1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import * as bcrypt from "https://deno.land/x/bcrypt@v0.4.1/mod.ts";
import { email } from "https://esm.town/v/std/email";
import { sqlite } from "https://esm.town/v/std/sqlite";
export default async function(req: Request): Promise<Response> {
const body = await req.json();
let { username, password } = body;
if (!username || !password) {
return new Response(JSON.stringify({ error: "Missing username or password" }), { status: 400 });
}
if (password.length > 50) {
return new Response(JSON.stringify({ error: "Password too long" }), { status: 400 });
}
if (username.length > 50) {
return new Response(JSON.stringify({ error: "Username too long" }), { status: 400 });
}
const TABLE_NAME = "lab_login_users_with_times";
// Create users table if it doesn't exist
await sqlite.execute(`
CREATE TABLE IF NOT EXISTS ${TABLE_NAME} (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
password TEXT NOT NULL,
status TEXT DEFAULT 'hello i am new',
last_updated DATETIME DEFAULT CURRENT_TIMESTAMP,
banned INTEGER DEFAULT 0
)
`);
const existingUser = await sqlite.execute({
sql: `SELECT * FROM ${TABLE_NAME} WHERE username = ?`,
args: [username],
});
const bannedCharacters = [
" ",
// tab
"\t",
// newline
"\n",
// carriage return
"\r",
// zero width character
"\u200b",
// zero width joiner
"\u200d",
// zero width non-joiner
"\u200c",
// braille
"\u2800",
"",
" ",
];
if (existingUser.rows.length === 0) {
// User doesn't exist, create new account
const hashedPassword = await bcrypt.hash(password);
if (bannedCharacters.some(char => username.includes(char))) {
return new Response(JSON.stringify({ error: "username contains banned characters. no spaces, etc..." }), {
status: 400,
});
}
if (username.toLowerCase().includes("todepond")) {
return new Response(JSON.stringify({ error: "no todepond impersonation" }), { status: 400 });
}
await sqlite.execute({
sql: `INSERT INTO ${TABLE_NAME} (username, password) VALUES (?, ?)`,
args: [username, hashedPassword],
});
const newUser = await sqlite.execute({
sql: `SELECT * FROM ${TABLE_NAME} WHERE username = ?`,
args: [username],
});
email({
to: "todepond@gmail.com",
from: "todepond.com@valtown.email",
subject: "New Login user",
text: username,
});
return new Response(JSON.stringify(newUser.rows[0]), { status: 201 });
}
// User exists, verify password
const user = existingUser.rows[0];
const storedPassword = user[2];
const passwordMatch = await bcrypt.compare(password, storedPassword);
// is the user banned?
if (user[5] === 1) {
return new Response(JSON.stringify({ error: "user is banned" }), { status: 403 });