rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make Reset account functional

Browse Source
This commit is contained in:
Cohee
2024-04-13 00:11:20 +03:00
parent 2e14132a20
commit 53386b35c9
8 changed files with 143 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
src/endpoints/users-private.js
View File

@@ -2,10 +2,15 @@ const path = require('path');
const fsPromises = require('fs').promises;
const storage = require('node-persist');
const express = require('express');
const crypto = require('crypto');
const { jsonParser } = require('../express-common');
const { getUserAvatar, toKey, getPasswordHash, getPasswordSalt, createBackupArchive } = require('../users');
const { getUserAvatar, toKey, getPasswordHash, getPasswordSalt, createBackupArchive, ensurePublicDirectoriesExist } = require('../users');
const { SETTINGS_FILE } = require('../constants');
const contentManager = require('./content-manager');
const { color, Cache } = require('../util');
const { checkForNewContent } = require('./content-manager');
const RESET_CACHE = new Cache(5 * 60 * 1000);
const router = express.Router();
@@ -27,7 +32,7 @@ router.post('/logout', async (request, response) => {
router.get('/me', async (request, response) => {
try {
if (!request.user) {
return response.sendStatus(401);
return response.sendStatus(403);
}
const user = request.user.profile;
@@ -74,7 +79,7 @@ router.post('/change-password', jsonParser, async (request, response) => {
if (!request.user.profile.admin && user.password && user.password !== getPasswordHash(request.body.oldPassword, user.salt)) {
console.log('Change password failed: Incorrect password');
return response.status(401).json({ error: 'Incorrect password' });
return response.status(403).json({ error: 'Incorrect password' });
}
if (request.body.newPassword) {
@@ -121,7 +126,7 @@ router.post('/reset-settings', jsonParser, async (request, response) => {
if (request.user.profile.password && request.user.profile.password !== getPasswordHash(password, request.user.profile.salt)) {
console.log('Reset settings failed: Incorrect password');
return response.status(401).json({ error: 'Incorrect password' });
return response.status(403).json({ error: 'Incorrect password' });
}
const pathToFile = path.join(request.user.directories.root, SETTINGS_FILE);
@@ -165,6 +170,53 @@ router.post('/change-name', jsonParser, async (request, response) => {
}
});
router.post('/reset-step1', jsonParser, async (request, response) => {
try {
const resetCode = String(crypto.randomInt(1000, 9999));
console.log();
console.log(color.magenta(`${request.user.profile.name}, your account reset code is: `) + color.red(resetCode));
console.log();
RESET_CACHE.set(request.user.profile.handle, resetCode);
return response.sendStatus(204);
} catch (error) {
console.error('Recover step 1 failed:', error);
return response.sendStatus(500);
}
});
router.post('/reset-step2', jsonParser, async (request, response) => {
try{
if (!request.body.code) {
console.log('Recover step 2 failed: Missing required fields');
return response.status(400).json({ error: 'Missing required fields' });
}
if (request.user.profile.password && request.user.profile.password !== getPasswordHash(request.body.password, request.user.profile.salt)) {
console.log('Recover step 2 failed: Incorrect password');
return response.status(400).json({ error: 'Incorrect password' });
}
const code = RESET_CACHE.get(request.user.profile.handle);
if (!code || code !== request.body.code) {
console.log('Recover step 2 failed: Incorrect code');
return response.status(400).json({ error: 'Incorrect code' });
}
console.log('Resetting account data:', request.user.profile.handle);
await fsPromises.rm(request.user.directories.root, { recursive: true, force: true });
await ensurePublicDirectoriesExist();
await checkForNewContent([request.user.directories]);
RESET_CACHE.remove(request.user.profile.handle);
return response.sendStatus(204);
} catch (error) {
console.error('Recover step 2 failed:', error);
return response.sendStatus(500);
}
});
module.exports = {
router,
};

6
src/endpoints/users-public.js
View File

@@ -59,7 +59,7 @@ router.post('/login', jsonParser, async (request, response) => {
if (!user) {
console.log('Login failed: User not found');
return response.status(401).json({ error: 'User not found' });
return response.status(403).json({ error: 'User not found' });
}
if (!user.enabled) {
@@ -70,7 +70,7 @@ router.post('/login', jsonParser, async (request, response) => {
if (user.password && user.password !== getPasswordHash(request.body.password, user.salt)) {
console.log('Login failed: Incorrect password');
return response.status(401).json({ error: 'Incorrect password' });
return response.status(403).json({ error: 'Incorrect password' });
}
if (!request.session) {
@@ -159,7 +159,7 @@ router.post('/recover-step2', jsonParser, async (request, response) => {
if (request.body.code !== mfaCode) {
await recoverLimiter.consume(ip);
console.log('Recover step 2 failed: Incorrect code');
return response.status(401).json({ error: 'Incorrect code' });
return response.status(403).json({ error: 'Incorrect code' });
}
if (request.body.newPassword) {

4
src/users.js
View File

@@ -551,7 +551,7 @@ async function setUserDataMiddleware(request, response, next) {
*/
function requireLoginMiddleware(request, response, next) {
if (!request.user) {
return response.sendStatus(401);
return response.sendStatus(403);
}
return next();
@@ -583,7 +583,7 @@ function createRouteHandler(directoryFn) {
*/
function requireAdminMiddleware(request, response, next) {
if (!request.user) {
return response.sendStatus(401);
return response.sendStatus(403);
}
if (request.user.profile.admin) {