npm - karaoke-eternal - Versions diffs - 1.0.0 → 2.0.0-beta.6 - Mend

karaoke-eternal 1.0.0 → 2.0.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/README.md +10 -10
package/build/client/447.83b0127845c2fa8729fe.js +1 -0
package/build/client/715.83b0127845c2fa8729fe.js +1 -0
package/build/client/718.83b0127845c2fa8729fe.js +1 -0
package/build/client/851.83b0127845c2fa8729fe.js +1 -0
package/build/{845.4be526e3a94d53aeceae.css → client/958.83b0127845c2fa8729fe.css} +53 -6
package/build/client/958.83b0127845c2fa8729fe.js +1 -0
package/build/{index.html → client/index.html} +1 -1
package/build/{licenses.txt → client/licenses.txt} +208 -496
package/build/client/main.83b0127845c2fa8729fe.css +2341 -0
package/build/client/main.83b0127845c2fa8729fe.js +1 -0
package/build/server/Library/Library.js +297 -0
package/build/server/Library/ipc.js +13 -0
package/build/server/Library/router.js +20 -0
package/build/server/Library/socket.js +35 -0
package/build/server/Media/Media.js +170 -0
package/build/server/Media/fileTypes.js +8 -0
package/build/server/Media/ipc.js +13 -0
package/build/server/Media/router.js +97 -0
package/build/server/Player/socket.js +66 -0
package/build/server/Prefs/Prefs.js +181 -0
package/build/server/Prefs/router.js +151 -0
package/build/server/Prefs/socket.js +52 -0
package/build/server/Queue/Queue.js +203 -0
package/build/server/Queue/socket.js +83 -0
package/build/server/Rooms/Rooms.js +171 -0
package/build/server/Rooms/router.js +97 -0
package/build/server/Rooms/socket.js +23 -0
package/build/server/Scanner/FileScanner/FileScanner.js +166 -0
package/build/server/Scanner/FileScanner/getConfig.js +32 -0
package/build/server/Scanner/FileScanner/getFiles.js +61 -0
package/build/server/Scanner/MetaParser/MetaParser.js +77 -0
package/build/server/Scanner/MetaParser/defaultMiddleware.js +170 -0
package/build/server/Scanner/Scanner.js +26 -0
package/build/server/Scanner/ScannerQueue.js +62 -0
package/build/server/User/User.js +206 -0
package/build/server/User/router.js +366 -0
package/build/server/lib/Database.js +39 -0
package/build/server/lib/Errors.js +6 -0
package/build/server/lib/IPCBridge.js +128 -0
package/build/server/lib/Log.js +31 -0
package/build/server/lib/accumulatedThrottle.js +16 -0
package/build/server/lib/bcrypt.js +23 -0
package/build/server/lib/cli.js +131 -0
package/build/server/lib/getCdgName.js +18 -0
package/build/server/lib/getFolders.js +8 -0
package/build/server/lib/getHotMiddleware.js +22 -0
package/build/server/lib/getIPAddress.js +14 -0
package/build/server/lib/getPermutations.js +17 -0
package/build/server/lib/getWindowsDrives.js +17 -0
package/build/server/lib/parseCookie.js +13 -0
package/build/server/lib/pushQueuesAndLibrary.js +22 -0
package/{server → build/server}/lib/schemas/001-initial-schema.sql +26 -26
package/build/server/lib/schemas/004-paths-rooms-data.sql +7 -0
package/build/server/lib/schemas/005-roles.sql +32 -0
package/build/server/lib/util.js +39 -0
package/build/server/main.js +124 -0
package/build/server/scannerWorker.js +59 -0
package/build/server/serverWorker.js +219 -0
package/build/server/socket.js +134 -0
package/build/server/watcherWorker.js +51 -0
package/build/shared/actionTypes.js +113 -0
package/build/shared/types.js +1 -0
package/package.json +111 -86
package/build/267.4be526e3a94d53aeceae.js +0 -1
package/build/591.4be526e3a94d53aeceae.js +0 -1
package/build/598.4be526e3a94d53aeceae.js +0 -1
package/build/799.4be526e3a94d53aeceae.js +0 -1
package/build/845.4be526e3a94d53aeceae.js +0 -1
package/build/main.4be526e3a94d53aeceae.css +0 -2034
package/build/main.4be526e3a94d53aeceae.js +0 -1
package/server/Library/Library.js +0 -340
package/server/Library/index.js +0 -3
package/server/Library/ipc.js +0 -18
package/server/Library/router.js +0 -27
package/server/Library/socket.js +0 -47
package/server/Media/Media.js +0 -207
