296 lines
14 KiB
JavaScript
296 lines
14 KiB
JavaScript
const lognoutNewLog = async (username, type) => {
|
|
let result = await query(`
|
|
insert into \`madmin_logs\` (
|
|
\`type\`,
|
|
\`author\`,
|
|
\`message\`,
|
|
\`date\`,
|
|
\`player_uid\`
|
|
) values (
|
|
'${type}',
|
|
'${username.replaceAll("'", "\\'")}',
|
|
'${type === "login" ? 'logged in.' : 'logged out.'}',
|
|
'${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}',
|
|
'None'
|
|
)
|
|
`)
|
|
if (result === false) return
|
|
}
|
|
|
|
app.use("/registerUserWithDiscord.lvorex", express.json())
|
|
app.post("/registerUserWithDiscord.lvorex", async (req, res) => {
|
|
const authCode = req.body.code
|
|
const url = req.body.url
|
|
|
|
const tokenResponseData = await request("https://discord.com/api/oauth2/token", {
|
|
method: "POST",
|
|
body: new URLSearchParams({
|
|
client_id: config.clientId,
|
|
client_secret: config.clientSecret,
|
|
code: authCode,
|
|
grant_type: 'authorization_code',
|
|
redirect_uri: `${url}/Register/`,
|
|
scope: 'identify',
|
|
}).toString(),
|
|
headers: {
|
|
'Content-Type': "application/x-www-form-urlencoded"
|
|
}
|
|
})
|
|
|
|
const oauthData = await tokenResponseData.body.json()
|
|
if (oauthData.error) {
|
|
res.json({
|
|
code: 404,
|
|
message: oauthData.error_description
|
|
})
|
|
return
|
|
}
|
|
|
|
const { access_token: AccessToken, token_type: TokenType } = oauthData
|
|
const accountType = req.body.accountType
|
|
|
|
let userResult = await request("https://discord.com/api/users/@me", {
|
|
headers: {
|
|
'authorization': `${TokenType} ${AccessToken}`
|
|
}
|
|
})
|
|
userResult = await userResult.body.json()
|
|
|
|
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 401, message: "Not authorized." })
|
|
|
|
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord\` = '${userResult.id}' OR \`discord_token\` = '${sha1(AccessToken)}' OR \`username\` = '${userResult.username}'`)
|
|
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
|
|
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Account already exists." })
|
|
|
|
result = await query(`
|
|
SELECT * FROM \`madmin_registers\`
|
|
WHERE
|
|
\`discord\` = '${userResult.id}' AND \`request\` = 1
|
|
OR
|
|
\`discord_token\` = '${sha1(AccessToken)}' AND \`request\` = 1
|
|
OR
|
|
\`username\` = '${userResult.username}' AND \`request\` = 1
|
|
`)
|
|
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
|
|
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Request already exists." })
|
|
|
|
result = await query(`INSERT INTO \`madmin_registers\` (\`username\`, \`discord_token\`, \`discord\`, \`avatar\`, \`accountType\`, \`ip\`, \`discord_avatar\`) VALUES ('${userResult.username.replaceAll("'", "\\'")}', '${sha1(AccessToken)}', '${userResult.id}', 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png', '${accountType}', '${req.socket.remoteAddress}', 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png')`)
|
|
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
|
|
|
|
res.json({
|
|
code: 200,
|
|
type: "success",
|
|
message: "Successfully created account."
|
|
})
|
|
})
|
|
|
|
app.use("/registerUserWithNormal.lvorex", express.json())
|
|
app.post("/registerUserWithNormal.lvorex", async (req, res) => {
|
|
const userDetails = req.body
|
|
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 401, message: "Not authorized." })
|
|
|
|
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`username\` = '${userDetails.username}'`)
|
|
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
|
|
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Account already exists." })
|
|
|
|
result = await query(`SELECT * FROM \`madmin_registers\` WHERE \`username\` = '${userDetails.username}' AND \`request\` = 1`)
|
|
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
|
|
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Request already exists." })
|
|
|
|
result = await query(`INSERT INTO \`madmin_registers\` (\`username\`, \`password\`, \`accountType\`, \`ip\`) VALUES ('${userDetails.username.replaceAll("'", "\\'")}', '${userDetails.password.replaceAll("'", "\\'")}', '${userDetails.accountType}', '${req.socket.remoteAddress}')`)
|
|
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
|
|
|
|
res.json({
|
|
code: 200,
|
|
type: "success",
|
|
message: "Successfully created account."
|
|
})
|
|
})
|
|
|
|
const loginRateLimit = rateLimit({
|
|
windowMs: 15 * 60 * 1000,
|
|
max: 50,
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
|
|
message: JSON.stringify({ code: 404, message: "You are been rate limited!" })
|
|
})
|
|
|
|
app.use("/loginWithDiscord.lvorex", express.json())
|
|
app.post("/loginWithDiscord.lvorex", loginRateLimit, async (req, res) => {
|
|
const userDetails = req.body
|
|
|
|
const tokenResponseData = await request("https://discord.com/api/oauth2/token", {
|
|
method: "POST",
|
|
body: new URLSearchParams({
|
|
client_id: config.clientId,
|
|
client_secret: config.clientSecret,
|
|
code: userDetails.code,
|
|
grant_type: 'authorization_code',
|
|
redirect_uri: `${userDetails.url}/Login/`,
|
|
scope: 'identify',
|
|
}).toString(),
|
|
headers: {
|
|
'Content-Type': "application/x-www-form-urlencoded"
|
|
}
|
|
})
|
|
|
|
const oauthData = await tokenResponseData.body.json()
|
|
if (oauthData.error) {
|
|
res.json({
|
|
code: 404,
|
|
message: oauthData.error_description
|
|
})
|
|
return
|
|
}
|
|
|
|
const { access_token: AccessToken, token_type: TokenType } = oauthData
|
|
|
|
let userResult = await request("https://discord.com/api/users/@me", {
|
|
headers: {
|
|
'authorization': `${TokenType} ${AccessToken}`
|
|
}
|
|
})
|
|
userResult = await userResult.body.json()
|
|
|
|
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord_token\` = '${sha1(AccessToken)}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
if (result.length === 0) {
|
|
let secondResult = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord\` = '${userResult.id}'`)
|
|
if (secondResult === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
if (secondResult.length === 0) return res.json({ code: 404, message: "No linked account found." })
|
|
result = secondResult
|
|
secondResult = await query(`
|
|
UPDATE \`madmin_accounts\`
|
|
SET \`discord_token\` = '${sha1(AccessToken)}'
|
|
WHERE \`discord_token\` = '${secondResult[0].discord_token}'
|
|
`)
|
|
if (secondResult === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
}
|
|
|
|
const { id: userId, username: userUsername, darkMode, syncedDarkMode, rank: userRank, discord_avatar: DiscordAvatar } = result [0]
|
|
if (DiscordAvatar !== `https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png`) {
|
|
let UpdateDiscordAvatar = await query(`
|
|
update \`madmin_accounts\`
|
|
set
|
|
\`avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png',
|
|
\`discord_avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png'
|
|
where \`id\` = ${userId}
|
|
`)
|
|
if (UpdateDiscordAvatar === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
}
|
|
|
|
result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
if (result.length > 0) {
|
|
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '' WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
}
|
|
|
|
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '${sha1(req.socket.remoteAddress)}', \`avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png' WHERE \`discord_token\` = '${sha1(AccessToken)}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
|
|
let DarkModeStatus = darkMode === 1 ? true : false
|
|
if (DarkModeStatus === false && darkMode === 2 && Number(moment(Date.now()).format("HH")) >= 18) {
|
|
DarkModeStatus = true
|
|
}
|
|
|
|
const uidKey = crypto.randomBytes(20).toString("hex")
|
|
usersKeys.push({
|
|
key: uidKey,
|
|
ip: req.socket.remoteAddress,
|
|
userId: userId,
|
|
userName: userUsername,
|
|
darkMode: DarkModeStatus,
|
|
syncedDarkMode: syncedDarkMode,
|
|
rank: userRank
|
|
})
|
|
|
|
await lognoutNewLog(userUsername, "login")
|
|
|
|
res.json({
|
|
code: 200,
|
|
message: JSON.stringify({
|
|
key: uidKey,
|
|
framework: config.Framework,
|
|
permissions: await getAllPermissions(userRank)
|
|
})
|
|
})
|
|
})
|
|
|
|
app.use("/loginWithNormal.lvorex", express.json())
|
|
app.post("/loginWithNormal.lvorex", loginRateLimit, async (req, res) => {
|
|
const userDetails = req.body
|
|
|
|
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`username\` = '${userDetails.username.replaceAll("'", "\\'")}' AND \`password\` = '${userDetails.password}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
if (result.length === 0) return res.json({ code: 404, message: "Username or password is not valid." })
|
|
|
|
const { id: userId, username: userUsername, darkMode, syncedDarkMode, rank: userRank } = result [0]
|
|
|
|
result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
if (result.length > 0) {
|
|
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '' WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
}
|
|
|
|
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '${sha1(req.socket.remoteAddress)}' WHERE \`id\` = '${userId}'`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
|
|
|
|
let DarkModeStatus = darkMode === 1 ? true : false
|
|
if (DarkModeStatus === false && darkMode === 2 && Number(moment(Date.now()).format("HH")) >= 18) {
|
|
DarkModeStatus = true
|
|
}
|
|
|
|
const uidKey = crypto.randomBytes(20).toString("hex")
|
|
usersKeys.push({
|
|
key: uidKey,
|
|
ip: req.socket.remoteAddress,
|
|
userId: userId,
|
|
userName: userUsername,
|
|
darkMode: DarkModeStatus,
|
|
syncedDarkMode: syncedDarkMode,
|
|
rank: userRank
|
|
})
|
|
|
|
await lognoutNewLog(userUsername, "login")
|
|
|
|
res.json({
|
|
code: 200,
|
|
message: JSON.stringify({
|
|
key: uidKey,
|
|
framework: config.Framework,
|
|
permissions: await getAllPermissions(userRank)
|
|
})
|
|
})
|
|
})
|
|
|
|
app.use("/logoutFromAccount.lvorex", express.json())
|
|
app.post("/logoutFromAccount.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
|
|
await lognoutNewLog(userKey.userName, "logout")
|
|
res.json({ code: 200, message: "Logged out." })
|
|
})
|
|
|
|
// const RankPattern = {
|
|
// Dashboard: [true,true,true,true,true,true],
|
|
// Players: [true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],
|
|
// Accounts: [true,true,true],
|
|
// LiveMap: [true,true],
|
|
// Vehicles: [true,true,true,true,true,true],
|
|
// Items: [true,true],
|
|
// Jobs: [true,true,true,true,true],
|
|
// Factions: [true,true,true,true,true],
|
|
// Logs: [true],
|
|
// LiveConsole: [true],
|
|
// Resources: [true,true],
|
|
// Admins: [true,true,true],
|
|
// Management: [true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]
|
|
// }
|
|
|
|
// {"Dashboard":[true,true,true,true,true,true],"Players":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],"Accounts":[true,true,true],"LiveMap":[true,true],"Vehicles":[true,true,true,true,true,true],"Items":[true,true],"Jobs":[true,true,true,true,true],"Factions":[true,true,true,true,true],"Logs":[true],"LiveConsole":[true],"Resources":[true,true],"Admins":[true,true,true],"Management":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]}
|