add: added pfps and user profile modification

back/api/auth.js

@@ -1,8 +1,16 @@
 const express = require('express');
 const sha256 = require("sha256");
 const jwt = require('jsonwebtoken');
-const { getConnection, getUserByUsername, addUser, getUser } = require('../libs/mysql');
+const { getConnection, getUserByUsername, addUser, setUserPfp, setUserUsername, setUserPassword } = require('../libs/mysql');
 const { checkAuth } = require('../libs/middlewares');
+const multer  = require('multer')
+const fs = require('node:fs');
+
+const upload = multer({ dest: 'data/pfps/' })
+upload.limits = {
+    fileSize: 1024 * 1024 * 5,
+    files: 1,
+};
 
 const router = express.Router();
 
@@ -59,10 +67,75 @@ router.post('/register', async (req, res) => {
     res.send({ message: 'User added' });
 });
 
-router.use('/me', checkAuth);
-router.post('/me', async (req, res) => {
+router.post('/me', checkAuth, async (req, res) => {
     const user = req.user;
     res.send({ id: user.id, username: user.username, admin: user.admin });  
 });
 
+router.post('/me/uploadpfp', upload.single('pfp'), checkAuth, async (req, res) => {
+    const fileName = req.file.filename;
+    const user = req.user;
+
+    if (user.pfp && fs.existsSync(`data/pfps/${user.pfp}`)) {
+        fs.unlinkSync(`data/pfps/${user.pfp}`);
+    }
+
+    const connection = await getConnection();
+    await setUserPfp(connection, user.id, fileName);
+    connection.end();
+    res.send({ message: 'Profile picture uploaded.' });  
+});
+
+router.post('/me/deletepfp', checkAuth, async (req, res) => {
+    const user = req.user;
+
+    if (user.pfp && fs.existsSync(`data/pfps/${user.pfp}`)) {
+        fs.unlinkSync(`data/pfps/${user.pfp}`);
+    }
+
+    const connection = await getConnection();
+    await setUserPfp(connection, user.id, null);
+    connection.end();
+    res.send({ message: 'Profile picture deleted.' });  
+});
+
+router.post('/me/setusername', checkAuth, async (req, res) => {
+    const { username } = req.body;
+    const user = req.user;
+
+    if (!username) {
+        return res.status(400).send({ error: 'Invalid username' });
+    }
+
+    if (!/^[a-zA-Z0-9-_]+$/.test(username)) {
+        return res.status(400).send({ error: 'Invalid username' });
+    }
+
+    const connection = await getConnection();
+    const userExists = await getUserByUsername(connection, username);
+    if (userExists[0]) {
+        connection.end();
+        return res.status(401).send({ error: 'Username already exists' });
+    }
+
+    await setUserUsername(connection, user.id, username);
+    connection.end();
+    res.send({ message: 'Username changed.' });  
+});
+
+
+router.post('/me/setpassword', checkAuth, async (req, res) => {
+    const { oldPassword, password } = req.body;
+    const user = req.user;
+
+    if (!password || !oldPassword || sha256(oldPassword) !== user.password) {
+        return res.status(400).send({ error: 'Invalid password' });
+    }
+
+    const connection = await getConnection();
+    await setUserPassword(connection, user.id, sha256(password));
+    connection.end();
+    res.send({ message: 'Password changed.' });  
+});
+
 module.exports = router;

back/api/channels.js

@@ -123,8 +123,7 @@ router.get('/:name/messages', async (req, res) => {
     res.send(messages);
 });
 
-router.use('/:name/messages/send', checkAuth);
-router.post('/:name/messages/send', async (req, res) => {
+router.post('/:name/messages/send', checkAuth, async (req, res) => {
     const { message } = req.body;
     const name = req.params.name;
     const user = req.user;
@@ -165,8 +164,7 @@ router.post('/:name/messages/send', async (req, res) => {
     res.send({ message: 'Message sent' });
 });
 
-router.use('/:name/messages/delete', checkAuth);
-router.post('/:name/messages/delete', async (req, res) => {
+router.post('/:name/messages/delete', checkAuth, async (req, res) => {
     const { message_id } = req.body;
     const name = req.params.name;
     const user = req.user;
@@ -207,8 +205,7 @@ router.post('/:name/messages/delete', async (req, res) => {
     res.send({ message: 'Message deleted' });
 });
 
-router.use('/add', checkAuth);
-router.post('/add', async (req, res) => {
+router.post('/add', checkAuth, async (req, res) => {
     const { name, description } = req.body;
     const user = req.user;
 

back/api/users.js

@@ -1,6 +1,7 @@
 const express = require('express');
 const { getConnection, getUsers, getUserByUsername, getUserLastMessages, getMentions, deleteUser, deleteUserMessages, deleteUserMentions } = require('../libs/mysql');
 const { checkAuth } = require("../libs/middlewares")
+const path = require('path');
 
 const router = express.Router();
 
@@ -41,8 +42,26 @@ router.get('/:username/lastmessages', async (req, res) => {
     res.send(messages);
 });
 
-router.use("/:username/delete", checkAuth);
-router.post('/:username/delete', async (req, res) => {
+router.get('/:username/pfp', async (req, res) => {
+    const username = req.params.username;
+    const connection = await getConnection();
+    const user = await getUserByUsername(connection, username);
+    connection.end();
+
+    if (!user[0]) {
+        return res.status(400).send({ error: 'No user found' });
+    }
+
+    const pfp = user[0].pfp;
+
+    if (!pfp) {
+        return res.sendFile(path.join(__dirname, `../images/default-pfp.png`), { headers: { 'Content-Type': 'image' } });
+    }
+
+    res.sendFile(path.join(__dirname, `../data/pfps/${pfp}`), { headers: { 'Content-Type': 'image' } });
+});
+
+router.post('/:username/delete', checkAuth, async (req, res) => {
     const username = req.params.username;
     const user = req.user;