const lognoutNewLog = async (username, type) => { let result = await query(` insert into \`madmin_logs\` ( \`type\`, \`author\`, \`message\`, \`date\`, \`player_uid\` ) values ( '${type}', '${username.replaceAll("'", "\\'")}', '${type === "login" ? 'logged in.' : 'logged out.'}', '${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}', 'None' ) `) if (result === false) return } app.use("/registerUserWithDiscord.lvorex", express.json()) app.post("/registerUserWithDiscord.lvorex", async (req, res) => { const authCode = req.body.code const url = req.body.url const tokenResponseData = await request("https://discord.com/api/oauth2/token", { method: "POST", body: new URLSearchParams({ client_id: config.clientId, client_secret: config.clientSecret, code: authCode, grant_type: 'authorization_code', redirect_uri: `${url}/Register/`, scope: 'identify', }).toString(), headers: { 'Content-Type': "application/x-www-form-urlencoded" } }) const oauthData = await tokenResponseData.body.json() if (oauthData.error) { res.json({ code: 404, message: oauthData.error_description }) return } const { access_token: AccessToken, token_type: TokenType } = oauthData const accountType = req.body.accountType let userResult = await request("https://discord.com/api/users/@me", { headers: { 'authorization': `${TokenType} ${AccessToken}` } }) userResult = await userResult.body.json() if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 401, message: "Not authorized." }) let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord\` = '${userResult.id}' OR \`discord_token\` = '${sha1(AccessToken)}' OR \`username\` = '${userResult.username}'`) if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." }) if (result.length > 0) return res.json({ code: 404, type: "username", message: "Account already exists." }) result = await query(` SELECT * FROM \`madmin_registers\` WHERE \`discord\` = '${userResult.id}' AND \`request\` = 1 OR \`discord_token\` = '${sha1(AccessToken)}' AND \`request\` = 1 OR \`username\` = '${userResult.username}' AND \`request\` = 1 `) if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." }) if (result.length > 0) return res.json({ code: 404, type: "username", message: "Request already exists." }) result = await query(`INSERT INTO \`madmin_registers\` (\`username\`, \`discord_token\`, \`discord\`, \`avatar\`, \`accountType\`, \`ip\`, \`discord_avatar\`) VALUES ('${userResult.username.replaceAll("'", "\\'")}', '${sha1(AccessToken)}', '${userResult.id}', 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png', '${accountType}', '${req.socket.remoteAddress}', 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png')`) if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." }) res.json({ code: 200, type: "success", message: "Successfully created account." }) }) app.use("/registerUserWithNormal.lvorex", express.json()) app.post("/registerUserWithNormal.lvorex", async (req, res) => { const userDetails = req.body if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 401, message: "Not authorized." }) let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`username\` = '${userDetails.username}'`) if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." }) if (result.length > 0) return res.json({ code: 404, type: "username", message: "Account already exists." }) result = await query(`SELECT * FROM \`madmin_registers\` WHERE \`username\` = '${userDetails.username}' AND \`request\` = 1`) if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." }) if (result.length > 0) return res.json({ code: 404, type: "username", message: "Request already exists." }) result = await query(`INSERT INTO \`madmin_registers\` (\`username\`, \`password\`, \`accountType\`, \`ip\`) VALUES ('${userDetails.username.replaceAll("'", "\\'")}', '${userDetails.password.replaceAll("'", "\\'")}', '${userDetails.accountType}', '${req.socket.remoteAddress}')`) if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." }) res.json({ code: 200, type: "success", message: "Successfully created account." }) }) const loginRateLimit = rateLimit({ windowMs: 15 * 60 * 1000, max: 50, standardHeaders: true, legacyHeaders: false, message: JSON.stringify({ code: 404, message: "You are been rate limited!" }) }) app.use("/loginWithDiscord.lvorex", express.json()) app.post("/loginWithDiscord.lvorex", loginRateLimit, async (req, res) => { const userDetails = req.body const tokenResponseData = await request("https://discord.com/api/oauth2/token", { method: "POST", body: new URLSearchParams({ client_id: config.clientId, client_secret: config.clientSecret, code: userDetails.code, grant_type: 'authorization_code', redirect_uri: `${userDetails.url}/Login/`, scope: 'identify', }).toString(), headers: { 'Content-Type': "application/x-www-form-urlencoded" } }) const oauthData = await tokenResponseData.body.json() if (oauthData.error) { res.json({ code: 404, message: oauthData.error_description }) return } const { access_token: AccessToken, token_type: TokenType } = oauthData let userResult = await request("https://discord.com/api/users/@me", { headers: { 'authorization': `${TokenType} ${AccessToken}` } }) userResult = await userResult.body.json() let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord_token\` = '${sha1(AccessToken)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) if (result.length === 0) { let secondResult = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord\` = '${userResult.id}'`) if (secondResult === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) if (secondResult.length === 0) return res.json({ code: 404, message: "No linked account found." }) result = secondResult secondResult = await query(` UPDATE \`madmin_accounts\` SET \`discord_token\` = '${sha1(AccessToken)}' WHERE \`discord_token\` = '${secondResult[0].discord_token}' `) if (secondResult === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) } const { id: userId, username: userUsername, darkMode, syncedDarkMode, rank: userRank, discord_avatar: DiscordAvatar } = result [0] if (DiscordAvatar !== `https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png`) { let UpdateDiscordAvatar = await query(` update \`madmin_accounts\` set \`avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png', \`discord_avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png' where \`id\` = ${userId} `) if (UpdateDiscordAvatar === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) } result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) if (result.length > 0) { result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '' WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) } result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '${sha1(req.socket.remoteAddress)}', \`avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png' WHERE \`discord_token\` = '${sha1(AccessToken)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) let DarkModeStatus = darkMode === 1 ? true : false if (DarkModeStatus === false && darkMode === 2 && Number(moment(Date.now()).format("HH")) >= 18) { DarkModeStatus = true } const uidKey = crypto.randomBytes(20).toString("hex") usersKeys.push({ key: uidKey, ip: req.socket.remoteAddress, userId: userId, userName: userUsername, darkMode: DarkModeStatus, syncedDarkMode: syncedDarkMode, rank: userRank }) await lognoutNewLog(userUsername, "login") res.json({ code: 200, message: JSON.stringify({ key: uidKey, framework: config.Framework, permissions: await getAllPermissions(userRank) }) }) }) app.use("/loginWithNormal.lvorex", express.json()) app.post("/loginWithNormal.lvorex", loginRateLimit, async (req, res) => { const userDetails = req.body let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`username\` = '${userDetails.username.replaceAll("'", "\\'")}' AND \`password\` = '${userDetails.password}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) if (result.length === 0) return res.json({ code: 404, message: "Username or password is not valid." }) const { id: userId, username: userUsername, darkMode, syncedDarkMode, rank: userRank } = result [0] result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) if (result.length > 0) { result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '' WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) } result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '${sha1(req.socket.remoteAddress)}' WHERE \`id\` = '${userId}'`) if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." }) let DarkModeStatus = darkMode === 1 ? true : false if (DarkModeStatus === false && darkMode === 2 && Number(moment(Date.now()).format("HH")) >= 18) { DarkModeStatus = true } const uidKey = crypto.randomBytes(20).toString("hex") usersKeys.push({ key: uidKey, ip: req.socket.remoteAddress, userId: userId, userName: userUsername, darkMode: DarkModeStatus, syncedDarkMode: syncedDarkMode, rank: userRank }) await lognoutNewLog(userUsername, "login") res.json({ code: 200, message: JSON.stringify({ key: uidKey, framework: config.Framework, permissions: await getAllPermissions(userRank) }) }) }) app.use("/logoutFromAccount.lvorex", express.json()) app.post("/logoutFromAccount.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) await lognoutNewLog(userKey.userName, "logout") res.json({ code: 200, message: "Logged out." }) }) // const RankPattern = { // Dashboard: [true,true,true,true,true,true], // Players: [true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true], // Accounts: [true,true,true], // LiveMap: [true,true], // Vehicles: [true,true,true,true,true,true], // Items: [true,true], // Jobs: [true,true,true,true,true], // Factions: [true,true,true,true,true], // Logs: [true], // LiveConsole: [true], // Resources: [true,true], // Admins: [true,true,true], // Management: [true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true] // } // {"Dashboard":[true,true,true,true,true,true],"Players":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],"Accounts":[true,true,true],"LiveMap":[true,true],"Vehicles":[true,true,true,true,true,true],"Items":[true,true],"Jobs":[true,true,true,true,true],"Factions":[true,true,true,true,true],"Logs":[true],"LiveConsole":[true],"Resources":[true,true],"Admins":[true,true,true],"Management":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]}