 -0
- package/backend/dist/esm/backend/src/database/filters/strict_filter_v3.js +1 -0
- package/backend/dist/esm/backend/src/database/filters/strict_update_filter.d.ts +165 -0
- package/backend/dist/esm/backend/src/database/filters/strict_update_filter.js +5 -0
- package/backend/dist/esm/backend/src/database/filters/strict_update_filter_test.d.ts +5 -0
- package/backend/dist/esm/backend/src/database/filters/strict_update_filter_test.js +405 -0
- package/backend/dist/esm/backend/src/database/flatten.d.ts +75 -0
- package/backend/dist/esm/backend/src/database/flatten.js +22 -0
- package/backend/dist/esm/backend/src/database/flatten_test.d.ts +1 -0
- package/backend/dist/esm/backend/src/database/flatten_test.js +174 -0
- package/backend/dist/esm/backend/src/database/quota/quota.d.ts +461 -0
- package/backend/dist/esm/backend/src/database/quota/quota.js +1118 -0
- package/backend/dist/esm/backend/src/database/quota/quota_v1.d.ts +534 -0
- package/backend/dist/esm/backend/src/database/quota/quota_v1.js +1242 -0
- package/backend/dist/esm/backend/src/database/quota/safe_int.d.ts +293 -0
- package/backend/dist/esm/backend/src/database/quota/safe_int.js +602 -0
- package/backend/dist/{cjs → esm/backend/src}/endpoint.d.ts +69 -46
- package/backend/dist/esm/{endpoint.js → backend/src/endpoint.js} +136 -127
- package/backend/dist/esm/backend/src/errors/index.d.ts +7 -0
- package/backend/dist/esm/backend/src/errors/index.js +7 -0
- package/backend/dist/{cjs/utils.d.ts → esm/backend/src/errors/internal_external.d.ts} +14 -22
- package/backend/dist/esm/backend/src/errors/internal_external.js +70 -0
- package/backend/dist/esm/backend/src/errors/invalid_usage_error.d.ts +38 -0
- package/backend/dist/esm/backend/src/errors/invalid_usage_error.js +30 -0
- package/backend/dist/esm/backend/src/errors/system_error.d.ts +230 -0
- package/backend/dist/esm/backend/src/errors/system_error.js +402 -0
- package/backend/dist/esm/backend/src/events.d.ts +54 -0
- package/backend/dist/esm/backend/src/events.js +5 -0
- package/backend/dist/esm/{frontend.js → backend/src/frontend.js} +1 -1
- package/backend/dist/esm/{image_endpoint.d.ts → backend/src/image_endpoint.d.ts} +16 -1
- package/backend/dist/esm/{image_endpoint.js → backend/src/image_endpoint.js} +16 -20
- package/backend/dist/esm/backend/src/logger.d.ts +5 -0
- package/backend/dist/esm/backend/src/logger.js +8 -0
- package/backend/dist/esm/backend/src/meta.d.ts +64 -0
- package/backend/dist/esm/{meta.js → backend/src/meta.js} +15 -54
- package/backend/dist/esm/backend/src/payments/paddle.d.ts +326 -0
- package/backend/dist/esm/{payments → backend/src/payments}/paddle.js +417 -452
- package/backend/dist/esm/backend/src/plugins/browser.d.ts +1 -0
- package/backend/dist/esm/backend/src/plugins/browser.js +170 -0
- package/backend/dist/esm/backend/src/plugins/mail/mail.d.ts +248 -0
- package/backend/dist/esm/backend/src/plugins/mail/mail.js +389 -0
- package/backend/dist/{cjs → esm/backend/src}/plugins/mail/ui.d.ts +23 -0
- package/backend/dist/esm/{plugins → backend/src/plugins}/mail/ui.js +3 -6
- package/backend/dist/esm/backend/src/plugins/pdf.d.ts +1 -0
- package/backend/dist/esm/{plugins → backend/src/plugins}/pdf.js +3 -3
- package/backend/dist/esm/backend/src/rate_limit.d.ts +145 -0
- package/backend/dist/esm/backend/src/rate_limit.js +667 -0
- package/backend/dist/esm/{route.d.ts → backend/src/route.d.ts} +3 -10
- package/backend/dist/esm/{route.js → backend/src/route.js} +26 -21
- package/backend/dist/esm/backend/src/server.d.ts +485 -0
- package/backend/dist/esm/{server.js → backend/src/server.js} +891 -1441
- package/backend/dist/esm/backend/src/splash_screen.d.ts +80 -0
- package/backend/dist/esm/{splash_screen.js → backend/src/splash_screen.js} +42 -55
- package/backend/dist/esm/backend/src/status.d.ts +74 -0
- package/backend/dist/esm/backend/src/status.js +199 -0
- package/backend/dist/esm/backend/src/stream.d.ts +376 -0
- package/backend/dist/esm/{stream.js → backend/src/stream.js} +327 -292
- package/backend/dist/esm/backend/src/users.d.ts +809 -0
- package/backend/dist/esm/backend/src/users.js +2140 -0
- package/backend/dist/esm/backend/src/utils.d.ts +16 -0
- package/backend/dist/esm/{utils.js → backend/src/utils.js} +20 -81
- package/backend/dist/{cjs → esm/backend/src}/view.d.ts +33 -11
- package/backend/dist/esm/{view.js → backend/src/view.js} +266 -86
- package/backend/dist/{cjs → esm/backend/src}/volt.d.ts +10 -1
- package/backend/dist/esm/{volt.js → backend/src/volt.js} +7 -4
- package/backend/dist/esm/frontend/src/modules/request.d.ts +70 -0
- package/backend/dist/esm/frontend/src/modules/request.js +117 -0
- package/frontend/dist/backend/src/database/collection.d.ts +1543 -0
- package/frontend/dist/backend/src/database/collection.js +3510 -0
- package/frontend/dist/backend/src/database/database.d.ts +66 -0
- package/frontend/dist/backend/src/database/database.js +196 -0
- package/frontend/dist/backend/src/database/filters/filters.d.ts +6 -0
- package/frontend/dist/backend/src/database/filters/filters.js +1 -0
- package/frontend/dist/backend/src/database/filters/strict_filter.d.ts +223 -0
- package/frontend/dist/backend/src/database/filters/strict_filter.js +3 -0
- package/frontend/dist/backend/src/database/filters/strict_update_filter.d.ts +165 -0
- package/frontend/dist/backend/src/database/filters/strict_update_filter.js +5 -0
- package/frontend/dist/backend/src/database/flatten.d.ts +75 -0
- package/frontend/dist/backend/src/database/flatten.js +22 -0
- package/frontend/dist/backend/src/endpoint.d.ts +204 -0
- package/frontend/dist/backend/src/endpoint.js +570 -0
- package/frontend/dist/backend/src/errors/index.d.ts +7 -0
- package/frontend/dist/backend/src/errors/index.js +7 -0
- package/frontend/dist/backend/src/errors/internal_external.d.ts +38 -0
- package/frontend/dist/backend/src/errors/internal_external.js +70 -0
- package/frontend/dist/backend/src/errors/invalid_usage_error.d.ts +38 -0
- package/frontend/dist/backend/src/errors/invalid_usage_error.js +30 -0
- package/frontend/dist/backend/src/errors/system_error.d.ts +230 -0
- package/frontend/dist/backend/src/errors/system_error.js +402 -0
- package/frontend/dist/backend/src/events.d.ts +54 -0
- package/frontend/dist/backend/src/events.js +5 -0
- package/frontend/dist/backend/src/frontend.d.ts +11 -0
- package/frontend/dist/backend/src/frontend.js +12 -0
- package/frontend/dist/backend/src/image_endpoint.d.ts +39 -0
- package/frontend/dist/backend/src/image_endpoint.js +202 -0
- package/frontend/dist/backend/src/meta.d.ts +64 -0
- package/frontend/dist/backend/src/meta.js +110 -0
- package/frontend/dist/backend/src/payments/paddle.d.ts +326 -0
- package/frontend/dist/backend/src/payments/paddle.js +2256 -0
- package/frontend/dist/backend/src/plugins/mail/mail.d.ts +248 -0
- package/frontend/dist/backend/src/plugins/mail/mail.js +389 -0
- package/{backend/dist/esm/plugins/mail.d.ts → frontend/dist/backend/src/plugins/mail/ui.d.ts} +23 -0
- package/{backend/dist/esm/plugins/mail.js → frontend/dist/backend/src/plugins/mail/ui.js} +3 -6
- package/frontend/dist/backend/src/rate_limit.d.ts +145 -0
- package/frontend/dist/backend/src/rate_limit.js +673 -0
- package/frontend/dist/backend/src/route.d.ts +35 -0
- package/frontend/dist/backend/src/route.js +212 -0
- package/frontend/dist/backend/src/server.d.ts +485 -0
- package/frontend/dist/backend/src/server.js +2670 -0
- package/frontend/dist/backend/src/splash_screen.d.ts +80 -0
- package/frontend/dist/backend/src/splash_screen.js +135 -0
- package/frontend/dist/backend/src/status.d.ts +74 -0
- package/frontend/dist/backend/src/status.js +199 -0
- package/frontend/dist/backend/src/stream.d.ts +376 -0
- package/frontend/dist/backend/src/stream.js +1007 -0
- package/frontend/dist/backend/src/users.d.ts +807 -0
- package/frontend/dist/backend/src/users.js +2118 -0
- package/frontend/dist/backend/src/utils.d.ts +16 -0
- package/frontend/dist/backend/src/utils.js +241 -0
- package/frontend/dist/backend/src/view.d.ts +162 -0
- package/frontend/dist/backend/src/view.js +720 -0
- package/frontend/dist/frontend/src/elements/base.d.ts +4414 -0
- package/frontend/dist/{elements → frontend/src/elements}/base.js +3624 -260
- package/frontend/dist/frontend/src/elements/module.d.ts +95 -0
- package/frontend/dist/{elements → frontend/src/elements}/module.js +53 -52
- package/frontend/dist/frontend/src/elements/types.d.ts +52 -0
- package/frontend/dist/frontend/src/elements/types.js +5 -0
- package/frontend/dist/frontend/src/modules/attachment.d.ts +126 -0
- package/frontend/dist/frontend/src/modules/attachment.js +306 -0
- package/frontend/dist/frontend/src/modules/auth.d.ts +44 -0
- package/frontend/dist/frontend/src/modules/auth.js +80 -0
- package/frontend/dist/{modules → frontend/src/modules}/color.js +2 -2
- package/frontend/dist/frontend/src/modules/compression.d.ts +39 -0
- package/frontend/dist/frontend/src/modules/compression.js +102 -0
- package/frontend/dist/frontend/src/modules/cookies.d.ts +44 -0
- package/frontend/dist/frontend/src/modules/cookies.js +143 -0
- package/frontend/dist/frontend/src/modules/events.d.ts +31 -0
- package/frontend/dist/frontend/src/modules/events.js +74 -0
- package/frontend/dist/frontend/src/modules/google.d.ts +23 -0
- package/frontend/dist/frontend/src/modules/google.js +52 -0
- package/frontend/dist/frontend/src/modules/meta.d.ts +14 -0
- package/frontend/dist/{modules → frontend/src/modules}/meta.js +9 -7
- package/frontend/dist/{modules → frontend/src/modules}/paddle.d.ts +37 -134
- package/frontend/dist/{modules → frontend/src/modules}/paddle.js +620 -568
- package/frontend/dist/frontend/src/modules/request.d.ts +70 -0
- package/frontend/dist/frontend/src/modules/request.js +117 -0
- package/frontend/dist/frontend/src/modules/settings.d.ts +3 -0
- package/frontend/dist/frontend/src/modules/settings.js +5 -0
- package/frontend/dist/frontend/src/modules/statics.d.ts +21 -0
- package/frontend/dist/{modules → frontend/src/modules}/statics.js +15 -18
- package/frontend/dist/frontend/src/modules/support.d.ts +30 -0
- package/frontend/dist/frontend/src/modules/support.js +53 -0
- package/frontend/dist/{modules → frontend/src/modules}/theme.d.ts +67 -0
- package/frontend/dist/{modules → frontend/src/modules}/theme.js +68 -38
- package/frontend/dist/frontend/src/modules/themes.d.ts +12 -0
- package/frontend/dist/frontend/src/modules/themes.js +22 -0
- package/frontend/dist/frontend/src/modules/user.d.ts +164 -0
- package/frontend/dist/frontend/src/modules/user.js +268 -0
- package/frontend/dist/frontend/src/modules/utils.d.ts +176 -0
- package/frontend/dist/frontend/src/modules/utils.js +569 -0
- package/frontend/dist/frontend/src/types/gradient.d.ts +29 -0
- package/frontend/dist/{types → frontend/src/types}/gradient.js +14 -18
- package/frontend/dist/frontend/src/ui/border_button.d.ts +94 -0
- package/frontend/dist/{ui → frontend/src/ui}/border_button.js +7 -13
- package/frontend/dist/frontend/src/ui/button.d.ts +28 -0
- package/frontend/dist/{ui → frontend/src/ui}/button.js +21 -12
- package/frontend/dist/frontend/src/ui/canvas.d.ts +138 -0
- package/frontend/dist/{ui → frontend/src/ui}/canvas.js +88 -55
- package/frontend/dist/frontend/src/ui/checkbox.d.ts +74 -0
- package/frontend/dist/{ui → frontend/src/ui}/checkbox.js +80 -41
- package/frontend/dist/{ui → frontend/src/ui}/code.d.ts +73 -6
- package/frontend/dist/{ui → frontend/src/ui}/code.js +55 -52
- package/frontend/dist/{ui → frontend/src/ui}/context_menu.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/context_menu.js +12 -17
- package/frontend/dist/{ui → frontend/src/ui}/css.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/css.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/divider.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/divider.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/dropdown.d.ts +57 -2
- package/frontend/dist/{ui → frontend/src/ui}/dropdown.js +87 -94
- package/frontend/dist/{ui → frontend/src/ui}/for_each.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/for_each.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/form.d.ts +6 -2
- package/frontend/dist/{ui → frontend/src/ui}/form.js +10 -7
- package/frontend/dist/frontend/src/ui/frame_modes.d.ts +37 -0
- package/frontend/dist/{ui → frontend/src/ui}/frame_modes.js +16 -22
- package/frontend/dist/{ui → frontend/src/ui}/google_map.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/google_map.js +4 -4
- package/frontend/dist/{ui → frontend/src/ui}/gradient.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/gradient.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/image.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/image.js +5 -5
- package/frontend/dist/frontend/src/ui/input.d.ts +392 -0
- package/frontend/dist/{ui → frontend/src/ui}/input.js +346 -360
- package/frontend/dist/{ui → frontend/src/ui}/link.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/link.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/list.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/list.js +12 -6
- package/frontend/dist/frontend/src/ui/loader_button.d.ts +80 -0
- package/frontend/dist/{ui → frontend/src/ui}/loader_button.js +35 -47
- package/frontend/dist/frontend/src/ui/loaders.d.ts +57 -0
- package/frontend/dist/{ui → frontend/src/ui}/loaders.js +11 -11
- package/frontend/dist/{ui → frontend/src/ui}/popup.d.ts +11 -6
- package/frontend/dist/{ui → frontend/src/ui}/popup.js +32 -18
- package/frontend/dist/frontend/src/ui/pseudo.d.ts +44 -0
- package/frontend/dist/{ui → frontend/src/ui}/pseudo.js +84 -8
- package/frontend/dist/{ui → frontend/src/ui}/scroller.d.ts +14 -2
- package/frontend/dist/{ui → frontend/src/ui}/scroller.js +37 -43
- package/frontend/dist/{ui → frontend/src/ui}/slider.d.ts +5 -1
- package/frontend/dist/{ui → frontend/src/ui}/slider.js +4 -4
- package/frontend/dist/{ui → frontend/src/ui}/spacer.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/spacer.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/span.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/span.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/stack.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/stack.js +3 -9
- package/frontend/dist/frontend/src/ui/steps.d.ts +131 -0
- package/frontend/dist/{ui → frontend/src/ui}/steps.js +30 -45
- package/frontend/dist/{ui → frontend/src/ui}/style.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/style.js +3 -3
- package/frontend/dist/{ui → frontend/src/ui}/switch.d.ts +5 -1
- package/frontend/dist/{ui → frontend/src/ui}/switch.js +4 -4
- package/frontend/dist/{ui → frontend/src/ui}/table.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/table.js +6 -6
- package/frontend/dist/{ui → frontend/src/ui}/tabs.d.ts +45 -3
- package/frontend/dist/{ui → frontend/src/ui}/tabs.js +65 -40
- package/frontend/dist/{ui → frontend/src/ui}/text.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/text.js +3 -3
- package/frontend/dist/frontend/src/ui/title.d.ts +91 -0
- package/frontend/dist/frontend/src/ui/title.js +272 -0
- package/frontend/dist/{ui → frontend/src/ui}/view.d.ts +4 -0
- package/frontend/dist/{ui → frontend/src/ui}/view.js +3 -3
- package/frontend/dist/{volt.d.ts → frontend/src/volt.d.ts} +3 -0
- package/frontend/dist/{volt.js → frontend/src/volt.js} +4 -0
- package/frontend/tools/bundle_d_ts.js +71 -0
