diff --git a/bin/server.dart b/bin/server.dart index abe9133..3fe0514 100755 --- a/bin/server.dart +++ b/bin/server.dart @@ -10,8 +10,9 @@ final _router = Router() // GET ..get('/', API.rootHandler) ..get('/admin/users', API.getAllUsers) + ..post('/user/salt', API.getSalt) // POST (EN VRAI C'EST DES GET AVEC UN BODY) - ..get('/user/password-file', API.downloadPasswordDb) + ..post('/user/password-file', API.downloadPasswordDb) ..post('/auth', API.authenticator) ..post('/user/account', API.createAccount) // vrai post // PUT diff --git a/lib/api/api.dart b/lib/api/api.dart index d39ee1f..8a8e1fc 100644 --- a/lib/api/api.dart +++ b/lib/api/api.dart @@ -13,6 +13,23 @@ class API { return Response.ok('Greetings from PassWorld!\n'); } + static Future getSalt(Request req) async { + final List required = ["email"]; + final body = await bodyToJson(req); + + if (await checkRequiredFields(required, body)) { + try { + String salt = + await AccountsToPostgres.selectSaltByMail(body[required[0]]); + return Response(200, body: salt); + } catch (e) { + return Response(204, body: 'Account already existing'); // No content + } + } else { + return Response.badRequest(body: 'bad body'); + } + } + // Check for authentication static Future authenticator(Request req) async { final List required = ["email", "password"]; diff --git a/lib/database/accounts_to_postgres.dart b/lib/database/accounts_to_postgres.dart index 1aaef87..984b898 100644 --- a/lib/database/accounts_to_postgres.dart +++ b/lib/database/accounts_to_postgres.dart @@ -8,16 +8,16 @@ class AccountsToPostgres { // username: 'pass', password: '1p2a3s4s5'); /* Dev RemRem */ - // static final connection = PostgreSQLConnection("localhost", 5432, 'passworld', - // username: 'hel', password: ''); + static final connection = PostgreSQLConnection("localhost", 5432, 'passworld', + username: 'hel', password: ''); /* Production */ - static final connection = PostgreSQLConnection( - Platform.environment["DB_SERVER"]!, - 5432, - Platform.environment["DB_DATABASE"]!, - username: Platform.environment["DB_USER"], - password: Platform.environment["DB_PASSWORD"]); + // static final connection = PostgreSQLConnection( + // Platform.environment["DB_SERVER"]!, + // 5432, + // Platform.environment["DB_DATABASE"]!, + // username: Platform.environment["DB_USER"], + // password: Platform.environment["DB_PASSWORD"]); AccountsToPostgres() { //initConnection(); @@ -89,6 +89,15 @@ class AccountsToPostgres { return results[0][0]; } + // check if mail is already used in database + static Future selectSaltByMail(String mail) async { + List> results = await connection.query( + "SELECT salt FROM \"Account\" WHERE mail=@mail", + substitutionValues: {"mail": mail}); + + return results[0][0]; + } + // Update user password static Future updatePassword( String mail, String newHash, String newSalt) async { @@ -148,7 +157,7 @@ class AccountsToPostgres { // ADMIN: get infos on all users static Future getAllUsers() async { PostgreSQLResult res = - await connection.query("SELECT id, hash, salt from \"Account\""); + await connection.query("SELECT mail, hash, salt from \"Account\""); print("🟥 ADMIN: get all users"); return res; }