Commit 2371b2e7 authored by Geovanny's avatar Geovanny

Fixes to db connection and house permissions

parent 06c1c5b9
...@@ -5,15 +5,16 @@ const ENV = require('../settings'); ...@@ -5,15 +5,16 @@ const ENV = require('../settings');
const db = {} const db = {}
db.connectDB = async () =>{ db.connectDB = async () =>{
const connection = await MySQL.createConnection({ const pool = await MySQL.createPool({
host: ENV.DB_HOST, host: ENV.DB_HOST,
port: ENV.DB_PORT, port: ENV.DB_PORT,
user: ENV.DB_USER, user: ENV.DB_USER,
password: ENV.DB_PASS, password: ENV.DB_PASS,
database: ENV.DB_NAME database: ENV.DB_NAME,
connectionLimit: 10
}); });
console.log('Database connected'); console.log('Database connected');
db.con = connection; db.pool = pool;
} }
module.exports = db; module.exports = db;
\ No newline at end of file
This diff is collapsed.
...@@ -18,7 +18,7 @@ const HOUSE_ROLES = { ...@@ -18,7 +18,7 @@ const HOUSE_ROLES = {
} }
function checkPermissions(context, ROLE){ function checkPermissions(context, ROLE){
if(ROLE < context.user.lk_permission_level){ if(!hasHouseNoThrow(context) || ROLE < context.user.lk_permission_level){
context.throw(403, "No Permissions") context.throw(403, "No Permissions")
} }
} }
...@@ -38,6 +38,9 @@ function hasHouse(context){ ...@@ -38,6 +38,9 @@ function hasHouse(context){
context.throw(400, 'No house'); context.throw(400, 'No house');
} }
} }
function hasHouseNoThrow(context){
return context.user.house_id;
}
router.get('/all', async (context, next) => { router.get('/all', async (context, next) => {
try{ try{
...@@ -301,7 +304,9 @@ authRouter.put('/', async (context, next) => { ...@@ -301,7 +304,9 @@ authRouter.put('/', async (context, next) => {
}); });
authRouter.delete('/', async (context, next) => { authRouter.delete('/', async (context, next) => {
hasHouse(context);
checkPermissions(context, HOUSE_ROLES.lg); checkPermissions(context, HOUSE_ROLES.lg);
console.log('asd')
try{ try{
await houseModel.deleteHouse(context.user.house_id, context.user.id); await houseModel.deleteHouse(context.user.house_id, context.user.id);
context.response.status = 204; context.response.status = 204;
......
...@@ -8,7 +8,7 @@ const unit_columns = ['name', 'unit_type', 'stars', 'hp', 'pap', 'pd', 'sap', 's ...@@ -8,7 +8,7 @@ const unit_columns = ['name', 'unit_type', 'stars', 'hp', 'pap', 'pd', 'sap', 's
unitModel.getAll = async () =>{ unitModel.getAll = async () =>{
const sql_text = 'SELECT * FROM units ORDER BY name ASC;'; const sql_text = 'SELECT * FROM units ORDER BY name ASC;';
const data = await db.con.query(sql_text); const data = await db.pool.query(sql_text);
return data return data
} }
...@@ -22,7 +22,7 @@ unitModel.getUnit = async (term) =>{ ...@@ -22,7 +22,7 @@ unitModel.getUnit = async (term) =>{
} }
unitModel.getUnitById = async (id) =>{ unitModel.getUnitById = async (id) =>{
const sql_text = 'SELECT * FROM units WHERE id= ?;'; const sql_text = 'SELECT * FROM units WHERE id= ?;';
const data = await db.con.query(sql_text, [id]); const data = await db.pool.query(sql_text, [id]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -31,7 +31,7 @@ unitModel.getUnitById = async (id) =>{ ...@@ -31,7 +31,7 @@ unitModel.getUnitById = async (id) =>{
unitModel.getUnitByName = async(name) =>{ unitModel.getUnitByName = async(name) =>{
const sql_text = 'SELECT * FROM units WHERE name LIKE ?;'; const sql_text = 'SELECT * FROM units WHERE name LIKE ?;';
const data = await db.con.query(sql_text, [`%${name}%`]); const data = await db.pool.query(sql_text, [`%${name}%`]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -40,16 +40,16 @@ unitModel.getUnitByName = async(name) =>{ ...@@ -40,16 +40,16 @@ unitModel.getUnitByName = async(name) =>{
