Skip to content

C
cbdiscord
Commit 2371b2e7 authored by Geovanny's avatar Geovanny
Browse files
Options

Fixes to db connection and house permissions

parent 06c1c5b9
Hide whitespace changes
Inline Side-by-side
Showing with 117 additions and 83 deletions
server/database/database.js
View file @ 2371b2e7
...@@ -5,15 +5,16 @@ const ENV = require('../settings'); ...@@ -5,15 +5,16 @@ const ENV = require('../settings');
const db = {} const db = {}
db.connectDB = async () =>{ db.connectDB = async () =>{
const connection = await MySQL.createConnection({ const pool = await MySQL.createPool({
host: ENV.DB_HOST, host: ENV.DB_HOST,
port: ENV.DB_PORT, port: ENV.DB_PORT,
user: ENV.DB_USER, user: ENV.DB_USER,
password: ENV.DB_PASS, password: ENV.DB_PASS,
database: ENV.DB_NAME database: ENV.DB_NAME,
connectionLimit: 10
}); });
console.log('Database connected'); console.log('Database connected');
db.con = connection; db.pool = pool;
} }
module.exports = db; module.exports = db;
\ No newline at end of file
server/house/model.js
View file @ 2371b2e7
...@@ -6,7 +6,7 @@ const h_columns = ['house_name', 'house_level', 'camp_location']; ...@@ -6,7 +6,7 @@ const h_columns = ['house_name', 'house_level', 'camp_location'];
async function checkHouseRequest(house_id, user_id){ async function checkHouseRequest(house_id, user_id){
const sql_exists = 'SELECT EXISTS(SELECT * FROM house_requests WHERE house_id = ? AND user_id = ?) as result;' const sql_exists = 'SELECT EXISTS(SELECT * FROM house_requests WHERE house_id = ? AND user_id = ?) as result;'
const exists = await db.con.query(sql_exists, [house_id , user_id]); const exists = await db.pool.query(sql_exists, [house_id , user_id]);
if(exists[0] && exists[0].result===0){ if(exists[0] && exists[0].result===0){
throw Error("Membership request not send for user's house") throw Error("Membership request not send for user's house")
} }
...@@ -16,7 +16,7 @@ model.getAll = async () => { ...@@ -16,7 +16,7 @@ model.getAll = async () => {
const sql_text = `SELECT h.*, u.username as liege_username const sql_text = `SELECT h.*, u.username as liege_username
FROM houses as h FROM houses as h
LEFT JOIN users as u on h.liege_id = u.id;`; LEFT JOIN users as u on h.liege_id = u.id;`;
const data = await db.con.query(sql_text); const data = await db.pool.query(sql_text);
return data; return data;
} }
...@@ -26,7 +26,7 @@ model.getHouse = async(house_id) => { ...@@ -26,7 +26,7 @@ model.getHouse = async(house_id) => {
FROM houses as h FROM houses as h
LEFT JOIN users as u on u.id = h.liege_id LEFT JOIN users as u on u.id = h.liege_id
WHERE h.id = ? LIMIT 1`; WHERE h.id = ? LIMIT 1`;
const data = await db.con.query(sql_text, house_id); const data = await db.pool.query(sql_text, house_id);
return data[0]; return data[0];
} }
...@@ -34,13 +34,13 @@ model.getHouse = async(house_id) => { ...@@ -34,13 +34,13 @@ model.getHouse = async(house_id) => {
model.insertHouse = async(body, liege_id) => { model.insertHouse = async(body, liege_id) => {
let column_text = 'liege_id'; let column_text = 'liege_id';
let value_text = `${db.con.escape(liege_id)}` let value_text = `${db.pool.escape(liege_id)}`
if(body){ if(body){
for (let i = 0; i < h_columns.length; i++) { for (let i = 0; i < h_columns.length; i++) {
const element = h_columns[i]; const element = h_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
column_text += ', ' + element; column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]); value_text += ', ' + db.pool.escape(body[element]);
} }
} }
} }
...@@ -52,13 +52,17 @@ model.insertHouse = async(body, liege_id) => { ...@@ -52,13 +52,17 @@ model.insertHouse = async(body, liege_id) => {
SET house_id = @house_id, lk_house_role = 'lg' SET house_id = @house_id, lk_house_role = 'lg'
WHERE id = ?;`; WHERE id = ?;`;
const aaa = await db.con.query('START TRANSACTION'); let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await con.query(sql_text);
