Commit 2371b2e7 authored by Geovanny's avatar Geovanny

Fixes to db connection and house permissions

parent 06c1c5b9
......@@ -5,15 +5,16 @@ const ENV = require('../settings');
const db = {}
db.connectDB = async () =>{
const connection = await MySQL.createConnection({
host: ENV.DB_HOST,
port: ENV.DB_PORT,
user: ENV.DB_USER,
password: ENV.DB_PASS,
database: ENV.DB_NAME
const pool = await MySQL.createPool({
host: ENV.DB_HOST,
port: ENV.DB_PORT,
user: ENV.DB_USER,
password: ENV.DB_PASS,
database: ENV.DB_NAME,
connectionLimit: 10
});
console.log('Database connected');
db.con = connection;
db.pool = pool;
}
module.exports = db;
\ No newline at end of file
......@@ -6,7 +6,7 @@ const h_columns = ['house_name', 'house_level', 'camp_location'];
async function checkHouseRequest(house_id, user_id){
const sql_exists = 'SELECT EXISTS(SELECT * FROM house_requests WHERE house_id = ? AND user_id = ?) as result;'
const exists = await db.con.query(sql_exists, [house_id , user_id]);
const exists = await db.pool.query(sql_exists, [house_id , user_id]);
if(exists[0] && exists[0].result===0){
throw Error("Membership request not send for user's house")
}
......@@ -16,7 +16,7 @@ model.getAll = async () => {
const sql_text = `SELECT h.*, u.username as liege_username
FROM houses as h
LEFT JOIN users as u on h.liege_id = u.id;`;
const data = await db.con.query(sql_text);
const data = await db.pool.query(sql_text);
return data;
}
......@@ -26,7 +26,7 @@ model.getHouse = async(house_id) => {
FROM houses as h
LEFT JOIN users as u on u.id = h.liege_id
WHERE h.id = ? LIMIT 1`;
const data = await db.con.query(sql_text, house_id);
const data = await db.pool.query(sql_text, house_id);
return data[0];
}
......@@ -34,13 +34,13 @@ model.getHouse = async(house_id) => {
model.insertHouse = async(body, liege_id) => {
let column_text = 'liege_id';
let value_text = `${db.con.escape(liege_id)}`
let value_text = `${db.pool.escape(liege_id)}`
if(body){
for (let i = 0; i < h_columns.length; i++) {
const element = h_columns[i];
if(body[element]!==undefined && body[element]!==null){
column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]);
value_text += ', ' + db.pool.escape(body[element]);
}
}
}
......@@ -52,13 +52,17 @@ model.insertHouse = async(body, liege_id) => {
SET house_id = @house_id, lk_house_role = 'lg'
WHERE id = ?;`;
const aaa = await db.con.query('START TRANSACTION');
let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await con.query(sql_text);
await con.query(sql_text2, [liege_id])
await con.query(sql_text3, [liege_id]);
await db.con.query(sql_text);
await db.con.query(sql_text2, [liege_id])
await db.con.query(sql_text3, [liege_id]);
await con.query('COMMIT;');
await db.con.query('COMMIT');
await con.release();
}
model.modifyHouse = async(house_id, body) => {
......@@ -69,9 +73,9 @@ model.modifyHouse = async(house_id, body) => {
const element = h_columns[i];
if(body[element]!==undefined && body[element]!==null){
if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`;
set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{
set_text += `, ${element} = ${db.con.escape(body[element])}`;
set_text += `, ${element} = ${db.pool.escape(body[element])}`;
}
}
}
......@@ -80,37 +84,45 @@ model.modifyHouse = async(house_id, body) => {
}
const sql_text = `UPDATE houses SET ${set_text} WHERE id = ?`
await db.con.query(sql_text, [house_id]);
await db.pool.query(sql_text, [house_id]);