- package/frontend/tools/convert_to_jsdoc_input.txt +9452 -0
- package/frontend/tools/convert_to_jsdoc_output.txt +7626 -0
- package/frontend/tools/convert_to_jsdoc_tmp.js +345 -0
- package/package.json +11 -12
- package/backend/dist/cjs/database/collection.d.ts +0 -160
- package/backend/dist/cjs/database/collection.js +0 -842
- package/backend/dist/cjs/database/database.d.ts +0 -121
- package/backend/dist/cjs/database/document.d.ts +0 -131
- package/backend/dist/cjs/database/document.js +0 -224
- package/backend/dist/cjs/database.d.ts +0 -502
- package/backend/dist/cjs/database.js +0 -2248
- package/backend/dist/cjs/logger.d.ts +0 -3
- package/backend/dist/cjs/meta.d.ts +0 -50
- package/backend/dist/cjs/mutex.d.ts +0 -24
- package/backend/dist/cjs/payments/paddle.d.ts +0 -160
- package/backend/dist/cjs/plugins/browser.d.ts +0 -36
- package/backend/dist/cjs/plugins/browser.js +0 -198
- package/backend/dist/cjs/plugins/css.d.ts +0 -11
- package/backend/dist/cjs/plugins/css.js +0 -80
- package/backend/dist/cjs/plugins/mail.d.ts +0 -277
- package/backend/dist/cjs/plugins/mail.js +0 -1370
- package/backend/dist/cjs/plugins/ts/compiler.d.ts +0 -139
- package/backend/dist/cjs/plugins/ts/compiler.js +0 -750
- package/backend/dist/cjs/plugins/ts/preprocessing.d.ts +0 -14
- package/backend/dist/cjs/plugins/ts/preprocessing.js +0 -440
- package/backend/dist/cjs/rate_limit.d.ts +0 -63
- package/backend/dist/cjs/rate_limit.js +0 -348
- package/backend/dist/cjs/request.deprc.d.ts +0 -48
- package/backend/dist/cjs/request.deprc.js +0 -572
- package/backend/dist/cjs/response.deprc.d.ts +0 -55
- package/backend/dist/cjs/response.deprc.js +0 -275
- package/backend/dist/cjs/server.d.ts +0 -342
- package/backend/dist/cjs/splash_screen.d.ts +0 -35
- package/backend/dist/cjs/status.d.ts +0 -61
- package/backend/dist/cjs/stream.d.ts +0 -79
- package/backend/dist/cjs/users.d.ts +0 -111
- package/backend/dist/cjs/users.js +0 -1817
- package/backend/dist/cjs/view.js +0 -352
- package/backend/dist/cjs/vinc.dev.d.ts +0 -3
- package/backend/dist/cjs/vinc.dev.js +0 -7
- package/backend/dist/css/adyen.css +0 -92
- package/backend/dist/css/volt.css +0 -70
- package/backend/dist/esm/database/collection.d.ts +0 -160
- package/backend/dist/esm/database/collection.js +0 -1328
- package/backend/dist/esm/database/database.d.ts +0 -121
- package/backend/dist/esm/database/document.d.ts +0 -131
- package/backend/dist/esm/database/document.js +0 -247
- package/backend/dist/esm/database.d.ts +0 -502
- package/backend/dist/esm/database.js +0 -2423
- package/backend/dist/esm/file_watcher.js +0 -329
- package/backend/dist/esm/logger.d.ts +0 -3
- package/backend/dist/esm/logger.js +0 -11
- package/backend/dist/esm/meta.d.ts +0 -50
- package/backend/dist/esm/mutex.d.ts +0 -24
- package/backend/dist/esm/mutex.js +0 -48
- package/backend/dist/esm/payments/paddle.d.ts +0 -160
- package/backend/dist/esm/plugins/browser.d.ts +0 -36
- package/backend/dist/esm/plugins/browser.js +0 -176
- package/backend/dist/esm/plugins/css.d.ts +0 -11
- package/backend/dist/esm/plugins/css.js +0 -90
- package/backend/dist/esm/plugins/ts/compiler.d.ts +0 -139
- package/backend/dist/esm/plugins/ts/compiler.js +0 -1194
- package/backend/dist/esm/plugins/ts/preprocessing.d.ts +0 -14
- package/backend/dist/esm/plugins/ts/preprocessing.js +0 -726
- package/backend/dist/esm/rate_limit.d.ts +0 -63
- package/backend/dist/esm/rate_limit.js +0 -417
- package/backend/dist/esm/request.deprc.d.ts +0 -48
- package/backend/dist/esm/request.deprc.js +0 -572
- package/backend/dist/esm/response.deprc.d.ts +0 -55
- package/backend/dist/esm/response.deprc.js +0 -275
- package/backend/dist/esm/server.d.ts +0 -342
- package/backend/dist/esm/splash_screen.d.ts +0 -35
- package/backend/dist/esm/status.d.ts +0 -61
- package/backend/dist/esm/status.js +0 -197
- package/backend/dist/esm/stream.d.ts +0 -79
- package/backend/dist/esm/users.d.ts +0 -111
- package/backend/dist/esm/users.js +0 -1935
- package/backend/dist/esm/vinc.dev.d.ts +0 -3
- package/backend/dist/esm/vinc.dev.js +0 -7
- package/frontend/dist/elements/base.d.ts +0 -9889
- package/frontend/dist/elements/module.d.ts +0 -30
- package/frontend/dist/modules/array.d.ts +0 -94
- package/frontend/dist/modules/array.js +0 -634
- package/frontend/dist/modules/auth.d.ts +0 -46
- package/frontend/dist/modules/auth.js +0 -139
- package/frontend/dist/modules/colors.d.ts +0 -1
- package/frontend/dist/modules/colors.js +0 -417
- package/frontend/dist/modules/compression.d.ts +0 -6
- package/frontend/dist/modules/compression.js +0 -999
- package/frontend/dist/modules/cookies.d.ts +0 -18
- package/frontend/dist/modules/cookies.js +0 -167
- package/frontend/dist/modules/date.d.ts +0 -142
- package/frontend/dist/modules/date.js +0 -493
- package/frontend/dist/modules/events.d.ts +0 -8
- package/frontend/dist/modules/events.js +0 -91
- package/frontend/dist/modules/google.d.ts +0 -11
- package/frontend/dist/modules/google.js +0 -54
- package/frontend/dist/modules/meta.d.ts +0 -10
- package/frontend/dist/modules/mutex.d.ts +0 -7
- package/frontend/dist/modules/mutex.js +0 -51
- package/frontend/dist/modules/number.d.ts +0 -16
- package/frontend/dist/modules/number.js +0 -23
- package/frontend/dist/modules/object.d.ts +0 -52
- package/frontend/dist/modules/object.js +0 -383
- package/frontend/dist/modules/scheme.d.ts +0 -227
- package/frontend/dist/modules/scheme.js +0 -531
- package/frontend/dist/modules/settings.d.ts +0 -3
- package/frontend/dist/modules/settings.js +0 -4
- package/frontend/dist/modules/statics.d.ts +0 -5
- package/frontend/dist/modules/string.d.ts +0 -124
- package/frontend/dist/modules/string.js +0 -745
- package/frontend/dist/modules/support.d.ts +0 -19
- package/frontend/dist/modules/support.js +0 -103
- package/frontend/dist/modules/themes.d.ts +0 -8
- package/frontend/dist/modules/themes.js +0 -18
- package/frontend/dist/modules/user.d.ts +0 -59
- package/frontend/dist/modules/user.js +0 -280
- package/frontend/dist/modules/utils.d.ts +0 -87
- package/frontend/dist/modules/utils.js +0 -923
- package/frontend/dist/types/gradient.d.ts +0 -12
- package/frontend/dist/ui/border_button.d.ts +0 -152
- package/frontend/dist/ui/button.d.ts +0 -21
- package/frontend/dist/ui/canvas.d.ts +0 -56
- package/frontend/dist/ui/checkbox.d.ts +0 -52
- package/frontend/dist/ui/frame_modes.d.ts +0 -25
- package/frontend/dist/ui/input.d.ts +0 -241
- package/frontend/dist/ui/loader_button.d.ts +0 -93
- package/frontend/dist/ui/loaders.d.ts +0 -57
- package/frontend/dist/ui/pseudo.d.ts +0 -16
- package/frontend/dist/ui/steps.d.ts +0 -59
- package/frontend/dist/ui/title.d.ts +0 -21
- package/frontend/dist/ui/title.js +0 -121
- package/frontend/examples/dashboard/dashboard.ts +0 -776
- /package/backend/dist/cjs/{cli.d.ts → backend/src/cli.d.ts} +0 -0
- /package/backend/dist/cjs/{file_watcher.d.ts → backend/src/database/document.d.ts} +0 -0
- /package/backend/dist/cjs/{file_watcher.js → backend/src/database/document.js} +0 -0
- /package/backend/dist/cjs/{plugins/pdf.d.ts → backend/src/database/filters/strict_filter_test.d.ts} +0 -0
- /package/backend/dist/{esm/file_watcher.d.ts → cjs/backend/src/database/filters/strict_filter_test_v0.d.ts} +0 -0
- /package/backend/dist/{esm/plugins/pdf.d.ts → cjs/backend/src/database/flatten_test.d.ts} +0 -0
- /package/backend/dist/cjs/{frontend.d.ts → backend/src/frontend.d.ts} +0 -0
- /package/backend/dist/cjs/{plugins → backend/src/plugins}/communication.d.ts +0 -0
- /package/backend/dist/cjs/{plugins → backend/src/plugins}/communication.js +0 -0
- /package/backend/dist/cjs/{plugins → backend/src/plugins}/mail/ui.js +0 -0
- /package/backend/dist/cjs/{plugins → backend/src/plugins}/pdf.js +0 -0
- /package/backend/dist/cjs/{plugins → backend/src/plugins}/thread_monitor.d.ts +0 -0
- /package/backend/dist/cjs/{plugins → backend/src/plugins}/thread_monitor.js +0 -0
- /package/backend/dist/cjs/{vinc.d.ts → backend/src/vinc.d.ts} +0 -0
- /package/backend/dist/cjs/{vinc.js → backend/src/vinc.js} +0 -0
- /package/backend/dist/esm/{cli.d.ts → backend/src/cli.d.ts} +0 -0
- /package/backend/dist/esm/{frontend.d.ts → backend/src/frontend.d.ts} +0 -0
- /package/backend/dist/esm/{plugins → backend/src/plugins}/communication.d.ts +0 -0
- /package/backend/dist/esm/{plugins → backend/src/plugins}/communication.js +0 -0
- /package/backend/dist/esm/{plugins → backend/src/plugins}/thread_monitor.d.ts +0 -0
- /package/backend/dist/esm/{plugins → backend/src/plugins}/thread_monitor.js +0 -0
- /package/backend/dist/esm/{vinc.d.ts → backend/src/vinc.d.ts} +0 -0
- /package/backend/dist/esm/{vinc.js → backend/src/vinc.js} +0 -0
- /package/frontend/dist/{elements → frontend/src/elements}/register_element.d.ts +0 -0
- /package/frontend/dist/{elements → frontend/src/elements}/register_element.js +0 -0
- /package/frontend/dist/{modules → frontend/src/modules}/color.d.ts +0 -0
- /package/frontend/dist/{ui → frontend/src/ui}/ui.d.ts +0 -0
- /package/frontend/dist/{ui → frontend/src/ui}/ui.js +0 -0
|
@@ -0,0 +1,2140 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @author Daan van den Bergh
|
|
3
|
+
* @copyright © 2022 - 2025 Daan van den Bergh.
|
|
4
|
+
*/
|
|
5
|
+
// ---------------------------------------------------------
|
|
6
|
+
// Imports.
|
|
7
|
+
// ---------------------------------------------------------
|
|
8
|
+
import * as crypto from "crypto";
|
|
9
|
+
import * as vlib from "@vandenberghinc/vlib";
|
|
10
|
+
import * as MailUI from "./plugins/mail/ui.js";
|
|
11
|
+
import { Mail } from "./plugins/mail/mail.js";
|
|
12
|
+
import { Status } from "./status.js";
|
|
13
|
+
import { ExternalError } from "./errors/index.js";
|
|
14
|
+
import { Collection } from "./database/collection.js";
|
|
15
|
+
// ---------------------------------------------------------
|
|
16
|
+
// The users manager.
|
|
17
|
+
// ---------------------------------------------------------
|
|
18
|
+
/**
|
|
19
|
+
* The users class, accessible under `Server.users`.
|
|
20
|
+
*/
|
|
21
|
+
export class Users {
|
|
22
|
+
// ---------------------------------------------------------
|
|
23
|
+
// Readonly settings.
|
|
24
|
+
// ---------------------------------------------------------
|
|
25
|
+
/**
|
|
26
|
+
* Number of random characters after `<prefix>_<uid>_`.
|
|
27
|
+
* @warning If you change this, also update:
|
|
28
|
+
* - {@link Users.LEGACY_TOKEN_SUFFIX_LENS} to include old size(s).
|
|
29
|
+
* - Generators {@link _generate_api_key} and {@link _generate_token}.
|
|
30
|
+
* - Parser {@link _parse_uid_from_token_api_key}.
|
|
31
|
+
*/
|
|
32
|
+
static TOKEN_SUFFIX_LEN = 64;
|
|
33
|
+
/** Accepted legacy suffix lengths; add old sizes here when rotating. */
|
|
34
|
+
static LEGACY_TOKEN_SUFFIX_LENS = [];
|
|
35
|
+
/**
|
|
36
|
+
* Allowed characters for the random suffix.
|
|
37
|
+
* @warning MUST NOT include `_` (delimiter). ASCII only for fast-path validation.
|
|
38
|
+
*/
|
|
39
|
+
static TOKEN_SUFFIX_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
40
|
+
/**
|
|
41
|
+
* UID length used by the generator.
|
|
42
|
+
* @warning If you change this, add the old value to {@link Users.LEGACY_UID_LENGTHS}.
|
|
43
|
+
*/
|
|
44
|
+
static UID_LENGTH = 16;
|
|
45
|
+
/** Accepted legacy UID lengths; add old sizes here when rotating. */
|
|
46
|
+
static LEGACY_UID_LENGTHS = [];
|
|
47
|
+
/**
|
|
48
|
+
* UID character set (ASCII). MUST NOT include `_`.
|
|
49
|
+
*/
|
|
50
|
+
static UID_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
51
|
+
/**
|
|
52
|
+
* Build an ASCII allow table for fast membership checks.
|
|
53
|
+
* Index is charCode (0..127), value is 1 if allowed else 0.
|
|
54
|
+
*/
|
|
55
|
+
static _build_ascii_allow(cs) {
|
|
56
|
+
const tbl = new Uint8Array(128);
|
|
57
|
+
for (let i = 0; i < cs.length; i++) {
|
|
58
|
+
const c = cs.charCodeAt(i);
|
|
59
|
+
if (c < 128)
|
|
60
|
+
tbl[c] = 1;
|
|
61
|
+
else
|
|
62
|
+
throw new Error("Non-ASCII char in allowed charset; use ASCII-only here.");
|
|
63
|
+
}
|
|
64
|
+
return tbl;
|
|
65
|
+
}
|
|
66
|
+
/** ASCII allow table for token suffix validation (built from TOKEN_SUFFIX_CHARSET). */
|
|
67
|
+
static TOKEN_SUFFIX_ALLOW = Users._build_ascii_allow(Users.TOKEN_SUFFIX_CHARSET);
|
|
68
|
+
/** ASCII allow table for UID validation (built from UID_CHARSET). */
|
|
69
|
+
static UID_ALLOW = Users._build_ascii_allow(Users.UID_CHARSET);
|
|
70
|
+
// ---------------------------------------------------------
|
|
71
|
+
// Attributes.
|
|
72
|
+
// ---------------------------------------------------------
|
|
73
|
+
/** The parent server instance. */
|
|
74
|
+
server;
|
|
75
|
+
/** The recipient email for support submit emails, defaults to `Server.smtp_sender`. */
|
|
76
|
+
support_recipient;
|
|
77
|
+
/** The avg wait time when sending 2FA codes. */
|
|
78
|
+
avg_send_2fa_time = [];
|
|
79
|
+
/** The database collection for token documents. */
|
|
80
|
+
_tokens_db;
|
|
81
|
+
/** The database collection for 2fa token documents. */
|
|
82
|
+
_2fa_tokens_db;
|
|
83
|
+
/** The database collection for user documents. */
|
|
84
|
+
_users_db;
|
|
85
|
+
/** Enable 2FA for user sign in. */
|
|
86
|
+
enable_2fa;
|
|
87
|
+
/** Enable 2FA account activation for user sign up. */
|
|
88
|
+
enable_account_activation;
|
|
89
|
+
/** The token expiration in seconds */
|
|
90
|
+
token_expiration;
|
|
91
|
+
/** Database collection for public (read:public, write:public) user documents. */
|
|
92
|
+
public;
|
|
93
|
+
/** Database collection for protected (read:public, write:private) user documents. */
|
|
94
|
+
protected;
|
|
95
|
+
/** Database collection for private (read:private, write:private) user documents. */
|
|
96
|
+
private;
|
|
97
|
+
// ---------------------------------------------------------
|
|
98
|
+
// Constructor.
|
|
99
|
+
// ---------------------------------------------------------
|
|
100
|
+
/** Construct the server. */
|
|
101
|
+
constructor(opts) {
|
|
102
|
+
this.server = opts._server;
|
|
103
|
+
this.enable_2fa = opts.enable_2fa ?? false;
|
|
104
|
+
this.enable_account_activation = opts.enable_account_activation ?? true;
|
|
105
|
+
this.token_expiration = opts.token_expiration ?? 86400;
|
|
106
|
+
this.support_recipient = opts.support_recipient ?? this.server.mail?.sender;
|
|
107
|
+
// Database collections.
|
|
108
|
+
this._tokens_db = this.server.db.collection({
|
|
109
|
+
name: "Volt.Server.Users.Tokens",
|
|
110
|
+
indexes: ["uid", "token"],
|
|
111
|
+
ttl: 1000 * 3600 * 24 * 30, // 30 days.
|
|
112
|
+
});
|
|
113
|
+
this._2fa_tokens_db = this.server.db.collection({
|
|
114
|
+
name: "Volt.Server.Users.TwoFactorAuth",
|
|
115
|
+
indexes: ["uid", "code"],
|
|
116
|
+
ttl: 1000 * 3600 * 24, // 1 day.
|
|
117
|
+
});
|
|
118
|
+
this._users_db = this.server.db.collection({
|
|
119
|
+
name: "Volt.Server.Users.Users",
|
|
120
|
+
indexes: [
|
|
121
|
+
{ key: "uid", unique: true, forced: true },
|
|
122
|
+
{ key: "email", unique: true, forced: true },
|
|
123
|
+
{ key: "username", unique: true, forced: true },
|
|
124
|
+
{
|
|
125
|
+
key: "api_key", sparse: true, // api_key index sparse/partial so documents without api_key don’t bloat the index
|
|
126
|
+
forced: true
|
|
127
|
+
// hashed; non-unique is fine if you only store one per user, and we dont retrieve uid's alike by api key, but extract from raw api key string instead.