await con.query(sql_text2, [liege_id])
await con.query(sql_text3, [liege_id]);
await db.con.query(sql_text); await con.query('COMMIT;');
await db.con.query(sql_text2, [liege_id])
await db.con.query(sql_text3, [liege_id]);
await db.con.query('COMMIT'); await con.release();
} }
model.modifyHouse = async(house_id, body) => { model.modifyHouse = async(house_id, body) => {
...@@ -69,9 +73,9 @@ model.modifyHouse = async(house_id, body) => { ...@@ -69,9 +73,9 @@ model.modifyHouse = async(house_id, body) => {
const element = h_columns[i]; const element = h_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
if(set_text===''){ if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`; set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{ }else{
set_text += `, ${element} = ${db.con.escape(body[element])}`; set_text += `, ${element} = ${db.pool.escape(body[element])}`;
} }
} }
} }
...@@ -80,37 +84,45 @@ model.modifyHouse = async(house_id, body) => { ...@@ -80,37 +84,45 @@ model.modifyHouse = async(house_id, body) => {
} }
const sql_text = `UPDATE houses SET ${set_text} WHERE id = ?` const sql_text = `UPDATE houses SET ${set_text} WHERE id = ?`
await db.con.query(sql_text, [house_id]); await db.pool.query(sql_text, [house_id]);
}; };
model.deleteHouse = async(house_id, liege_id) => { model.deleteHouse = async(house_id, liege_id) => {
const sql_text = 'DELETE FROM houses WHERE id = ?;'; const sql_text = 'DELETE FROM houses WHERE id = ?;';
const sql_text2 = 'UPDATE users SET lk_house_role = NULL where id = ?;' const sql_text2 = 'UPDATE users SET lk_house_role = NULL where id = ?;'
await db.con.query('START TRANSACTION;'); let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await con.query(sql_text, [house_id]);
await con.query(sql_text2, [liege_id]);
await db.con.query(sql_text, [house_id]); await con.query('COMMIT;');
await db.con.query(sql_text2, [liege_id]);
await db.con.query('COMMIT;') await con.release();
} }
model.sendRequest = async(house_id, user_id) => { model.sendRequest = async(house_id, user_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?'; const sql_text = 'DELETE FROM house_requests WHERE user_id = ?';
const sql_text2 = 'INSERT INTO house_requests (house_id, user_id) VALUES (?, ?)'; const sql_text2 = 'INSERT INTO house_requests (house_id, user_id) VALUES (?, ?)';
await db.con.query('START TRANSACTION;'); let con = await db.pool.getConnection();
await db.con.query(sql_text, [user_id]); await con.query('START TRANSACTION;');
await db.con.query(sql_text2, [house_id, user_id]);
await db.con.query('COMMIT;'); await con.query(sql_text, [user_id]);
await con.query(sql_text2, [house_id, user_id]);
await con.query('COMMIT;');
await con.release();
}; };
model.cancelRequests = async(user_id) => { model.cancelRequests = async(user_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?'; const sql_text = 'DELETE FROM house_requests WHERE user_id = ?';
await db.con.query(sql_text, [user_id]); await db.pool.query(sql_text, [user_id]);
} }
model.getHouseRequests = async(house_id) => { model.getHouseRequests = async(house_id) => {
...@@ -118,7 +130,7 @@ model.getHouseRequests = async(house_id) => { ...@@ -118,7 +130,7 @@ model.getHouseRequests = async(house_id) => {
FROM house_requests as hr FROM house_requests as hr
LEFT JOIN users as u ON u.id = hr.user_id LEFT JOIN users as u ON u.id = hr.user_id
WHERE hr.house_id = ?;` WHERE hr.house_id = ?;`
const data = await db.con.query(sql_text, [house_id]); const data = await db.pool.query(sql_text, [house_id]);
return data; return data;
} }
...@@ -128,12 +140,16 @@ model.acceptRequest = async(user_id, house_id) => { ...@@ -128,12 +140,16 @@ model.acceptRequest = async(user_id, house_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?;'; const sql_text = 'DELETE FROM house_requests WHERE user_id = ?;';