};
model.deleteHouse = async(house_id, liege_id) => {
const sql_text = 'DELETE FROM houses WHERE id = ?;';
const sql_text2 = 'UPDATE users SET lk_house_role = NULL where id = ?;'
await db.con.query('START TRANSACTION;');
let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await con.query(sql_text, [house_id]);
await con.query(sql_text2, [liege_id]);
await db.con.query(sql_text, [house_id]);
await db.con.query(sql_text2, [liege_id]);
await con.query('COMMIT;');
await db.con.query('COMMIT;')
await con.release();
}
model.sendRequest = async(house_id, user_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?';
const sql_text2 = 'INSERT INTO house_requests (house_id, user_id) VALUES (?, ?)';
await db.con.query('START TRANSACTION;');
let con = await db.pool.getConnection();
await db.con.query(sql_text, [user_id]);
await db.con.query(sql_text2, [house_id, user_id]);
await con.query('START TRANSACTION;');
await db.con.query('COMMIT;');
await con.query(sql_text, [user_id]);
await con.query(sql_text2, [house_id, user_id]);
await con.query('COMMIT;');
await con.release();
};
model.cancelRequests = async(user_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?';
await db.con.query(sql_text, [user_id]);
await db.pool.query(sql_text, [user_id]);
}
model.getHouseRequests = async(house_id) => {
......@@ -118,7 +130,7 @@ model.getHouseRequests = async(house_id) => {
FROM house_requests as hr
LEFT JOIN users as u ON u.id = hr.user_id
WHERE hr.house_id = ?;`
const data = await db.con.query(sql_text, [house_id]);
const data = await db.pool.query(sql_text, [house_id]);
return data;
}
......@@ -128,12 +140,16 @@ model.acceptRequest = async(user_id, house_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?;';
const sql_text2 = 'UPDATE users SET house_id = ?, lk_house_role = \'kng\' WHERE id = ?;';
await db.con.query('START TRANSACTION;');
let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await db.con.query(sql_text, [user_id]);
await db.con.query(sql_text2, [house_id, user_id]);
await con.query(sql_text, [user_id]);
await con.query(sql_text2, [house_id, user_id]);
await db.con.query('COMMIT;');
await con.query('COMMIT;');
await con.release();
}
model.rejectRequest = async(user_id, house_id) => {
......@@ -141,19 +157,19 @@ model.rejectRequest = async(user_id, house_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?;';
await db.con.query(sql_text, [user_id]);
await db.pool.query(sql_text, [user_id]);
}
model.deleteMember = async(user_id) => {
const sql_text = 'UPDATE users SET house_id = NULL, lk_house_role = NULL WHERE id = ? AND lk_house_role != \'lg\';';
await db.con.query(sql_text, [user_id]);
await db.pool.query(sql_text, [user_id]);
}
model.leaveHouse = async(user_id) => {
const sql_text = 'UPDATE users SET house_id = NULL, lk_house_role = NULL WHERE id = ?;';
await db.con.query(sql_text, [user_id]);
await db.pool.query(sql_text, [user_id]);
}
model.getMembers = async(house_id) => {
......@@ -162,26 +178,30 @@ model.getMembers = async(house_id) => {
LEFT JOIN house_role_lk as hr ON hr.lk_key = u.lk_house_role
WHERE u.house_id = ?;`;
const data = await db.con.query(sql_text, [house_id]);
const data = await db.pool.query(sql_text, [house_id]);
return data;
}
model.modifyMemberRole = async(member_id, role) => {
const sql_text = 'UPDATE users SET lk_house_role = ? WHERE id = ?;';
await db.con.query(sql_text, [role, member_id]);