|
|
128
|
+
}
|
|
129
|
+
],
|
|
130
|
+
});
|
|
131
|
+
// Public database collections.
|
|
132
|
+
this.public = this.server.db.collection({
|
|
133
|
+
name: "Volt.Server.Users.Public",
|
|
134
|
+
indexes: ["uid", "query"],
|
|
135
|
+
});
|
|
136
|
+
this.protected = this.server.db.collection({
|
|
137
|
+
name: "Volt.Server.Users.Protected",
|
|
138
|
+
indexes: ["uid", "query"],
|
|
139
|
+
});
|
|
140
|
+
this.private = this.server.db.collection({
|
|
141
|
+
name: "Volt.Server.Users.Private",
|
|
142
|
+
indexes: ["uid", "query"],
|
|
143
|
+
});
|
|
144
|
+
}
|
|
145
|
+
// ---------------------------------------------------------
|
|
146
|
+
// Utils.
|
|
147
|
+
// ---------------------------------------------------------
|
|
148
|
+
/** Generate a code. */
|
|
149
|
+
_generate_code(length = 6) {
|
|
150
|
+
const charset = "0123456789";
|
|
151
|
+
let out = "";
|
|
152
|
+
for (let i = 0; i < length; i++)
|
|
153
|
+
out += charset[crypto.randomInt(charset.length)];
|
|
154
|
+
return out;
|
|
155
|
+
}
|
|
156
|
+
/**
|
|
157
|
+
* Generate a crypto str.
|
|
158
|
+
* @warning ENSURE this does not add `_` to the charset, as this is used as a delimiter for tokens/api keys.
|
|
159
|
+
*/
|
|
160
|
+
_generate_crypto_str(length = 32, charset) {
|
|
161
|
+
let out = "";
|
|
162
|
+
for (let i = 0; i < length; i++)
|
|
163
|
+
out += charset[crypto.randomInt(charset.length)];
|
|
164
|
+
return out;
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* Derive a key with the async `crypto.scrypt` to avoid blocking the event loop.
|
|
168
|
+
* Using the sync variant is CPU-bound and can stall Node’s main thread, enabling
|
|
169
|
+
* trivial DoS via many concurrent hash ops. The async call runs in libuv’s
|
|
170
|
+
* thread pool, preserving responsiveness under load with the same security.
|
|
171
|
+
*
|
|
172
|
+
* @param password - Secret/password or input buffer.
|
|
173
|
+
* @param salt - Per-secret random salt.
|
|
174
|
+
* @param keylen - Desired key length in bytes (default 64).
|
|
175
|
+
* @returns Promise resolving to the derived key buffer.
|
|
176
|
+
*/
|
|
177
|
+
_crypto_scrypt(password, salt, keylen = 64) {
|
|
178
|
+
return new Promise((res, rej) => crypto.scrypt(password, salt, keylen, (e, dk) => (e ? rej(e) : res(dk))));
|
|
179
|
+
}
|
|
180
|
+
/** Hash a password. */
|
|
181
|
+
async _hash_password(plain) {
|
|
182
|
+
const salt = crypto.randomBytes(16);
|
|
183
|
+
const hash = await this._crypto_scrypt(plain, salt, 64);
|
|
184
|
+
return `${salt.toString("hex")}:${hash.toString("hex")}`;
|
|
185
|
+
}
|
|
186
|
+
/** Verify a plain password vs stored hashed password. */
|
|
187
|
+
async _verify_password(plain, stored) {
|
|
188
|
+
const [saltHex, hashHex] = stored.split(":");
|
|
189
|
+
const salt = Buffer.from(saltHex, "hex");
|
|
190
|
+
const expected = Buffer.from(hashHex, "hex");
|
|
191
|
+
const actual = await this._crypto_scrypt(plain, salt, expected.length);
|
|
192
|
+
return crypto.timingSafeEqual(actual, expected);
|
|
193
|
+
}
|
|
194
|
+
/** Generate a unique user ID. */
|
|
195
|
+
async _generate_uid() {
|
|
196
|
+
let attempts = 0;
|
|
197
|
+
const max_attempts = 10_000;
|
|
198
|
+
while (attempts < max_attempts) {
|
|
199
|
+
const uid = this._generate_crypto_str(Users.UID_LENGTH, Users.UID_CHARSET);
|
|
200
|
+
if ((await this.uid_exists(uid)) === false)
|
|
201
|
+
return uid;
|
|
202
|
+
attempts++;
|
|
203
|
+
}
|
|
204
|
+
throw new Error("Failed to generate a unique uid after maximum attempts.");
|
|
205
|
+
}
|
|
206
|
+
/** Generate an API key. Format: `ak_<uid>_<suffix>` */
|
|
207
|
+
_generate_api_key(uid) {
|
|
208
|
+
/**
|
|
209
|
+
* @warning Do not change the `ak_` prefix or `_` delimiters.
|
|
210
|
+
* If you change suffix length/charset, update:
|
|
211
|
+
* - {@link Users.TOKEN_SUFFIX_LEN} / {@link Users.LEGACY_TOKEN_SUFFIX_LENS}
|
|
212
|
+
* - {@link Users.TOKEN_SUFFIX_CHARSET}
|
|
213
|
+
* - {@link _parse_uid_from_token_api_key}
|
|
214
|
+
*/
|
|
215
|
+
return `ak_${uid}_${this._generate_crypto_str(Users.TOKEN_SUFFIX_LEN, Users.TOKEN_SUFFIX_CHARSET)}`;
|
|
216
|
+
}
|
|
217
|
+
/** Generate a token. Format: `tk_<uid>_<suffix>` */
|
|
218
|
+
_generate_token(uid) {
|
|
219
|
+
/**
|
|
220
|
+
* @warning Do not change the `tk_` prefix or `_` delimiters.
|
|
221
|
+
* Keep the parser and constants in sync if you rotate length/charset.
|
|
222
|
+
*/
|
|
223
|
+
return `tk_${uid}_${this._generate_crypto_str(Users.TOKEN_SUFFIX_LEN, Users.TOKEN_SUFFIX_CHARSET)}`;
|
|
224
|
+
}
|
|
225
|
+
/**
|
|
226
|
+
* Parse the uid from `<prefix>_<uid>_<suffix>`, where prefix is `ak_` or `tk_`,
|
|
227
|
+
* `<uid>` passes {@link Users.is_valid_uid}, and `<suffix>`:
|
|
228
|
+
* - length equals {@link Users.TOKEN_SUFFIX_LEN} or a legacy size; and
|
|
229
|
+
* - every char is in {@link Users.TOKEN_SUFFIX_CHARSET} (ASCII).
|
|
230
|
+
*
|
|
231
|
+
* @warning If you change suffix length, add old sizes to
|
|
232
|
+
* {@link Users.LEGACY_TOKEN_SUFFIX_LENS}. If you change charset, update
|
|
233
|
+
* {@link Users.TOKEN_SUFFIX_CHARSET} (this table rebuilds automatically).
|
|
234
|
+
* If you change delimiters/prefixes, update this and the generators together.
|
|
235
|
+
*/
|
|
236
|
+
_parse_uid_from_token_api_key(input, expected_prefix) {
|
|
237
|
+
if (typeof input !== "string" || !input.startsWith(expected_prefix))
|
|
238
|
+
return undefined;
|
|
239
|
+
const pfxLen = expected_prefix.length; // 3
|
|
240
|
+
const delimPos = input.indexOf("_", pfxLen);
|
|
241
|
+
if (delimPos === -1)
|
|
242
|
+
return undefined;
|
|
243
|
+
const uid = input.slice(pfxLen, delimPos);
|
|
244
|
+
if (uid.length === 0 || !this.is_valid_uid(uid))
|
|
245
|
+
return undefined;
|
|
246
|
+
const suffix = input.slice(delimPos + 1);
|
|
247
|
+
const slen = suffix.length; // ASCII-only assumption
|
|
248
|
+
if (slen !== Users.TOKEN_SUFFIX_LEN) {
|
|
249
|
+
let ok = false;
|
|
250
|
+
for (let i = 0; i < Users.LEGACY_TOKEN_SUFFIX_LENS.length; i++) {
|
|
251
|
+
if (slen === Users.LEGACY_TOKEN_SUFFIX_LENS[i]) {
|
|
252
|
+
ok = true;
|
|
253
|
+
break;
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
if (!ok)
|
|
257
|
+
return undefined;
|
|
258
|
+
}
|
|
259
|
+
const allow = Users.TOKEN_SUFFIX_ALLOW;
|
|
260
|
+
for (let i = 0; i < slen; i++) {
|
|
261
|
+
const code = suffix.charCodeAt(i);
|
|
262
|
+
if (code >= 128 || allow[code] === 0)
|
|
263
|
+
return undefined;
|
|
264
|
+
}
|
|
265
|
+
return uid;
|
|
266
|
+
}
|
|
267
|
+
/**
|
|
268
|
+
* Validate a proposed new password against basic rules and confirmation.
|
|
269
|
+
* @param pass The new password to validate.
|
|
270
|
+
* @param verify_pass The repeated password to confirm.
|
|
271
|
+
* @returns An object with optional error message and invalid_fields mapping.
|
|
272
|
+
*/
|
|
273
|
+
_verify_new_pass(pass, verify_pass) {
|
|
274
|
+
let error = undefined;
|
|
275
|
+
if (pass !== verify_pass) {
|
|
276
|
+
error = "Passwords do not match.";
|
|
277
|
+
}
|
|
278
|
+
else if (pass.length < 8) {
|
|
279
|
+
error = "The password should at least include eight characters.";
|
|
280
|
+
}
|
|
281
|
+
else if (pass.toLowerCase() === pass) {
|
|
282
|
+
error = "The password should at least include one capital letter.";
|
|
283
|
+
}
|
|
284
|
+
else if (!/\d|[!@#$%^&*]/.test(pass)) {
|
|
285
|
+
error = "The password should at least include one numeric or special character.";
|
|
286
|
+
}
|
|
287
|
+
if (error) {
|
|
288
|
+
return { error, invalid_fields: { password: error, verify_password: error } };
|
|
289
|
+
}
|
|
290
|
+
else {
|
|
291
|
+
return { error: undefined, invalid_fields: undefined };
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
// ---------------------------------------------------------
|
|
295
|
+
// Authentication (private).
|
|
296
|
+
// ---------------------------------------------------------
|
|
297
|
+
/**
|
|
298
|
+
* Generate and persist a new auth token for the given uid.
|
|
299
|
+
* @param uid The user ID.
|
|
300
|
+
* @returns The plaintext token string.
|
|
301
|
+
*/
|
|
302
|
+
async _create_token(uid) {
|
|
303
|
+
// @todo create uid & type index.
|
|
304
|
+
const token = this._generate_token(uid);
|
|
305
|
+
await this._tokens_db.set({ uid }, {
|
|
306
|
+
expiration: Date.now() + this.token_expiration * 1000,
|
|
307
|
+
token: await this._hash_password(token),
|
|
308
|
+
active: true,
|
|
309
|
+
});
|
|
310
|
+
return token;
|
|
311
|
+
}
|
|
312
|
+
/**
|
|
313
|
+
* Deactivate the current token for the given uid.
|
|
314
|
+
* @param uid The user ID.
|
|
315
|
+
*/
|
|
316
|
+
async _deactivate_token(uid) {
|
|
317
|
+
await this._tokens_db.set({ uid }, { active: false });
|
|
318
|
+
}
|
|
319
|
+
/**
|
|
320
|
+
* Create and store a short-lived 2FA token (code).
|
|
321
|
+
* @param uid_or_email The uid or email key used for the 2FA record.
|
|
322
|
+
* @param expiration Expiration in seconds from now.
|
|
323
|
+
* @returns The generated 2FA code.
|
|
324
|
+
*/
|
|
325
|
+
async _create_2fa_token(uid_or_email, expiration) {
|
|
326
|
+
const code = this._generate_code(6);
|
|
327
|
+
await this._2fa_tokens_db.set({ uid: uid_or_email }, {
|
|
328
|
+
expiration: Date.now() + expiration * 1000,
|
|
329
|
+
code: code,
|
|
330
|
+
active: true,
|
|
331
|
+
});
|
|
332
|
+
return code;
|
|
333
|
+
}
|
|
334
|
+
/**
|
|
335
|
+
* Deactivate a stored 2FA token by uid/email key.
|
|
336
|
+
* @param uid_or_email The uid or email key used for the 2FA record.
|
|
337
|
+
*/
|
|
338
|
+
async _deactivate_2fa_token(uid_or_email) {
|
|
339
|
+
await this._2fa_tokens_db.set({ uid: uid_or_email }, { active: false });
|
|
340
|
+
}
|
|
341
|
+
/**
|
|
342
|
+
* Perform authentication on a request.
|
|
343
|
+
* @returns An object on refusal, undefined on success.
|
|
344
|
+
*/
|
|
345
|
+
async _authenticate(stream) {
|
|
346
|
+
const authorization = stream.headers["authorization"];
|
|
347
|
+
if (authorization !== undefined) {
|
|
348
|
+
if (typeof authorization !== "string") {
|
|
349
|
+
return {
|
|
350
|
+
status: Status.bad_request,
|
|
351
|
+
data: "Invalid authorization header.",
|
|
352
|
+
};
|
|
353
|
+
}
|
|
354
|
+
const match = authorization.match(/^Bearer\s+(\S+)$/i);
|
|
355
|
+
if (!match) {
|
|
356
|
+
return {
|
|
357
|
+
status: Status.bad_request,
|
|
358
|
+
data: "Invalid authorization scheme, the authorization scheme must be \"Bearer\".",
|
|
359
|
+
};
|
|
360
|
+
}
|
|
361
|
+
const api_key = match[1];
|
|
362
|
+
const uid = this.get_uid_by_api_key(api_key);
|
|
363
|
+
if (!uid) {
|
|
364
|
+
return { status: Status.unauthorized, data: "Unauthorized." };
|
|
365
|
+
}
|
|
366
|
+
if ((await this.verify_api_key_by_uid(uid, api_key)) !== true) {
|
|
367
|
+
return {
|
|
368
|
+
status: Status.unauthorized,
|
|
369
|
+
data: "Unauthorized.",
|
|
370
|
+
};
|
|
371
|
+
}
|
|
372
|
+
stream.uid = uid;
|
|
373
|
+
return;
|
|
374
|
+
}
|
|
375
|
+
else {
|
|
376
|
+
if (stream.cookies.T == null || stream.cookies.T.value == null) {
|
|
377
|
+
return {
|
|
378
|
+
status: 302,
|
|
379
|
+
headers: { Location: `/signin?next=${encodeURIComponent(stream.endpoint)}` },
|
|
380
|
+
data: "Permission denied.",
|
|
381
|
+
};
|
|
382
|
+
}
|
|
383
|
+
const token = stream.cookies.T.value;
|
|
384
|
+
const uid = this.get_uid_by_token(token);
|
|
385
|
+
if (!uid) {
|
|
386
|
+
return {
|
|
387
|
+
status: 302,
|
|
388
|
+
headers: { Location: `/signin?next=${encodeURIComponent(stream.endpoint)}` },
|
|
389
|
+
data: "Permission denied.",
|
|
390
|
+
};
|
|
391
|
+
}
|
|
392
|
+
if ((await this.verify_token_by_uid(uid, token)) !== true) {
|
|
393
|
+
return {
|
|
394
|
+
status: 302,
|
|
395
|
+
headers: { Location: `/signin?next=${encodeURIComponent(stream.endpoint)}` },
|
|
396
|
+
data: "Permission denied.",
|
|
397
|
+
};
|
|
398
|
+
}
|
|
399
|
+
stream.uid = uid;
|
|
400
|
+
return;
|
|
401
|
+
}
|
|
402
|
+
}
|
|
403
|
+
/**
|
|
404
|
+
* Sign a user in, set cookies, and optionally send the success response.
|
|
405
|
+
* @param stream The request stream.
|
|
406
|
+
* @param uid The authenticated user's ID.
|
|
407
|
+
* @param opts Optional settings (e.g., send: false to skip sending the response).
|
|
408
|
+
*/
|
|
409
|
+
async _sign_in_response(stream, uid, opts) {
|
|
410
|
+
// Generate token.
|
|
411
|
+
const token = await this._create_token(uid);
|
|
412
|
+
// Create headers.
|
|
413
|
+
this._create_token_cookie(stream, token);
|
|
414
|
+
await this._create_user_cookie(stream, uid);
|
|
415
|
+
await this._create_detailed_user_cookie(stream, uid);
|
|
416
|
+
// Response.
|
|
417
|
+
if (opts?.send !== false) {
|
|
418
|
+
stream.send({
|
|
419
|
+
status: 200,
|
|
420
|
+
data: { message: "Successfully signed in." },
|
|
421
|
+
});
|
|
422
|
+
}
|
|
423
|
+
}
|
|
424
|
+
// ---------------------------------------------------------
|
|
425
|
+
// Cookies (private).
|
|
426
|
+
// ---------------------------------------------------------
|
|
427
|
+
/**
|
|
428
|
+
* Create the auth token cookie on the response.
|
|
429
|
+
* @param stream The request stream.
|
|
430
|
+
* @param token The token string or Token object.
|
|
431
|
+
*/
|
|
432
|
+
_create_token_cookie(stream, token) {
|
|
433
|
+
stream.set_header("Cache-Control", "max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate");
|
|
434
|
+
stream.set_header("Access-Control-Allow-Credentials", "true");
|
|
435
|
+
if (typeof token === "object") {
|
|
436
|
+
token = token.token;
|
|
437
|
+
}
|
|
438
|
+
const max_age = this.token_expiration; // seconds
|
|
439
|
+
const expires = new Date(Date.now() + max_age * 1000).toUTCString();
|
|
440
|
+
stream.set_cookie(`T=${encodeURIComponent(token ?? "")}; Max-Age=${max_age}; Path=/; Expires=${expires}; SameSite=Strict; Secure; HttpOnly;`);
|
|
441
|
+
}
|
|
442
|
+
/**
|
|
443
|
+
* Create user cookies (id and activation flag).