package/server/Media/index.js +0 -3
package/server/Media/ipc.js +0 -19
package/server/Media/router.js +0 -99
package/server/Player/socket.js +0 -78
package/server/Prefs/Prefs.js +0 -165
package/server/Prefs/index.js +0 -3
package/server/Prefs/router.js +0 -124
package/server/Prefs/socket.js +0 -68
package/server/Queue/Queue.js +0 -208
package/server/Queue/index.js +0 -3
package/server/Queue/socket.js +0 -99
package/server/Rooms/Rooms.js +0 -114
package/server/Rooms/index.js +0 -3
package/server/Rooms/router.js +0 -146
package/server/Scanner/FileScanner/FileScanner.js +0 -225
package/server/Scanner/FileScanner/getConfig.js +0 -35
package/server/Scanner/FileScanner/getFiles.js +0 -63
package/server/Scanner/FileScanner/index.js +0 -3
package/server/Scanner/MetaParser/MetaParser.js +0 -49
package/server/Scanner/MetaParser/defaultMiddleware.js +0 -197
package/server/Scanner/MetaParser/index.js +0 -3
package/server/Scanner/Scanner.js +0 -33
package/server/User/User.js +0 -139
package/server/User/index.js +0 -3
package/server/User/router.js +0 -442
package/server/lib/Database.js +0 -55
package/server/lib/IPCBridge.js +0 -115
package/server/lib/Log.js +0 -71
package/server/lib/bcrypt.js +0 -24
package/server/lib/cli.js +0 -136
package/server/lib/electron.js +0 -81
package/server/lib/getCdgName.js +0 -20
package/server/lib/getDevMiddleware.js +0 -51
package/server/lib/getFolders.js +0 -10
package/server/lib/getHotMiddleware.js +0 -27
package/server/lib/getIPAddress.js +0 -16
package/server/lib/getPermutations.js +0 -21
package/server/lib/getWindowsDrives.js +0 -30
package/server/lib/parseCookie.js +0 -12
package/server/lib/pushQueuesAndLibrary.js +0 -29
package/server/main.js +0 -135
package/server/scannerWorker.js +0 -58
package/server/serverWorker.js +0 -242
package/server/socket.js +0 -173
package/shared/actionTypes.js +0 -103
/package/build/{7ce9eb3fe454f54745a4.woff2 → client/7ce9eb3fe454f54745a4.woff2} +0 -0
/package/build/{598.4be526e3a94d53aeceae.css → client/851.83b0127845c2fa8729fe.css} +0 -0
/package/build/{a35814dd9eb496e3d7cc.woff2 → client/a35814dd9eb496e3d7cc.woff2} +0 -0
/package/build/{e419b95dccb58b362811.woff2 → client/e419b95dccb58b362811.woff2} +0 -0
/package/{server → build/server}/lib/schemas/002-replaygain.sql +0 -0
/package/{server → build/server}/lib/schemas/003-queue-linked-list.sql +0 -0

package/build/server/Scanner/ScannerQueue.js ADDED Viewed

@@ -0,0 +1,62 @@
+import FileScanner from './FileScanner/FileScanner.js';
+import Prefs from '../Prefs/Prefs.js';
+import getLogger from '../lib/Log.js';
+const log = getLogger('queue');
+class ScannerQueue {
+    #instance;
+    #isCanceling = false;
+    #q = [];
+    onIteration;
+    onDone;
+    constructor(onIteration, onDone) {
+        this.onIteration = onIteration;
+        this.onDone = onDone;
+    }
+    async queue(pathIds) {
+        const prefs = await Prefs.get();
+        if (pathIds === true) {
+            pathIds = prefs.paths.result; // queueing all paths
+        }
+        else if (Number.isInteger(pathIds)) {
+            pathIds = [pathIds];
+        }
+        if (!Array.isArray(pathIds)) {
+            log.warn('invalid pathIds: %s', pathIds);
+            return;
+        }
+        pathIds.forEach((id) => {
+            const dir = prefs.paths.entities[id]?.path;
+            if (!dir) {
+                log.warn('ignoring (invalid pathId): %s', id);
+            }
+            else if (this.#q.includes(id)) {
+                log.info('ignoring (path already queued): %s', dir);
+            }
+            else {
+                log.info('path queued for scan: %s', dir);
+                this.#q.push(id);
+            }
+        });
+        if (this.#q.length && !this.#instance) {
+            this.start();
+        }
+    }
+    async start() {