await db.pool.query(sql_text, [role, member_id]);
}
model.changeHouseLiege = async(liege_id, member_id) => {
const sql_text = `UPDATE users SET lk_house_role = 'kng' WHERE id = ?;`;
const sql_text2 = `UPDATE users SET lk_house_role = 'lg' WHERE id = ?;`;
await db.con.query('START TRANSACTION;')
let con = await db.pool.getConnection();
await con.query('START TRANSACTION;')
await db.con.query(sql_text, [liege_id]);
await db.con.query(sql_text2, [member_id]);
await con.query(sql_text, [liege_id]);
await con.query(sql_text2, [member_id]);
await db.con.query('COMMIT;');
await con.query('COMMIT;');
await con.release();
}
model.getMemberUnits = async(member_id) => {
......@@ -190,14 +210,14 @@ model.getMemberUnits = async(member_id) => {
LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_text, [member_id]);
const data = await db.pool.query(sql_text, [member_id]);
return data;
}
model.getCurrentWar = async() => {
const sql_text = 'SELECT * FROM war_days WHERE completed = 0 LIMIT 1;'
const data = await db.con.query(sql_text);
const data = await db.pool.query(sql_text);
return data[0];
}
......@@ -205,12 +225,16 @@ model.insertNewWar = async() => {
const sql_text = 'UPDATE war_days SET completed = 1;';
const sql_text2 = 'INSERT INTO war_days (day) VALUES (CURDATE());'
await db.con.query('START TRANSACTION;');
let con = await db.pool.getConnection()
await con.query('START TRANSACTION;');
await db.con.query(sql_text);
await db.con.query(sql_text2);
await con.query(sql_text);
await con.query(sql_text2);
await db.con.query('COMMIT;');
await con.query('COMMIT;');
await con.release();
}
model.warParticipation = async (user_id, house_id, decision) => {
......@@ -218,12 +242,16 @@ model.warParticipation = async (user_id, house_id, decision) => {
const sql_text2 = `INSERT INTO users_war (user_id, war_id, house_id, decision) VALUES (?, @current_war_id, ?, ?)
ON DUPLICATE KEY UPDATE decision = ?`;
await db.con.query('START TRANSACTION;');
let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await db.con.query(sql_text);
await db.con.query(sql_text2, [user_id, house_id, decision, decision]);
await con.query(sql_text);
await con.query(sql_text2, [user_id, house_id, decision, decision]);
await con.query('COMMIT;');
await db.con.query('COMMIT;');
await con.release();
}
model.getParticipation = async (house_id) => {
......@@ -233,7 +261,7 @@ model.getParticipation = async (house_id) => {
LEFT JOIN war_days as w ON w.id = uw.war_id
WHERE uw.house_id = ? AND w.completed = 0;`;
const data = await db.con.query(sql_text, [house_id]);
const data = await db.pool.query(sql_text, [house_id]);
return data;
}
......
......@@ -18,7 +18,7 @@ const HOUSE_ROLES = {
}
function checkPermissions(context, ROLE){
if(ROLE < context.user.lk_permission_level){
if(!hasHouseNoThrow(context) || ROLE < context.user.lk_permission_level){
context.throw(403, "No Permissions")
}
}
......@@ -38,6 +38,9 @@ function hasHouse(context){
context.throw(400, 'No house');
}
}
function hasHouseNoThrow(context){
return context.user.house_id;
}
router.get('/all', async (context, next) => {
try{
......@@ -301,7 +304,9 @@ authRouter.put('/', async (context, next) => {
});
authRouter.delete('/', async (context, next) => {
hasHouse(context);
checkPermissions(context, HOUSE_ROLES.lg);
console.log('asd')
try{
await houseModel.deleteHouse(context.user.house_id, context.user.id);
context.response.status = 204;
......
......@@ -8,7 +8,7 @@ const unit_columns = ['name', 'unit_type', 'stars', 'hp', 'pap', 'pd', 'sap', 's
unitModel.getAll = async () =>{
const sql_text = 'SELECT * FROM units ORDER BY name ASC;';
const data = await db.con.query(sql_text);
const data = await db.pool.query(sql_text);
return data
}
......@@ -22,7 +22,7 @@ unitModel.getUnit = async (term) =>{
}
unitModel.getUnitById = async (id) =>{
const sql_text = 'SELECT * FROM units WHERE id= ?;';
const data = await db.con.query(sql_text, [id]);
const data = await db.pool.query(sql_text, [id]);
if(!data[0]){
throw Error('Unit Not Found')
}
......@@ -31,7 +31,7 @@ unitModel.getUnitById = async (id) =>{
unitModel.getUnitByName = async(name) =>{
const sql_text = 'SELECT * FROM units WHERE name LIKE ?;';
const data = await db.con.query(sql_text, [`%${name}%`]);
const data = await db.pool.query(sql_text, [`%${name}%`]);
if(!data[0]){
throw Error('Unit Not Found')
}
......@@ -40,16 +40,16 @@ unitModel.getUnitByName = async(name) =>{
unitModel.insertUnit = async (body) =>{
let column_text = 'name';
let value_text = `${db.con.escape(body.name)}`;
let value_text = `${db.pool.escape(body.name)}`;
for (let i = 1; i < unit_columns.length; i++) {
const element = unit_columns[i];
if(body[element]!==undefined){
column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]);
value_text += ', ' + db.pool.escape(body[element]);
}
}
const sql_query = `INSERT INTO units (${column_text}) VALUES (${value_text});`;
const data = await db.con.query(sql_query);
const data = await db.pool.query(sql_query);
return data;
}
......@@ -61,9 +61,9 @@ unitModel.modifyUnit = async (id, body) => {
const element = unit_columns[i];
if(body[element]!==undefined && body[element]!==null){
if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`;
set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{
set_text += `, ${element} = ${db.con.escape(body[element])}`;
set_text += `, ${element} = ${db.pool.escape(body[element])}`;
}
}
}
......@@ -71,7 +71,7 @@ unitModel.modifyUnit = async (id, body) => {
throw Execption('No Update Arguments');
}
const sql_query = `UPDATE units SET ${set_text} WHERE id = ?;`;
const data = await db.con.query(sql_query, [id]);
const data = await db.pool.query(sql_query, [id]);
return data;
}
......
......@@ -10,12 +10,12 @@ const uu_columns = ['unit_level', 'elite_flg'];
userModel.getUserFromId = async (id) => {
const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE id = ? LIMIT 1;';
const data = await db.con.query(sql_text,[id]);
const data = await db.pool.query(sql_text,[id]);
return data[0];
}
userModel.getUserFromDiscord = async (discordId) =>{
const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE discord_id = ? LIMIT 1;';
const data = await db.con.query(sql_text, [discordId]);
const data = await db.pool.query(sql_text, [discordId]);
return data[0];
}
......@@ -33,7 +33,7 @@ userModel.getUserFullFromId = async (id) => {
FROM users as u
LEFT JOIN house_role_lk as r ON r.lk_key = u.lk_house_role
WHERE u.id = ? LIMIT 1;`;
const data = await db.con.query(sql_text, [id]);
const data = await db.pool.query(sql_text, [id]);
return data[0];
}
......@@ -44,7 +44,7 @@ userModel.getUserUnits = async(id) => {
LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_txt, [id]);
const data = await db.pool.query(sql_txt, [id]);
return data;
}
......@@ -57,7 +57,7 @@ userModel.getUserUnitsInverse = async(id) => {
LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC) as e ON e.uid = u.id
WHERE e.uid IS NULL;`
const data = await db.con.query(sql_txt, [id]);
const data = await db.pool.query(sql_txt, [id]);
return data;
}
......@@ -76,7 +76,7 @@ userModel.getUserUnitById = async (id, unit_id) =>{
LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? AND uu.unit_id = ? ORDER BY u.name ASC;`;
const data = await db.con.query(sql_text, [id, unit_id]);
const data = await db.pool.query(sql_text, [id, unit_id]);
if(!data[0]){
throw Error('Unit Not Found')
}
......@@ -89,7 +89,7 @@ userModel.getUserUnitByName = async(id, name) =>{
LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? AND u.name LIKE ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_text, [id, `%${name}%`]);
const data = await db.pool.query(sql_text, [id, `%${name}%`]);
if(!data[0]){
throw Error('Unit Not Found')
}
......@@ -100,18 +100,18 @@ userModel.assignUserUnit = async(id, unit_id, body) =>{
const unit = await unitModel.getUnitById(unit_id);
let column_text = 'user_id, unit_id';
let value_text = `${db.con.escape(id)}, ${db.con.escape(unit_id)}`
let value_text = `${db.pool.escape(id)}, ${db.pool.escape(unit_id)}`
if(body){
for (let i = 0; i < uu_columns.length; i++) {
const element = uu_columns[i];
if(body[element]!==undefined && body[element]!==null){
column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]);
value_text += ', ' + db.pool.escape(body[element]);
}
}
}
const sql_text = `INSERT INTO users_units (${column_text}) VALUES (${value_text});`
const data = await db.con.query(sql_text);
const data = await db.pool.query(sql_text);
}
userModel.modifyUserUnit = async(id, unit_id, body) =>{
......@@ -122,9 +122,9 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{
const element = uu_columns[i];
if(body[element]!==undefined && body[element]!==null){
if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`;
set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{
set_text += `, ${element} = ${db.con.escape(body[element])}`;
set_text += `, ${element} = ${db.pool.escape(body[element])}`;
}
}
}
......@@ -132,38 +132,38 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{
throw Error('No Params to Update')
}
const sql_text = `UPDATE users_units SET ${set_text} WHERE user_id = ? AND unit_id = ?`
const data = await db.con.query(sql_text, [id, unit_id]);
const data = await db.pool.query(sql_text, [id, unit_id]);
}
userModel.deleteUserUnit = async (id, unit_id) => {
const unit = await unitModel.getUnitById(unit_id);
const sql_text = `DELETE FROM users_units WHERE user_id = ? AND unit_id = ?;`
const data = await db.con.query(sql_text, [id, unit_id]);
const data = await db.pool.query(sql_text, [id, unit_id]);
}
userModel.addDiscordIdToUser = async (user_id, discord_id) =>{
const sql_text = 'UPDATE users SET discord_id = ? WHERE id = ?;';
const data = await db.con.query(sql_text, [discordId, user_id])
const data = await db.pool.query(sql_text, [discordId, user_id])
}
userModel.createUserWithDiscord = async (discord_id, username, password) =>{
const hashPassword = await crypto.hash(password);
const sql_text = 'INSERT INTO users (discord_id, username, password) VALUES (?, ?, ?);';
await db.con.query(sql_text, [discord_id, username, hashPassword]);
await db.pool.query(sql_text, [discord_id, username, hashPassword]);
}
userModel.registerUser = async (username, password) =>{
const hashPassword = await crypto.hash(password);
const sql_text = 'INSERT INTO users (username, password) VALUES (?, ?)';
await db.con.query(sql_text, [username, hashPassword])
await db.pool.query(sql_text, [username, hashPassword])
}
userModel.loginUser = async (username, password) =>{
const hashPassword = await crypto.hash(password);
const sql_text = 'SELECT id, username from users WHERE username = ? AND password = ?';
const data = await db.con.query(sql_text, [username, hashPassword]);
const data = await db.pool.query(sql_text, [username, hashPassword]);
return data[0];
}
......
......@@ -6,7 +6,7 @@ const crypto = require('./crypto');
async function discordAuth(context, id){
let sql_text = `SELECT TOP 1 * FROM users WHERE discordId='${id}'`;
try{
let data = await db.con.query(sql_text);
let data = await db.pool.query(sql_text);
console.log(data);
}catch(error){
console.log(error);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment