Added basic login.

src/auth.js

@@ -0,0 +1,124 @@
+import config from 'config';
+import util from 'util';
+import crypto from 'crypto';
+import fs from 'fs/promises';
+import { createAvatar } from '@dicebear/core';
+import { shapes } from '@dicebear/collection';
+
+import knex from './knex.js';
+import { curateUser, fetchUser } from './users.js';
+import { HttpError } from './errors.js';
+
+const scrypt = util.promisify(crypto.scrypt);
+
+async function verifyPassword(password, storedPassword) {
+	const [salt, hash] = storedPassword.split('/');
+	const hashedPassword = (await scrypt(password, salt, 64)).toString('hex');
+
+	if (hashedPassword === hash) {
+		return true;
+	}
+
+	throw new HttpError('Username or password incorrect', 401);
+}
+
+async function generateAvatar(user) {
+	const avatar = createAvatar(shapes, {
+		seed: user.username,
+		backgroundColor: ['f65596', '9b004b', '006b68', '5abab6'],
+		shape1Color: ['f65596', 'ff6d7e', 'ff8d69', 'ffb15b', 'ffd55c', 'f9f871'],
+		shape2Color: ['c162c6', '6074dd', '007dd2', '007ba9', '007170'],
+		shape3Color: ['f65596', 'ff6d7e', 'ff8d69', 'ffb15b', 'ffd55c', 'f9f871'],
+	});
+
+	await fs.mkdir('media/avatars', { recursive: true });
+
+	await avatar.png().toFile(`media/avatars/${user.id}_${user.username}.png`);
+}
+
+export async function login(credentials) {
+	if (!config.auth.login) {
+		throw new HttpError('Authentication is disabled', 405);
+	}
+
+	const user = await fetchUser(credentials.username.trim(), true);
+
+	if (!user) {
+		throw new HttpError('Username or password incorrect', 401);
+	}
+
+	await verifyPassword(credentials.password, user.password);
+
+	await knex('users')
+		.update('last_login', 'NOW()')
+		.where('id', user.id);
+
+	if (!user.avatar) {
+		await generateAvatar(user);
+	}
+
+	return curateUser(user);
+}
+
+export async function signup(credentials) {
+	if (!config.auth.signup) {
+		throw new HttpError('Authentication is disabled', 405);
+	}
+
+	const curatedUsername = credentials.username.trim();
+
+	if (!curatedUsername) {
+		throw new HttpError('Username required', 400);
+	}
+
+	if (curatedUsername.length < config.auth.usernameLength[0]) {
+		throw new HttpError('Username is too short', 400);
+	}
+
+	if (curatedUsername.length > config.auth.usernameLength[1]) {
+		throw new HttpError('Username is too long', 400);
+	}
+
+	if (!config.auth.usernamePattern.test(curatedUsername)) {
+		throw new HttpError('Username contains invalid characters', 400);
+	}
+
+	if (!credentials.email) {
+		throw new HttpError('E-mail required', 400);
+	}
+
+	if (credentials.password?.length < 3) {
+		throw new HttpError('Password must be 3 characters or longer', 400);
+	}
+
+	const existingUser = await knex('users')
+		.where('username', curatedUsername)
+		.orWhere('email', credentials.email)
+		.first();
+
+	if (existingUser) {
+		throw new HttpError('Username or e-mail already in use', 409);
+	}
+
+	const salt = crypto.randomBytes(16).toString('hex');
+	const hashedPassword = (await scrypt(credentials.password, salt, 64)).toString('hex');
+	const storedPassword = `${salt}/${hashedPassword}`;
+
+	const [{ id: userId }] = await knex('users')
+		.insert({
+			username: curatedUsername,
+			email: credentials.email,
+			password: storedPassword,
+		})
+		.returning('id');
+
+	await knex('stashes').insert({
+		user_id: userId,
+		name: 'Favorites',
+		slug: 'favorites',
+		public: false,
+		primary: true,
+	});
+
+	return fetchUser(userId);
+}