From d4d7f51d03e4a4c89c68fdf7936d8bf9283cbb3d Mon Sep 17 00:00:00 2001
From: Lukian LEIZOUR <lulul7018@gmail.com>
Date: Thu, 6 Jun 2024 13:53:44 +0200
Subject: [PATCH] commit

---
 api/v1/auth/login.js         |  8 ++++++--
 api/v1/games/addHelper.js    | 10 +++++++++-
 api/v1/games/getGame.js      | 10 +++++++++-
 api/v1/games/getHelpers.js   | 10 +++++++++-
 api/v1/games/getall.js       |  6 +++++-
 api/v1/games/removeHelper.js | 21 ++++++++++++++++++++-
 6 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/api/v1/auth/login.js b/api/v1/auth/login.js
index 72df4be..f49d926 100644
--- a/api/v1/auth/login.js
+++ b/api/v1/auth/login.js
@@ -19,9 +19,13 @@ router.post('/', async (req, res) => {
         return res.status(400).send({error: "wrong login informations"});
     }
 
-    console.log(user);
+    if (!user[0].verified) {
+        return res.status(400).send({error: "you need to be verified to login"})
+    }
 
-    res.status(200).send({message: "connection successful", token: jwt.sign({user: {id: user[0].id, username: user[0].username, name: user[0].name, lastname: user[0].lastname}, expiration: 20000}, process.env.JWTSecret)});
+    const expiration = new Date().getTime() + 1000 * 60 * 60 * 24 * 7;
+
+    res.status(200).send({message: "connection successful", token: jwt.sign({user: {id: user[0].id, username: user[0].username, name: user[0].name, lastname: user[0].lastname}, expiration: 2000}, process.env.JWTSecret)});
 });
 
 module.exports = router;
\ No newline at end of file
diff --git a/api/v1/games/addHelper.js b/api/v1/games/addHelper.js
index 7749626..9465264 100644
--- a/api/v1/games/addHelper.js
+++ b/api/v1/games/addHelper.js
@@ -12,8 +12,16 @@ router.post('/', async (req, res) => {
         return res.status(400).send({error: "invalid token"});
     }
 
+    if (!gameid) {
+        return res.status(400).send({error: "invalid gameid"});
+    }
+
     try {
         const user = jwt.verify(token, process.env.JWTSecret);
+
+        if (user.expiration < Date.now()) {
+            return res.status(400).send({error: "token expired"});
+        }
         
         const game = await getGame(gameid);
 
@@ -21,7 +29,7 @@ router.post('/', async (req, res) => {
             return res.status(400).send({error: "this game doesn't exist"});
         }
 
-        if (JSON.parse(game[0].helpers).includes(user.user.id)) {
+        if (JSON.parse(game[0].helpers).includes(user.user.username)) {
             return res.status(400).send({error: "you are already an helper for this game"});
         }
 
diff --git a/api/v1/games/getGame.js b/api/v1/games/getGame.js
index c96e067..efdb2ab 100644
--- a/api/v1/games/getGame.js
+++ b/api/v1/games/getGame.js
@@ -12,8 +12,16 @@ router.post('/', async (req, res) => {
         return res.status(400).send({error: "invalid token"});
     }
 
+    if (!gameid) {
+        return res.status(400).send({error: "invalid gameid"});
+    }
+
     try {
-        jwt.verify(token, process.env.JWTSecret);
+        const user = jwt.verify(token, process.env.JWTSecret);
+
+        if (user.expiration < Date.now()) {
+            return res.status(400).send({error: "token expired"});
+        }
     } catch {
         return res.status(400).send({error: "invalid token"});
     }
diff --git a/api/v1/games/getHelpers.js b/api/v1/games/getHelpers.js
index 58fe44d..b004fcb 100644
--- a/api/v1/games/getHelpers.js
+++ b/api/v1/games/getHelpers.js
@@ -12,8 +12,16 @@ router.post('/', async (req, res) => {
         return res.status(400).send({error: "invalid token"});
     }
 
+    if (!gameid) {
+        return res.status(400).send({error: "invalid gameid"});
+    }
+
     try {
-        jwt.verify(token, process.env.JWTSecret);
+        const user = jwt.verify(token, process.env.JWTSecret);
+
+        if (user.expiration < Date.now()) {
+            return res.status(400).send({error: "token expired"});
+        }
     } catch {
         return res.status(400).send({error: "invalid token"});
     }
diff --git a/api/v1/games/getall.js b/api/v1/games/getall.js
index a2efa79..178641a 100644
--- a/api/v1/games/getall.js
+++ b/api/v1/games/getall.js
@@ -13,7 +13,11 @@ router.post('/', async (req, res) => {
     }
 
     try {
-        jwt.verify(token, process.env.JWTSecret);
+        const user = jwt.verify(token, process.env.JWTSecret);
+
+        if (user.expiration < Date.now()) {
+            return res.status(400).send({error: "token expired"});
+        }
     } catch {
         return res.status(400).send({error: "invalid token"});
     }
diff --git a/api/v1/games/removeHelper.js b/api/v1/games/removeHelper.js
index f17f8aa..2298967 100644
--- a/api/v1/games/removeHelper.js
+++ b/api/v1/games/removeHelper.js
@@ -1,7 +1,7 @@
 const express = require('express');
 const jwt = require('jsonwebtoken');
 
-const {removeHelper} = require("../../../libs/mysql.js")
+const {removeHelper, getGame} = require("../../../libs/mysql.js")
 
 const router = express.Router();
 
@@ -12,8 +12,27 @@ router.post('/', async (req, res) => {
         return res.status(400).send({error: "invalid token"});
     }
 
+    if (!gameid) {
+        return res.status(400).send({error: "invalid gameid"});
+    }
+
     try {
         const user = jwt.verify(token, process.env.JWTSecret);
+
+        if (user.expiration < Date.now()) {
+            return res.status(400).send({error: "token expired"});
+        }
+
+        const game = await getGame(gameid);
+
+        if (!game[0]) {
+            return res.status(400).send({error: "this game doesn't exist"});
+        }
+
+        if (!JSON.parse(game[0].helpers).includes(user.user.username)) {
+            return res.status(400).send({error: "you are not an helper for this game"});
+        }
+
         await removeHelper(user.user.username, gameid);
     } catch {
         return res.status(400).send({error: "invalid token"});