satyr/src/api.ts

import * as db from "./database";
import { config } from "./config";
import {unlink} from "fs";

async function register(name: string, password: string, confirm: string): Promise<object> {
	if(!config['satyr']['registration']) return {"error":"registration disabled"};
	if(name.includes(';') || name.includes(' ') || name.includes('\'')) return {"error":"illegal characters"};
	if(password !== confirm) return {"error":"mismatched passwords"};
	for(let i=0;i<config['satyr']['restrictedNames'].length;i++){
		if (name === config['satyr']['restrictedNames'][i]) return {"error":"restricted name"};
	}
	let r: boolean = await db.addUser(name, password);
	if(r) {
		let k = await db.query('select stream_key from users where username='+db.raw.escape(name));
		return k;
	}
	return {"error":""};
}

async function update(fields: object): Promise<object>{
	if(!fields['title'] && !fields['bio'] && (fields['rec'] !== 'true' && fields['rec'] !== 'false')) return {"error":"no valid fields specified"};
	let qs: string = "";
	let f: boolean = false;
	if(fields['title']) {qs += ' user_meta.title='+db.raw.escape(fields['title']);f = true;}
	if(fields['bio']) {
		if(f) qs+=',';
		qs += ' user_meta.about='+db.raw.escape(fields['bio']);
		f=true;
	}
	if(typeof(fields['rec']) === 'boolean' || typeof(fields['rec']) === 'number') {
		if(f) qs+=',';
		qs += ' users.record_flag='+db.raw.escape(fields['rec']);
	}
	await db.query('UPDATE users,user_meta SET'+qs+' WHERE users.username='+db.raw.escape(fields['name'])+' AND user_meta.username='+db.raw.escape(fields['name']));
	return {"success":""};
}

async function updateChat(fields: object): Promise<object>{
	await db.query('UPDATE chat_integration SET xmpp='+db.raw.escape(fields['xmpp'])+', discord='+db.raw.escape(fields['discord'])+', irc='+db.raw.escape(fields['irc'])+', twitch='+db.raw.escape(fields['twitch'])+' WHERE username='+db.raw.escape(fields['name']));
	return {"success":""};
}

async function changepwd(name: string, password: string, newpwd: string): Promise<object>{
	if(!name || !password || !newpwd) return {"error":"Insufficient parameters"};
	let auth: boolean = await db.validatePassword(name, password);
	if(!auth) return {"error":"Username or Password Incorrect"};
	let newhash: string = await db.hash(newpwd);
	await db.query('UPDATE users set password_hash='+db.raw.escape(newhash)+'where username='+db.raw.escape(name)+' limit 1');
	return {"success":""};
}

async function changesk(name: string): Promise<object>{
	let key: string = await db.genKey();
	await db.query('UPDATE users set stream_key='+db.raw.escape(key)+'where username='+db.raw.escape(name)+' limit 1');
	return {"success":key};
}

async function login(name: string, password: string){
	if(!name || !password) return {"error":"Insufficient parameters"};
	let auth: boolean = await db.validatePassword(name, password);
	if(!auth) return {"error":"Username or Password Incorrect"};
	return false;
}

async function deleteVODs(vodlist: Array<string>, username: string): Promise<object>{
	for(var i=0;i<vodlist.length;i++){
		unlink('./site/live/'+username+'/'+vodlist[i], ()=>{});
	}
	return {"success":""};
}

async function getConfig(username: string, all?: boolean): Promise<object>{
	let t = {username: username};
	if(all) {
		let users = await db.query('SELECT stream_key,record_flag FROM users WHERE username='+db.raw.escape(username));
		if(users[0]) Object.assign(t, users[0]);
		let usermeta = await db.query('SELECT title,about FROM user_meta WHERE username='+db.raw.escape(username));
		if(usermeta[0]) Object.assign(t, users[0]);
		let ci = await db.query('SELECT irc,xmpp,twitch,discord FROM chat_integration WHERE username='+db.raw.escape(username));
		if(ci[0]) Object.assign(t, ci[0]);
	}
	else {
		let um = await db.query('SELECT title,about FROM user_meta WHERE username='+db.raw.escape(username));
		if(um[0]) Object.assign(t, um[0]);
	}
	return t;
}

export { register, update, changepwd, changesk, login, updateChat, deleteVODs, getConfig };
Fix /api/:user/config not returning all info for an authorized user. 2020-07-30 01:14:33 -05:00			`import * as db from "./database";`
Big Refactor Stop using config and toml as dependencies Stop passing around config variables through function calls Add config.ts and pull the values you need directly in the files Remove irc.js for incoming new IRC solution Rename controller to index because that was stupid Minor git bullshit with the config folder Change to yaml as a config format 2019-12-21 08:59:35 -06:00			`import { config } from "./config";`
Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00			`import {unlink} from "fs";`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00
Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00			`async function register(name: string, password: string, confirm: string): Promise<object> {`
Big Refactor Stop using config and toml as dependencies Stop passing around config variables through function calls Add config.ts and pull the values you need directly in the files Remove irc.js for incoming new IRC solution Rename controller to index because that was stupid Minor git bullshit with the config folder Change to yaml as a config format 2019-12-21 08:59:35 -06:00			`if(!config['satyr']['registration']) return {"error":"registration disabled"};`
I don't even know. Filled out API for user management Proper escaping of user input for SQL queries (stream keys aren't user input) Filled out frontend with profile management, vods, etc. I don't remember there's probably more, fuck. 2019-10-05 14:34:57 -05:00			`if(name.includes(';') \|\| name.includes(' ') \|\| name.includes('\'')) return {"error":"illegal characters"};`
			`if(password !== confirm) return {"error":"mismatched passwords"};`
Big Refactor Stop using config and toml as dependencies Stop passing around config variables through function calls Add config.ts and pull the values you need directly in the files Remove irc.js for incoming new IRC solution Rename controller to index because that was stupid Minor git bullshit with the config folder Change to yaml as a config format 2019-12-21 08:59:35 -06:00			`for(let i=0;i<config['satyr']['restrictedNames'].length;i++){`
			`if (name === config['satyr']['restrictedNames'][i]) return {"error":"restricted name"};`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00			`}`
I don't even know. Filled out API for user management Proper escaping of user input for SQL queries (stream keys aren't user input) Filled out frontend with profile management, vods, etc. I don't remember there's probably more, fuck. 2019-10-05 14:34:57 -05:00			`let r: boolean = await db.addUser(name, password);`
Removed old IRC implementation User accounts are now only for streamers, update CLI, API, and config to reflect that. Fixed a bug with registration in api.ts Made http port configurable Added beginnings of socket.io chat server Possibly more, I took a break in the middle of this commit. 2019-10-17 16:01:35 -05:00			`if(r) {`
			`let k = await db.query('select stream_key from users where username='+db.raw.escape(name));`
			`return k;`
			`}`
I don't even know. Filled out API for user management Proper escaping of user input for SQL queries (stream keys aren't user input) Filled out frontend with profile management, vods, etc. I don't remember there's probably more, fuck. 2019-10-05 14:34:57 -05:00			`return {"error":""};`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00			`}`

Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00			`async function update(fields: object): Promise<object>{`
Big Commit! Seriously, this one is pretty massive. Satyr now has proper sessions in the browser (like a real website), and a lot of changes were made. API Endpoints were changed from requiring a username and password to requiring a valid JsonWebToken, obtained from /api/login Satyr will generate a PEM format key for JWT signing and verification on startup if it can't find one at config/jwt.pem This file was added to .gitignore Two new depencies: cookie-parser and jose, for reading and signing JWTs. Refactored http.ts into mutiple functions, with a couple helper functions related to cookies and JWT decoding and verification. Socket.IO chat will also automatically log in users with a valid JWT. Refactor api.ts to reflect new requirements from endpoints. Minor bugfix in server.ts so we don't throw an uncaught exception when rejecting a stream with an invalid key. Transcode options readded to default.toml. They do nothing and they are not sane defaults. Both of those things are in the todo list. 2019-12-03 19:51:14 -06:00			`if(!fields['title'] && !fields['bio'] && (fields['rec'] !== 'true' && fields['rec'] !== 'false')) return {"error":"no valid fields specified"};`
			`let qs: string = "";`
			`let f: boolean = false;`
			`if(fields['title']) {qs += ' user_meta.title='+db.raw.escape(fields['title']);f = true;}`
			`if(fields['bio']) {`
			`if(f) qs+=',';`
			`qs += ' user_meta.about='+db.raw.escape(fields['bio']);`
			`f=true;`
			`}`
			`if(typeof(fields['rec']) === 'boolean' \|\| typeof(fields['rec']) === 'number') {`
			`if(f) qs+=',';`
			`qs += ' users.record_flag='+db.raw.escape(fields['rec']);`
			`}`
			`await db.query('UPDATE users,user_meta SET'+qs+' WHERE users.username='+db.raw.escape(fields['name'])+' AND user_meta.username='+db.raw.escape(fields['name']));`
I don't even know. Filled out API for user management Proper escaping of user input for SQL queries (stream keys aren't user input) Filled out frontend with profile management, vods, etc. I don't remember there's probably more, fuck. 2019-10-05 14:34:57 -05:00			`return {"success":""};`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00			`}`
Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00
			`async function updateChat(fields: object): Promise<object>{`
Add updateChat function in api 2020-06-26 06:07:33 -05:00			`await db.query('UPDATE chat_integration SET xmpp='+db.raw.escape(fields['xmpp'])+', discord='+db.raw.escape(fields['discord'])+', irc='+db.raw.escape(fields['irc'])+', twitch='+db.raw.escape(fields['twitch'])+' WHERE username='+db.raw.escape(fields['name']));`
			`return {"success":""};`
			`}`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00
Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00			`async function changepwd(name: string, password: string, newpwd: string): Promise<object>{`
Big Commit! Seriously, this one is pretty massive. Satyr now has proper sessions in the browser (like a real website), and a lot of changes were made. API Endpoints were changed from requiring a username and password to requiring a valid JsonWebToken, obtained from /api/login Satyr will generate a PEM format key for JWT signing and verification on startup if it can't find one at config/jwt.pem This file was added to .gitignore Two new depencies: cookie-parser and jose, for reading and signing JWTs. Refactored http.ts into mutiple functions, with a couple helper functions related to cookies and JWT decoding and verification. Socket.IO chat will also automatically log in users with a valid JWT. Refactor api.ts to reflect new requirements from endpoints. Minor bugfix in server.ts so we don't throw an uncaught exception when rejecting a stream with an invalid key. Transcode options readded to default.toml. They do nothing and they are not sane defaults. Both of those things are in the todo list. 2019-12-03 19:51:14 -06:00			`if(!name \|\| !password \|\| !newpwd) return {"error":"Insufficient parameters"};`
I don't even know. Filled out API for user management Proper escaping of user input for SQL queries (stream keys aren't user input) Filled out frontend with profile management, vods, etc. I don't remember there's probably more, fuck. 2019-10-05 14:34:57 -05:00			`let auth: boolean = await db.validatePassword(name, password);`
			`if(!auth) return {"error":"Username or Password Incorrect"};`
			`let newhash: string = await db.hash(newpwd);`
			`await db.query('UPDATE users set password_hash='+db.raw.escape(newhash)+'where username='+db.raw.escape(name)+' limit 1');`
			`return {"success":""};`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00			`}`

Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00			`async function changesk(name: string): Promise<object>{`
I don't even know. Filled out API for user management Proper escaping of user input for SQL queries (stream keys aren't user input) Filled out frontend with profile management, vods, etc. I don't remember there's probably more, fuck. 2019-10-05 14:34:57 -05:00			`let key: string = await db.genKey();`
			`await db.query('UPDATE users set stream_key='+db.raw.escape(key)+'where username='+db.raw.escape(name)+' limit 1');`
			`return {"success":key};`
Added some api functions, an express server for the API and nunjucks Added nunjucks templates for frontend pages. 2019-09-28 21:43:25 -05:00			`}`

Big Commit! Seriously, this one is pretty massive. Satyr now has proper sessions in the browser (like a real website), and a lot of changes were made. API Endpoints were changed from requiring a username and password to requiring a valid JsonWebToken, obtained from /api/login Satyr will generate a PEM format key for JWT signing and verification on startup if it can't find one at config/jwt.pem This file was added to .gitignore Two new depencies: cookie-parser and jose, for reading and signing JWTs. Refactored http.ts into mutiple functions, with a couple helper functions related to cookies and JWT decoding and verification. Socket.IO chat will also automatically log in users with a valid JWT. Refactor api.ts to reflect new requirements from endpoints. Minor bugfix in server.ts so we don't throw an uncaught exception when rejecting a stream with an invalid key. Transcode options readded to default.toml. They do nothing and they are not sane defaults. Both of those things are in the todo list. 2019-12-03 19:51:14 -06:00			`async function login(name: string, password: string){`
			`if(!name \|\| !password) return {"error":"Insufficient parameters"};`
			`let auth: boolean = await db.validatePassword(name, password);`
			`if(!auth) return {"error":"Username or Password Incorrect"};`
			`return false;`
			`}`

Add VOD management page and the ability to delete the user's own vods 2020-06-27 08:34:09 -05:00			`async function deleteVODs(vodlist: Array<string>, username: string): Promise<object>{`
			`for(var i=0;i<vodlist.length;i++){`
			`unlink('./site/live/'+username+'/'+vodlist[i], ()=>{});`
			`}`
			`return {"success":""};`
			`}`

Add API function for getting a user's configuration. 2020-07-30 00:45:08 -05:00			`async function getConfig(username: string, all?: boolean): Promise<object>{`
			`let t = {username: username};`
			`if(all) {`
			`let users = await db.query('SELECT stream_key,record_flag FROM users WHERE username='+db.raw.escape(username));`
			`if(users[0]) Object.assign(t, users[0]);`
			`let usermeta = await db.query('SELECT title,about FROM user_meta WHERE username='+db.raw.escape(username));`
			`if(usermeta[0]) Object.assign(t, users[0]);`
			`let ci = await db.query('SELECT irc,xmpp,twitch,discord FROM chat_integration WHERE username='+db.raw.escape(username));`
			`if(ci[0]) Object.assign(t, ci[0]);`
			`}`
			`else {`
			`let um = await db.query('SELECT title,about FROM user_meta WHERE username='+db.raw.escape(username));`
			`if(um[0]) Object.assign(t, um[0]);`
			`}`
			`return t;`
			`}`

			`export { register, update, changepwd, changesk, login, updateChat, deleteVODs, getConfig };`