Some improvements

2025-08-08 19:39:40 +08:00 · 2022-03-29 17:38:48 +08:00
parent 12237dec6e
commit 0da6e6b1fb
8 changed files with 188 additions and 71 deletions
--- a/server/util-server.js
+++ b/server/util-server.js
@@ -1,9 +1,8 @@
 const tcpp = require("tcp-ping");
 const Ping = require("./ping-lite");
 const { R } = require("redbean-node");
-const { debug } = require("../src/util");
+const { debug, genSecret } = require("../src/util");
 const passwordHash = require("./password-hash");
-const dayjs = require("dayjs");
 const { Resolver } = require("dns");
 const child_process = require("child_process");
 const iconv = require("iconv-lite");
@@ -32,7 +31,7 @@ exports.initJWTSecret = async () => {
        jwtSecretBean.key = "jwtSecret";
    }

-    jwtSecretBean.value = passwordHash.generate(dayjs() + "");
+    jwtSecretBean.value = passwordHash.generate(genSecret());
    await R.store(jwtSecretBean);
    return jwtSecretBean;
 };
@@ -321,6 +320,28 @@ exports.checkLogin = (socket) => {
    }
 };

+/**
+ * For logged-in users, double-check the password
+ * @param socket
+ * @param currentPassword
+ * @returns {Promise<Bean>}
+ */
+exports.doubleCheckPassword = async (socket, currentPassword) => {
+    if (typeof currentPassword !== "string") {
+        throw new Error("Wrong data type?");
+    }
+
+    let user = await R.findOne("user", " id = ? AND active = 1 ", [
+        socket.userID,
+    ]);
+
+    if (!user || !passwordHash.verify(currentPassword, user.password)) {
+        throw new Error("Incorrect current password");
+    }
+
+    return user;
+};
+
 exports.startUnitTest = async () => {
    console.log("Starting unit test...");
    const npm = /^win/.test(process.platform) ? "npm.cmd" : "npm";