const sql_text2 = 'UPDATE users SET house_id = ?, lk_house_role = \'kng\' WHERE id = ?;'; const sql_text2 = 'UPDATE users SET house_id = ?, lk_house_role = \'kng\' WHERE id = ?;';
await db.con.query('START TRANSACTION;'); let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await db.con.query(sql_text, [user_id]); await con.query(sql_text, [user_id]);
await db.con.query(sql_text2, [house_id, user_id]); await con.query(sql_text2, [house_id, user_id]);
await db.con.query('COMMIT;'); await con.query('COMMIT;');
await con.release();
} }
model.rejectRequest = async(user_id, house_id) => { model.rejectRequest = async(user_id, house_id) => {
...@@ -141,19 +157,19 @@ model.rejectRequest = async(user_id, house_id) => { ...@@ -141,19 +157,19 @@ model.rejectRequest = async(user_id, house_id) => {
const sql_text = 'DELETE FROM house_requests WHERE user_id = ?;'; const sql_text = 'DELETE FROM house_requests WHERE user_id = ?;';
await db.con.query(sql_text, [user_id]); await db.pool.query(sql_text, [user_id]);
} }
model.deleteMember = async(user_id) => { model.deleteMember = async(user_id) => {
const sql_text = 'UPDATE users SET house_id = NULL, lk_house_role = NULL WHERE id = ? AND lk_house_role != \'lg\';'; const sql_text = 'UPDATE users SET house_id = NULL, lk_house_role = NULL WHERE id = ? AND lk_house_role != \'lg\';';
await db.con.query(sql_text, [user_id]); await db.pool.query(sql_text, [user_id]);
} }
model.leaveHouse = async(user_id) => { model.leaveHouse = async(user_id) => {
const sql_text = 'UPDATE users SET house_id = NULL, lk_house_role = NULL WHERE id = ?;'; const sql_text = 'UPDATE users SET house_id = NULL, lk_house_role = NULL WHERE id = ?;';
await db.con.query(sql_text, [user_id]); await db.pool.query(sql_text, [user_id]);
} }
model.getMembers = async(house_id) => { model.getMembers = async(house_id) => {
...@@ -162,26 +178,30 @@ model.getMembers = async(house_id) => { ...@@ -162,26 +178,30 @@ model.getMembers = async(house_id) => {
LEFT JOIN house_role_lk as hr ON hr.lk_key = u.lk_house_role LEFT JOIN house_role_lk as hr ON hr.lk_key = u.lk_house_role
WHERE u.house_id = ?;`; WHERE u.house_id = ?;`;
const data = await db.con.query(sql_text, [house_id]); const data = await db.pool.query(sql_text, [house_id]);
return data; return data;
} }
model.modifyMemberRole = async(member_id, role) => { model.modifyMemberRole = async(member_id, role) => {
const sql_text = 'UPDATE users SET lk_house_role = ? WHERE id = ?;'; const sql_text = 'UPDATE users SET lk_house_role = ? WHERE id = ?;';
await db.con.query(sql_text, [role, member_id]); await db.pool.query(sql_text, [role, member_id]);
} }
model.changeHouseLiege = async(liege_id, member_id) => { model.changeHouseLiege = async(liege_id, member_id) => {
const sql_text = `UPDATE users SET lk_house_role = 'kng' WHERE id = ?;`; const sql_text = `UPDATE users SET lk_house_role = 'kng' WHERE id = ?;`;
const sql_text2 = `UPDATE users SET lk_house_role = 'lg' WHERE id = ?;`; const sql_text2 = `UPDATE users SET lk_house_role = 'lg' WHERE id = ?;`;
await db.con.query('START TRANSACTION;') let con = await db.pool.getConnection();
await con.query('START TRANSACTION;')
await db.con.query(sql_text, [liege_id]); await con.query(sql_text, [liege_id]);
await db.con.query(sql_text2, [member_id]); await con.query(sql_text2, [member_id]);
await db.con.query('COMMIT;'); await con.query('COMMIT;');
await con.release();
} }
model.getMemberUnits = async(member_id) => { model.getMemberUnits = async(member_id) => {
...@@ -190,14 +210,14 @@ model.getMemberUnits = async(member_id) => { ...@@ -190,14 +210,14 @@ model.getMemberUnits = async(member_id) => {
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC;` WHERE us.id = ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_text, [member_id]); const data = await db.pool.query(sql_text, [member_id]);
return data; return data;
} }
model.getCurrentWar = async() => { model.getCurrentWar = async() => {
