diff --git a/src/functions/database/save_temp_token.ts b/src/functions/database/save_temp_token.ts index 31711ea..9bd9d49 100644 --- a/src/functions/database/save_temp_token.ts +++ b/src/functions/database/save_temp_token.ts @@ -1,13 +1,20 @@ import { Request, Response } from 'express'; import { dbConnect, temp_token } from 'solun-database-package' +import { getJWTData } from '../../utils/jwt'; export async function handleSaveTempTokenDatabaseRequest(req: Request, res: Response) { try { const requestData = await req.body; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = requestData.user_id; + let user_id = jwt_data.user_id; let fqe = requestData.fqe; let service = requestData.service; let tempToken = requestData.token; diff --git a/src/functions/two_factor/disable.ts b/src/functions/two_factor/disable.ts index f2bcaea..67c9b71 100644 --- a/src/functions/two_factor/disable.ts +++ b/src/functions/two_factor/disable.ts @@ -1,15 +1,18 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User } from 'solun-database-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleDisableTwoFactorRequest(req: Request, res: Response) { try { - const requestData = req.body; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; - await dbConnect(); + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } - let user_id = requestData.user_id; + await dbConnect(); - const user = await findOneDocument(User, { user_id: user_id }); + const user = await findOneDocument(User, { user_id: jwt_data.user_id }); if (!user) { return res.status(400).json({ message: 'User doest not exist or password is incorrect' }); @@ -17,7 +20,7 @@ export async function handleDisableTwoFactorRequest(req: Request, res: Response) await updateOneDocument( User, - { user_id: user_id }, + { user_id: jwt_data.user_id }, { two_fa: false, two_fa_secret: "" } ); diff --git a/src/functions/two_factor/enable.ts b/src/functions/two_factor/enable.ts index 53b3672..a268086 100644 --- a/src/functions/two_factor/enable.ts +++ b/src/functions/two_factor/enable.ts @@ -1,16 +1,22 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User } from 'solun-database-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleEnableTwoFactorRequest(req: Request, res: Response) { try { const requestData = req.body; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = requestData.user_id; let secret = requestData.secret; - const user = await findOneDocument(User, { user_id: user_id }); + const user = await findOneDocument(User, { user_id: jwt_data.user_id }); if (!user) { return res.status(400).json({ message: 'User doest not exist or password is incorrect' }); @@ -18,7 +24,7 @@ export async function handleEnableTwoFactorRequest(req: Request, res: Response) await updateOneDocument( User, - { user_id: user_id }, + { user_id: jwt_data.user_id }, { two_fa: true, two_fa_secret: secret } ); diff --git a/src/functions/user/alias/add_alias.ts b/src/functions/user/alias/add_alias.ts index 1d47e7e..a1bfda3 100644 --- a/src/functions/user/alias/add_alias.ts +++ b/src/functions/user/alias/add_alias.ts @@ -3,9 +3,16 @@ import { dbConnect, findOneDocument, findOneCASEDocument, User, User_Aliases, Us import { isValidEmail } from 'solun-general-package'; const { SolunApiClient } = require("../../../mail/mail"); import { checkPlanCaps } from '../../../plans/check'; +import { getJWTData } from '../../../utils/jwt'; export async function handleCreateAliasRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } await dbConnect(); @@ -14,7 +21,7 @@ export async function handleCreateAliasRequest(req: Request, res: Response) { process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let aliasName = req.body.aliasName; let domain = req.body.domain; let goto = req.body.goto; diff --git a/src/functions/user/alias/alias_active_switch.ts b/src/functions/user/alias/alias_active_switch.ts index 1e4e7ae..3034daf 100644 --- a/src/functions/user/alias/alias_active_switch.ts +++ b/src/functions/user/alias/alias_active_switch.ts @@ -1,9 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User, User_Aliases } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleSwitchStateAliasRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -11,7 +19,7 @@ export async function handleSwitchStateAliasRequest(req: Request, res: Response) process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let fqa = req.body.fqa; let alias_state = req.body.alias_state; diff --git a/src/functions/user/alias/delete_alias.ts b/src/functions/user/alias/delete_alias.ts index 200e8fc..e44c9d2 100644 --- a/src/functions/user/alias/delete_alias.ts +++ b/src/functions/user/alias/delete_alias.ts @@ -1,9 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, deleteOneDocument, User, User_Aliases } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleDeleteAliasRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -11,7 +19,7 @@ export async function handleDeleteAliasRequest(req: Request, res: Response) { process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let fqa = req.body.fqa; const user = await findOneDocument(User, { user_id: user_id }); diff --git a/src/functions/user/alias/get_alias.ts b/src/functions/user/alias/get_alias.ts index ae2c297..12914de 100644 --- a/src/functions/user/alias/get_alias.ts +++ b/src/functions/user/alias/get_alias.ts @@ -1,11 +1,19 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, User, User_Aliases } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; export async function handleGetAliasRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; const user = await findOneDocument(User, { user_id: user_id }); diff --git a/src/functions/user/alias/get_domains.ts b/src/functions/user/alias/get_domains.ts index 19c6297..3aa9aac 100644 --- a/src/functions/user/alias/get_domains.ts +++ b/src/functions/user/alias/get_domains.ts @@ -1,11 +1,19 @@ import { Request, Response } from 'express'; import { dbConnect, findDocuments, findOneDocument, User, User_Domains } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; export async function handleGetDomainsAliasRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; const user = await findOneDocument(User, { user_id: user_id }); const user_domains = await findDocuments(User_Domains, { user_id: user_id, verification_status: "active" }); diff --git a/src/functions/user/alias/get_gotos.ts b/src/functions/user/alias/get_gotos.ts index 4b4bd61..f69237a 100644 --- a/src/functions/user/alias/get_gotos.ts +++ b/src/functions/user/alias/get_gotos.ts @@ -1,11 +1,19 @@ import { Request, Response } from 'express'; import { dbConnect, findDocuments, findOneDocument, User, User_Domains, User_Mailboxes } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; export async function handleGetGotosAliasRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; const user = await findOneDocument(User, { user_id: user_id }); const user_domains = await findDocuments(User_Domains, { user_id: user_id, verification_status: "active" }); diff --git a/src/functions/user/api_access.ts b/src/functions/user/api_access.ts index 90b7737..4966c69 100644 --- a/src/functions/user/api_access.ts +++ b/src/functions/user/api_access.ts @@ -1,17 +1,23 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User, api_keys, deleteOneDocument } from 'solun-database-package'; import { generateToken } from 'solun-general-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleApiAccessUserRequest(req: Request, res: Response) { try { const requestData = req.body; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = requestData.user_id; let api_access = requestData.api_access; - const user = await findOneDocument(User, { user_id: user_id }); + const user = await findOneDocument(User, { user_id: jwt_data.user_id }); if (!user) { return res.status(400).json({ message: "User does not exist or password is incorrect" }); @@ -19,7 +25,7 @@ export async function handleApiAccessUserRequest(req: Request, res: Response) { await updateOneDocument( User, - { user_id: user_id }, + { user_id: jwt_data.user_id }, { api_access: api_access } ); @@ -28,19 +34,19 @@ export async function handleApiAccessUserRequest(req: Request, res: Response) { if (api_access) { token = generateToken(); - const result = await findOneDocument(api_keys, { user_id: user_id }); + const result = await findOneDocument(api_keys, { user_id: jwt_data.user_id }); if (result !== null) { return res.status(400).json({ message: "Api access already exists" }); } const newToken = new api_keys({ - user_id: user_id, + user_id: jwt_data.user_id, token: token, }); await newToken.save(); } else { - await deleteOneDocument(api_keys, { user_id: user_id }); + await deleteOneDocument(api_keys, { user_id: jwt_data.user_id }); } return res.status(200).json({ message: "Api access updated successfully", token: token }); diff --git a/src/functions/user/beta_features.ts b/src/functions/user/beta_features.ts index dc33752..6d4f7e0 100644 --- a/src/functions/user/beta_features.ts +++ b/src/functions/user/beta_features.ts @@ -1,16 +1,22 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User } from 'solun-database-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleBetaFeaturesUserRequest(req: Request, res: Response) { try { const requestData = req.body; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = requestData.user_id; let beta_features = requestData.beta_features; - const user = await findOneDocument(User, { user_id: user_id }); + const user = await findOneDocument(User, { user_id: jwt_data.user_id }); if (!user) { return res.status(400).json({ message: "User does not exist or password is incorrect" }); @@ -18,7 +24,7 @@ export async function handleBetaFeaturesUserRequest(req: Request, res: Response) await updateOneDocument( User, - { user_id: user_id }, + { user_id: jwt_data.user_id }, { beta: beta_features } ); diff --git a/src/functions/user/change_pwd.ts b/src/functions/user/change_pwd.ts index b9282b8..ed9865e 100644 --- a/src/functions/user/change_pwd.ts +++ b/src/functions/user/change_pwd.ts @@ -1,6 +1,7 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User } from 'solun-database-package'; import { comparePassword, hashPassword, encryptAuthPM, decryptAuthPM } from 'solun-general-package'; +import { getJWTData } from '../../utils/jwt'; const { SolunApiClient } = require("../../mail/mail"); @@ -8,13 +9,19 @@ export async function handleChangePWDUserRequest(req: Request, res: Response) { try { const requestData = req.body; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( process.env.MAILSERVER_BASEURL, process.env.MAILSERVER_API_KEY ); - let user_id = requestData.user_id; + let user_id = jwt_data.user_id; let currentPassword = requestData.currentPassword; let newPassword = requestData.newPassword; diff --git a/src/functions/user/domain/add_domain.ts b/src/functions/user/domain/add_domain.ts index 8272ede..027a8fc 100644 --- a/src/functions/user/domain/add_domain.ts +++ b/src/functions/user/domain/add_domain.ts @@ -2,10 +2,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, findOneCASEDocument, User, User_Domains } from 'solun-database-package'; const { SolunApiClient } = require("../../../mail/mail"); import { checkPlanCaps } from '../../../plans/check'; +import { getJWTData } from '../../../utils/jwt'; export async function handleAddDomainRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -13,7 +20,7 @@ export async function handleAddDomainRequest(req: Request, res: Response) { process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let domain = req.body.domain; if (!user_id || !domain) { diff --git a/src/functions/user/domain/delete_domain.ts b/src/functions/user/domain/delete_domain.ts index 4ddcea2..65dd287 100644 --- a/src/functions/user/domain/delete_domain.ts +++ b/src/functions/user/domain/delete_domain.ts @@ -1,9 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, deleteOneDocument, User, User_Domains, User_Mailboxes, User_Aliases, findDocuments } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleDeleteDomainRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + const requestData = req.body; await dbConnect(); @@ -12,7 +20,7 @@ try { process.env.MAILSERVER_API_KEY ); - let user_id = requestData.user_id; + let user_id = jwt_data.user_id; let domain_id = requestData.domain_id; if (!user_id || !domain_id) { diff --git a/src/functions/user/domain/disable_catch_all.ts b/src/functions/user/domain/disable_catch_all.ts index c0d53a6..396e989 100644 --- a/src/functions/user/domain/disable_catch_all.ts +++ b/src/functions/user/domain/disable_catch_all.ts @@ -1,10 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, User, User_Domains } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleDisableCatchAllRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -12,7 +19,7 @@ export async function handleDisableCatchAllRequest(req: Request, res: Response) process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let domain_id = req.body.domain_id; if (!user_id || !domain_id) { diff --git a/src/functions/user/domain/enable_catch_all.ts b/src/functions/user/domain/enable_catch_all.ts index 6becc1e..7fee685 100644 --- a/src/functions/user/domain/enable_catch_all.ts +++ b/src/functions/user/domain/enable_catch_all.ts @@ -1,11 +1,18 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, findOneCASEDocument, findDocuments, User, User_Aliases, User_Domains, User_Mailboxes } from 'solun-database-package'; import { isValidEmail } from 'solun-general-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleEnableCatchAllRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -13,7 +20,7 @@ export async function handleEnableCatchAllRequest(req: Request, res: Response) { process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let domain_id = req.body.domain_id; let forwardingAddresses = req.body.forwarding_addresses; diff --git a/src/functions/user/domain/get_domain.ts b/src/functions/user/domain/get_domain.ts index f319405..2cb80dd 100644 --- a/src/functions/user/domain/get_domain.ts +++ b/src/functions/user/domain/get_domain.ts @@ -1,13 +1,21 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, findDocuments, User, User_Aliases, User_Domains, User_Mailboxes } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; export async function handleGetDomainDomainRequest(req: Request, res: Response) { let mailbox_cap = 0; let alias_cap = 0; try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; const user = await findOneDocument(User, { user_id: user_id }); diff --git