|
|
444
|
+
* @param stream The request stream.
|
|
445
|
+
* @param uid The user ID, or invalid to clear.
|
|
446
|
+
*/
|
|
447
|
+
async _create_user_cookie(stream, uid) {
|
|
448
|
+
if (typeof uid === "string") {
|
|
449
|
+
stream.set_cookie(`UserID=${encodeURIComponent(uid ?? "")}; Path=/; SameSite=Strict; Secure;`); // http only since we use this value for account activation without signin.
|
|
450
|
+
const is_activated = this.enable_account_activation ? await this.is_activated(uid) : true;
|
|
451
|
+
stream.set_cookie(`UserActivated=${is_activated}; Path=/; SameSite=Strict; Secure;`);
|
|
452
|
+
}
|
|
453
|
+
else {
|
|
454
|
+
stream.set_cookie(`UserID=-1; Path=/; SameSite=Strict; Secure;`); // http only since we use this value for account activation without signin.
|
|
455
|
+
const is_activated = this.enable_account_activation ? false : true;
|
|
456
|
+
stream.set_cookie(`UserActivated=${is_activated}; Path=/; SameSite=Strict; Secure;`);
|
|
457
|
+
}
|
|
458
|
+
}
|
|
459
|
+
/**
|
|
460
|
+
* Create non-HTTP-only cookies with detailed user info for the frontend.
|
|
461
|
+
* @param stream The request stream.
|
|
462
|
+
* @param uid The user ID.
|
|
463
|
+
*/
|
|
464
|
+
async _create_detailed_user_cookie(stream, uid) {
|
|
465
|
+
const user = await this.get(uid);
|
|
466
|
+
stream.set_cookie(`UserName=${encodeURIComponent(user.username ?? "")}; Path=/; SameSite=Strict; Secure;`);
|
|
467
|
+
stream.set_cookie(`UserFirstName=${encodeURIComponent(user.first_name ?? "")}; Path=/; SameSite=Strict; Secure;`);
|
|
468
|
+
stream.set_cookie(`UserLastName=${encodeURIComponent(user.last_name ?? "")}; Path=/; SameSite=Strict; Secure;`);
|
|
469
|
+
stream.set_cookie(`UserEmail=${encodeURIComponent(user.email ?? "")}; Path=/; SameSite=Strict; Secure;`);
|
|
470
|
+
}
|
|
471
|
+
/**
|
|
472
|
+
* Clear all default auth/user cookies.
|
|
473
|
+
* @param stream The request stream.
|
|
474
|
+
*/
|
|
475
|
+
_reset_cookies(stream) {
|
|
476
|
+
const past = "Thu, 01 Jan 1970 00:00:00 GMT";
|
|
477
|
+
stream.set_cookie(`T=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure; HttpOnly;`);
|
|
478
|
+
stream.set_cookie(`UserID=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure;`); // http only since we use this value for account activation without signin.
|
|
479
|
+
stream.set_cookie(`UserActivated=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure;`);
|
|
480
|
+
stream.set_cookie(`UserName=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure;`);
|
|
481
|
+
stream.set_cookie(`UserFirstName=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure;`);
|
|
482
|
+
stream.set_cookie(`UserLastName=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure;`);
|
|
483
|
+
stream.set_cookie(`UserEmail=; Max-Age=0; Path=/; Expires=${past}; SameSite=Strict; Secure;`);
|
|
484
|
+
}
|
|
485
|
+
// ---------------------------------------------------------
|
|
486
|
+
// Initialization (private).
|
|
487
|
+
// ---------------------------------------------------------
|
|
488
|
+
/**
|
|
489
|
+
* Initialize default authentication, user, and support endpoints.
|
|
490
|
+
*/
|
|
491
|
+
async _initialize() {
|
|
492
|
+
// ---------------------------------------------------------
|
|
493
|
+
// Default auth endpoints.
|
|
494
|
+
// Send 2fa.
|
|
495
|
+
this.server.endpoint({
|
|
496
|
+
method: "POST",
|
|
497
|
+
endpoint: "/volt/api/v1/auth/2fa",
|
|
498
|
+
content_type: "application/json",
|
|
499
|
+
rate_limit: "global",
|
|
500
|
+
params: {
|
|
501
|
+
email: "string",
|
|
502
|
+
},
|
|
503
|
+
callback: async (stream, params) => {
|
|
504
|
+
// Get uid.
|
|
505
|
+
let uid;
|
|
506
|
+
if ((uid = await this.get_uid_by_email(params.email)) == null) {
|
|
507
|
+
return stream.success({
|
|
508
|
+
data: { message: "A 2FA code was sent if the specified email exists." },
|
|
509
|
+
});
|
|
510
|
+
}
|
|
511
|
+
// Send.
|
|
512
|
+
await this.send_2fa({ uid: uid, stream });
|
|
513
|
+
return stream.success({
|
|
514
|
+
data: { message: "A 2FA code was sent if the specified email exists." },
|
|
515
|
+
});
|
|
516
|
+
}
|
|
517
|
+
});
|
|
518
|
+
// Sign in.
|
|
519
|
+
this.server.endpoint({
|
|
520
|
+
method: "POST",
|
|
521
|
+
endpoint: "/volt/api/v1/auth/signin",
|
|
522
|
+
content_type: "application/json",
|
|
523
|
+
rate_limit: {
|
|
524
|
+
limit: 10,
|
|
525
|
+
interval: 60,
|
|
526
|
+
group: "volt.auth"
|
|
527
|
+
},
|
|
528
|
+
callback: async (stream) => {
|
|
529
|
+
// console.log("signin 1")
|
|
530
|
+
// Uniform delay on failure.
|
|
531
|
+
// Basically wait for the same time as it would time on avg to send a mail, since this causes a very slow response.
|
|
532
|
+
const uniform_delay = async () => {
|
|
533
|
+
if (this.avg_send_2fa_time.length >= 10) {
|
|
534
|
+
const sorted = [...this.avg_send_2fa_time].sort((a, b) => a - b);
|
|
535
|
+
const mid = Math.floor(sorted.length / 2);
|
|
536
|
+
const median = (sorted.length % 2 === 0)
|
|
537
|
+
? Math.floor((sorted[mid - 1] + sorted[mid]) / 2)
|
|
538
|
+
: sorted[mid];
|
|
539
|
+
await new Promise(res => setTimeout(res, median));
|
|
540
|
+
}
|
|
541
|
+
};
|
|
542
|
+
// Get params.
|
|
543
|
+
let email, email_err, username, username_err, password, uid, code;
|
|
544
|
+
try {
|
|
545
|
+
email = stream.param("email");
|
|
546
|
+
}
|
|
547
|
+
catch (err) {
|
|
548
|
+
email_err = err;
|
|
549
|
+
}
|
|
550
|
+
try {
|
|
551
|
+
username = stream.param("username");
|
|
552
|
+
}
|
|
553
|
+
catch (err) {
|
|
554
|
+
username_err = err;
|
|
555
|
+
}
|
|
556
|
+
if (email_err && username_err) {
|
|
557
|
+
await uniform_delay();
|
|
558
|
+
return stream.error({
|
|
559
|
+
status: Status.bad_request,
|
|
560
|
+
type: "InvalidParams",
|
|
561
|
+
message: email_err.message,
|
|
562
|
+
});
|
|
563
|
+
}
|
|
564
|
+
try {
|
|
565
|
+
password = stream.param("password");
|
|
566
|
+
}
|
|
567
|
+
catch (err) {
|
|
568
|
+
await uniform_delay();
|
|
569
|
+
return stream.error({
|
|
570
|
+
status: Status.bad_request,
|
|
571
|
+
type: "InvalidParams",
|
|
572
|
+
message: err.message,
|
|
573
|
+
});
|
|
574
|
+
}
|
|
575
|
+
// console.log("signin 2", { email, username })
|
|
576
|
+
// Revert email to username etc.
|
|
577
|
+
if (email && email.indexOf("@") === -1) {
|
|
578
|
+
username = email;
|
|
579
|
+
email = undefined;
|
|
580
|
+
}
|
|
581
|
+
else if (username && username.indexOf("@") !== -1) {
|
|
582
|
+
email = username;
|
|
583
|
+
username = undefined;
|
|
584
|
+
}
|
|
585
|
+
// Get uid.
|
|
586
|
+
// console.log("signin 3" ,{ email, username })
|
|
587
|
+
if (email) {
|
|
588
|
+
if ((uid = await this.get_uid_by_email(email)) == null) {
|
|
589
|
+
await uniform_delay();
|
|
590
|
+
return stream.error({
|
|
591
|
+
status: Status.unauthorized,
|
|
592
|
+
type: "Unauthorized",
|
|
593
|
+
message: "Unauthorized.",
|
|
594
|
+
invalid_fields: {
|
|
595
|
+
"email": "Invalid or unrecognized email",
|
|
596
|
+
"password": "Invalid or unrecognized password",
|
|
597
|
+
},
|
|
598
|
+
});
|
|
599
|
+
}
|
|
600
|
+
}
|
|
601
|
+
else if (username) {
|
|
602
|
+
if ((uid = await this.get_uid(username)) == null) {
|
|
603
|
+
await uniform_delay();
|
|
604
|
+
return stream.error({
|
|
605
|
+
status: Status.unauthorized,
|
|
606
|
+
type: "Unauthorized",
|
|
607
|
+
message: "Unauthorized.",
|
|
608
|
+
invalid_fields: {
|
|
609
|
+
"username": "Invalid or unrecognized username",
|
|
610
|
+
"password": "Invalid or unrecognized password",
|
|
611
|
+
},
|
|
612
|
+
});
|
|
613
|
+
}
|
|
614
|
+
}
|
|
615
|
+
else {
|
|
616
|
+
await uniform_delay();
|
|
617
|
+
return stream.error({
|
|
618
|
+
status: Status.unauthorized,
|
|
619
|
+
type: "Unauthorized",
|
|
620
|
+
message: "Unauthorized.",
|
|
621
|
+
invalid_fields: {
|
|
622
|
+
"username": "Invalid or unrecognized username",
|
|
623
|
+
"password": "Invalid or unrecognized password",
|
|
624
|
+
},
|
|
625
|
+
});
|
|
626
|
+
}
|
|
627
|
+
// Verify password.
|
|
628
|
+
if (await this.verify_password(uid, password)) {
|
|
629
|
+
// Verify 2fa.
|
|
630
|
+
if (this.enable_2fa) {
|
|
631
|
+
// Get 2FA.
|
|
632
|
+
try {
|
|
633
|
+
code = stream.param("code");
|
|
634
|
+
}
|
|
635
|
+
catch (err) {
|
|
636
|
+
// Send 2fa and add to avg time tracking.
|
|
637
|
+
const start_time = Date.now();
|
|
638
|
+
await this.send_2fa({ uid: uid, stream });
|
|
639
|
+
// Add to avg time tracking.
|
|
640
|
+
if (this.avg_send_2fa_time.length >= 10000) {
|
|
641
|
+
this.avg_send_2fa_time.shift();
|
|
642
|
+
}
|
|
643
|
+
this.avg_send_2fa_time.push(Date.now() - start_time);
|
|
644
|
+
// Send error.
|
|
645
|
+
return stream.error({
|
|
646
|
+
status: Status.two_factor_auth_required,
|
|
647
|
+
message: "2FA required.",
|
|
648
|
+
type: "2FARequired",
|
|
649
|
+
data: { error: "2FA required." }
|
|
650
|
+
});
|
|
651
|
+
}
|
|
652
|
+
// Verify 2FA.
|
|
653
|
+
const err = await this.verify_2fa(uid, code);
|
|
654
|
+
if (err) {
|
|
655
|
+
return stream.error({
|
|
656
|
+
status: Status.unauthorized,
|
|
657
|
+
message: "Invalid 2FA code.",
|
|
658
|
+
type: "Invalid2FACode",
|
|
659
|
+
invalid_fields: {
|
|
660
|
+
"code": err,
|
|
661
|
+
},
|
|
662
|
+
});
|
|
663
|
+
}
|
|
664
|
+
}
|
|
665
|
+
// Sign in.
|
|
666
|
+
return await this._sign_in_response(stream, uid);
|
|
667
|
+
}
|
|
668
|
+
// console.log("singin 4 failed password");
|
|
669
|
+
// Wait for the same time as it would time on avg to send a mail.
|
|
670
|
+
await uniform_delay();
|
|
671
|
+
// Unauthorized.
|
|
672
|
+
return stream.error({
|
|
673
|
+
status: Status.unauthorized,
|
|
674
|
+
type: "Unauthorized",
|
|
675
|
+
message: "Unauthorized.",
|
|
676
|
+
invalid_fields: {
|
|
677
|
+
"username": "Invalid or unrecognized username",
|
|
678
|
+
"password": "Invalid or unrecognized password",
|
|
679
|
+
}
|
|
680
|
+
});
|
|
681
|
+
}
|
|
682
|
+
});
|
|
683
|
+
// Sign out.
|
|
684
|
+
this.server.endpoint({
|
|
685
|
+
method: "POST",
|
|
686
|
+
endpoint: "/volt/api/v1/auth/signout",
|
|
687
|
+
content_type: "application/json",
|
|
688
|
+
authenticated: true,
|
|
689
|
+
rate_limit: "global",
|
|
690
|
+
callback: async (stream) => {
|
|
691
|
+
// Delete token.
|
|
692
|
+
await this._deactivate_token(stream.uid);
|
|
693
|
+
// Create headers.
|
|
694
|
+
this._reset_cookies(stream);
|
|
695
|
+
// Response.
|
|
696
|
+
return stream.success({
|
|
697
|
+
data: { message: "Successfully signed out." },
|
|
698
|
+
});
|
|
699
|
+
}
|
|
700
|
+
});
|
|
701
|
+
// Sign up.
|
|
702
|
+
this.server.endpoint({
|
|
703
|
+
method: "POST",
|
|
704
|
+
endpoint: "/volt/api/v1/auth/signup",
|
|
705
|
+
content_type: "application/json",
|
|
706
|
+
rate_limit: [
|
|
707
|
+
"global",
|
|
708
|
+
{ limit: 5, interval: 60 * 10, group: "volt/Users/signup" }
|
|
709
|
+
],
|
|
710
|
+
params: {
|
|
711
|
+
username: { type: "string", allow_empty: false },
|
|
712
|
+
first_name: { type: "string", allow_empty: false },
|
|
713
|
+
last_name: { type: "string", allow_empty: false },
|
|
714
|
+
email: { type: "string", allow_empty: false },
|
|
715
|
+
password: { type: "string", allow_empty: false },
|
|
716
|
+
verify_password: { type: "string", allow_empty: false },
|
|
717
|
+
phone_number: { type: "string", required: false },
|
|
718
|
+
code: { type: "string", required: false },
|
|
719
|
+
},
|
|
720
|
+
callback: async (stream, params) => {
|
|
721
|
+
console.log("signup 1", params);
|
|
722
|
+
// Verify password.
|
|
723
|
+
const { error, invalid_fields } = this._verify_new_pass(params.password, params.verify_password);
|
|
724
|
+
if (error) {
|
|
725
|
+
return stream.error({
|
|
726
|
+
status: Status.bad_request,
|
|
727
|
+
type: "InvalidParams",
|
|
728
|
+
message: error,
|
|
729
|
+
invalid_fields: invalid_fields ?? undefined,
|
|
730
|
+
});
|
|
731
|
+
}
|
|
732
|
+
// Verify username and email.
|
|
733
|
+
if (await this.username_exists(params.username)) {
|
|
734
|
+
throw new ExternalError({
|
|
735
|
+
type: "UsernameAlreadyExists",
|
|
736
|
+
message: `Username "${params.username}" is already registered.`,
|
|
737
|
+
status: Status.bad_request,
|
|
738
|
+
invalid_fields: { "username": "Username is already registered" },
|
|
739
|
+
});
|
|
740
|
+
}
|
|
741
|
+
if (await this.email_exists(params.email)) {
|
|
742
|
+
throw new ExternalError({
|
|
743
|
+
type: "EmailAlreadyExists",
|
|
744
|
+
message: `Email "${params.email}" is already registered.`,
|
|
745
|
+
status: Status.bad_request,
|
|
746
|
+
invalid_fields: { "email": "Email is already registered" }
|
|
747
|
+
});
|
|
748
|
+
}
|
|
749
|
+
// Verify 2fa.
|
|
750
|
+
if (this.enable_2fa) {
|
|
751
|
+
// Send 2FA.
|
|
752
|
+
if (params.code == null || params.code == "") {
|
|
753
|
+
// Send 2fa and add to avg time tracking.
|
|
754
|
+
const start_time = Date.now();
|
|
755
|
+
await this.send_2fa({
|
|
756
|
+
_email: params.email,
|
|
757
|
+
_username: params.username,
|
|
758
|
+
stream,
|
|
759
|
+
uid: undefined, // keep uid required param but use _email sys arg here.
|
|
760
|
+
});
|
|
761
|
+
// Add to avg time tracking.
|
|
762
|
+
if (this.avg_send_2fa_time.length >= 10000) {
|
|
763
|
+
this.avg_send_2fa_time.shift();
|
|
764
|
+
}
|
|
765
|
+
this.avg_send_2fa_time.push(Date.now() - start_time);
|
|
766
|
+
// Send error.
|
|
767
|
+
return stream.error({
|
|
768
|
+
status: Status.two_factor_auth_required,
|
|
769
|
+
message: "2FA required.",
|
|
770
|
+
type: "TwoFactorAuthRequired",
|
|
771
|
+
});
|
|
772
|
+
}
|
|
773
|
+
// Verify 2FA.