+        log.info('Starting media scan');
+        while (this.#q.length && !this.#isCanceling) {
+            const prefs = await Prefs.get();
+            this.#instance = new FileScanner(prefs, { length: this.#q.length });
+            const stats = await this.#instance.scan(this.#q.shift());
+            this.onIteration(stats);
+        }
+        this.onDone();
+    }
+    stop() {
+        log.info('Stopping media scan (user requested)');
+        this.#isCanceling = true;
+        if (this.#instance) {
+            this.#instance.cancel();
+        }
+    }
+}
+export default ScannerQueue;

package/build/server/User/User.js ADDED Viewed

@@ -0,0 +1,206 @@
+import Database from '../lib/Database.js';
+import sql from 'sqlate';
+import bcrypt from '../lib/bcrypt.js';
+import Queue from '../Queue/Queue.js';
+import { randomChars } from '../lib/util.js';
+export const IMG_MAX_LENGTH = 50000; // bytes
+export const BCRYPT_ROUNDS = 12;
+export const USERNAME_MIN_LENGTH = 3;
+export const USERNAME_MAX_LENGTH = 128;
+export const PASSWORD_MIN_LENGTH = 6;
+export const NAME_MIN_LENGTH = 2;
+export const NAME_MAX_LENGTH = 50;
+const { db } = Database;
+class User {
+    /**
+     * Get user by userId
+     *
+     * @param  {Number}  userId
+     * @param  {Bool}  creds  Whether to include username and password in result
+     * @return {Promise}
+     */
+    static async getById(userId, creds = false) {
+        if (typeof userId !== 'number') {
+            throw new Error('userId must be a number');
+        }
+        return User._get({ userId, username: undefined }, creds);
+    }
+    /**
+     * Get user by username
+     *
+     * @param  {String}  username
+     * @param  {Bool}  creds  Whether to include username and password in result
+     * @return {Promise}
+     */
+    static async getByUsername(username, creds = false) {
+        if (typeof username !== 'string') {
+            throw new Error('username must be a string');
+        }
+        return User._get({ userId: undefined, username }, creds);
+    }
+    /**
+     * Gets all users
+     *
+     * @return {Promise}      normalized list of users
+     */
+    static async get() {
+        const result = [];
+        const entities = {};
+        const query = sql `
+      SELECT users.userId, users.username, users.name, users.dateCreated, users.dateUpdated, roles.name AS role
+      FROM users
+        INNER JOIN roles USING (roleId)
+      ORDER BY dateCreated DESC
+    `;
+        const res = await db.all(String(query), query.parameters);
+        res.forEach((row) => {
+            result.push(row.userId);
+            entities[row.userId] = row;
+        });
+        return { result, entities };
+    }
+    static async create({ username, newPassword, newPasswordConfirm, name, image, }, role = 'standard') {
+        username = username?.trim();
+        name = name?.trim();
+        const fields = new Map();
+        if (role !== 'guest') {
+            if (!username) {
+                throw new Error('Username or email is required');
+            }
+            if (username.length < USERNAME_MIN_LENGTH || username.length > USERNAME_MAX_LENGTH) {
+                throw new Error(`Username or email must have ${USERNAME_MIN_LENGTH}-${USERNAME_MAX_LENGTH} characters`);
+            }
+            if (!newPassword) {
+                throw new Error('Password is required');
+            }
+            if (newPassword.length < PASSWORD_MIN_LENGTH) {
+                throw new Error(`Password must have at least ${PASSWORD_MIN_LENGTH} characters`);
+            }
+            if (!newPasswordConfirm) {
+                throw new Error('Password confirmation is required');
+            }
+            if (newPassword !== newPasswordConfirm) {
+                throw new Error('New passwords do not match');
+            }