const sql_text = 'SELECT * FROM war_days WHERE completed = 0 LIMIT 1;' const sql_text = 'SELECT * FROM war_days WHERE completed = 0 LIMIT 1;'
const data = await db.con.query(sql_text); const data = await db.pool.query(sql_text);
return data[0]; return data[0];
} }
...@@ -205,12 +225,16 @@ model.insertNewWar = async() => { ...@@ -205,12 +225,16 @@ model.insertNewWar = async() => {
const sql_text = 'UPDATE war_days SET completed = 1;'; const sql_text = 'UPDATE war_days SET completed = 1;';
const sql_text2 = 'INSERT INTO war_days (day) VALUES (CURDATE());' const sql_text2 = 'INSERT INTO war_days (day) VALUES (CURDATE());'
await db.con.query('START TRANSACTION;'); let con = await db.pool.getConnection()
await con.query('START TRANSACTION;');
await db.con.query(sql_text); await con.query(sql_text);
await db.con.query(sql_text2); await con.query(sql_text2);
await db.con.query('COMMIT;'); await con.query('COMMIT;');
await con.release();
} }
model.warParticipation = async (user_id, house_id, decision) => { model.warParticipation = async (user_id, house_id, decision) => {
...@@ -218,12 +242,16 @@ model.warParticipation = async (user_id, house_id, decision) => { ...@@ -218,12 +242,16 @@ model.warParticipation = async (user_id, house_id, decision) => {
const sql_text2 = `INSERT INTO users_war (user_id, war_id, house_id, decision) VALUES (?, @current_war_id, ?, ?) const sql_text2 = `INSERT INTO users_war (user_id, war_id, house_id, decision) VALUES (?, @current_war_id, ?, ?)
ON DUPLICATE KEY UPDATE decision = ?`; ON DUPLICATE KEY UPDATE decision = ?`;
await db.con.query('START TRANSACTION;'); let con = await db.pool.getConnection();
await con.query('START TRANSACTION;');
await db.con.query(sql_text); await con.query(sql_text);
await db.con.query(sql_text2, [user_id, house_id, decision, decision]); await con.query(sql_text2, [user_id, house_id, decision, decision]);
await con.query('COMMIT;');
await db.con.query('COMMIT;'); await con.release();
} }
model.getParticipation = async (house_id) => { model.getParticipation = async (house_id) => {
...@@ -233,7 +261,7 @@ model.getParticipation = async (house_id) => { ...@@ -233,7 +261,7 @@ model.getParticipation = async (house_id) => {
LEFT JOIN war_days as w ON w.id = uw.war_id LEFT JOIN war_days as w ON w.id = uw.war_id
WHERE uw.house_id = ? AND w.completed = 0;`; WHERE uw.house_id = ? AND w.completed = 0;`;
const data = await db.con.query(sql_text, [house_id]); const data = await db.pool.query(sql_text, [house_id]);
return data; return data;
} }
......
server/house/route.js
View file @ 2371b2e7
...@@ -18,7 +18,7 @@ const HOUSE_ROLES = { ...@@ -18,7 +18,7 @@ const HOUSE_ROLES = {
} }
function checkPermissions(context, ROLE){ function checkPermissions(context, ROLE){
if(ROLE < context.user.lk_permission_level){ if(!hasHouseNoThrow(context) || ROLE < context.user.lk_permission_level){
context.throw(403, "No Permissions") context.throw(403, "No Permissions")
} }
} }
...@@ -38,6 +38,9 @@ function hasHouse(context){ ...@@ -38,6 +38,9 @@ function hasHouse(context){
context.throw(400, 'No house'); context.throw(400, 'No house');
} }
} }
function hasHouseNoThrow(context){
return context.user.house_id;
}
router.get('/all', async (context, next) => { router.get('/all', async (context, next) => {
try{ try{
...@@ -301,7 +304,9 @@ authRouter.put('/', async (context, next) => { ...@@ -301,7 +304,9 @@ authRouter.put('/', async (context, next) => {
}); });
authRouter.delete('/', async (context, next) => { authRouter.delete('/', async (context, next) => {
hasHouse(context);
checkPermissions(context, HOUSE_ROLES.lg); checkPermissions(context, HOUSE_ROLES.lg);
console.log('asd')
try{ try{
await houseModel.deleteHouse(context.user.house_id, context.user.id); await houseModel.deleteHouse(context.user.house_id, context.user.id);
context.response.status = 204; context.response.status = 204;
......