|
|
774
|
+
const err = await this.verify_2fa(params.email, params.code);
|
|
775
|
+
if (err) {
|
|
776
|
+
return stream.error({
|
|
777
|
+
status: Status.unauthorized,
|
|
778
|
+
type: "Invalid2FACode",
|
|
779
|
+
message: "Invalid 2FA code.",
|
|
780
|
+
invalid_fields: {
|
|
781
|
+
"code": err,
|
|
782
|
+
},
|
|
783
|
+
});
|
|
784
|
+
}
|
|
785
|
+
}
|
|
786
|
+
// Create.
|
|
787
|
+
let uid;
|
|
788
|
+
try {
|
|
789
|
+
uid = await this.create({
|
|
790
|
+
// dont unpack params since we are performing param validation inside create().
|
|
791
|
+
first_name: params.first_name,
|
|
792
|
+
last_name: params.last_name,
|
|
793
|
+
username: params.username,
|
|
794
|
+
email: params.email,
|
|
795
|
+
password: params.password,
|
|
796
|
+
verify_password: params.verify_password,
|
|
797
|
+
phone_number: params.phone_number,
|
|
798
|
+
is_activated: true, // already verified by 2fa or no 2fa is enabled.
|
|
799
|
+
_check_username_email: false, // already checked.
|
|
800
|
+
});
|
|
801
|
+
}
|
|
802
|
+
catch (err) {
|
|
803
|
+
return stream.error({
|
|
804
|
+
status: Status.bad_request,
|
|
805
|
+
type: "InvalidParams",
|
|
806
|
+
message: err.message,
|
|
807
|
+
invalid_fields: err.invalid_fields || {},
|
|
808
|
+
});
|
|
809
|
+
}
|
|
810
|
+
// Sign in.
|
|
811
|
+
return await this._sign_in_response(stream, uid);
|
|
812
|
+
}
|
|
813
|
+
});
|
|
814
|
+
// Activate account.
|
|
815
|
+
this.server.endpoint({
|
|
816
|
+
method: "POST",
|
|
817
|
+
endpoint: "/volt/api/v1/auth/activate",
|
|
818
|
+
content_type: "application/json",
|
|
819
|
+
rate_limit: "global",
|
|
820
|
+
params: {
|
|
821
|
+
code: "string",
|
|
822
|
+
},
|
|
823
|
+
callback: async (stream, params) => {
|
|
824
|
+
// Vars.
|
|
825
|
+
let uid = stream.uid;
|
|
826
|
+
// Get uid by cookie.
|
|
827
|
+
if (uid == null) {
|
|
828
|
+
uid = stream.cookies.UserID?.value; // ensure cookie is http-only since we rely on this for account activation before signin after signup.
|
|
829
|
+
if (!uid || uid === "null" || uid === "undefined" || uid === "-1") {
|
|
830
|
+
uid = undefined;
|
|
831
|
+
}
|
|
832
|
+
}
|
|
833
|
+
// Check uid.
|
|
834
|
+
if (uid == null) {
|
|
835
|
+
return stream.error({ status: Status.forbidden, message: "Permission denied." });
|
|
836
|
+
}
|
|
837
|
+
// Verify.
|
|
838
|
+
const err = await this.verify_2fa(uid, params.code);
|
|
839
|
+
if (err) {
|
|
840
|
+
return stream.error({
|
|
841
|
+
status: Status.forbidden,
|
|
842
|
+
message: "Permission denied.",
|
|
843
|
+
invalid_fields: {
|
|
844
|
+
"code": err,
|
|
845
|
+
},
|
|
846
|
+
});
|
|
847
|
+
}
|
|
848
|
+
// Set activated.
|
|
849
|
+
await this.set_activated(uid, true);
|
|
850
|
+
// Response.
|
|
851
|
+
await this._create_user_cookie(stream, uid);
|
|
852
|
+
return stream.success({ data: { message: "Successfully activated your account." } });
|
|
853
|
+
}
|
|
854
|
+
});
|
|
855
|
+
// Forgot password.
|
|
856
|
+
this.server.endpoint({
|
|
857
|
+
method: "POST",
|
|
858
|
+
endpoint: "/volt/api/v1/auth/forgot_password",
|
|
859
|
+
content_type: "application/json",
|
|
860
|
+
rate_limit: "global",
|
|
861
|
+
params: {
|
|
862
|
+
email: { type: "string", allow_empty: false },
|
|
863
|
+
code: { type: "string", allow_empty: false },
|
|
864
|
+
password: { type: "string", allow_empty: false },
|
|
865
|
+
verify_password: { type: "string", allow_empty: false },
|
|
866
|
+
},
|
|
867
|
+
callback: async (stream, params) => {
|
|
868
|
+
// Verify password.
|
|
869
|
+
const { error, invalid_fields } = this._verify_new_pass(params.password, params.verify_password);
|
|
870
|
+
if (error) {
|
|
871
|
+
return stream.error({
|
|
872
|
+
status: Status.bad_request,
|
|
873
|
+
message: error,
|
|
874
|
+
invalid_fields: invalid_fields ?? undefined,
|
|
875
|
+
});
|
|
876
|
+
}
|
|
877
|
+
// Get uid.
|
|
878
|
+
let uid;
|
|
879
|
+
if ((uid = await this.get_uid_by_email(params.email)) == null) {
|
|
880
|
+
return stream.error({ status: Status.forbidden, message: "Invalid email." });
|
|
881
|
+
}
|
|
882
|
+
// Verify 2fa.
|
|
883
|
+
const err = await this.verify_2fa(uid, params.code);
|
|
884
|
+
if (err) {
|
|
885
|
+
return stream.error({
|
|
886
|
+
status: Status.forbidden,
|
|
887
|
+
message: "Invalid 2FA code.",
|
|
888
|
+
invalid_fields: {
|
|
889
|
+
"code": "Invalid code"
|
|
890
|
+
},
|
|
891
|
+
});
|
|
892
|
+
}
|
|
893
|
+
// Set password.
|
|
894
|
+
await this.set_password(uid, params.password);
|
|
895
|
+
// Sign in.
|
|
896
|
+
return await this._sign_in_response(stream, uid);
|
|
897
|
+
}
|
|
898
|
+
});
|
|
899
|
+
// ---------------------------------------------------------
|
|
900
|
+
// Default user endpoints.
|
|
901
|
+
// Get user.
|
|
902
|
+
this.server.endpoint({
|
|
903
|
+
method: "GET",
|
|
904
|
+
endpoint: "/volt/api/v1/user",
|
|
905
|
+
content_type: "application/json",
|
|
906
|
+
authenticated: true,
|
|
907
|
+
rate_limit: "global",
|
|
908
|
+
params: {
|
|
909
|
+
// detailed: { type: "boolean", default: false },
|
|
910
|
+
},
|
|
911
|
+
callback: async (stream) => {
|
|
912
|
+
const user = await this.get(stream.uid);
|
|
913
|
+
// Mask sensitive data.
|
|
914
|
+
if (user.password) {
|
|
915
|
+
user.password = "*".repeat(user.password.length);
|
|
916
|
+
}
|
|
917
|
+
if (user.api_key) {
|
|
918
|
+
user.api_key = "*".repeat(user.api_key.length);
|
|
919
|
+
}
|
|
920
|
+
// Ensure string type for frontend scheme.
|
|
921
|
+
user.first_name ??= "";
|
|
922
|
+
user.last_name ??= "";
|
|
923
|
+
user.username ??= "";
|
|
924
|
+
user.email ??= "";
|
|
925
|
+
user.password ??= "";
|
|
926
|
+
// user.phone_number ??= ""; // its optional in response interface.
|
|
927
|
+
// user.api_key ??= ""; // its optional in response interface.
|
|
928
|
+
user.support_pin ??= "";
|
|
929
|
+
const frontend = {
|
|
930
|
+
uid: user.uid,
|
|
931
|
+
username: user.username ?? "",
|
|
932
|
+
first_name: user.first_name ?? "",
|
|
933
|
+
last_name: user.last_name ?? "",
|
|
934
|
+
email: user.email ?? "",
|
|
935
|
+
phone_number: user.phone_number, // optional
|
|
936
|
+
created_at: user.created_at,
|
|
937
|
+
support_pin: user.support_pin ?? "",
|
|
938
|
+
is_activated: user.is_activated === true,
|
|
939
|
+
has_api_key: Boolean(user.api_key),
|
|
940
|
+
};
|
|
941
|
+
return stream.success({ data: frontend });
|
|
942
|
+
}
|
|
943
|
+
});
|
|
944
|
+
// Set user.
|
|
945
|
+
this.server.endpoint({
|
|
946
|
+
method: "POST",
|
|
947
|
+
endpoint: "/volt/api/v1/user",
|
|
948
|
+
content_type: "application/json",
|
|
949
|
+
authenticated: true,
|
|
950
|
+
rate_limit: "global",
|
|
951
|
+
params: {
|
|
952
|
+
first_name: { type: "string", required: false, allow_empty: false },
|
|
953
|
+
last_name: { type: "string", required: false, allow_empty: false },
|
|
954
|
+
phone_number: { type: "string", required: false, allow_empty: false },
|
|
955
|
+
// is_activated:{ type: "boolean", required: false },
|
|
956
|
+
// password:{ type: "string", required: false }, // dont allow password.
|
|
957
|
+
username: { type: "string", required: false, allow_empty: false },
|
|
958
|
+
email: { type: "string", required: false, allow_empty: false },
|
|
959
|
+
},
|
|
960
|
+
callback: async (stream, params) => {
|
|
961
|
+
if (params.password != null) {
|
|
962
|
+
return stream.error({
|
|
963
|
+
status: Status.unauthorized,
|
|
964
|
+
message: "This endpoint does not allow for password changes.",
|
|
965
|
+
invalid_fields: {
|
|
966
|
+
password: "This endpoint does not allow for password changes.",
|
|
967
|
+
}
|
|
968
|
+
});
|
|
969
|
+
}
|
|
970
|
+
if (params.is_activated != null) {
|
|
971
|
+
return stream.error({
|
|
972
|
+
status: Status.unauthorized,
|
|
973
|
+
message: "This endpoint does not allow for user activation changes.",
|
|
974
|
+
invalid_fields: {
|
|
975
|
+
is_activated: "This endpoint does not allow for user activation changes.",
|
|
976
|
+
}
|
|
977
|
+
});
|
|
978
|
+
}
|
|
979
|
+
await this.set(stream.uid, {
|
|
980
|
+
first_name: params.first_name,
|
|
981
|
+
last_name: params.last_name,
|
|
982
|
+
phone_number: params.phone_number,
|
|
983
|
+
username: params.username,
|
|
984
|
+
email: params.email,
|
|
985
|
+
});
|
|
986
|
+
await this._sign_in_response(stream, stream.uid, { send: false });
|
|
987
|
+
return stream.success({ data: { message: "Successfully updated your account." } });
|
|
988
|
+
}
|
|
989
|
+
});
|
|
990
|
+
// Change password.
|
|
991
|
+
this.server.endpoint({
|
|
992
|
+
method: "POST",
|
|
993
|
+
endpoint: "/volt/api/v1/user/change_password",
|
|
994
|
+
content_type: "application/json",
|
|
995
|
+
authenticated: true,
|
|
996
|
+
rate_limit: "global",
|
|
997
|
+
params: {
|
|
998
|
+
current_password: { type: "string", allow_empty: false },
|
|
999
|
+
password: { type: "string", allow_empty: false },
|
|
1000
|
+
verify_password: { type: "string", allow_empty: false },
|
|
1001
|
+
},
|
|
1002
|
+
callback: async (stream, params) => {
|
|
1003
|
+
// Verify old password.
|
|
1004
|
+
if (await this.verify_password(stream.uid, params.current_password) !== true) {
|
|
1005
|
+
return stream.error({
|
|
1006
|
+
status: Status.unauthorized,
|
|
1007
|
+
message: "Incorrect password.",
|
|
1008
|
+
invalid_fields: {
|
|
1009
|
+
current_password: "Incorrect password.",
|
|
1010
|
+
}
|
|
1011
|
+
});
|
|
1012
|
+
}
|
|
1013
|
+
// Verify new password.
|
|
1014
|
+
const { error, invalid_fields } = this._verify_new_pass(params.password, params.verify_password);
|
|
1015
|
+
if (error) {
|
|
1016
|
+
return stream.error({
|
|
1017
|
+
status: Status.bad_request,
|
|
1018
|
+
message: error,
|
|
1019
|
+
invalid_fields: invalid_fields ?? undefined,
|
|
1020
|
+
});
|
|
1021
|
+
}
|
|
1022
|
+
// Set password.
|
|
1023
|
+
await this.set_password(stream.uid, params.password);
|
|
1024
|
+
// Success.
|
|
1025
|
+
return stream.success({
|
|
1026
|
+
status: Status.success,
|
|
1027
|
+
data: { message: "Successfully updated your password." },
|
|
1028
|
+
});
|
|
1029
|
+
}
|
|
1030
|
+
});
|
|
1031
|
+
// Delete account.
|
|
1032
|
+
this.server.endpoint({
|
|
1033
|
+
method: "DELETE",
|
|
1034
|
+
endpoint: "/volt/api/v1/user",
|
|
1035
|
+
content_type: "application/json",
|
|
1036
|
+
authenticated: true,
|
|
1037
|
+
rate_limit: "global",
|
|
1038
|
+
callback: async (stream) => {
|
|
1039
|
+
// Delete.
|
|
1040
|
+
await this.delete(stream.uid);
|
|
1041
|
+
// Reset cookies.
|
|
1042
|
+
this._reset_cookies(stream);
|
|
1043
|
+
// Success.
|
|
1044
|
+
return stream.success({
|
|
1045
|
+
status: Status.success,
|
|
1046
|
+
data: { message: "Successfully deleted your account." },
|
|
1047
|
+
});
|
|
1048
|
+
}
|
|
1049
|
+
});
|
|
1050
|
+
// Generate API key.
|
|
1051
|
+
this.server.endpoint({
|
|
1052
|
+
method: "POST",
|
|
1053
|
+
endpoint: "/volt/api/v1/user/api_key",
|
|
1054
|
+
content_type: "application/json",
|
|
1055
|
+
authenticated: true,
|
|
1056
|
+
rate_limit: "global",
|
|
1057
|
+
callback: async (stream) => {
|
|
1058
|
+
return stream.success({
|
|
1059
|
+
data: {
|
|
1060
|
+
message: "Successfully generated an API key.",
|
|
1061
|
+
api_key: await this.generate_api_key(stream.uid),
|
|
1062
|
+
}
|
|
1063
|
+
});
|
|
1064
|
+
}
|
|
1065
|
+
});
|
|
1066
|
+
// Has API key.
|
|
1067
|
+
this.server.endpoint({
|
|
1068
|
+
method: "GET",
|
|
1069
|
+
endpoint: "/volt/api/v1/user/has_api_key",
|
|
1070
|
+
content_type: "application/json",
|
|
1071
|
+
authenticated: true,
|
|
1072
|
+
rate_limit: "global",
|
|
1073
|
+
callback: async (stream) => {
|
|
1074
|
+
return stream.success({
|
|
1075
|
+
data: {
|
|
1076
|
+
message: "Successfully checked your API key.",
|
|
1077
|
+
has_api_key: await this.has_api_key(stream.uid),
|
|
1078
|
+
}
|
|
1079
|
+
});
|
|
1080
|
+
}
|
|
1081
|
+
});
|
|
1082
|
+
// Revoke API key.
|
|
1083
|
+
this.server.endpoint({
|
|
1084
|
+
method: "DELETE",
|
|
1085
|
+
endpoint: "/volt/api/v1/user/api_key",
|
|
1086
|
+
content_type: "application/json",
|
|
1087
|
+
authenticated: true,
|
|
1088
|
+
rate_limit: "global",
|
|
1089
|
+
callback: async (stream) => {
|
|
1090
|
+
await this.revoke_api_key(stream.uid);
|
|
1091
|
+
return stream.send({
|
|
1092
|
+
status: Status.success,
|
|
1093
|
+
data: { message: "Successfully revoked your API key." },
|
|
1094
|
+
});
|
|
1095
|
+
}
|
|
1096
|
+
});
|
|
1097
|
+
/**
|
|
1098
|
+
* Initialize a document query for the public/protected/private user data.
|
|
1099
|
+
* @returns The initialzied query upon success, or `false` is an error has been sent through the stream.
|
|
1100
|
+
*/
|
|
1101
|
+
const init_user_data_query = (stream, uid, query) => {
|
|
1102
|
+
if (typeof query === "object") {
|
|
1103
|
+
if ("uid" in query) {
|
|
1104
|
+
return stream.error({
|
|
1105
|
+
message: "Invalid query parameter, the 'uid' field is not allowed.",
|
|
1106
|
+
type: "invalid_query_parameter",
|
|
1107
|
+
status: Status.bad_request,
|
|
1108
|
+
invalid_fields: {
|
|
1109
|
+
query: "Invalid query parameter, the 'uid' field is not allowed.",
|
|
1110
|
+
}
|
|
1111
|
+
});
|
|
1112
|
+
}
|
|
1113
|
+
if ("data" in query) {
|
|
1114
|
+
return stream.error({
|
|
1115
|
+
message: "Invalid query parameter, the 'data' field is not allowed.",
|
|
1116
|
+
type: "invalid_query_parameter",
|
|
1117
|
+
status: Status.bad_request,
|
|
1118
|
+
invalid_fields: {
|
|
1119
|
+
query: "Invalid query parameter, the 'data' field is not allowed.",
|
|
1120
|
+
}
|
|
1121
|
+
});
|
|
1122
|
+
}
|
|
1123
|
+
if ("query" in query) {
|
|
1124
|
+
return stream.error({
|
|
1125
|
+
message: "Invalid query parameter, the 'query' field is not allowed.",
|
|
1126
|
+
type: "invalid_query_parameter",
|
|
1127
|
+
status: Status.bad_request,
|
|
1128
|
+
invalid_fields: {
|
|
1129
|
+
query: "Invalid query parameter, the 'query' field is not allowed.",
|
|
1130
|
+
}
|
|
1131
|
+
});
|
|
1132
|
+
}
|
|
1133
|
+
if ("_id" in query) {
|
|
1134
|
+
return stream.error({
|
|
1135
|
+
message: "Invalid query parameter, the '_id' field is not allowed.",
|
|
1136
|
+
type: "invalid_query_parameter",
|
|
1137
|
+
status: Status.bad_request,
|
|
1138
|
+
invalid_fields: {
|
|
1139
|
+
query: "Invalid query parameter, the '_id' field is not allowed.",
|
|
1140
|
+
}
|
|
1141
|
+
});
|
|
1142
|
+
}
|
|
1143
|
+
}
|
|
1144
|
+
return typeof query === "string"
|
|
1145
|
+
? { uid, query: query }
|
|
1146
|
+
: { ...query, uid: uid };
|
|
1147
|
+
};
|
|
1148
|
+
// Load data.
