Lomanic/cloudtube
1
0
Fork 0
mirror of https://git.sr.ht/~cadence/cloudtube synced 2026-05-26 12:32:25 +00:00
Code Issues Releases Wiki Activity

Add database and subscribe button

Browse source
This commit is contained in:
Cadence Ember 2020-08-31 01:54:59 +12:00
parent 2af05e43a9
commit f24e1bb39c
No known key found for this signature in database
GPG key ID: 128B99B1B74A6412
25 changed files with 972 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

78
api/utils/getuser.js Normal file
View file

@ -0,0 +1,78 @@
const crypto = require("crypto")
const {parse: parseCookie} = require("cookie")
const constants = require("./constants")
const db = require("./db")
function getToken(req, responseHeaders) {
if (!req.headers.cookie) req.headers.cookie = ""
const cookie = parseCookie(req.headers.cookie)
const token = cookie.token
if (token) return token
if (responseHeaders) { // we should create a token
const setCookie = responseHeaders["set-cookie"] || []
const token = crypto.randomBytes(18).toString("base64").replace(/\W/g, "_")
setCookie.push(`token=${token}; Path=/; Max-Age=2147483648; HttpOnly; SameSite=Lax`)
responseHeaders["set-cookie"] = setCookie
return token
}
return null
}
class User {
constructor(token) {
this.token = token
}
getSubscriptions() {
if (this.token) {
return db.prepare("SELECT ucid FROM Subscriptions WHERE token = ?").pluck().all(ucid)
} else {
return []
}
}
isSubscribed(ucid) {
if (this.token) {
return !!db.prepare("SELECT * FROM Subscriptions WHERE token = ? AND ucid = ?").get([this.token, ucid])
} else {
return false
}
}
}
/**
* @param {any} responseHeaders supply this to create a token
*/
function getUser(req, responseHeaders) {
const token = getToken(req, responseHeaders)
return new User(token)
}
function generateCSRF() {
const token = crypto.randomBytes(16).toString("hex")
const expires = Date.now() + constants.caching.csrf_time
db.prepare("INSERT INTO CSRFTokens (token, expires) VALUES (?, ?)").run(token, expires)
return token
}
function checkCSRF(token) {
const row = db.prepare("SELECT * FROM CSRFTokens WHERE token = ? AND expires > ?").get(token, Date.now())
if (row) {
db.prepare("DELETE FROM CSRFTokens WHERE token = ?").run(token)
return true
} else {
return false
}
}
function cleanCSRF() {
db.prepare("DELETE FROM CSRFTokens WHERE expires <= ?").run(Date.now())
}
cleanCSRF()
setInterval(cleanCSRF, constants.caching.csrf_time).unref()
module.exports.getToken = getToken
module.exports.generateCSRF = generateCSRF
module.exports.checkCSRF = checkCSRF
module.exports.getUser = getUser