server/unit/model.js
View file @ 2371b2e7
...@@ -8,7 +8,7 @@ const unit_columns = ['name', 'unit_type', 'stars', 'hp', 'pap', 'pd', 'sap', 's ...@@ -8,7 +8,7 @@ const unit_columns = ['name', 'unit_type', 'stars', 'hp', 'pap', 'pd', 'sap', 's
unitModel.getAll = async () =>{ unitModel.getAll = async () =>{
const sql_text = 'SELECT * FROM units ORDER BY name ASC;'; const sql_text = 'SELECT * FROM units ORDER BY name ASC;';
const data = await db.con.query(sql_text); const data = await db.pool.query(sql_text);
return data return data
} }
...@@ -22,7 +22,7 @@ unitModel.getUnit = async (term) =>{ ...@@ -22,7 +22,7 @@ unitModel.getUnit = async (term) =>{
} }
unitModel.getUnitById = async (id) =>{ unitModel.getUnitById = async (id) =>{
const sql_text = 'SELECT * FROM units WHERE id= ?;'; const sql_text = 'SELECT * FROM units WHERE id= ?;';
const data = await db.con.query(sql_text, [id]); const data = await db.pool.query(sql_text, [id]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -31,7 +31,7 @@ unitModel.getUnitById = async (id) =>{ ...@@ -31,7 +31,7 @@ unitModel.getUnitById = async (id) =>{
unitModel.getUnitByName = async(name) =>{ unitModel.getUnitByName = async(name) =>{
const sql_text = 'SELECT * FROM units WHERE name LIKE ?;'; const sql_text = 'SELECT * FROM units WHERE name LIKE ?;';
const data = await db.con.query(sql_text, [`%${name}%`]); const data = await db.pool.query(sql_text, [`%${name}%`]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -40,16 +40,16 @@ unitModel.getUnitByName = async(name) =>{ ...@@ -40,16 +40,16 @@ unitModel.getUnitByName = async(name) =>{
unitModel.insertUnit = async (body) =>{ unitModel.insertUnit = async (body) =>{
let column_text = 'name'; let column_text = 'name';
let value_text = `${db.con.escape(body.name)}`; let value_text = `${db.pool.escape(body.name)}`;
for (let i = 1; i < unit_columns.length; i++) { for (let i = 1; i < unit_columns.length; i++) {
const element = unit_columns[i]; const element = unit_columns[i];
if(body[element]!==undefined){ if(body[element]!==undefined){
column_text += ', ' + element; column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]); value_text += ', ' + db.pool.escape(body[element]);
} }
} }
const sql_query = `INSERT INTO units (${column_text}) VALUES (${value_text});`; const sql_query = `INSERT INTO units (${column_text}) VALUES (${value_text});`;
const data = await db.con.query(sql_query); const data = await db.pool.query(sql_query);
return data; return data;
} }
...@@ -61,9 +61,9 @@ unitModel.modifyUnit = async (id, body) => { ...@@ -61,9 +61,9 @@ unitModel.modifyUnit = async (id, body) => {
const element = unit_columns[i]; const element = unit_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
if(set_text===''){ if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`; set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{ }else{
set_text += `, ${element} = ${db.con.escape(body[element])}`; set_text += `, ${element} = ${db.pool.escape(body[element])}`;
} }
} }
} }
...@@ -71,7 +71,7 @@ unitModel.modifyUnit = async (id, body) => { ...@@ -71,7 +71,7 @@ unitModel.modifyUnit = async (id, body) => {
throw Execption('No Update Arguments'); throw Execption('No Update Arguments');
} }
const sql_query = `UPDATE units SET ${set_text} WHERE id = ?;`; const sql_query = `UPDATE units SET ${set_text} WHERE id = ?;`;
const data = await db.con.query(sql_query, [id]); const data = await db.pool.query(sql_query, [id]);
return data; return data;
} }
......
server/user/model.js
View file @ 2371b2e7
...@@ -10,12 +10,12 @@ const uu_columns = ['unit_level', 'elite_flg']; ...@@ -10,12 +10,12 @@ const uu_columns = ['unit_level', 'elite_flg'];
userModel.getUserFromId = async (id) => { userModel.getUserFromId = async (id) => {
const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE id = ? LIMIT 1;'; const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE id = ? LIMIT 1;';
const data = await db.con.query(sql_text,[id]); const data = await db.pool.query(sql_text,[id]);
return data[0]; return data[0];
} }
userModel.getUserFromDiscord = async (discordId) =>{ userModel.getUserFromDiscord = async (discordId) =>{
const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE discord_id = ? LIMIT 1;'; const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE discord_id = ? LIMIT 1;';
const data = await db.con.query(sql_text, [discordId]); const data = await db.pool.query(sql_text, [discordId]);
return data[0]; return data[0];
} }
...@@ -33,7 +33,7 @@ userModel.getUserFullFromId = async (id) => { ...@@ -33,7 +33,7 @@ userModel.getUserFullFromId = async (id) => {
FROM users as u FROM users as u
LEFT JOIN house_role_lk as r ON r.lk_key = u.lk_house_role LEFT JOIN house_role_lk as r ON r.lk_key = u.lk_house_role
WHERE u.id = ? LIMIT 1;`; WHERE u.id = ? LIMIT 1;`;
const data = await db.con.query(sql_text, [id]); const data = await db.pool.query(sql_text, [id]);
return data[0]; return data[0];
} }
...@@ -44,7 +44,7 @@ userModel.getUserUnits = async(id) => { ...@@ -44,7 +44,7 @@ userModel.getUserUnits = async(id) => {
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC;` WHERE us.id = ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_txt, [id]); const data = await db.pool.query(sql_txt, [id]);
return data; return data;
} }
...@@ -57,7 +57,7 @@ userModel.getUserUnitsInverse = async(id) => { ...@@ -57,7 +57,7 @@ userModel.getUserUnitsInverse = async(id) => {
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC) as e ON e.uid = u.id WHERE us.id = ? ORDER BY u.name ASC) as e ON e.uid = u.id
WHERE e.uid IS NULL;` WHERE e.uid IS NULL;`
const data = await db.con.query(sql_txt, [id]); const data = await db.pool.query(sql_txt, [id]);
return data; return data;
} }
...@@ -76,7 +76,7 @@ userModel.getUserUnitById = async (id, unit_id) =>{ ...@@ -76,7 +76,7 @@ userModel.getUserUnitById = async (id, unit_id) =>{
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? AND uu.unit_id = ? ORDER BY u.name ASC;`; WHERE us.id = ? AND uu.unit_id = ? ORDER BY u.name ASC;`;
const data = await db.con.query(sql_text, [id, unit_id]); const data = await db.pool.query(sql_text, [id, unit_id]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -89,7 +89,7 @@ userModel.getUserUnitByName = async(id, name) =>{ ...@@ -89,7 +89,7 @@ userModel.getUserUnitByName = async(id, name) =>{
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? AND u.name LIKE ? ORDER BY u.name ASC;` WHERE us.id = ? AND u.name LIKE ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_text, [id, `%${name}%`]); const data = await db.pool.query(sql_text, [id, `%${name}%`]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -100,18 +100,18 @@ userModel.assignUserUnit = async(id, unit_id, body) =>{ ...@@ -100,18 +100,18 @@ userModel.assignUserUnit = async(id, unit_id, body) =>{
const unit = await unitModel.getUnitById(unit_id); const unit = await unitModel.getUnitById(unit_id);
let column_text = 'user_id, unit_id'; let column_text = 'user_id, unit_id';
let value_text = `${db.con.escape(id)}, ${db.con.escape(unit_id)}` let value_text = `${db.pool.escape(id)}, ${db.pool.escape(unit_id)}`
if(body){ if(body){
for (let i = 0; i < uu_columns.length; i++) { for (let i = 0; i < uu_columns.length; i++) {
const element = uu_columns[i]; const element = uu_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
column_text += ', ' + element; column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]); value_text += ', ' + db.pool.escape(body[element]);
} }
} }
} }
const sql_text = `INSERT INTO users_units (${column_text}) VALUES (${value_text});` const sql_text = `INSERT INTO users_units (${column_text}) VALUES (${value_text});`
const data = await db.con.query(sql_text); const data = await db.pool.query(sql_text);
} }