|
|
1149
|
+
this.server.endpoint({
|
|
1150
|
+
method: "GET",
|
|
1151
|
+
endpoint: "/volt/api/v1/user/data",
|
|
1152
|
+
content_type: "application/json",
|
|
1153
|
+
authenticated: true,
|
|
1154
|
+
rate_limit: "global",
|
|
1155
|
+
params: {
|
|
1156
|
+
query: { type: ["string", "object"], allow_empty: false },
|
|
1157
|
+
default: { type: Users.Endpoints.JsonValueSchemaType, required: false },
|
|
1158
|
+
},
|
|
1159
|
+
callback: async (stream, params) => {
|
|
1160
|
+
const query = init_user_data_query(stream, stream.uid, params.query);
|
|
1161
|
+
if (!query)
|
|
1162
|
+
return;
|
|
1163
|
+
try {
|
|
1164
|
+
const document = await this.public.load(query, {
|
|
1165
|
+
default: params.default
|
|
1166
|
+
? { ...query, data: params.default }
|
|
1167
|
+
: undefined,
|
|
1168
|
+
retry: 3,
|
|
1169
|
+
});
|
|
1170
|
+
return stream.send({
|
|
1171
|
+
status: Status.success,
|
|
1172
|
+
data: {
|
|
1173
|
+
message: "Successfully loaded the requested document.",
|
|
1174
|
+
data: document.data,
|
|
1175
|
+
},
|
|
1176
|
+
});
|
|
1177
|
+
}
|
|
1178
|
+
catch (e) {
|
|
1179
|
+
if (e instanceof Collection.NotFoundError) {
|
|
1180
|
+
return stream.error({
|
|
1181
|
+
message: "Document not found.",
|
|
1182
|
+
type: "document_not_found",
|
|
1183
|
+
status: Status.not_found,
|
|
1184
|
+
});
|
|
1185
|
+
}
|
|
1186
|
+
throw e;
|
|
1187
|
+
}
|
|
1188
|
+
}
|
|
1189
|
+
});
|
|
1190
|
+
// Set data.
|
|
1191
|
+
this.server.endpoint({
|
|
1192
|
+
method: "POST",
|
|
1193
|
+
endpoint: "/volt/api/v1/user/data",
|
|
1194
|
+
content_type: "application/json",
|
|
1195
|
+
authenticated: true,
|
|
1196
|
+
rate_limit: "global",
|
|
1197
|
+
params: {
|
|
1198
|
+
query: { type: ["string", "object"], allow_empty: false },
|
|
1199
|
+
data: { type: Users.Endpoints.JsonValueSchemaType },
|
|
1200
|
+
},
|
|
1201
|
+
callback: async (stream, params) => {
|
|
1202
|
+
const query = init_user_data_query(stream, stream.uid, params.query);
|
|
1203
|
+
if (!query)
|
|
1204
|
+
return;
|
|
1205
|
+
await this.public.set(query, { data: params.data }, { retry: 3, flatten: true });
|
|
1206
|
+
return stream.send({
|
|
1207
|
+
status: Status.success,
|
|
1208
|
+
data: { message: "Successfully saved." },
|
|
1209
|
+
});
|
|
1210
|
+
}
|
|
1211
|
+
});
|
|
1212
|
+
// Delete data.
|
|
1213
|
+
this.server.endpoint({
|
|
1214
|
+
method: "DELETE",
|
|
1215
|
+
endpoint: "/volt/api/v1/user/data",
|
|
1216
|
+
content_type: "application/json",
|
|
1217
|
+
authenticated: true,
|
|
1218
|
+
rate_limit: "global",
|
|
1219
|
+
params: {
|
|
1220
|
+
query: { type: ["string", "object"], allow_empty: false },
|
|
1221
|
+
},
|
|
1222
|
+
callback: async (stream, params) => {
|
|
1223
|
+
const query = init_user_data_query(stream, stream.uid, params.query);
|
|
1224
|
+
if (!query)
|
|
1225
|
+
return;
|
|
1226
|
+
await this.public.delete(query);
|
|
1227
|
+
return stream.send({
|
|
1228
|
+
status: Status.success,
|
|
1229
|
+
data: { message: "Successfully deleted." },
|
|
1230
|
+
});
|
|
1231
|
+
}
|
|
1232
|
+
});
|
|
1233
|
+
// Load protected data.
|
|
1234
|
+
this.server.endpoint({
|
|
1235
|
+
method: "GET",
|
|
1236
|
+
endpoint: "/volt/api/v1/user/data/protected",
|
|
1237
|
+
content_type: "application/json",
|
|
1238
|
+
authenticated: true,
|
|
1239
|
+
rate_limit: "global",
|
|
1240
|
+
params: {
|
|
1241
|
+
query: { type: ["string", "object"], allow_empty: false },
|
|
1242
|
+
default: { type: Users.Endpoints.JsonValueSchemaType, required: false },
|
|
1243
|
+
},
|
|
1244
|
+
callback: async (stream, params) => {
|
|
1245
|
+
const query = init_user_data_query(stream, stream.uid, params.query);
|
|
1246
|
+
if (!query)
|
|
1247
|
+
return;
|
|
1248
|
+
try {
|
|
1249
|
+
const document = await this.protected.load(query, {
|
|
1250
|
+
default: params.default
|
|
1251
|
+
? { ...query, data: params.default }
|
|
1252
|
+
: undefined,
|
|
1253
|
+
retry: 3,
|
|
1254
|
+
});
|
|
1255
|
+
return stream.send({
|
|
1256
|
+
status: Status.success,
|
|
1257
|
+
data: {
|
|
1258
|
+
message: "Successfully loaded the requested document.",
|
|
1259
|
+
data: document.data,
|
|
1260
|
+
},
|
|
1261
|
+
});
|
|
1262
|
+
}
|
|
1263
|
+
catch (e) {
|
|
1264
|
+
if (e instanceof Collection.NotFoundError) {
|
|
1265
|
+
return stream.error({
|
|
1266
|
+
message: "Document not found.",
|
|
1267
|
+
type: "document_not_found",
|
|
1268
|
+
status: Status.not_found,
|
|
1269
|
+
});
|
|
1270
|
+
}
|
|
1271
|
+
throw e;
|
|
1272
|
+
}
|
|
1273
|
+
}
|
|
1274
|
+
});
|
|
1275
|
+
// ---------------------------------------------------------
|
|
1276
|
+
// Default support endpoints.
|
|
1277
|
+
// Get PIN.
|
|
1278
|
+
this.server.endpoint({
|
|
1279
|
+
method: "GET",
|
|
1280
|
+
endpoint: "/volt/api/v1/support/pin",
|
|
1281
|
+
content_type: "application/json",
|
|
1282
|
+
authenticated: true,
|
|
1283
|
+
rate_limit: "global",
|
|
1284
|
+
callback: async (stream) => {
|
|
1285
|
+
// Sign in.
|
|
1286
|
+
const pin = await this.get_support_pin(stream.uid);
|
|
1287
|
+
return stream.success({
|
|
1288
|
+
data: {
|
|
1289
|
+
message: "Successfully retrieved your support PIN.",
|
|
1290
|
+
pin: pin,
|
|
1291
|
+
}
|
|
1292
|
+
});
|
|
1293
|
+
}
|
|
1294
|
+
});
|
|
1295
|
+
// Support.
|
|
1296
|
+
this.server.endpoint({
|
|
1297
|
+
method: "POST",
|
|
1298
|
+
endpoint: "/volt/api/v1/support/submit",
|
|
1299
|
+
content_type: "application/json",
|
|
1300
|
+
rate_limit: [
|
|
1301
|
+
"global",
|
|
1302
|
+
{
|
|
1303
|
+
interval: 3600 * 24,
|
|
1304
|
+
limit: 5,
|
|
1305
|
+
},
|
|
1306
|
+
],
|
|
1307
|
+
params: {
|
|
1308
|
+
subject: { type: "string", required: false, allow_empty: false },
|
|
1309
|
+
type: { type: "string", required: false, allow_empty: false },
|
|
1310
|
+
support_pin: { type: "string", required: false, allow_empty: false },
|
|
1311
|
+
email: { type: "string", required: false, allow_empty: false },
|
|
1312
|
+
first_name: { type: "string", required: false, allow_empty: false },
|
|
1313
|
+
last_name: { type: "string", required: false, allow_empty: false },
|
|
1314
|
+
summary: { type: "string", required: true, allow_empty: false },
|
|
1315
|
+
detailed: { type: "string", required: false, allow_empty: false },
|
|
1316
|
+
attachments: { type: "array", required: false, value_schema: {
|
|
1317
|
+
type: "object",
|
|
1318
|
+
schema: Mail.Attachment.RestAPI.Schema
|
|
1319
|
+
} },
|
|
1320
|
+
},
|
|
1321
|
+
callback: async (stream, params) => {
|
|
1322
|
+
// Check recipient.
|
|
1323
|
+
if (!this.support_recipient) {
|
|
1324
|
+
throw new ExternalError({
|
|
1325
|
+
status: Status.unavailable_for_legal_reasons,
|
|
1326
|
+
type: "NoSMTPSender", message: "This server does not have a SMTP sender configured."
|
|
1327
|
+
});
|
|
1328
|
+
}
|
|
1329
|
+
this.server.assert_mail();
|
|
1330
|
+
// When unauthenticated get contact params.
|
|
1331
|
+
let user = null, email, first_name, last_name;
|
|
1332
|
+
if (stream.uid == null) {
|
|
1333
|
+
try {
|
|
1334
|
+
email = stream.param("email");
|
|
1335
|
+
first_name = stream.param("first_name");
|
|
1336
|
+
last_name = stream.param("last_name");
|
|
1337
|
+
}
|
|
1338
|
+
catch (err) {
|
|
1339
|
+
return stream.error({ status: Status.bad_request, message: err.message });
|
|
1340
|
+
}
|
|
1341
|
+
}
|
|
1342
|
+
else {
|
|
1343
|
+
user = await this.get(stream.uid);
|
|
1344
|
+
email = user.email;
|
|
1345
|
+
first_name = user.first_name;
|
|
1346
|
+
last_name = user.last_name;
|
|
1347
|
+
}
|
|
1348
|
+
// Create mail body.
|
|
1349
|
+
let body = "";
|
|
1350
|
+
const subject = params.subject || (params.type == null ? "Support" : `Support ${params.type}`);
|
|
1351
|
+
body += `<h1>${subject}</h1>`;
|
|
1352
|
+
if (params.type) {
|
|
1353
|
+
body += `<span style='font-weight: bold'>Type</span>: ${params.type}<br>`;
|
|
1354
|
+
}
|
|
1355
|
+
if (user) {
|
|
1356
|
+
body += `<span style='font-weight: bold'>UID</span>: ${stream.uid}<br>`;
|
|
1357
|
+
body += `<span style='font-weight: bold'>User</span>: ${user.username}<br>`;
|
|
1358
|
+
}
|
|
1359
|
+
body += `<span style='font-weight: bold'>Email</span>: ${email}<br>`;
|
|
1360
|
+
body += `<span style='font-weight: bold'>First Name</span>: ${first_name}<br>`;
|
|
1361
|
+
body += `<span style='font-weight: bold'>Last Name</span>: ${last_name}<br>`;
|
|
1362
|
+
if (stream.uid != null) {
|
|
1363
|
+
const support_pin = await this.get_support_pin(stream.uid);
|
|
1364
|
+
body += `<span style='font-weight: bold'>Support PIN</span>: ${support_pin} <span style='color: green'>verified</span><br>`;
|
|
1365
|
+
}
|
|
1366
|
+
else if (params.support_pin) {
|
|
1367
|
+
body += `<span style='font-weight: bold'>Support PIN</span>: ${params.support_pin} <span style='color: red'>not yet verified</span><br>`;
|
|
1368
|
+
}
|
|
1369
|
+
else {
|
|
1370
|
+
body += `<span style='font-weight: bold'>Support PIN</span>: Unknown<br>`;
|
|
1371
|
+
}
|
|
1372
|
+
if (params.summary) {
|
|
1373
|
+
body += `<br><span style='font-weight: bold'>Summary</span>:<br>${params.summary}<br>`;
|
|
1374
|
+
}
|
|
1375
|
+
if (params.detailed) {
|
|
1376
|
+
body += `<br><span style='font-weight: bold'>Detailed</span>:<br>${params.detailed}<br>`;
|
|
1377
|
+
}
|
|
1378
|
+
for (const key of Object.keys(params)) {
|
|
1379
|
+
switch (key) {
|
|
1380
|
+
case "subject":
|
|
1381
|
+
case "type":
|
|
1382
|
+
case "support_pin":
|
|
1383
|
+
case "summary":
|
|
1384
|
+
case "detailed":
|
|
1385
|
+
case "attachments":
|
|
1386
|
+
case "recipient":
|
|
1387
|
+
continue;
|
|
1388
|
+
default:
|
|
1389
|
+
body += `<br><span style='font-weight: bold'>${key}</span>: ${params[key]}<br>`;
|
|
1390
|
+
}
|
|
1391
|
+
}
|
|
1392
|
+
body += "<br>";
|
|
1393
|
+
// Send email.
|
|
1394
|
+
await this.server.mail.send({
|
|
1395
|
+
// Only send to support_recipient since we dont want users/people to send emails to random people.
|
|
1396
|
+
recipients: [this.support_recipient],
|
|
1397
|
+
subject: subject,
|
|
1398
|
+
body: body,
|
|
1399
|
+
attachments: params.attachments,
|
|
1400
|
+
max_attachments_size: 5 * 1024 * 1024, // 5 MB
|
|
1401
|
+
allow_untrusted_urls: false,
|
|
1402
|
+
});
|
|
1403
|
+
// Sign in.
|
|
1404
|
+
return stream.success({
|
|
1405
|
+
data: { message: "Successfully sent your request." }
|
|
1406
|
+
});
|
|
1407
|
+
}
|
|
1408
|
+
});
|
|
1409
|
+
}
|
|
1410
|
+
// ---------------------------------------------------------
|
|
1411
|
+
// Public methods.
|
|
1412
|
+
// ---------------------------------------------------------
|
|
1413
|
+
/**
|
|
1414
|
+
* DEVELOPMENT:
|
|
1415
|
+
* @warning
|
|
1416
|
+
* If you change {@link Users.UID_CHARSET} or {@link Users.UID_LENGTH},
|
|
1417
|
+
* update {@link Users.LEGACY_UID_LENGTHS} for backward compatibility.
|
|
1418
|
+
*/
|
|
1419
|
+
/**
|
|
1420
|
+
* Validate a UID against ASCII charset and allowed lengths (current + legacy).
|
|
1421
|
+
*/
|
|
1422
|
+
is_valid_uid(uid) {
|
|
1423
|
+
const len = uid.length; // ASCII-only, so code units == chars
|
|
1424
|
+
if (len !== Users.UID_LENGTH) {
|
|
1425
|
+
let ok = false;
|
|
1426
|
+
for (let i = 0; i < Users.LEGACY_UID_LENGTHS.length; i++) {
|
|
1427
|
+
if (len === Users.LEGACY_UID_LENGTHS[i]) {
|
|
1428
|
+
ok = true;
|
|
1429
|
+
break;
|
|
1430
|
+
}
|
|
1431
|
+
}
|
|
1432
|
+
if (!ok)
|
|
1433
|
+
return false;
|
|
1434
|
+
}
|
|
1435
|
+
const allow = Users.UID_ALLOW;
|
|
1436
|
+
for (let i = 0; i < len; i++) {
|
|
1437
|
+
const code = uid.charCodeAt(i);
|
|
1438
|
+
if (code >= 128 || allow[code] === 0)
|
|
1439
|
+
return false;
|
|
1440
|
+
}
|
|
1441
|
+
return true;
|
|
1442
|
+
}
|
|
1443
|
+
/**
|
|
1444
|
+
* Check if a uid exists.
|
|
1445
|
+
* @param uid The user ID to check.
|
|
1446
|
+
* @returns True if a user with the given uid exists.
|
|
1447
|
+
*/
|
|
1448
|
+
async uid_exists(uid) {
|
|
1449
|
+
return await this._users_db.exists({ uid });
|
|
1450
|
+
}
|
|
1451
|
+
/**
|
|
1452
|
+
* Check if a username exists.
|
|
1453
|
+
* @returns Returns a boolean indicating whether the username exists or not.
|
|
1454
|
+
* @param username The username to check.
|
|
1455
|
+
* @example
|
|
1456
|
+
* const exists = await server.users.username_exists("someusername");
|
|
1457
|
+
*/
|
|
1458
|
+
async username_exists(username) {
|
|
1459
|
+
return await this._users_db.exists({ username });
|
|
1460
|
+
}
|
|
1461
|
+
/**
|
|
1462
|
+
* Check if an email exists.
|
|
1463
|
+
* @returns Returns a boolean indicating whether the email exists or not.
|
|
1464
|
+
* @param email The email to check.
|
|
1465
|
+
* @example
|
|
1466
|
+
* const exists = await server.users.email_exists("some@email.com");
|
|
1467
|
+
*/
|
|
1468
|
+
async email_exists(email) {
|
|
1469
|
+
return await this._users_db.exists({ email });
|
|
1470
|
+
}
|
|
1471
|
+
/**
|
|
1472
|
+
* Check if a user account is activated.
|
|
1473
|
+
* @returns Returns a boolean indicating whether the account is activated or not.
|
|
1474
|
+
* @param uid The id of the user.
|
|
1475
|
+
* @example
|
|
1476
|
+
* const activated = await server.users.is_activated("0");
|
|
1477
|
+
*/
|
|
1478
|
+
async is_activated(uid) {
|
|
1479
|
+
return (await this.get(uid)).is_activated === true;
|
|
1480
|
+
}
|
|
1481
|
+
/**
|
|
1482
|
+
* Set the activated status of a user account.
|
|
1483
|
+
* @param uid The user id.
|
|
1484
|
+
* @param is_activated The boolean with the new activated status.
|
|
1485
|
+
* @example
|
|
1486
|
+
* await server.users.set_activated("1", true);
|
|
1487
|
+
*/
|
|
1488
|
+
async set_activated(uid, is_activated) {
|
|
1489
|
+
await this._sys_set(uid, { is_activated: is_activated });
|
|
1490
|
+
}
|
|
1491
|
+
/**
|
|
1492
|
+
* Create a user account. Only the hashed password will be saved.
|
|
1493
|
+
* @returns Returns the uid of the newly created user.
|
|
1494
|
+
* @param first_name The user's first name.
|
|
1495
|
+
* @param last_name The user's last name.
|
|
1496
|
+
* @param username The username of the new account.
|
|
1497
|
+
* @param email The email of the new account.
|
|
1498
|
+
* @param password The password of the new account.
|
|
1499
|
+
* @param verify_password An optional second password input to check against the first input to ensure its the same.
|
|
1500
|
+
* @param phone_number The phone number of the user account.
|
|
1501
|
+
* @param is_activated Whether the account should be set to activated; by default `!Server.enable_account_activation`.
|
|
1502
|
+
* @example
|
|
1503
|
+
* const uid = await server.users.create({
|
|
1504
|
+
* first_name: "John",
|
|
1505
|
+
* last_name: "Doe",
|
|
1506
|
+
* username: "johndoe",
|
|
1507
|
+
* email: "johndoe@email.com",
|
|
1508
|
+
* password: "HelloWorld!"
|
|
1509
|
+
* });
|
|
1510
|
+
*/
|
|
1511
|
+
async create({ first_name, last_name, username, email, password, verify_password, phone_number = "", is_activated = undefined, _check_username_email = false, }) {
|
|
1512
|
+
// Verify params.
|
|
1513
|
+
vlib.schema.validate(arguments[0], {
|
|
1514
|
+
unknown: false,
|
|
1515
|
+
throw: true,
|
|
1516
|
+
schema: {
|
|
1517
|
+
first_name: "string",
|
|
1518
|
+
last_name: "string",
|
|
1519
|
+
username: "string",
|
|
1520
|
+
email: "string",
|
|
1521
|
+
password: "string",
|
|
1522
|
+
verify_password: { type: "string", required: false },
|
|
1523
|
+
phone_number: { type: "string", required: false },
|
|
1524
|
+
is_activated: { type: "boolean", required: false },
|
|
1525
|
+
_check_username_email: { type: "boolean", required: false },
|
|
1526
|
+
}
|
|
1527
|
+
});
|
|
1528
|
+
// Verify password.
|
|
1529
|
+
const { error, invalid_fields } = this._verify_new_pass(password, verify_password ?? password);
|
|
1530
|
+
if (error) {
|
|
1531
|
+
throw new ExternalError({
|
|
1532
|
+
type: "InvalidPassword",
|
|
1533
|
+
message: `Invalid password: ${error}.`,
|
|
1534
|
+
status: Status.bad_request,
|
|
1535
|
+
invalid_fields,
|
|
1536
|
+
});
|
|
1537
|
+
}
|
|
1538
|
+
// Check if username & email already exist.
|
|
1539
|
+
if (_check_username_email) {
|
|
1540
|
+
if (await this.username_exists(username)) {
|
|
1541
|
+
throw new ExternalError({
|
|
1542
|
+
type: "UsernameAlreadyExists",
|
|
1543
|
+
message: `Username "${username}" is already registered.`,
|
|
1544
|
+
status: Status.bad_request,
|
|
1545
|
+
invalid_fields: { "username": "Username is already registered" },
|
|
1546
|
+
});
|
|
1547
|
+
}
|
|
1548
|
+
if (await this.email_exists(email)) {
|
|
1549
|
+
throw new ExternalError({
|
|
1550
|
+
type: "EmailAlreadyExists",
|
|
1551
|
+
message: `Email "${email}" is already registered.`,
|
|
1552
|
+
status: Status.bad_request,
|
|
1553
|
+
invalid_fields: { "email": "Email is already registered" }
|
|
1554
|
+
});
|
|
1555
|
+
}
|
|
1556
|
+
}
|
|
1557
|
+
// Generate a uid.
|
|
1558
|
+
const uid = await this._generate_uid();
|
|
1559
|
+
// Create the user.
|
|
1560
|
+
const user = {
|
|
1561
|
+
uid,
|
|
1562
|
+
first_name,
|
|
1563
|
+
last_name,
|
|
1564
|
+
username,
|
|
1565
|
+
email,
|
|
1566
|
+
password: await this._hash_password(password),
|
|
1567
|
+
phone_number,
|
|
1568
|
+
created_at: Date.now(),
|
|
1569
|
+
api_key: undefined, // api key can be undefined, it doesnt have to be set.
|
|
1570
|
+
support_pin: this._generate_code(8),
|
|
1571
|
+
is_activated: is_activated ?? !this.enable_account_activation,
|
|
1572
|
+
};
|
|
1573
|
+
await this._users_db.set({ uid }, user);
|
|
1574
|
+
// Execute event callbacks.
|
|
1575
|
+
for (const cb of this.server.events.get("create_user")) {
|
|
1576
|
+
try {
|
|
1577
|
+
await cb({ user });
|
|
1578
|
+
}
|
|
1579
|
+
catch (err) {
|
|
1580
|
+
this.server.log.error(new Error(`Encountered an error in event callback "create_user".`, { cause: err }));
|
|
1581
|
+
}
|
|
1582
|
+
}
|
|
1583
|
+
// Response.
|
|
1584
|
+
return uid;
|
|
1585
|
+
}
|
|
1586
|
+
/**
|
|
1587
|
+
* Delete a user account and associated data.
|
|
1588
|
+
* @param uid The user id.
|
|
1589
|
+
* @example
|
|
1590
|
+
* await server.users.delete("0");
|
|
1591
|
+
*/
|
|
1592
|
+
async delete(uid) {
|
|
1593
|
+
// Load the user to verify it exists and to pass it to the callback.
|
|
1594
|
+
const user = await this.get(uid);
|
|
1595
|
+
if (!user) {
|
|
1596
|
+
throw new ExternalError({ status: Status.not_found, type: "UserNotFound", message: `User with uid "${uid}" not found.` });
|
|
1597
|
+
}
|
|
1598
|
+
// Delete the user from all collections.
|
|
1599
|
+
await this._users_db.delete_many({ uid });
|
|
1600
|
+
await this._tokens_db.delete_many({ uid });
|
|
1601
|
+
await this._2fa_tokens_db.delete_many({ uid });
|
|
1602
|
+
await this.public.delete_many({ uid });
|
|
1603
|
+
await this.protected.delete_many({ uid });
|
|
1604
|
+
await this.private.delete_many({ uid });
|
|
1605
|
+
if (this.server.payments !== undefined) {
|
|
1606
|
+
await this.server.payments._delete_user(uid);
|
|
1607
|
+
}
|
|
1608
|
+
// Execute event callbacks.
|
|
1609
|
+
for (const cb of this.server.events.get("delete_user")) {
|
|
1610
|
+
try {
|
|
1611
|
+
await cb({ user });
|
|
1612
|
+
}
|
|
1613
|
+
catch (err) {
|
|
1614
|
+
this.server.log.error(new Error(`Encountered an error in event callback "delete_user".`, { cause: err }));
|
|
1615
|
+
}
|
|
1616
|
+
}
|
|
1617
|
+
}
|
|
1618
|
+
/**
|
|
1619
|
+
* Set a user's first name. Throws if uid does not exist.
|
|
1620
|
+
* @param uid The user id.
|
|
1621
|
+
* @param first_name The new first name.
|
|
1622
|
+
* @example
|
|
1623
|
+
* await server.users.set_first_name("1", "John");
|
|
1624
|
+
*/
|
|
1625
|
+
async set_first_name(uid, first_name) {
|
|
1626
|
+
await this._sys_set(uid, { first_name });
|
|
1627
|
+
}
|
|
1628
|
+
/**
|
|
1629
|
+
* Set a user's last name. Throws if uid does not exist.
|
|
1630
|
+
* @param uid The user id.
|
|
1631
|
+
* @param last_name The new last name.
|
|
1632
|
+
* @example
|
|
1633
|
+
* await server.users.set_last_name("1", "Doe");
|
|
1634
|
+
*/
|
|
1635
|
+
async set_last_name(uid, last_name) {
|
|
1636
|
+
await this._sys_set(uid, { last_name });
|
|
1637
|
+
}
|
|
1638
|
+
/**
|
|
1639
|
+
* Set a user's username. Throws if uid does not exist.
|
|
1640
|
+
* @param uid The user id.
|
|
1641
|
+
* @param username The new username.
|
|
1642
|
+
* @example
|
|
1643
|
+
* await server.users.set_username("1", "newusername");
|
|
1644
|
+
*/
|
|
1645
|
+
async set_username(uid, username) {
|
|
1646
|
+
if (await this.username_exists(username)) {
|
|
1647
|
+
throw Error(`Username "${username}" already exists.`);
|
|
1648
|
+
}
|
|
1649
|
+
await this._sys_set(uid, { username });
|
|
1650
|
+
}
|
|
1651
|
+
/**
|
|
1652
|
+
* Set a user's email. Throws if uid does not exist.
|
|
1653
|
+
* @param uid The user id.
|
|
1654
|
+
* @param email The new email.
|
|
1655
|
+
* @example
|
|
1656
|
+
* await server.users.set_email("1", "new@email.com");
|
|
1657
|
+
*/
|
|
1658
|
+
async set_email(uid, email) {
|
|
1659
|
+
if (await this.email_exists(email)) {
|
|
1660
|
+
throw Error(`Email "${email}" already exists.`);
|
|
1661
|
+
}
|
|
1662
|
+
await this._sys_set(uid, { email });
|
|
1663
|
+
}
|
|
1664
|
+
/**
|
|
1665
|
+
* Set a user's password. Throws on invalid input or unknown uid.
|
|
1666
|
+
* @param uid The user id.
|
|
1667
|
+
* @param password The new password.
|
|
1668
|
+
* @example
|
|
1669
|
+
* await server.users.set_password("1", "XXXXXX");
|
|
1670
|
+
*/
|
|
1671
|
+
async set_password(uid, password, verify_password) {
|
|
1672
|
+
const { error } = this._verify_new_pass(password, verify_password ?? password);
|
|
1673
|
+
if (error) {
|
|
1674
|
+
throw Error(`Invalid password "${password}": ${error}.`);
|
|
1675
|
+
}
|
|
1676
|
+
await this._sys_set(uid, { password: await this._hash_password(password) });
|
|
1677
|
+
}
|
|
1678
|
+
/**
|
|
1679
|
+
* Update an existing user object.
|
|
1680
|
+
*
|
|
1681
|
+
* This function only updates the passed user attributes, unpresent attributes will not be deleted.
|
|
1682
|
+
*
|
|
1683
|
+
* If the uid does not exist an `Error` will be thrown.
|
|
1684
|
+
*
|
|
1685
|
+
* A password will automatically be hashed if passed.
|
|
1686
|
+
*
|
|
1687
|
+
* Updating the API key through this function is not allowed (wont work).
|
|
1688
|
+
*
|
|
1689
|
+
* @warning Does not upsert documents.
|
|
1690
|
+
*/
|
|
1691
|
+
async set(uid, data) {
|
|
1692
|
+
let old_data;
|
|
1693
|
+
const set_data = {};
|
|
1694
|
+
for (const key of Object.keys(data)) {
|
|
1695
|
+
if (data[key] === undefined)
|
|
1696
|
+
continue;
|
|
1697
|
+
switch (key) {
|
|
1698
|
+
case "first_name":
|
|
1699
|
+
case "last_name":
|
|
1700
|
+
case "phone_number":
|
|
1701
|
+
if (!data[key]) {
|
|
1702
|
+
throw Error(`Invalid ${key.replaceAll("_", " ")} "${data[key]}".`);
|
|
1703
|
+
}
|
|
1704
|
+
set_data[key] = data[key];
|
|
1705
|
+
break;
|
|
1706
|
+
case "is_activated":
|
|
1707
|
+
set_data[key] = data[key];
|
|
1708
|
+
break;
|
|
1709
|
+
case "password": {
|
|
1710
|
+
if (!data[key]) {
|
|
1711
|
+
throw Error(`Password may not be empty.`);
|
|
1712
|
+
}
|
|
1713
|
+
const { error } = this._verify_new_pass(data[key], data[key]);
|
|
1714
|
+
if (error) {
|
|
1715
|
+
throw Error(`Invalid password "${data[key]}": ${error}.`);
|
|
1716
|
+
}
|
|
1717
|
+
set_data[key] = await this._hash_password(data[key]);
|
|
1718
|
+
break;
|
|
1719
|
+
}
|
|
1720
|
+
case "username":
|
|
1721
|
+
if (!data.username) {
|
|
1722
|
+
throw Error(`Invalid username "${data.username}".`);
|
|
1723
|
+
}
|
|
1724
|
+
if (old_data === undefined) {
|
|
1725
|
+
old_data = await this.get(uid);
|
|
1726
|
+
}
|
|
1727
|
+
if (old_data.username !== data.username) {
|
|
1728
|
+
if (await this.username_exists(data.username)) {
|
|
1729
|
+
throw Error(`Username "${data.username}" already exists.`);
|
|
1730
|
+
}
|
|
1731
|
+
set_data[key] = data[key];
|
|
1732
|
+
}
|
|
1733
|
+
break;
|
|
1734
|
+
case "email":
|
|
1735
|
+
if (!data.email) {
|
|
1736
|
+
throw Error(`Invalid email "${data.email}".`);
|
|
1737
|
+
}
|
|
1738
|
+
if (old_data === undefined) {
|
|
1739
|
+
old_data = await this.get(uid);
|
|
1740
|
+
}
|
|
1741
|
+
if (old_data.email !== data.email) {
|
|
1742
|
+
if (await this.email_exists(data.email)) {
|
|
1743
|
+
throw Error(`Email "${data.email}" already exists.`);
|
|
1744
|
+
}
|
|
1745
|
+
set_data[key] = data[key];
|
|
1746
|
+
}
|
|
1747
|
+
break;
|
|
1748
|
+
default:
|
|
1749
|
+
// delete all other keys, such as uid, api_key etc.
|
|
1750
|
+
delete set_data[key];
|
|
1751
|
+
break;
|
|
1752
|
+
}
|
|
1753
|
+
}
|
|
1754
|
+
await this._users_db.set({ uid }, set_data, { upsert: false });
|
|
1755
|
+
}
|
|
1756
|
+
/**
|
|
1757
|
+
* Insert new data into an EXISTING user.
|
|
1758
|
+
* @warning Does not upsert documents.
|
|
1759
|
+
*/
|
|
1760
|
+
async _sys_set(uid, data) {
|
|
1761
|
+
await this._users_db.set({ uid }, data, { upsert: false });
|
|
1762
|
+
}
|
|
1763
|
+
/**
|
|
1764
|
+
* Get a user by uid. Throws if the uid does not exist.
|
|
1765
|
+
* @returns Returns a User object.
|
|
1766
|
+
* @param uid The user id.
|
|
1767
|
+
* @throws {Collection.NotFoundError} If the user id does not exist.
|
|
1768
|
+
* @example
|
|
1769
|
+
* const user = await server.users.get("0");
|
|
1770
|
+
*/
|
|
1771
|
+
async get(uid) {
|
|
1772
|
+
return await this._users_db.load({ uid });
|
|
1773
|
+
}
|
|
1774
|
+
/**
|
|
1775
|
+
* Get a user by username. Throws if the username does not exist.
|
|
1776
|
+
* @returns Returns a User object.
|
|
1777
|
+
* @param username The username of the user to fetch.
|
|
1778
|
+
* @throws {Collection.NotFoundError} If the username does not exist.
|
|
1779
|
+
* @example
|
|
1780
|
+
* const user = await server.users.get_by_username("myusername");
|
|
1781
|
+
*/
|
|
1782
|
+
async get_by_username(username) {
|
|
1783
|
+
return await this._users_db.load({ username });
|
|
1784
|
+
}
|
|
1785
|
+
/**
|
|
1786
|
+
* Get a user by email. Throws if the email does not exist.
|
|
1787
|
+
* @returns Returns a User object.
|
|
1788
|
+
* @param email The email of the user to fetch.
|
|
1789
|
+
* @throws {Collection.NotFoundError} If the email does not exist.
|
|
1790
|
+
* @example
|
|
1791
|
+
* const user = await server.users.get_by_email("my@email.com");
|
|
1792
|
+
*/
|
|
1793
|
+
async get_by_email(email) {
|
|
1794
|
+
return await this._users_db.load({ email });
|
|
1795
|
+
}
|
|
1796
|
+
/**
|
|
1797
|
+
* Get a user by API key. Throws if invalid.
|
|
1798
|
+
* @returns Returns a User object.
|
|
1799
|
+
* @param api_key The API key of the user to fetch.
|
|
1800
|
+
* @example
|
|
1801
|
+
* const user = await server.users.get_by_api_key("XXXXXX");
|
|
1802
|
+
*/
|
|
1803
|
+
async get_by_api_key(api_key) {
|
|
1804
|
+
const uid = this.get_uid_by_api_key(api_key);
|
|
1805
|
+
if (!uid)
|
|
1806
|
+
throw new Error("Unable to find a user by api key.");
|
|
1807
|
+
const user = await this.get(uid);
|
|
1808
|
+
const ok = await this.verify_api_key_by_uid(uid, api_key);
|
|
1809
|
+
if (!ok)
|
|
1810
|
+
throw new Error("Unable to find a user by api key.");
|
|
1811
|
+
return user;
|
|
1812
|
+
// DELETED Cannot search by re-hash ofcourse.