+            if (await User.getByUsername(username)) {
+                throw new Error('Username or email is not available');
+            }
+            fields.set('username', username);
+            fields.set('password', await bcrypt.hash(newPassword, BCRYPT_ROUNDS));
+        }
+        else {
+            let res = {};
+            // ensure unique guest username
+            do {
+                fields.set('username', `guest-${randomChars(5)}`);
+                const query = sql `
+        SELECT COUNT(*) AS count
+        FROM users
+        WHERE username = ${fields.get('username')}
+        `;
+                res = await db.get(String(query), query.parameters);
+            } while (res.count > 0);
+            fields.set('password', 'guest');
+        }
+        if (!name) {
+            throw new Error('Display name is required');
+        }
+        if (name.length < NAME_MIN_LENGTH || name.length > NAME_MAX_LENGTH) {
+            throw new Error(`Display name must have ${NAME_MIN_LENGTH}-${NAME_MAX_LENGTH} characters`);
+        }
+        fields.set('name', name);
+        fields.set('dateCreated', Math.floor(Date.now() / 1000));
+        fields.set('roleId', sql `(SELECT roleId FROM roles WHERE name = ${role})`);
+        // user image?
+        if (image) {
+            if (image.length > IMG_MAX_LENGTH) {
+                throw new Error('Invalid image');
+            }
+            fields.set('image', image);
+        }
+        const query = sql `
+    INSERT INTO users ${sql.tuple(Array.from(fields.keys()).map(sql.column))}
+    VALUES ${sql.tuple(Array.from(fields.values()))}
+  `;
+        const res = await db.run(String(query), query.parameters);
+        if (typeof res.lastID !== 'number') {
+            throw new Error('Unable to create user');
+        }
+        return res.lastID;
+    }
+    static async validate({ username, password }) {
+        if (!username || !password) {
+            throw new Error('Username/email and password are required');
+        }
+        const user = await User.getByUsername(username, true);
+        if (!user || !(await bcrypt.compare(password, user.password))) {
+            throw new Error('Incorrect username/email or password');
+        }
+        return user;
+    }
+    /**
+     * Remove a user
+     *
+     * @param  {Number}  userId
+     * @return {Promise}
+     */
+    static async remove(userId) {
+        if (typeof userId !== 'number') {
+            throw new Error('userId must be a number');
+        }
+        // remove user's queue items
+        const queueQuery = sql `
+      SELECT queueId
+      FROM queue
+      WHERE userId = ${userId}
+    `;
+        const queueRows = await db.all(String(queueQuery), queueQuery.parameters);
+        for (const row of queueRows) {
+            await Queue.remove(row.queueId);
+        }
+        // remove user's song stars
+        const songStarsQuery = sql `
+      DELETE FROM songStars
+      WHERE userId = ${userId}
+    `;
+        await db.run(String(songStarsQuery), songStarsQuery.parameters);
+        // remove user's artist stars
+        const artistStarsQuery = sql `
+      DELETE FROM artistStars
+      WHERE userId = ${userId}
+    `;
+        await db.run(String(artistStarsQuery), artistStarsQuery.parameters);
+        // remove the user
+        const usersQuery = sql `
+      DELETE FROM users
+      WHERE userId = ${userId}
+    `;
+        const usersQueryRes = await db.run(String(usersQuery), usersQuery.parameters);
+        if (!usersQueryRes.changes) {
+            throw new Error(`unable to remove userId: ${userId}`);
+        }
+    }
+    /**
+     * (private) runs the query
+     * @param  {Object}  id   with fields 'username' or 'userId'
+     * @param  {Bool}  creds  whether to include username and password in result
