116 lines
3.1 KiB
JavaScript
116 lines
3.1 KiB
JavaScript
/*================================
|
|
Registrierung Route
|
|
===============================*/
|
|
|
|
const express = require("express");
|
|
const router = express.Router();
|
|
const db = require("../database/database");
|
|
const bcrypt = require("bcrypt");
|
|
const rateLimit = require("express-rate-limit");
|
|
const crypto = require("crypto");
|
|
const mailer = require("../utils/mailer");
|
|
|
|
/*================================
|
|
Rate Limiter für Registrierung
|
|
===============================*/
|
|
|
|
const registerLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000, // 15 Minuten
|
|
max: 5, // max 5 Registrierungen pro IP
|
|
message: "Zu viele Registrierungen. Bitte später erneut versuchen.",
|
|
});
|
|
|
|
/*================================
|
|
Register Seite anzeigen
|
|
===============================*/
|
|
|
|
router.get("/", async (req, res) => {
|
|
try {
|
|
const [servers] = await db.query("SELECT * FROM servers");
|
|
|
|
res.render("register", {
|
|
servers,
|
|
});
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.send("Server konnten nicht geladen werden");
|
|
}
|
|
});
|
|
|
|
/*================================
|
|
Registrierung speichern
|
|
===============================*/
|
|
|
|
router.post("/", registerLimiter, async (req, res) => {
|
|
const { username, password, email, server_id } = req.body;
|
|
const verifyToken = crypto.randomBytes(32).toString("hex");
|
|
|
|
try {
|
|
/* Username Filter */
|
|
const usernameRegex = /^[a-zA-Z0-9_]{3,20}$/;
|
|
|
|
if (!usernameRegex.test(username)) {
|
|
const [servers] = await db.query("SELECT * FROM servers");
|
|
|
|
return res.render("register", {
|
|
servers,
|
|
error:
|
|
"Username darf nur Buchstaben, Zahlen und _ enthalten (3-20 Zeichen).",
|
|
});
|
|
}
|
|
|
|
/* Passwort Länge prüfen */
|
|
if (password.length < 6) {
|
|
const [servers] = await db.query("SELECT * FROM servers");
|
|
|
|
return res.render("register", {
|
|
servers,
|
|
error: "Passwort muss mindestens 6 Zeichen lang sein.",
|
|
});
|
|
}
|
|
|
|
/* Prüfen ob Username existiert */
|
|
const [existingUser] = await db.query(
|
|
"SELECT id FROM accounts WHERE username = ?",
|
|
[username],
|
|
);
|
|
|
|
if (existingUser.length > 0) {
|
|
const [servers] = await db.query("SELECT * FROM servers");
|
|
|
|
return res.render("register", {
|
|
servers,
|
|
error: "Dieser Loginname existiert bereits.",
|
|
});
|
|
}
|
|
|
|
/* Passwort verschlüsseln */
|
|
const hashedPassword = await bcrypt.hash(password, 10);
|
|
|
|
/* Account speichern */
|
|
await db.query(
|
|
"INSERT INTO accounts (username,password,email,server_id,verify_token) VALUES (?,?,?,?,?)",
|
|
[username, hashedPassword, email, server_id, verifyToken],
|
|
);
|
|
|
|
const verifyLink = `${process.env.APP_URL}/verify/${verifyToken}`;
|
|
await mailer.sendMail({
|
|
from: '"Dynasty of Knights" <register@dynastyofknights.com>',
|
|
to: email,
|
|
subject: "Account Aktivierung",
|
|
html: `
|
|
<h2>Dynasty of Knights</h2>
|
|
<p>Bitte bestätige deine Registrierung:</p>
|
|
<a href="${verifyLink}">${verifyLink}</a>
|
|
`,
|
|
});
|
|
|
|
res.redirect("/");
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.send("Registrierung fehlgeschlagen");
|
|
}
|
|
});
|
|
|
|
module.exports = router;
|