unitModel.insertUnit = async (body) =>{ unitModel.insertUnit = async (body) =>{
let column_text = 'name'; let column_text = 'name';
let value_text = `${db.con.escape(body.name)}`; let value_text = `${db.pool.escape(body.name)}`;
for (let i = 1; i < unit_columns.length; i++) { for (let i = 1; i < unit_columns.length; i++) {
const element = unit_columns[i]; const element = unit_columns[i];
if(body[element]!==undefined){ if(body[element]!==undefined){
column_text += ', ' + element; column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]); value_text += ', ' + db.pool.escape(body[element]);
} }
} }
const sql_query = `INSERT INTO units (${column_text}) VALUES (${value_text});`; const sql_query = `INSERT INTO units (${column_text}) VALUES (${value_text});`;
const data = await db.con.query(sql_query); const data = await db.pool.query(sql_query);
return data; return data;
} }
...@@ -61,9 +61,9 @@ unitModel.modifyUnit = async (id, body) => { ...@@ -61,9 +61,9 @@ unitModel.modifyUnit = async (id, body) => {
const element = unit_columns[i]; const element = unit_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
if(set_text===''){ if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`; set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{ }else{
set_text += `, ${element} = ${db.con.escape(body[element])}`; set_text += `, ${element} = ${db.pool.escape(body[element])}`;
} }
} }
} }
...@@ -71,7 +71,7 @@ unitModel.modifyUnit = async (id, body) => { ...@@ -71,7 +71,7 @@ unitModel.modifyUnit = async (id, body) => {
throw Execption('No Update Arguments'); throw Execption('No Update Arguments');
} }
const sql_query = `UPDATE units SET ${set_text} WHERE id = ?;`; const sql_query = `UPDATE units SET ${set_text} WHERE id = ?;`;
const data = await db.con.query(sql_query, [id]); const data = await db.pool.query(sql_query, [id]);
return data; return data;
} }
......
...@@ -10,12 +10,12 @@ const uu_columns = ['unit_level', 'elite_flg']; ...@@ -10,12 +10,12 @@ const uu_columns = ['unit_level', 'elite_flg'];
userModel.getUserFromId = async (id) => { userModel.getUserFromId = async (id) => {
const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE id = ? LIMIT 1;'; const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE id = ? LIMIT 1;';
const data = await db.con.query(sql_text,[id]); const data = await db.pool.query(sql_text,[id]);
return data[0]; return data[0];
} }
userModel.getUserFromDiscord = async (discordId) =>{ userModel.getUserFromDiscord = async (discordId) =>{
const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE discord_id = ? LIMIT 1;'; const sql_text = 'SELECT id, discord_id, house_id, leadership FROM users WHERE discord_id = ? LIMIT 1;';
const data = await db.con.query(sql_text, [discordId]); const data = await db.pool.query(sql_text, [discordId]);
return data[0]; return data[0];
} }
...@@ -33,7 +33,7 @@ userModel.getUserFullFromId = async (id) => { ...@@ -33,7 +33,7 @@ userModel.getUserFullFromId = async (id) => {
FROM users as u FROM users as u
LEFT JOIN house_role_lk as r ON r.lk_key = u.lk_house_role LEFT JOIN house_role_lk as r ON r.lk_key = u.lk_house_role
WHERE u.id = ? LIMIT 1;`; WHERE u.id = ? LIMIT 1;`;
const data = await db.con.query(sql_text, [id]); const data = await db.pool.query(sql_text, [id]);
return data[0]; return data[0];
} }
...@@ -44,7 +44,7 @@ userModel.getUserUnits = async(id) => { ...@@ -44,7 +44,7 @@ userModel.getUserUnits = async(id) => {
