1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import * as bcrypt from "https://deno.land/x/bcrypt@v0.4.1/mod.ts";
import { sqlite } from "https://esm.town/v/std/sqlite";
export default async function(req: Request): Promise<Response> {
const TABLE_NAME = "lab_login_users_with_times";
const body = await req.json();
const { username, password, type, target } = body;
const tpUserQuery = await sqlite.execute({
sql: `SELECT * FROM ${TABLE_NAME} WHERE username = ?`,
args: ["TodePond"],
});
if (tpUserQuery.rows.length === 0) {
return new Response(JSON.stringify({ error: "admin user not found" }), { status: 404 });
}
const tpUser = tpUserQuery.rows[0];
const storedPassword = tpUser[2];
const passwordMatch = await bcrypt.compare(password, storedPassword);
if (!passwordMatch) {
return new Response(JSON.stringify({ error: "wrong admin password" }), { status: 401 });
}
if (type === "kick" && target === "name") {
if (username === "TodePond") {
return new Response(JSON.stringify({ error: "cannot kick admin" }), { status: 400 });
}
// delete the user
await sqlite.execute({
sql: `DELETE FROM ${TABLE_NAME} WHERE username = ?`,
args: [username],
});
} else if (type === "kick" && target === "status") {
// set the user's status to "user's status was removed by admin"
await sqlite.execute({
sql: `UPDATE ${TABLE_NAME} SET status = "my status was removed by admin" WHERE username = ?`,
args: [username],
});
} else if (type === "ban" && target === "name") {
// set the banned column to true and set status to "i was banned"
await sqlite.execute({
sql: `UPDATE ${TABLE_NAME} SET banned = 1, status = "i was banned" WHERE username = ?`,
args: [username],
});
}
return new Response(JSON.stringify({ success: true }), { status: 200 });
}