+     * @return {Promise}      user object
+     */
+    static async _get({ userId, username }, creds = false) {
+        const query = sql `
+      SELECT users.*, roles.name AS role
+      FROM users
+        INNER JOIN roles USING (roleId)
+      WHERE ${typeof userId === 'number' ? sql `userId = ${userId}` : sql `LOWER(username) = ${username.toLowerCase()}`}
+    `;
+        const user = await db.get(String(query), query.parameters);
+        if (!user)
+            return false;
+        if (!creds) {
+            delete user.username;
+            delete user.password;
+        }
+        return user;
+    }
+}
+export default User;

package/build/server/User/router.js ADDED Viewed

@@ -0,0 +1,366 @@
+import { promisify } from 'util';
+import fs from 'fs';
+import Database from '../lib/Database.js';
+import sql from 'sqlate';
+import jsonWebToken from 'jsonwebtoken';
+import bcrypt from '../lib/bcrypt.js';
+import KoaRouter from '@koa/router';
+import Prefs from '../Prefs/Prefs.js';
+import Queue from '../Queue/Queue.js';
+import Rooms from '../Rooms/Rooms.js';
+import User from '../User/User.js';
+import { QUEUE_PUSH } from '../../shared/actionTypes.js';
+import { BCRYPT_ROUNDS, USERNAME_MIN_LENGTH, USERNAME_MAX_LENGTH, PASSWORD_MIN_LENGTH, NAME_MIN_LENGTH, NAME_MAX_LENGTH } from './User.js';
+const router = new KoaRouter({ prefix: '/api' });
+const { db } = Database;
+const readFile = promisify(fs.readFile);
+const deleteFile = promisify(fs.unlink);
+const { sign: jwtSign } = jsonWebToken;
+// Takes the "raw" object returned by the User class and massages it
+// into the shape used by the client (state.user) and in server-side
+// routers. Should be used to generate the JWT.
+const createUserCtx = (user, roomId) => {
+    return {
+        dateCreated: user.dateCreated,
+        dateUpdated: user.dateUpdated,
+        isAdmin: user.role === 'admin',
+        isGuest: user.role === 'guest',
+        name: user.name,
+        roomId: parseInt(roomId, 10) || null,
+        userId: user.userId,
+        username: user.username,
+    };
+};
+// login
+router.post('/login', async (ctx) => {
+    const roomId = parseInt(ctx.request.body.roomId, 10) || null;
+    let user;
+    try {
+        user = await User.validate(ctx.request.body);
+        if (roomId) {
+            await Rooms.validate(roomId, ctx.request.body.roomPassword, {
+                isOpen: user.role !== 'admin', // admins can sign in to closed rooms
+                validatePassword: true,
+            });
+        }
+        else if (user.role !== 'admin') {
+            ctx.throw(401, 'Please select a room');
+        }
+    }
+    catch (err) {
+        ctx.throw(401, err.message);
+    }
+    const userCtx = createUserCtx(user, roomId);
+    // create JWT
+    const token = jwtSign(userCtx, ctx.jwtKey);
+    // set JWT as an httpOnly cookie
+    ctx.cookies.set('keToken', token, {
+        httpOnly: true,
+    });
+    ctx.body = userCtx;
+});
+// logout
+router.get('/logout', async (ctx) => {
+    // @todo force socket room leave
+    ctx.cookies.set('keToken', '');
+    ctx.status = 200;
+    ctx.body = {};
+});
+// get own account (helps sync account changes across devices)
+router.get('/user', async (ctx) => {
+    if (typeof ctx.user.userId !== 'number') {
+        ctx.throw(401);
+    }
+    // include credentials since their username may have changed
+    const user = await User.getById(ctx.user.userId, true);
+    if (!user) {
+        ctx.throw(404);
+    }
+    ctx.body = createUserCtx(user, ctx.user.roomId);
+});
+// list all users (admin only)
+router.get('/users', async (ctx) => {
+    if (!ctx.user.isAdmin) {
+        ctx.throw(401);
+    }
+    const userRooms = {}; // { userId: [roomId, roomId, ...]}
+    const sockets = await ctx.io.fetchSockets();
+    for (const s of sockets) {