userModel.modifyUserUnit = async(id, unit_id, body) =>{ userModel.modifyUserUnit = async(id, unit_id, body) =>{
...@@ -122,9 +122,9 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{ ...@@ -122,9 +122,9 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{
const element = uu_columns[i]; const element = uu_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
if(set_text===''){ if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`; set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{ }else{
set_text += `, ${element} = ${db.con.escape(body[element])}`; set_text += `, ${element} = ${db.pool.escape(body[element])}`;
} }
} }
} }
...@@ -132,38 +132,38 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{ ...@@ -132,38 +132,38 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{
throw Error('No Params to Update') throw Error('No Params to Update')
} }
const sql_text = `UPDATE users_units SET ${set_text} WHERE user_id = ? AND unit_id = ?` const sql_text = `UPDATE users_units SET ${set_text} WHERE user_id = ? AND unit_id = ?`
const data = await db.con.query(sql_text, [id, unit_id]); const data = await db.pool.query(sql_text, [id, unit_id]);
} }
userModel.deleteUserUnit = async (id, unit_id) => { userModel.deleteUserUnit = async (id, unit_id) => {
const unit = await unitModel.getUnitById(unit_id); const unit = await unitModel.getUnitById(unit_id);
const sql_text = `DELETE FROM users_units WHERE user_id = ? AND unit_id = ?;` const sql_text = `DELETE FROM users_units WHERE user_id = ? AND unit_id = ?;`
const data = await db.con.query(sql_text, [id, unit_id]); const data = await db.pool.query(sql_text, [id, unit_id]);
} }
userModel.addDiscordIdToUser = async (user_id, discord_id) =>{ userModel.addDiscordIdToUser = async (user_id, discord_id) =>{
const sql_text = 'UPDATE users SET discord_id = ? WHERE id = ?;'; const sql_text = 'UPDATE users SET discord_id = ? WHERE id = ?;';
const data = await db.con.query(sql_text, [discordId, user_id]) const data = await db.pool.query(sql_text, [discordId, user_id])
} }
userModel.createUserWithDiscord = async (discord_id, username, password) =>{ userModel.createUserWithDiscord = async (discord_id, username, password) =>{
const hashPassword = await crypto.hash(password); const hashPassword = await crypto.hash(password);
const sql_text = 'INSERT INTO users (discord_id, username, password) VALUES (?, ?, ?);'; const sql_text = 'INSERT INTO users (discord_id, username, password) VALUES (?, ?, ?);';
await db.con.query(sql_text, [discord_id, username, hashPassword]); await db.pool.query(sql_text, [discord_id, username, hashPassword]);
} }
userModel.registerUser = async (username, password) =>{ userModel.registerUser = async (username, password) =>{
const hashPassword = await crypto.hash(password); const hashPassword = await crypto.hash(password);
const sql_text = 'INSERT INTO users (username, password) VALUES (?, ?)'; const sql_text = 'INSERT INTO users (username, password) VALUES (?, ?)';
await db.con.query(sql_text, [username, hashPassword]) await db.pool.query(sql_text, [username, hashPassword])
} }
userModel.loginUser = async (username, password) =>{ userModel.loginUser = async (username, password) =>{
const hashPassword = await crypto.hash(password); const hashPassword = await crypto.hash(password);
const sql_text = 'SELECT id, username from users WHERE username = ? AND password = ?'; const sql_text = 'SELECT id, username from users WHERE username = ? AND password = ?';
const data = await db.con.query(sql_text, [username, hashPassword]); const data = await db.pool.query(sql_text, [username, hashPassword]);
return data[0]; return data[0];
} }
......
server/util/auth.js
View file @ 2371b2e7
...@@ -6,7 +6,7 @@ const crypto = require('./crypto'); ...@@ -6,7 +6,7 @@ const crypto = require('./crypto');
async function discordAuth(context, id){ async function discordAuth(context, id){
let sql_text = `SELECT TOP 1 * FROM users WHERE discordId='${id}'`; let sql_text = `SELECT TOP 1 * FROM users WHERE discordId='${id}'`;
try{ try{
let data = await db.con.query(sql_text); let data = await db.pool.query(sql_text);
console.log(data); console.log(data);
}catch(error){ }catch(error){
console.log(error); console.log(error);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment