add: added pfps and user profile modification

back/api/auth.js

@@ -1,8 +1,16 @@
 const express = require('express');
 const sha256 = require("sha256");
 const jwt = require('jsonwebtoken');
-const { getConnection, getUserByUsername, addUser, getUser } = require('../libs/mysql');
+const { getConnection, getUserByUsername, addUser, setUserPfp, setUserUsername, setUserPassword } = require('../libs/mysql');
 const { checkAuth } = require('../libs/middlewares');
+const multer  = require('multer')
+const fs = require('node:fs');
+
+const upload = multer({ dest: 'data/pfps/' })
+upload.limits = {
+    fileSize: 1024 * 1024 * 5,
+    files: 1,
+};
 
 const router = express.Router();
 
@@ -59,10 +67,75 @@ router.post('/register', async (req, res) => {
     res.send({ message: 'User added' });
 });
 
-router.use('/me', checkAuth);
-router.post('/me', async (req, res) => {
+router.post('/me', checkAuth, async (req, res) => {
     const user = req.user;
     res.send({ id: user.id, username: user.username, admin: user.admin });  
 });
 
+router.post('/me/uploadpfp', upload.single('pfp'), checkAuth, async (req, res) => {
+    const fileName = req.file.filename;
+    const user = req.user;
+
+    if (user.pfp && fs.existsSync(`data/pfps/${user.pfp}`)) {
+        fs.unlinkSync(`data/pfps/${user.pfp}`);
+    }
+
+    const connection = await getConnection();
+    await setUserPfp(connection, user.id, fileName);
+    connection.end();
+    res.send({ message: 'Profile picture uploaded.' });  
+});
+
+router.post('/me/deletepfp', checkAuth, async (req, res) => {
+    const user = req.user;
+
+    if (user.pfp && fs.existsSync(`data/pfps/${user.pfp}`)) {
+        fs.unlinkSync(`data/pfps/${user.pfp}`);
+    }
+
+    const connection = await getConnection();
+    await setUserPfp(connection, user.id, null);
+    connection.end();
+    res.send({ message: 'Profile picture deleted.' });  
+});
+
+router.post('/me/setusername', checkAuth, async (req, res) => {
+    const { username } = req.body;
+    const user = req.user;
+
+    if (!username) {
+        return res.status(400).send({ error: 'Invalid username' });
+    }
+
+    if (!/^[a-zA-Z0-9-_]+$/.test(username)) {
+        return res.status(400).send({ error: 'Invalid username' });
+    }
+
+    const connection = await getConnection();
+    const userExists = await getUserByUsername(connection, username);
+    if (userExists[0]) {
+        connection.end();
+        return res.status(401).send({ error: 'Username already exists' });
+    }
+
+    await setUserUsername(connection, user.id, username);
+    connection.end();
+    res.send({ message: 'Username changed.' });  
+});
+
+
+router.post('/me/setpassword', checkAuth, async (req, res) => {
+    const { oldPassword, password } = req.body;
+    const user = req.user;
+
+    if (!password || !oldPassword || sha256(oldPassword) !== user.password) {
+        return res.status(400).send({ error: 'Invalid password' });
+    }
+
+    const connection = await getConnection();
+    await setUserPassword(connection, user.id, sha256(password));
+    connection.end();
+    res.send({ message: 'Password changed.' });  
+});
+
 module.exports = router;