a/src/functions/user/domain/get_domain_details.ts b/src/functions/user/domain/get_domain_details.ts index 7d5da3f..d8d36ae 100644 --- a/src/functions/user/domain/get_domain_details.ts +++ b/src/functions/user/domain/get_domain_details.ts @@ -1,12 +1,19 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, User_Domains } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; export async function handleGetDomainDetailsRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let domain_id = req.body.domain_id; if (!domain_id || !user_id) { diff --git a/src/functions/user/fast_login.ts b/src/functions/user/fast_login.ts index e7a3469..b689328 100644 --- a/src/functions/user/fast_login.ts +++ b/src/functions/user/fast_login.ts @@ -1,11 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User } from 'solun-database-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleFastLoginUserRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let fast_login = req.body.fast_login; const user = await findOneDocument(User, { user_id: user_id }); diff --git a/src/functions/user/mailbox/add_mailbox.ts b/src/functions/user/mailbox/add_mailbox.ts index 48ea8c3..2acc61b 100644 --- a/src/functions/user/mailbox/add_mailbox.ts +++ b/src/functions/user/mailbox/add_mailbox.ts @@ -4,10 +4,17 @@ import { dbConnect, findOneDocument, User, User_Mailboxes, User_Aliases, User_Do import { hashPassword, checkUsername, checkPassword, encryptAuthPM } from 'solun-general-package'; const { SolunApiClient } = require("../../../mail/mail"); import { checkPlanCaps } from '../../../plans/check'; +import { getJWTData } from '../../../utils/jwt'; export async function handleAddMailboxRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -15,7 +22,7 @@ export async function handleAddMailboxRequest(req: Request, res: Response) { process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let username = req.body.username; let domain = req.body.domain; let fqe = `${username}${domain}`; @@ -30,10 +37,6 @@ export async function handleAddMailboxRequest(req: Request, res: Response) { // TODO: Move to config file. const SolunOwnedDomains = [ "@solun.pm", - "@6crypt.com", - "@seal.pm", - "@xolus.de", - "@cipher.pm", ]; const isSolunDomain = SolunOwnedDomains.includes(domain) ? true : false; diff --git a/src/functions/user/mailbox/change_pwd.ts b/src/functions/user/mailbox/change_pwd.ts index 5a50932..dd1e929 100644 --- a/src/functions/user/mailbox/change_pwd.ts +++ b/src/functions/user/mailbox/change_pwd.ts @@ -1,11 +1,19 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User_Domains, User_Mailboxes } from 'solun-database-package'; import { comparePassword, hashPassword, encryptAuthPM, decryptAuthPM } from 'solun-general-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleChangePWDMailboxRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + const requestData = req.body; await dbConnect(); @@ -14,7 +22,7 @@ try { process.env.MAILSERVER_API_KEY ); - let user_id = requestData.user_id; + let user_id = jwt_data.user_id; let domain_id = requestData.domain_id; let mailbox_id = requestData.mailbox_id; let currentPassword = requestData.currentPassword; diff --git a/src/functions/user/mailbox/change_quota.ts b/src/functions/user/mailbox/change_quota.ts index 31cc325..1bb3343 100644 --- a/src/functions/user/mailbox/change_quota.ts +++ b/src/functions/user/mailbox/change_quota.ts @@ -1,10 +1,18 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User, User_Domains, User_Mailboxes } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleChangeQuotaMailboxRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + const requestData = req.body; await dbConnect(); @@ -13,7 +21,7 @@ try { process.env.MAILSERVER_API_KEY ); - let user_id = requestData.user_id; + let user_id = jwt_data.user_id; let domain_id = requestData.domain_id; let mailbox_id = requestData.mailbox_id; let quota = requestData.quota; diff --git a/src/functions/user/mailbox/delete_mailbox.ts b/src/functions/user/mailbox/delete_mailbox.ts index 0afbf49..75d5808 100644 --- a/src/functions/user/mailbox/delete_mailbox.ts +++ b/src/functions/user/mailbox/delete_mailbox.ts @@ -1,10 +1,18 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, deleteOneDocument, User, User_Domains, User_Mailboxes, User_Aliases, findDocuments } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleDeleteMailboxRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + const requestData = req.body; await dbConnect(); @@ -13,7 +21,7 @@ try { process.env.MAILSERVER_API_KEY ); - let user_id = requestData.user_id; + let user_id = jwt_data.user_id; let domain_id = requestData.domain_id; let mailbox_id = requestData.mailbox_id; diff --git a/src/functions/user/mailbox/get_mailbox.ts b/src/functions/user/mailbox/get_mailbox.ts index 0f037bf..08061cd 100644 --- a/src/functions/user/mailbox/get_mailbox.ts +++ b/src/functions/user/mailbox/get_mailbox.ts @@ -1,9 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, findDocuments, User, User_Mailboxes, User_Domains } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; const { SolunApiClient } = require("../../../mail/mail"); export async function handleGetMailboxRequest(req: Request, res: Response) { try { + + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); const mcc = new SolunApiClient( @@ -11,7 +19,7 @@ export async function handleGetMailboxRequest(req: Request, res: Response) { process.env.MAILSERVER_API_KEY ); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let domain_id = req.body.domain_id; const user = await findOneDocument(User, { user_id: user_id }); diff --git a/src/functions/user/mailbox/get_mailbox_details.ts b/src/functions/user/mailbox/get_mailbox_details.ts index 6f26edb..6c48b36 100644 --- a/src/functions/user/mailbox/get_mailbox_details.ts +++ b/src/functions/user/mailbox/get_mailbox_details.ts @@ -1,12 +1,19 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, User_Domains, User_Mailboxes } from 'solun-database-package'; +import { getJWTData } from '../../../utils/jwt'; export async function handleGetMailboxDetailsRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let domain_id = req.body.domain_id; let mailbox_id = req.body.mailbox_id; diff --git a/src/functions/user/recovery.ts b/src/functions/user/recovery.ts index 4c17b9a..c4fba83 100644 --- a/src/functions/user/recovery.ts +++ b/src/functions/user/recovery.ts @@ -1,11 +1,17 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, updateOneDocument, User } from 'solun-database-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleRecoveryUserRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let recovery = req.body.enableRecovery; let code = req.body.recoveryCode; diff --git a/src/functions/user/user_details.ts b/src/functions/user/user_details.ts index 484c993..ece563f 100644 --- a/src/functions/user/user_details.ts +++ b/src/functions/user/user_details.ts @@ -1,13 +1,18 @@ import { Request, Response } from 'express'; import { dbConnect, findOneDocument, User } from 'solun-database-package'; +import { getJWTData } from '../../utils/jwt'; export async function handleUserDetailsUserRequest(req: Request, res: Response) { try { await dbConnect(); - let user_id = req.body.user_id; + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; - const user = await findOneDocument(User, { user_id: user_id }); + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } + + const user = await findOneDocument(User, { user_id: jwt_data.user_id }); if (user == null) { return res.status(404).json({ message: "User not found" }); diff --git a/src/functions/user/validate_pwd.ts b/src/functions/user/validate_pwd.ts index 5f3b6c0..92aca83 100644 --- a/src/functions/user/validate_pwd.ts +++ b/src/functions/user/validate_pwd.ts @@ -1,12 +1,18 @@ import { dbConnect, findOneDocument, User } from 'solun-database-package'; import { comparePassword } from 'solun-general-package'; import { Request, Response } from 'express'; +import { getJWTData } from '../../utils/jwt'; export async function handleValidatePWDUserRequest(req: Request, res: Response) { try { + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } await dbConnect(); - let user_id = req.body.user_id; + let user_id = jwt_data.user_id; let password = req.body.password; if (password === "") { diff --git a/src/functions/webmail/user_details.ts b/src/functions/webmail/user_details.ts index e4d30b4..35dd405 100644 --- a/src/functions/webmail/user_details.ts +++ b/src/functions/webmail/user_details.ts @@ -1,15 +1,19 @@ import { dbConnect, findOneDocument, User } from "solun-database-package"; import { Request, Response } from 'express'; +import { getJWTData } from "../../utils/jwt"; export async function handleUserDetailsWebmailRequest(req: Request, res: Response) { try { - const requestData = await req.body; - await dbConnect(); + const jwt_data = getJWTData(req.body.token) as { user_id: string } | null; + + if (jwt_data == null) { + return res.status(401).json({ message: "Unauthorized" }); + } - let user_id = requestData.user_id; + await dbConnect(); - const user = await findOneDocument(User, { user_id: user_id }); + const user = await findOneDocument(User, { user_id: jwt_data.user_id }); if (user == null) { return res.status(404).json({ message: "User not found" }); diff --git a/src/utils/jwt.ts b/src/utils/jwt.ts new file mode 100644 index 0000000..af97733 --- /dev/null +++ b/src/utils/jwt.ts @@ -0,0 +1,11 @@ +import jwt from 'jsonwebtoken'; + +export function getJWTData(token: string) { + const jwt_secret = process.env.JWT_SECRET as string; + try { + const decoded = jwt.verify(token, jwt_secret); + return decoded; + } catch (err) { + return null; + } +} \ No newline at end of file