|
|
1813
|
+
// const data = await this._users_db.find({ api_key: await this._hash_password(api_key) });
|
|
1814
|
+
// if (data == null) { throw new Error(`Unable to find a user by api key "${api_key}".`); }
|
|
1815
|
+
// return data;
|
|
1816
|
+
}
|
|
1817
|
+
/**
|
|
1818
|
+
* Get a user by token. Throws if invalid.
|
|
1819
|
+
* @returns Returns a User object.
|
|
1820
|
+
* @param token The authentication token of the user to fetch.
|
|
1821
|
+
* @example
|
|
1822
|
+
* const user = await server.users.get_by_token("XXXXXX");
|
|
1823
|
+
*/
|
|
1824
|
+
async get_by_token(token) {
|
|
1825
|
+
const uid = this.get_uid_by_token(token);
|
|
1826
|
+
if (!uid)
|
|
1827
|
+
throw new Error("Unable to find a user by token.");
|
|
1828
|
+
const ok = await this.verify_token_by_uid(uid, token);
|
|
1829
|
+
if (!ok)
|
|
1830
|
+
throw new Error("Unable to find a user by token.");
|
|
1831
|
+
return await this.get(uid);
|
|
1832
|
+
// DELETED Cannot search by re-hash ofcourse.
|
|
1833
|
+
// const data = await this._tokens_db.find({ token: await this._hash_password(token) });
|
|
1834
|
+
// if (data == null) { throw new Error(`Unable to find a user by token "${token}".`); }
|
|
1835
|
+
// return await this.get(data.uid);
|
|
1836
|
+
}
|
|
1837
|
+
/**
|
|
1838
|
+
* Get a uid by username.
|
|
1839
|
+
* @returns Returns the uid of the username, or undefined if not found.
|
|
1840
|
+
* @param username The username of the uid to fetch.
|
|
1841
|
+
* @example
|
|
1842
|
+
* const uid = await server.users.get_uid("myusername");
|
|
1843
|
+
*/
|
|
1844
|
+
async get_uid(username) {
|
|
1845
|
+
try {
|
|
1846
|
+
return (await this.get_by_username(username)).uid;
|
|
1847
|
+
}
|
|
1848
|
+
catch (e) {
|
|
1849
|
+
return undefined;
|
|
1850
|
+
}
|
|
1851
|
+
}
|
|
1852
|
+
/**
|
|
1853
|
+
* Get a uid by username.
|
|
1854
|
+
* @returns Returns the uid of the username, or undefined if not found.
|
|
1855
|
+
* @param username The username of the uid to fetch.
|
|
1856
|
+
* @example
|
|
1857
|
+
* const uid = await server.users.get_uid_by_username("myuser");
|
|
1858
|
+
*/
|
|
1859
|
+
async get_uid_by_username(username) {
|
|
1860
|
+
try {
|
|
1861
|
+
return (await this.get_by_username(username)).uid;
|
|
1862
|
+
}
|
|
1863
|
+
catch (e) {
|
|
1864
|
+
return undefined;
|
|
1865
|
+
}
|
|
1866
|
+
}
|
|
1867
|
+
/**
|
|
1868
|
+
* Get a uid by email.
|
|
1869
|
+
* @returns Returns the uid of the email, or undefined if not found.
|
|
1870
|
+
* @param email The email of the uid to fetch.
|
|
1871
|
+
* @example
|
|
1872
|
+
* const uid = await server.users.get_uid_by_email("my@email.com");
|
|
1873
|
+
*/
|
|
1874
|
+
async get_uid_by_email(email) {
|
|
1875
|
+
try {
|
|
1876
|
+
return (await this.get_by_email(email)).uid;
|
|
1877
|
+
}
|
|
1878
|
+
catch (e) {
|
|
1879
|
+
return undefined;
|
|
1880
|
+
}
|
|
1881
|
+
}
|
|
1882
|
+
/**
|
|
1883
|
+
* Get a uid by API key.
|
|
1884
|
+
* @returns Returns the uid for the API key, or undefined if not valid.
|
|
1885
|
+
* @param api_key The API key to parse.
|
|
1886
|
+
* @example
|
|
1887
|
+
* const uid = server.users.get_uid_by_api_key("XXXXXXXXXX");
|
|
1888
|
+
*/
|
|
1889
|
+
get_uid_by_api_key(api_key) {
|
|
1890
|
+
return this._parse_uid_from_token_api_key(api_key, "ak_");
|
|
1891
|
+
}
|
|
1892
|
+
/**
|
|
1893
|
+
* Get a uid by token.
|
|
1894
|
+
* @returns Returns the uid for the token, or undefined if not valid.
|
|
1895
|
+
* @param token The token to parse.
|
|
1896
|
+
* @example
|
|
1897
|
+
* const uid = server.users.get_uid_by_token("XXXXXXXXXX");
|
|
1898
|
+
*/
|
|
1899
|
+
get_uid_by_token(token) {
|
|
1900
|
+
return this._parse_uid_from_token_api_key(token, "tk_");
|
|
1901
|
+
}
|
|
1902
|
+
/**
|
|
1903
|
+
* Get a user's support pin by uid.
|
|
1904
|
+
* @returns Returns the support PIN string.
|
|
1905
|
+
* @param uid The user id.
|
|
1906
|
+
* @example
|
|
1907
|
+
* const pin = await server.users.get_support_pin("1");
|
|
1908
|
+
*/
|
|
1909
|
+
async get_support_pin(uid) {
|
|
1910
|
+
return (await this.get(uid)).support_pin;
|
|
1911
|
+
}
|
|
1912
|
+
/**
|
|
1913
|
+
* Generate an API key for a user and store its hash. Overwrites existing keys.
|
|
1914
|
+
* @returns Returns the API key string (plaintext).
|
|
1915
|
+
* @param uid The user id.
|
|
1916
|
+
* @example
|
|
1917
|
+
* const api_key = await server.users.generate_api_key("0");
|
|
1918
|
+
*/
|
|
1919
|
+
async generate_api_key(uid) {
|
|
1920
|
+
const api_key = this._generate_api_key(uid);
|
|
1921
|
+
await this._sys_set(uid, { api_key: await this._hash_password(api_key) });
|
|
1922
|
+
return api_key;
|
|
1923
|
+
}
|
|
1924
|
+
/**
|
|
1925
|
+
* Check if a user has a generated API key.
|
|
1926
|
+
* @returns Returns a boolean indicating whether the user has an API key.
|
|
1927
|
+
* @param uid The user id.
|
|
1928
|
+
* @throws {Collection.NotFoundError} If the user id does not exist.
|
|
1929
|
+
* @example
|
|
1930
|
+
* const has_api_key = await server.users.has_api_key("0");
|
|
1931
|
+
*/
|
|
1932
|
+
async has_api_key(uid) {
|
|
1933
|
+
const data = await this._users_db.load({ uid }, {
|
|
1934
|
+
projection: { api_key: 1 }
|
|
1935
|
+
});
|
|
1936
|
+
return data.api_key != null && data.api_key.length > 0;
|
|
1937
|
+
}
|
|
1938
|
+
/**
|
|
1939
|
+
* Revoke the API key of a user.
|
|
1940
|
+
* @param uid The user id.
|
|
1941
|
+
* @example
|
|
1942
|
+
* await server.users.revoke_api_key("0");
|
|
1943
|
+
*/
|
|
1944
|
+
async revoke_api_key(uid) {
|
|
1945
|
+
await this._users_db.save({ uid }, { $unset: { api_key: "" } }, { upsert: false });
|
|
1946
|
+
}
|
|
1947
|
+
/**
|
|
1948
|
+
* Verify a plaintext password.
|
|
1949
|
+
* @returns Returns a boolean indicating whether the verification was successful.
|
|
1950
|
+
* @param uid The user id.
|
|
1951
|
+
* @param password The plaintext password.
|
|
1952
|
+
* @example
|
|
1953
|
+
* const success = await server.users.verify_password("1", "XXXXXX");
|
|
1954
|
+
*/
|
|
1955
|
+
async verify_password(uid, password) {
|
|
1956
|
+
try {
|
|
1957
|
+
const user = await this.get(uid);
|
|
1958
|
+
return user.uid != null && await this._verify_password(password, user.password);
|
|
1959
|
+
}
|
|
1960
|
+
catch (err) {
|
|
1961
|
+
return false;
|
|
1962
|
+
}
|
|
1963
|
+
}
|
|
1964
|
+
/**
|
|
1965
|
+
* Verify a plaintext API key.
|
|
1966
|
+
* @returns Returns a boolean indicating whether the verification was successful.
|
|
1967
|
+
* @param api_key The api key to verify.
|
|
1968
|
+
* @example
|
|
1969
|
+
* const success = await server.users.verify_api_key("XXXXXX");
|
|
1970
|
+
*/
|
|
1971
|
+
async verify_api_key(api_key) {
|
|
1972
|
+
return await this.verify_api_key_by_uid(this.get_uid_by_api_key(api_key), api_key);
|
|
1973
|
+
}
|
|
1974
|
+
/**
|
|
1975
|
+
* Verify a plaintext API key by uid.
|
|
1976
|
+
* @returns Returns a boolean indicating whether the verification was successful.
|
|
1977
|
+
* @param uid The user id.
|
|
1978
|
+
* @param api_key The api key to verify.
|
|
1979
|
+
* @example
|
|
1980
|
+
* const success = await server.users.verify_api_key_by_uid("1", "XXXXXX");
|
|
1981
|
+
*/
|
|
1982
|
+
async verify_api_key_by_uid(uid, api_key) {
|
|
1983
|
+
try {
|
|
1984
|
+
if (!uid)
|
|
1985
|
+
return false;
|
|
1986
|
+
const user = await this.get(uid);
|
|
1987
|
+
return user.uid != null && user.api_key != null && user.api_key?.length > 0
|
|
1988
|
+
&& await this._verify_password(api_key, user.api_key);
|
|
1989
|
+
}
|
|
1990
|
+
catch (err) {
|
|
1991
|
+
return false;
|
|
1992
|
+
}
|
|
1993
|
+
}
|
|
1994
|
+
/**
|
|
1995
|
+
* Verify a plaintext token.
|
|
1996
|
+
* @returns Returns a boolean indicating whether the verification was successful.
|
|
1997
|
+
* @param token The token to verify.
|
|
1998
|
+
* @example
|
|
1999
|
+
* const success = await server.users.verify_token("XXXXXX");
|
|
2000
|
+
*/
|
|
2001
|
+
async verify_token(token) {
|
|
2002
|
+
return await this.verify_token_by_uid(this.get_uid_by_token(token), token);
|
|
2003
|
+
}
|
|
2004
|
+
/**
|
|
2005
|
+
* Verify a plaintext token by uid.
|
|
2006
|
+
* @returns Returns a boolean indicating whether the verification was successful.
|
|
2007
|
+
* @param uid The user id.
|
|
2008
|
+
* @param token The token to verify.
|
|
2009
|
+
* @example
|
|
2010
|
+
* const success = await server.users.verify_token_by_uid("1", "XXXXXX");
|
|
2011
|
+
*/
|
|
2012
|
+
async verify_token_by_uid(uid, token) {
|
|
2013
|
+
try {
|
|
2014
|
+
if (!uid)
|
|
2015
|
+
return false;
|
|
2016
|
+
const correct_token = await this._tokens_db.load({ uid });
|
|
2017
|
+
return (correct_token != null &&
|
|
2018
|
+
correct_token.token != null &&
|
|
2019
|
+
correct_token.active !== false &&
|
|
2020
|
+
Date.now() < correct_token.expiration &&
|
|
2021
|
+
await this._verify_password(token, correct_token.token));
|
|
2022
|
+
}
|
|
2023
|
+
catch (err) {
|
|
2024
|
+
if (err instanceof Collection.NotFoundError) {
|
|
2025
|
+
return false;
|
|
2026
|
+
}
|
|
2027
|
+
throw err;
|
|
2028
|
+
}
|
|
2029
|
+
}
|
|
2030
|
+
/**
|
|
2031
|
+
* Verify a 2FA code by user id/email key.
|
|
2032
|
+
* @param uid The UID or email used when creating the 2FA token.
|
|
2033
|
+
* @param code The 2FA code.
|
|
2034
|
+
* @returns Returns undefined on success, otherwise a string describing the error.
|
|
2035
|
+
* @example
|
|
2036
|
+
* await server.users.verify_2fa("1", "123456");
|
|
2037
|
+
*/
|
|
2038
|
+
async verify_2fa(uid, code) {
|
|
2039
|
+
try {
|
|
2040
|
+
const auth = await this._2fa_tokens_db.load({ uid });
|
|
2041
|
+
const now = Date.now();
|
|
2042
|
+
if (now >= auth.expiration) {
|
|
2043
|
+
await this._deactivate_2fa_token(uid);
|
|
2044
|
+
return "The 2FA code has expired.";
|
|
2045
|
+
}
|
|
2046
|
+
const status = (auth != null &&
|
|
2047
|
+
auth.code != null &&
|
|
2048
|
+
now < auth.expiration &&
|
|
2049
|
+
auth.code == code &&
|
|
2050
|
+
auth.active !== false);
|
|
2051
|
+
if (status === false) {
|
|
2052
|
+
return "Invalid 2FA code.";
|
|
2053
|
+
}
|
|
2054
|
+
await this._deactivate_2fa_token(uid); // single use.
|
|
2055
|
+
return;
|
|
2056
|
+
}
|
|
2057
|
+
catch (err) {
|
|
2058
|
+
if (err instanceof Collection.NotFoundError) {
|
|
2059
|
+
return "Invalid 2FA code.";
|
|
2060
|
+
}
|
|
2061
|
+
this.server.log.error(`${err}.`);
|
|
2062
|
+
return "Unknown error.";
|
|
2063
|
+
}
|
|
2064
|
+
}
|
|
2065
|
+
/**
|
|
2066
|
+
* Send a 2FA code to a user by user id.
|
|
2067
|
+
* By default the 2FA code will be valid for 5 minutes.
|
|
2068
|
+
* The mail body is generated via `Server.on_2fa_mail({code, username, email, date, ip, device})`.
|
|
2069
|
+
* @returns Returns a promise that resolves when the 2FA mail has been sent.
|
|
2070
|
+
* @param uid The user id (or use _email with internal flow).
|
|
2071
|
+
* @param stream The stream object from the client request.
|
|
2072
|
+
* @param expiration The amount of seconds in which the code will expire.
|
|
2073
|
+
* @example
|
|
2074
|
+
* await server.users.send_2fa({ uid: "0", stream });
|
|
2075
|
+
*/
|
|
2076
|
+
async send_2fa({ uid, stream, expiration = 300, _user_agent = undefined, _username = undefined, _email = undefined, }) {
|
|
2077
|
+
// Generate 2fa and get user email.
|
|
2078
|
+
let code;
|
|
2079
|
+
if (_username == null && _email == null) {
|
|
2080
|
+
code = await this._create_2fa_token(uid, expiration);
|
|
2081
|
+
const user = await this.get(uid);
|
|
2082
|
+
_username = user.username;
|
|
2083
|
+
_email = user.email;
|
|
2084
|
+
}
|
|
2085
|
+
else {
|
|
2086
|
+
code = await this._create_2fa_token(_email, expiration);
|
|
2087
|
+
}
|
|
2088
|
+
// Get device.
|
|
2089
|
+
const user_agent = _user_agent ?? (stream.headers["user-agent"] ?? "Unknown");
|
|
2090
|
+
// Replace body.
|
|
2091
|
+
if (this.server.on_2fa_mail === undefined) {
|
|
2092
|
+
throw Error("Define server callback \"Server.on_2fa_mail\" to generate the HTML mail body.");
|
|
2093
|
+
}
|
|
2094
|
+
let mail = this.server.on_2fa_mail({
|
|
2095
|
+
code: code,
|
|
2096
|
+
username: _username,
|
|
2097
|
+
email: _email,
|
|
2098
|
+
date: new Date().toUTCString(),
|
|
2099
|
+
ip: stream.ip,
|
|
2100
|
+
device: user_agent,
|
|
2101
|
+
});
|
|
2102
|
+
let body = mail, subject;
|
|
2103
|
+
if (mail instanceof MailUI.MailElement) {
|
|
2104
|
+
body = mail.html();
|
|
2105
|
+
subject = mail.subject();
|
|
2106
|
+
}
|
|
2107
|
+
// Send mail.
|
|
2108
|
+
this.server.assert_mail();
|
|
2109
|
+
await this.server.mail.send({
|
|
2110
|
+
recipients: [_email],
|
|
2111
|
+
subject: subject ?? "Two Factor Authentication Code",
|
|
2112
|
+
body,
|
|
2113
|
+
});
|
|
2114
|
+
}
|
|
2115
|
+
/**
|
|
2116
|
+
* List all users.
|
|
2117
|
+
* @returns An array of User objects.
|
|
2118
|
+
*/
|
|
2119
|
+
async list() {
|
|
2120
|
+
return await this._users_db.list_all();
|
|
2121
|
+
}
|
|
2122
|
+
}
|
|
2123
|
+
/** Nested types for the {@link User} class. */
|
|
2124
|
+
(function (Users) {
|
|
2125
|
+
/** The types for the frontend endpoints. */
|
|
2126
|
+
let Endpoints;
|
|
2127
|
+
(function (Endpoints) {
|
|
2128
|
+
// ---------------------------------------------
|
|
2129
|
+
// Users.
|
|
2130
|
+
// ---------------------------------------------
|
|
2131
|
+
Endpoints.JsonValueSchemaType = [
|
|
2132
|
+
"string",
|
|
2133
|
+
"number",
|
|
2134
|
+
"boolean",
|
|
2135
|
+
"null",
|
|
2136
|
+
"array",
|
|
2137
|
+
"object"
|
|
2138
|
+
];
|
|
2139
|
+
})(Endpoints = Users.Endpoints || (Users.Endpoints = {}));
|
|
2140
|
+
})(Users || (Users = {}));
|