diff --git a/bin/server.dart b/bin/server.dart index eacc415..66a99d1 100755 --- a/bin/server.dart +++ b/bin/server.dart @@ -11,7 +11,7 @@ final _router = Router() ..get('/', API.rootHandler) ..get('/admin/users', API.getAllUsers) // POST (EN VRAI C'EST DES GET AVEC UN BODY) - ..post('/user/password-file', API.downloadPasswordDb) + ..get('/user/password-file', API.downloadPasswordDb) ..post('/auth', API.authenticator) ..post('/user/account', API.createAccount) // vrai post // PUT diff --git a/lib/api/api.dart b/lib/api/api.dart index d652720..afd43a7 100644 --- a/lib/api/api.dart +++ b/lib/api/api.dart @@ -8,10 +8,6 @@ import 'package:passworld_api/database/accounts_to_postgres.dart'; // Class for all static function that handles api routes class API { - /*---------------| - |-------GET------| - |---------------*/ - // Default response for / static Response rootHandler(Request req) { return Response.ok('Greetings from PassWorld!\n'); @@ -56,9 +52,6 @@ class API { }); */ } - /*---------------| - |------POST------| - |---------------*/ // Create account static Future createAccount(Request req) async { @@ -81,9 +74,24 @@ class API { } } - /*---------------| - |-------PUT------| - |---------------*/ + // Delete Account + static Future deleteAccount(Request req) async { + final List required = ["email", "password"]; + final body = await bodyToJson(req); + + if (await checkRequiredFields(required, body)) { + try { + await AccountsToPostgres.deleteAccount( + body[required[0]], body[required[1]]); + } catch (e) { + return Response(409, + body: 'There was a problem with deletion'); // 409 (Conflict) + } + return Response(200, body: 'Account successfully deleted'); // 200 (OK) + } else { + return Response.badRequest(body: 'Bad request'); // 400 (Bad Request) + } + } // Update master password static Response changeMasterPassword(Request req) { @@ -132,19 +140,6 @@ class API { return Response.ok("API: file received"); } - /*---------------| - |-----DELETE-----| - |---------------*/ - - // Delete account - static Response deleteAccount(Request req) { - return Response.ok(""); - } - - /*---------------| - |-------MISC-----| - |---------------*/ - // Check if required fields are in req body static Future checkRequiredFields( List fields, Map body) async { diff --git a/lib/database/accounts_to_postgres.dart b/lib/database/accounts_to_postgres.dart index 945062a..867cdf9 100644 --- a/lib/database/accounts_to_postgres.dart +++ b/lib/database/accounts_to_postgres.dart @@ -23,18 +23,21 @@ class AccountsToPostgres { //initConnection(); } + // Open connection to database static Future openConnection() async { await connection.open().then((value) { print("🟢 PassWorld DB connection opened"); }); } + // Close connection to database static void closeConnection() async { connection.close().then((value) { print("🔴 PassWorld DB connection closed"); }); } + // Create tables and other things for the database static Future createAccountTable() async { await openConnection(); await connection.query(""" @@ -55,7 +58,8 @@ class AccountsToPostgres { print("🟦 Account Table Created"); } - // Add support for twoFa if needed + // TODO: Add support for twoFa if needed + // Create user account static Future createAccount( String mail, String hash, String salt /*, List twoFaStr*/) async { await checkMailAlreadyExist(mail); // TODO: throw execption if != null @@ -70,6 +74,15 @@ class AccountsToPostgres { print("✅ Account succesfully created"); } + static Future deleteAccount(String mail, String hash) async { + await checkMailAlreadyExist(mail); // TODO: throw execption if != null + // TODO: check authentication + await connection.query("DELETE FROM \"Account\" WHERE mail=@mail", + substitutionValues: {"mail": mail}); + print("✅ Account succesfully deleted"); + } + + // get user passord hash by mail static Future selectHashByMail(String mail) async { List> results = await connection.query( "SELECT hash FROM \"Account\" WHERE mail=@mail", @@ -78,6 +91,7 @@ class AccountsToPostgres { return results[0][0]; } + // check if mail is already used in database static Future checkMailAlreadyExist(String mail) async { List> results = await connection.query( "SELECT id FROM \"Account\" WHERE mail=@mail", @@ -87,7 +101,9 @@ class AccountsToPostgres { return; } - static Future updatePass(String mail, String hash, String salt) async { + // Update user password + static Future updatePassword( + String mail, String hash, String salt) async { if (selectHashByMail(mail) == null) { return; } else { @@ -97,7 +113,8 @@ class AccountsToPostgres { } } - static Future updateFilePass(String mail, File passwordFile) async { + // Update user password file + static Future updatePasswordFile(String mail, File passwordFile) async { List passwordBlob = utf8.encode(await passwordFile.readAsString(encoding: utf8)); @@ -110,6 +127,7 @@ class AccountsToPostgres { } } + // Update user twoFa static Future updateTwoFa(String mail, List tfa) async { List twoFaStr = List.empty(growable: true); @@ -122,6 +140,7 @@ class AccountsToPostgres { } } + // Update user mail static Future updateMail(String mail, String newMail) async { if (selectHashByMail(mail) == null) { return; @@ -133,15 +152,7 @@ class AccountsToPostgres { print("✅ Mail succesfully updated"); } - static Future deleteById(String id) async { - await connection.query("DELETE FROM \"Account\" WHERE id=@identifiant", - substitutionValues: {"identifiant": id}); - } - - // - // ADMIN - // - + // ADMIN: get infos on all users static Future getAllUsers() async { PostgreSQLResult res = await connection.query("SELECT id, hash, salt from \"Account\"");