+        if (s.user && typeof s.user.roomId === 'number') {
+            if (userRooms[s.user.userId]) {
+                userRooms[s.user.userId].push(s.user.roomId);
+            }
+            else {
+                userRooms[s.user.userId] = [s.user.roomId];
+            }
+        }
+    }
+    // get all users
+    const users = await User.get();
+    users.result.forEach((userId) => {
+        users.entities[userId].rooms = userRooms[userId] || [];
+    });
+    ctx.body = users;
+});
+// delete a user (admin only)
+router.delete('/user/:userId', async (ctx) => {
+    const targetId = parseInt(ctx.params.userId, 10);
+    if (!ctx.user.isAdmin || targetId === ctx.user.userId) {
+        ctx.throw(403);
+    }
+    await User.remove(targetId);
+    // disconnect their socket session(s)
+    const sockets = await ctx.io.fetchSockets();
+    for (const s of sockets) {
+        if (s?.user.userId === targetId) {
+            s.disconnect();
+        }
+    }
+    // emit (potentially) updated queues to each room
+    for (const { room, roomId } of Rooms.getActive(ctx.io)) {
+        ctx.io.to(room).emit('action', {
+            type: QUEUE_PUSH,
+            payload: await Queue.get(roomId),
+        });
+    }
+    // success
+    ctx.status = 200;
+    ctx.body = {};
+});
+// update a user account
+router.put('/user/:userId', async (ctx) => {
+    const targetId = parseInt(ctx.params.userId, 10);
+    const user = await User.getById(ctx.user.userId, true);
+    // must be admin if updating another user
+    if (!user || (targetId !== user.userId && user.role !== 'admin')) {
+        ctx.throw(401);
+    }
+    let { name, username, password, newPassword, newPasswordConfirm } = ctx.request.body;
+    // validate current password if updating own account
+    if (targetId === user.userId && !ctx.user.isGuest) {
+        if (!password) {
+            ctx.throw(422, 'Current password is required');
+        }
+        if (!(await bcrypt.compare(password, user.password))) {
+            ctx.throw(401, 'Incorrect current password');
+        }
+    }
+    // validated
+    const fields = new Map();
+    // changing username?
+    if (username && !ctx.user.isGuest) {
+        username = username.trim();
+        if (username.length < USERNAME_MIN_LENGTH || username.length > USERNAME_MAX_LENGTH) {
+            ctx.throw(400, `Username or email must have ${USERNAME_MIN_LENGTH}-${USERNAME_MAX_LENGTH} characters`);
+        }
+        // check for duplicate
+        if (await User.getByUsername(username)) {
+            ctx.throw(409, 'Username or email is not available');
+        }
+        fields.set('username', username);
+    }
+    // changing display name?
+    if (name) {
+        name = name.trim();
+        if (name.length < NAME_MIN_LENGTH || name.length > NAME_MAX_LENGTH) {
+            ctx.throw(400, `Display name must have ${NAME_MIN_LENGTH}-${NAME_MAX_LENGTH} characters`);
+        }
+        fields.set('name', name);
+    }
+    // changing password?
+    if (newPassword && !ctx.user.isGuest) {
+        if (newPassword.length < PASSWORD_MIN_LENGTH) {
+            ctx.throw(400, `Password must have at least ${PASSWORD_MIN_LENGTH} characters`);
+        }
+        if (newPassword !== newPasswordConfirm) {
+            ctx.throw(422, 'New passwords do not match');
+        }
+        fields.set('password', await bcrypt.hash(newPassword, BCRYPT_ROUNDS));
+    }
+    // changing user image?
+    if (ctx.request.files.image) {
+        const imageFile = Array.isArray(ctx.request.files.image) ? ctx.request.files.image[0] : ctx.request.files.image;
+        fields.set('image', await readFile(imageFile.filepath));
+        await deleteFile(imageFile.filepath);
+    }
+    else if (ctx.request.body.image === 'null') {
+        fields.set('image', null);
+    }
+    // changing role?