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC;` WHERE us.id = ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_txt, [id]); const data = await db.pool.query(sql_txt, [id]);
return data; return data;
} }
...@@ -57,7 +57,7 @@ userModel.getUserUnitsInverse = async(id) => { ...@@ -57,7 +57,7 @@ userModel.getUserUnitsInverse = async(id) => {
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? ORDER BY u.name ASC) as e ON e.uid = u.id WHERE us.id = ? ORDER BY u.name ASC) as e ON e.uid = u.id
WHERE e.uid IS NULL;` WHERE e.uid IS NULL;`
const data = await db.con.query(sql_txt, [id]); const data = await db.pool.query(sql_txt, [id]);
return data; return data;
} }
...@@ -76,7 +76,7 @@ userModel.getUserUnitById = async (id, unit_id) =>{ ...@@ -76,7 +76,7 @@ userModel.getUserUnitById = async (id, unit_id) =>{
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? AND uu.unit_id = ? ORDER BY u.name ASC;`; WHERE us.id = ? AND uu.unit_id = ? ORDER BY u.name ASC;`;
const data = await db.con.query(sql_text, [id, unit_id]); const data = await db.pool.query(sql_text, [id, unit_id]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -89,7 +89,7 @@ userModel.getUserUnitByName = async(id, name) =>{ ...@@ -89,7 +89,7 @@ userModel.getUserUnitByName = async(id, name) =>{
LEFT JOIN users_units as uu ON us.id = uu.user_id LEFT JOIN users_units as uu ON us.id = uu.user_id
LEFT JOIN units as u ON uu.unit_id = u.id LEFT JOIN units as u ON uu.unit_id = u.id
WHERE us.id = ? AND u.name LIKE ? ORDER BY u.name ASC;` WHERE us.id = ? AND u.name LIKE ? ORDER BY u.name ASC;`
const data = await db.con.query(sql_text, [id, `%${name}%`]); const data = await db.pool.query(sql_text, [id, `%${name}%`]);
if(!data[0]){ if(!data[0]){
throw Error('Unit Not Found') throw Error('Unit Not Found')
} }
...@@ -100,18 +100,18 @@ userModel.assignUserUnit = async(id, unit_id, body) =>{ ...@@ -100,18 +100,18 @@ userModel.assignUserUnit = async(id, unit_id, body) =>{
const unit = await unitModel.getUnitById(unit_id); const unit = await unitModel.getUnitById(unit_id);
let column_text = 'user_id, unit_id'; let column_text = 'user_id, unit_id';
let value_text = `${db.con.escape(id)}, ${db.con.escape(unit_id)}` let value_text = `${db.pool.escape(id)}, ${db.pool.escape(unit_id)}`
if(body){ if(body){
for (let i = 0; i < uu_columns.length; i++) { for (let i = 0; i < uu_columns.length; i++) {
const element = uu_columns[i]; const element = uu_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
column_text += ', ' + element; column_text += ', ' + element;
value_text += ', ' + db.con.escape(body[element]); value_text += ', ' + db.pool.escape(body[element]);
} }
} }
} }
const sql_text = `INSERT INTO users_units (${column_text}) VALUES (${value_text});` const sql_text = `INSERT INTO users_units (${column_text}) VALUES (${value_text});`
const data = await db.con.query(sql_text); const data = await db.pool.query(sql_text);
} }
userModel.modifyUserUnit = async(id, unit_id, body) =>{ userModel.modifyUserUnit = async(id, unit_id, body) =>{
...@@ -122,9 +122,9 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{ ...@@ -122,9 +122,9 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{
const element = uu_columns[i]; const element = uu_columns[i];
if(body[element]!==undefined && body[element]!==null){ if(body[element]!==undefined && body[element]!==null){
if(set_text===''){ if(set_text===''){
set_text += `${element} = ${db.con.escape(body[element])}`; set_text += `${element} = ${db.pool.escape(body[element])}`;
}else{ }else{
set_text += `, ${element} = ${db.con.escape(body[element])}`; set_text += `, ${element} = ${db.pool.escape(body[element])}`;
} }
