v4
This commit is contained in:
@@ -15,11 +15,10 @@ const upload = multer({
|
||||
})
|
||||
|
||||
const sessions = {}
|
||||
const emailCache = {} // key = email, value = code
|
||||
|
||||
app.use((req, res, next) => {
|
||||
if (req.path == '/customer/login' ||
|
||||
req.path == '/customer/register' ||
|
||||
req.path == '/customer/activate')
|
||||
if (req.path == '/auth/email' || req.path == '/auth/telegram' || req.path == '/auth/register' || req.path == '/auth/logout')
|
||||
return next()
|
||||
|
||||
const asid = req.query.asid || req.cookies.asid
|
||||
@@ -31,96 +30,104 @@ app.use((req, res, next) => {
|
||||
next()
|
||||
})
|
||||
|
||||
// CUSTOMER
|
||||
app.post('/customer/login', (req, res, next) => {
|
||||
// AUTH
|
||||
function createSession(req, res, customer_id) {
|
||||
if (!customer_id)
|
||||
throw Error('AUTH_ERROR::500')
|
||||
|
||||
res.locals.customer_id = customer_id
|
||||
const asid = crypto.randomBytes(64).toString('hex')
|
||||
req.session = sessions[asid] = {asid, customer_id }
|
||||
res.setHeader('Set-Cookie', [`asid=${asid};httpOnly;path=/api/admin`])
|
||||
}
|
||||
|
||||
app.post('/auth/email', (req, res, next) => {
|
||||
res.locals.email = req.body?.email
|
||||
res.locals.password = req.body?.password
|
||||
|
||||
let customer_id = db
|
||||
.prepare(`
|
||||
select id
|
||||
from customers
|
||||
where is_active = 1 and (
|
||||
email is not null and email = :email and password is not null and password = :password or
|
||||
email is null and password is null and telegram_user_id = :telegram_id
|
||||
)
|
||||
`)
|
||||
const customer_id = db
|
||||
.prepare(`select id from customers where is_blocked = 0 and email = :email and password is not null and password = :password `)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
if (!customer_id && !res.locals.email && !res.locals.password) {
|
||||
customer_id = db
|
||||
.prepare(`insert into customers (telegram_user_id, is_active) values (:telegram_id, 1) returning id`)
|
||||
.safeIntegers(true)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
}
|
||||
|
||||
if (!customer_id)
|
||||
throw Error('AUTH_ERROR::401')
|
||||
|
||||
res.locals.customer_id = customer_id
|
||||
db
|
||||
.prepare(`update customers set telegram_user_id = :telegram_id where id = :customer_id and email is not null`)
|
||||
.run(res.locals)
|
||||
|
||||
const asid = crypto.randomBytes(64).toString('hex')
|
||||
req.session = sessions[asid] = {asid, customer_id }
|
||||
res.setHeader('Set-Cookie', [`asid=${asid};httpOnly;path=/api/admin`])
|
||||
|
||||
createSession(req, res, customer_id)
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.get('/customer/logout', (req, res, next) => {
|
||||
delete sessions[req.session.asid]
|
||||
res.setHeader('Set-Cookie', [`asid=; expired; httpOnly`])
|
||||
app.post('/auth/telegram', (req, res, next) => {
|
||||
let customer_id = db
|
||||
.prepare(`select id from customers where is_blocked = 0 and telegram_id = :telegram_id`)
|
||||
.pluck(true)
|
||||
.get(res.locals) || db
|
||||
.prepare(`replace into customers (telegram_id, is_blocked) values (:telegram_id, 0) returning id`)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
createSession(req, res, customer_id)
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.post('/customer/register', (req, res, next) => {
|
||||
const email = String(req.body.email).trim()
|
||||
const password = String(req.body.password).trim()
|
||||
app.get('/auth/logout', (req, res, next) => {
|
||||
if (req.session?.asid)
|
||||
delete sessions[req.session.asid]
|
||||
res.setHeader('Set-Cookie', [`asid=; expired; httpOnly;path=/api/admin`])
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
const validateEmail = email => String(email).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
|
||||
if (!validateEmail(email))
|
||||
app.post('/auth/register', (req, res, next) => {
|
||||
const email = String(req.body.email ?? '').trim()
|
||||
const code = String(req.body.code ?? '').trim()
|
||||
const password = String(req.body.password ?? '').trim()
|
||||
|
||||
if (email) {
|
||||
const validateEmail = email => String(email).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
|
||||
if (!validateEmail(email))
|
||||
throw Error('INCORRECT_EMAIL::400')
|
||||
|
||||
if (!password)
|
||||
throw Error('EMPTY_PASSWORD::400')
|
||||
|
||||
const row = db
|
||||
|
||||
const customer_id = db
|
||||
.prepare('select id from customers where email = :email')
|
||||
.run({email})
|
||||
if (row)
|
||||
throw Error('DUPLICATE_EMAIL::400')
|
||||
.pluck(true)
|
||||
.get({email})
|
||||
|
||||
if (customer_id)
|
||||
throw Error('USED_EMAIL::400')
|
||||
}
|
||||
|
||||
if (email && !code) {
|
||||
const code = Math.random().toString().substr(2, 4)
|
||||
emailCache[email] = code
|
||||
// To-Do: send email
|
||||
console.log(`${email} => ${code}`)
|
||||
}
|
||||
|
||||
if (email && code && !password) {
|
||||
if (emailCache[email] != code)
|
||||
throw Error('INCORRECT_CODE::400')
|
||||
}
|
||||
|
||||
if (email && code && password) {
|
||||
if (password.length < 8)
|
||||
throw Error('INCORRECT_PASSWORD::400')
|
||||
|
||||
db
|
||||
.prepare('insert into customers (email, password, is_blocked) values (:email, :password, 0)')
|
||||
.run({email, password})
|
||||
}
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
const key = crypto.randomBytes(32).toString('hex')
|
||||
const info = db
|
||||
.prepare('insert into customers (email, password, activation_key) values (:email, :password, :key)')
|
||||
.run({email, password, key})
|
||||
|
||||
// To-Do: SEND MAIL
|
||||
console.log(`http://127.0.0.1:3000/api/customer/activate?key=${key}`)
|
||||
res.status(200).json({success: true, data: key})
|
||||
})
|
||||
|
||||
app.get('/customer/activate', (req, res, next) => {
|
||||
const row = db
|
||||
.prepare('update customers set is_active = 1 where activation_key = :key returning id')
|
||||
.get({key: req.query.key})
|
||||
|
||||
if (!row || !row.id)
|
||||
throw Error('BAD_ACTIVATION_KEY::400')
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
// CUSTOMER
|
||||
app.get('/customer/profile', (req, res, next) => {
|
||||
const row = db
|
||||
.prepare(`
|
||||
select id, name, email, plan, coalesce(json_balance, '{}') json_balance, coalesce(json_company, '{}') json_company, upload_group_id
|
||||
from customers
|
||||
where id = :customer_id and is_active = 1
|
||||
where id = :customer_id
|
||||
`)
|
||||
.get(res.locals)
|
||||
|
||||
|
||||
@@ -10,8 +10,9 @@ const { NewMessage } = require('telegram/events')
|
||||
const { Button } = require('telegram/tl/custom/button')
|
||||
const { CustomFile } = require('telegram/client/uploads')
|
||||
|
||||
// const session = new StringSession('1AgAOMTQ5LjE1NC4xNjcuNTABuxdIxmjimA0hmWpdrlZ4Fo7uoIGU4Bu9+G5QprS6zdtyeMfcssWEZp0doLRX/20MomQyF4Opsos0El0Ifj5aiNgg01z8khMLMeT98jS+1U/sh32p3GxZfxyXSxX1bD0NLRaXnqVyNNswYqRZPhboT28NMjDqwlz0nrW9rge+QMJDL7jIkXgSs+cmJBINiqsEI8jWjXmc8TU/17gngtjUHRf5kRM4y5gsNC4O8cF5lcHRx0G/U5ZVihTID8ItQ6EdEHjz6e4XErbVOJ81PfYkqEoPXVvkEmRM0/VbvCzFfixfas4Vzczfn98OHLd8P2MXcgokZ2rppvIV3fQXOHxJbA0=')
|
||||
const session = new StringSession('')
|
||||
//const session = new StringSession('1AgAOMTQ5LjE1NC4xNjcuNTABu2OaFuD5Oyi5wGck+n5ldAfshzYfwlWee+OUxYBvFzlKAdW11Hsndu1SJBLUnKjP8sTJEPbLwdqANBhBXmQMghLVAblwK6TxLfsWxy2zf/HGLeNXohhrsep0hBxu9imyHV6OI6gQG+c5qaGkzjZrz0AcS4ut0xy99XrXgjiNfnjeMX7a0mOk6IK9iKdwbX9kXTfclFLVppiBGXolYJjVb2E57tk4+7RncIVyw+Fxn0NZfnhEfHJZly6j03arZOeM5VYl9ul8+3lJDD+KJJHeMgImmYjmcFcF3CbtkhPuTSPnWKtCnm2sRzepn5VFfoG6zgYff04fBdKGvHAai+wQSOY=')
|
||||
const session = new StringSession('1AgAOMTQ5LjE1NC4xNjcuNTEBuzSgmBQR5/m8M8cyOnsLCIOkYQJTizJoJRZiPKK+eBjMuodc0JuKQwzeWBRJI/c6YxaBHvokpngf5kr57uly+meSPPlFq6MyoSSQDbEJ3VAAWJu+/ALN0ickE92RjRfM5Kw6DimC9FXuMgJJsoUHtk/i+ZGXy9JB+q67G0yy8NvFIuWpFHJDkwmi0qTlTgJ5UOm4PYkV01iNUcV5siaWFVTTLsetHtBUdMOzg5WjjvuOyYV/MIx+z7ynhvF3DxLPCugxqhCvZ/RW+0vldrTX5TZ0BzIDk2eNFQjRORJcZo6upwvH7aZYStV4DxhIi1dEYu5gyvnt4vkbR5kuvE/GqO0=')
|
||||
|
||||
|
||||
let client
|
||||
|
||||
@@ -493,12 +494,19 @@ async function onNewUserMessage (msg) {
|
||||
updateUser(userId, user)
|
||||
await updateUserPhoto (userId, user)
|
||||
|
||||
const appButton = new Api.KeyboardButtonWebView({
|
||||
text: "Open Mini-App", // Текст на кнопке
|
||||
url: "https://h5sj0gpz-3000.euw.devtunnels.ms/", // URL вашего Mini-App (HTTPS!)
|
||||
});
|
||||
|
||||
|
||||
const inputPeer = new Api.InputPeerUser({userId: tgUserId, accessHash: user.accessHash.value})
|
||||
const resultBtn = await client.sendMessage(inputPeer, {
|
||||
message: 'Сообщение от бота',
|
||||
buttons: client.buildReplyMarkup([
|
||||
[Button.url('Админка', 'https://t.me/ready_or_not_2025_bot/userapp?startapp=admin')],
|
||||
[Button.url('Пользователь', 'https://t.me/ready_or_not_2025_bot/userapp?startapp=user')]
|
||||
[Button.url('Пользователь', 'https://t.me/ready_or_not_2025_bot/userapp?startapp=user')],
|
||||
[appButton]
|
||||
])
|
||||
})
|
||||
} catch (err) {
|
||||
@@ -560,6 +568,7 @@ class Bot extends EventEmitter {
|
||||
})
|
||||
|
||||
await client.start({botAuthToken})
|
||||
console.log('SID: ', session.save())
|
||||
}
|
||||
|
||||
async uploadDocument(projectId, fileName, mime, data, parentType, parentId, publishedBy) {
|
||||
|
||||
Reference in New Issue
Block a user