+    if (ctx.request.body.role) {
+        // @todo since we're not ensuring there'd be at least one admin
+        // remaining, changing one's own role is currently disallowed
+        if (user.role !== 'admin' || targetId === user.userId) {
+            ctx.throw(403);
+        }
+        fields.set('roleId', sql `(SELECT roleId FROM roles WHERE name = ${ctx.request.body.role})`);
+    }
+    fields.set('dateUpdated', Math.floor(Date.now() / 1000));
+    const query = sql `
+    UPDATE users
+    SET ${sql.tuple(Array.from(fields.keys()).map(sql.column))} = ${sql.tuple(Array.from(fields.values()))}
+    WHERE userId = ${targetId}
+  `;
+    const res = await db.run(String(query), query.parameters);
+    if (!res.changes) {
+        ctx.throw(404, `userId ${targetId} not found`);
+    }
+    // emit (potentially) updated queues to each room
+    // @todo: only update rooms the user is in
+    for (const { room, roomId } of Rooms.getActive(ctx.io)) {
+        ctx.io.to(room).emit('action', {
+            type: QUEUE_PUSH,
+            payload: await Queue.get(roomId),
+        });
+    }
+    // updating another account? we're done
+    if (targetId !== user.userId) {
+        ctx.status = 200;
+        ctx.body = {};
+        return;
+    }
+    // updating own account: send updated token
+    let updatedUser;
+    if (user.role !== 'guest') {
+        try {
+            updatedUser = await User.validate({
+                username: username || user.username,
+                password: newPassword || password,
+            });
+        }
+        catch (err) {
+            ctx.throw(401, err.message);
+        }
+    }
+    else {
+        updatedUser = {
+            ...user,
+            name: name || user.name,
+        };
+    }
+    const userCtx = createUserCtx(updatedUser, ctx.user.roomId || null);
+    // create JWT
+    // @todo: this should not extend the JWT expiry date
+    const token = jwtSign(userCtx, ctx.jwtKey);
+    // set JWT as an httpOnly cookie
+    ctx.cookies.set('keToken', token, {
+        httpOnly: true,
+    });
+    ctx.body = userCtx;
+});
+// create account
+router.post('/user', async (ctx) => {
+    let image;
+    if (!ctx.user.isAdmin) {
+        // already signed in?
+        if (ctx.user.userId !== null) {
+            ctx.throw(401, 'You are already signed in');
+        }
+        // only possible roles; further validated per-room below
+        if (!['guest', 'standard'].includes(ctx.request.body.role)) {
+            ctx.throw(401, 'Invalid role');
+        }
+        // new users must choose a room at the same time
+        try {
+            await Rooms.validate(ctx.request.body.roomId, ctx.request.body.roomPassword, { role: ctx.request.body.role });
+        }
+        catch (err) {
+            ctx.throw(401, err.message);
+        }
+    }
+    if (ctx.request.files.image) {
+        const imageFile = Array.isArray(ctx.request.files.image) ? ctx.request.files.image[0] : ctx.request.files.image;
+        image = await readFile(imageFile.filepath);
+        await deleteFile(imageFile.filepath);
+    }
+    // create user
+    try {
+        const userId = await User.create({ ...ctx.request.body, image }, ctx.request.body.role);
+        // if admin creating another user, we're done
+        if (ctx.user.isAdmin) {
+            ctx.status = 200;
+            ctx.body = {};
+            return;
+        }
+        const user = await User.getById(userId, true);
+        const userCtx = createUserCtx(user, ctx.request.body.roomId || null);
+        // create JWT
+        const token = jwtSign(userCtx, ctx.jwtKey);
+        // set JWT as an httpOnly cookie
+        ctx.cookies.set('keToken', token, {
+            httpOnly: true,
+        });
+        ctx.body = userCtx;
+    }
+    catch (err) {
+        ctx.throw(403, err.message);
+    }
+});
+// first-time setup
+router.post('/setup', async (ctx) => {
+    const prefs = await Prefs.get();
+    let image;
+    // must be first run
+    if (prefs.isFirstRun !== true) {
+        ctx.throw(403);
+    }
+    // create default room
+    const fields = new Map();
+    fields.set('name', 'Room 1');
+    fields.set('status', 'open');
+    fields.set('dateCreated', Math.floor(Date.now() / 1000));
+    const query = sql `
+    INSERT INTO rooms ${sql.tuple(Array.from(fields.keys()).map(sql.column))}
+    VALUES ${sql.tuple(Array.from(fields.values()))}
+  `;
+    const res = await db.run(String(query), query.parameters);
+    if (typeof res.lastID !== 'number') {
+        ctx.throw(500, 'Invalid default room lastID');
+    }
+    // create admin user
+    try {
+        const userId = await User.create({ ...ctx.request.body, image }, 'admin');
+        const user = await User.getById(userId, true);
+        const userCtx = createUserCtx(user, res.lastID);
+        // create JWT
+        const token = jwtSign(userCtx, ctx.jwtKey);
+        // set JWT as an httpOnly cookie
+        ctx.cookies.set('keToken', token, {
+            httpOnly: true,
+        });
+        // unset isFirstRun
+        const query = sql `
+      UPDATE prefs
+      SET data = 'false'
+      WHERE key = 'isFirstRun'
+    `;
+        await db.run(String(query));
+        // success
+        ctx.body = userCtx;
+    }
+    catch (err) {
+        ctx.throw(403, err.message);
+    }
+});
+// get a user's image
+router.get('/user/:userId/image', async (ctx) => {
+    const targetId = parseInt(ctx.params.userId, 10);
+    if (ctx.user.userId !== targetId && !ctx.user.isAdmin) {
+        // ensure users are in the same room
+        const sockets = await ctx.io.in(Rooms.prefix(ctx.user.roomId)).fetchSockets();
+        if (!sockets.some(s => s?.user && s?.user.userId === targetId)) {
+            ctx.throw(403);
+        }
+    }
+    const user = await User.getById(targetId);
+    if (!user || !user.image) {
+        ctx.throw(404);
+    }
+    if (typeof ctx.query.v !== 'undefined') {
+        // client can cache a versioned image forever
+        ctx.set('Cache-Control', 'max-age=31536000'); // 1 year
+    }
+    ctx.type = 'image/jpeg';
+    ctx.body = user.image;
+});
+export default router;

package/build/server/lib/Database.js ADDED Viewed

@@ -0,0 +1,39 @@
+import path from 'path';
+import fse from 'fs-extra';
+import sqlite3 from 'sqlite3';
+import { open as sqliteOpen } from 'sqlite';
+import getLogger from './Log.js';
+const log = getLogger('db');
+class Database {
+    static refs = {};
+    static async close() {
+        if (Database.refs.db) {
+            log.info('Closing database file %s', Database.refs.db.config.filename);
+            await Database.refs.db.close();
+        }
+    }
+    static async open({ file, ro = true } = { file: '', ro: true }) {
+        if (Database.refs.db)
+            throw new Error('Database already open');
+        log.info('Opening database file %s %s', ro ? '(read-only)' : '(writeable)', file);
+        // create path if it doesn't exist
+        fse.ensureDirSync(path.dirname(file));
+        const db = await sqliteOpen({
+            filename: file,
+            driver: sqlite3.Database,
+            mode: ro ? sqlite3.OPEN_READONLY : null,
+        });
+        if (!ro) {
+            await db.migrate({
+                migrationsPath: path.join(import.meta.dirname, 'schemas'),
+            });
+            await db.run('PRAGMA journal_mode = WAL;');
+            await db.run('PRAGMA foreign_keys = ON;');
+        }
+        Database.refs.db = db;
+        return db;
+    }
+}
+export const open = Database.open;
+export const close = Database.close;
+export default Database.refs;

package/build/server/lib/Errors.js ADDED Viewed

@@ -0,0 +1,6 @@
+export class ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ValidationError';
+    }
+}