} }
} }
...@@ -132,38 +132,38 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{ ...@@ -132,38 +132,38 @@ userModel.modifyUserUnit = async(id, unit_id, body) =>{
throw Error('No Params to Update') throw Error('No Params to Update')
} }
const sql_text = `UPDATE users_units SET ${set_text} WHERE user_id = ? AND unit_id = ?` const sql_text = `UPDATE users_units SET ${set_text} WHERE user_id = ? AND unit_id = ?`
const data = await db.con.query(sql_text, [id, unit_id]); const data = await db.pool.query(sql_text, [id, unit_id]);
} }
userModel.deleteUserUnit = async (id, unit_id) => { userModel.deleteUserUnit = async (id, unit_id) => {
const unit = await unitModel.getUnitById(unit_id); const unit = await unitModel.getUnitById(unit_id);
const sql_text = `DELETE FROM users_units WHERE user_id = ? AND unit_id = ?;` const sql_text = `DELETE FROM users_units WHERE user_id = ? AND unit_id = ?;`
const data = await db.con.query(sql_text, [id, unit_id]); const data = await db.pool.query(sql_text, [id, unit_id]);
} }
userModel.addDiscordIdToUser = async (user_id, discord_id) =>{ userModel.addDiscordIdToUser = async (user_id, discord_id) =>{
const sql_text = 'UPDATE users SET discord_id = ? WHERE id = ?;'; const sql_text = 'UPDATE users SET discord_id = ? WHERE id = ?;';
const data = await db.con.query(sql_text, [discordId, user_id]) const data = await db.pool.query(sql_text, [discordId, user_id])
} }
userModel.createUserWithDiscord = async (discord_id, username, password) =>{ userModel.createUserWithDiscord = async (discord_id, username, password) =>{
const hashPassword = await crypto.hash(password); const hashPassword = await crypto.hash(password);
const sql_text = 'INSERT INTO users (discord_id, username, password) VALUES (?, ?, ?);'; const sql_text = 'INSERT INTO users (discord_id, username, password) VALUES (?, ?, ?);';
await db.con.query(sql_text, [discord_id, username, hashPassword]); await db.pool.query(sql_text, [discord_id, username, hashPassword]);
} }
userModel.registerUser = async (username, password) =>{ userModel.registerUser = async (username, password) =>{
const hashPassword = await crypto.hash(password); const hashPassword = await crypto.hash(password);
const sql_text = 'INSERT INTO users (username, password) VALUES (?, ?)'; const sql_text = 'INSERT INTO users (username, password) VALUES (?, ?)';
await db.con.query(sql_text, [username, hashPassword]) await db.pool.query(sql_text, [username, hashPassword])
} }
userModel.loginUser = async (username, password) =>{ userModel.loginUser = async (username, password) =>{
const hashPassword = await crypto.hash(password); const hashPassword = await crypto.hash(password);
const sql_text = 'SELECT id, username from users WHERE username = ? AND password = ?'; const sql_text = 'SELECT id, username from users WHERE username = ? AND password = ?';
const data = await db.con.query(sql_text, [username, hashPassword]); const data = await db.pool.query(sql_text, [username, hashPassword]);
return data[0]; return data[0];
} }
......
...@@ -6,7 +6,7 @@ const crypto = require('./crypto'); ...@@ -6,7 +6,7 @@ const crypto = require('./crypto');
async function discordAuth(context, id){ async function discordAuth(context, id){
let sql_text = `SELECT TOP 1 * FROM users WHERE discordId='${id}'`; let sql_text = `SELECT TOP 1 * FROM users WHERE discordId='${id}'`;
try{ try{
let data = await db.con.query(sql_text); let data = await db.pool.query(sql_text);
console.log(data); console.log(data);
}catch(error){ }catch(error){
console.log(error); console.log(error);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment