2026-04-14 17:41:39 +02:00

296 lines
14 KiB
JavaScript

const lognoutNewLog = async (username, type) => {
let result = await query(`
insert into \`madmin_logs\` (
\`type\`,
\`author\`,
\`message\`,
\`date\`,
\`player_uid\`
) values (
'${type}',
'${username.replaceAll("'", "\\'")}',
'${type === "login" ? 'logged in.' : 'logged out.'}',
'${moment(Date.now()).format("DD.MM.YYYY HH:mm:ss")}',
'None'
)
`)
if (result === false) return
}
app.use("/registerUserWithDiscord.lvorex", express.json())
app.post("/registerUserWithDiscord.lvorex", async (req, res) => {
const authCode = req.body.code
const url = req.body.url
const tokenResponseData = await request("https://discord.com/api/oauth2/token", {
method: "POST",
body: new URLSearchParams({
client_id: config.clientId,
client_secret: config.clientSecret,
code: authCode,
grant_type: 'authorization_code',
redirect_uri: `${url}/Register/`,
scope: 'identify',
}).toString(),
headers: {
'Content-Type': "application/x-www-form-urlencoded"
}
})
const oauthData = await tokenResponseData.body.json()
if (oauthData.error) {
res.json({
code: 404,
message: oauthData.error_description
})
return
}
const { access_token: AccessToken, token_type: TokenType } = oauthData
const accountType = req.body.accountType
let userResult = await request("https://discord.com/api/users/@me", {
headers: {
'authorization': `${TokenType} ${AccessToken}`
}
})
userResult = await userResult.body.json()
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 401, message: "Not authorized." })
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord\` = '${userResult.id}' OR \`discord_token\` = '${sha1(AccessToken)}' OR \`username\` = '${userResult.username}'`)
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Account already exists." })
result = await query(`
SELECT * FROM \`madmin_registers\`
WHERE
\`discord\` = '${userResult.id}' AND \`request\` = 1
OR
\`discord_token\` = '${sha1(AccessToken)}' AND \`request\` = 1
OR
\`username\` = '${userResult.username}' AND \`request\` = 1
`)
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Request already exists." })
result = await query(`INSERT INTO \`madmin_registers\` (\`username\`, \`discord_token\`, \`discord\`, \`avatar\`, \`accountType\`, \`ip\`, \`discord_avatar\`) VALUES ('${userResult.username.replaceAll("'", "\\'")}', '${sha1(AccessToken)}', '${userResult.id}', 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png', '${accountType}', '${req.socket.remoteAddress}', 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png')`)
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
res.json({
code: 200,
type: "success",
message: "Successfully created account."
})
})
app.use("/registerUserWithNormal.lvorex", express.json())
app.post("/registerUserWithNormal.lvorex", async (req, res) => {
const userDetails = req.body
if (req.socket.remoteAddress !== res.socket.remoteAddress) return res.json({ code: 401, message: "Not authorized." })
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`username\` = '${userDetails.username}'`)
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Account already exists." })
result = await query(`SELECT * FROM \`madmin_registers\` WHERE \`username\` = '${userDetails.username}' AND \`request\` = 1`)
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
if (result.length > 0) return res.json({ code: 404, type: "username", message: "Request already exists." })
result = await query(`INSERT INTO \`madmin_registers\` (\`username\`, \`password\`, \`accountType\`, \`ip\`) VALUES ('${userDetails.username.replaceAll("'", "\\'")}', '${userDetails.password.replaceAll("'", "\\'")}', '${userDetails.accountType}', '${req.socket.remoteAddress}')`)
if (result === false) return res.json({ code: 404, type: "username", message: "SQL Error appeared. Please check console." })
res.json({
code: 200,
type: "success",
message: "Successfully created account."
})
})
const loginRateLimit = rateLimit({
windowMs: 15 * 60 * 1000,
max: 50,
standardHeaders: true,
legacyHeaders: false,
message: JSON.stringify({ code: 404, message: "You are been rate limited!" })
})
app.use("/loginWithDiscord.lvorex", express.json())
app.post("/loginWithDiscord.lvorex", loginRateLimit, async (req, res) => {
const userDetails = req.body
const tokenResponseData = await request("https://discord.com/api/oauth2/token", {
method: "POST",
body: new URLSearchParams({
client_id: config.clientId,
client_secret: config.clientSecret,
code: userDetails.code,
grant_type: 'authorization_code',
redirect_uri: `${userDetails.url}/Login/`,
scope: 'identify',
}).toString(),
headers: {
'Content-Type': "application/x-www-form-urlencoded"
}
})
const oauthData = await tokenResponseData.body.json()
if (oauthData.error) {
res.json({
code: 404,
message: oauthData.error_description
})
return
}
const { access_token: AccessToken, token_type: TokenType } = oauthData
let userResult = await request("https://discord.com/api/users/@me", {
headers: {
'authorization': `${TokenType} ${AccessToken}`
}
})
userResult = await userResult.body.json()
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord_token\` = '${sha1(AccessToken)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
if (result.length === 0) {
let secondResult = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`discord\` = '${userResult.id}'`)
if (secondResult === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
if (secondResult.length === 0) return res.json({ code: 404, message: "No linked account found." })
result = secondResult
secondResult = await query(`
UPDATE \`madmin_accounts\`
SET \`discord_token\` = '${sha1(AccessToken)}'
WHERE \`discord_token\` = '${secondResult[0].discord_token}'
`)
if (secondResult === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
}
const { id: userId, username: userUsername, darkMode, syncedDarkMode, rank: userRank, discord_avatar: DiscordAvatar } = result [0]
if (DiscordAvatar !== `https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png`) {
let UpdateDiscordAvatar = await query(`
update \`madmin_accounts\`
set
\`avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png',
\`discord_avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png'
where \`id\` = ${userId}
`)
if (UpdateDiscordAvatar === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
}
result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
if (result.length > 0) {
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '' WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
}
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '${sha1(req.socket.remoteAddress)}', \`avatar\` = 'https://cdn.discordapp.com/avatars/${userResult.id}/${userResult.avatar}.png' WHERE \`discord_token\` = '${sha1(AccessToken)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
let DarkModeStatus = darkMode === 1 ? true : false
if (DarkModeStatus === false && darkMode === 2 && Number(moment(Date.now()).format("HH")) >= 18) {
DarkModeStatus = true
}
const uidKey = crypto.randomBytes(20).toString("hex")
usersKeys.push({
key: uidKey,
ip: req.socket.remoteAddress,
userId: userId,
userName: userUsername,
darkMode: DarkModeStatus,
syncedDarkMode: syncedDarkMode,
rank: userRank
})
await lognoutNewLog(userUsername, "login")
res.json({
code: 200,
message: JSON.stringify({
key: uidKey,
framework: config.Framework,
permissions: await getAllPermissions(userRank)
})
})
})
app.use("/loginWithNormal.lvorex", express.json())
app.post("/loginWithNormal.lvorex", loginRateLimit, async (req, res) => {
const userDetails = req.body
let result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`username\` = '${userDetails.username.replaceAll("'", "\\'")}' AND \`password\` = '${userDetails.password}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
if (result.length === 0) return res.json({ code: 404, message: "Username or password is not valid." })
const { id: userId, username: userUsername, darkMode, syncedDarkMode, rank: userRank } = result [0]
result = await query(`SELECT * FROM \`madmin_accounts\` WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
if (result.length > 0) {
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '' WHERE \`ip\` = '${sha1(req.socket.remoteAddress)}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
}
result = await query(`UPDATE \`madmin_accounts\` SET \`ip\` = '${sha1(req.socket.remoteAddress)}' WHERE \`id\` = '${userId}'`)
if (result === false) return res.json({ code: 404, message: "SQL Error appeared. Please check console." })
let DarkModeStatus = darkMode === 1 ? true : false
if (DarkModeStatus === false && darkMode === 2 && Number(moment(Date.now()).format("HH")) >= 18) {
DarkModeStatus = true
}
const uidKey = crypto.randomBytes(20).toString("hex")
usersKeys.push({
key: uidKey,
ip: req.socket.remoteAddress,
userId: userId,
userName: userUsername,
darkMode: DarkModeStatus,
syncedDarkMode: syncedDarkMode,
rank: userRank
})
await lognoutNewLog(userUsername, "login")
res.json({
code: 200,
message: JSON.stringify({
key: uidKey,
framework: config.Framework,
permissions: await getAllPermissions(userRank)
})
})
})
app.use("/logoutFromAccount.lvorex", express.json())
app.post("/logoutFromAccount.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
await lognoutNewLog(userKey.userName, "logout")
res.json({ code: 200, message: "Logged out." })
})
// const RankPattern = {
// Dashboard: [true,true,true,true,true,true],
// Players: [true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],
// Accounts: [true,true,true],
// LiveMap: [true,true],
// Vehicles: [true,true,true,true,true,true],
// Items: [true,true],
// Jobs: [true,true,true,true,true],
// Factions: [true,true,true,true,true],
// Logs: [true],
// LiveConsole: [true],
// Resources: [true,true],
// Admins: [true,true,true],
// Management: [true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]
// }
// {"Dashboard":[true,true,true,true,true,true],"Players":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],"Accounts":[true,true,true],"LiveMap":[true,true],"Vehicles":[true,true,true,true,true,true],"Items":[true,true],"Jobs":[true,true,true,true,true],"Factions":[true,true,true,true,true],"Logs":[true],"LiveConsole":[true],"Resources":[true,true],"Admins":[true,true,true],"Management":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]}