feat: Add a large collection of emoji and other frontend assets, including a sound file, and a backend package.json.

2026-01-06 17:58:56 -06:00
parent f531301863
commit abedd78893
3795 changed files with 10981 additions and 229 deletions
--- a/Backend/routes/auth.js
+++ b/Backend/routes/auth.js
@@ -11,14 +11,81 @@ function generateFakeSalt(username) {
 }

 router.post('/register', async (req, res) => {
-    const { username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys } = req.body;
+    const { username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys, inviteCode } = req.body;
+    
    try {
-        const result = await db.query(
-            `INSERT INTO users (username, client_salt, encrypted_master_key, hashed_auth_key, public_identity_key, public_signing_key, encrypted_private_keys)
-             VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING id`,
-            [username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys]
-        );
-        res.json({ success: true, userId: result.rows[0].id });
+        // Step 1: Enforce Invite (unless first user)
+        const userCountRes = await db.query('SELECT count(*) FROM users');
+        const userCount = parseInt(userCountRes.rows[0].count);
+
+        if (userCount > 0) {
+            if (!inviteCode) {
+                return res.status(403).json({ error: 'Invite code required' });
+            }
+
+            // Check Invite validity
+            const inviteRes = await db.query('SELECT * FROM invites WHERE code = $1', [inviteCode]);
+            if (inviteRes.rows.length === 0) {
+                return res.status(403).json({ error: 'Invalid invite code' });
+            }
+            
+            var invite = inviteRes.rows[0];
+
+            // Check Expiration
+            if (invite.expires_at && new Date() > new Date(invite.expires_at)) {
+                return res.status(410).json({ error: 'Invite expired' });
+            }
+
+            // Check Usage Limits
+            if (invite.max_uses !== null && invite.uses >= invite.max_uses) {
+                return res.status(410).json({ error: 'Invite max uses reached' });
+            }
+        }
+
+        // START TRANSACTION - To ensure invite usage and user creation are atomic
+        await db.query('BEGIN');
+
+        try {
+            // Update Invite Usage (only if enforced)
+            if (userCount > 0) {
+                await db.query('UPDATE invites SET uses = uses + 1 WHERE code = $1', [inviteCode]);
+            }
+
+            // Create User
+            // Create User
+            const result = await db.query(
+                `INSERT INTO users (username, client_salt, encrypted_master_key, hashed_auth_key, public_identity_key, public_signing_key, encrypted_private_keys)
+                 VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING id`,
+                [username, salt, encryptedMK, hak, publicKey, signingKey, encryptedPrivateKeys]
+            );
+            const newUserId = result.rows[0].id;
+
+            // Assign Roles
+            // 1. @everyone (Always)
+            await db.query(`
+                INSERT INTO user_roles (user_id, role_id)
+                SELECT $1, id FROM roles WHERE name = '@everyone'
+            `, [newUserId]);
+
+            // 2. Owner (If first user or if admin logic allows)
+            if (userCount === 0) {
+                 await db.query(`
+                    INSERT INTO user_roles (user_id, role_id)
+                    SELECT $1, id FROM roles WHERE name = 'Owner'
+                `, [newUserId]);
+                
+                // Also set is_admin = true for legacy support
+                await db.query('UPDATE users SET is_admin = TRUE WHERE id = $1', [newUserId]);
+            }
+
+            await db.query('COMMIT');
+            res.json({ success: true, userId: result.rows[0].id });
+
+        } catch (txErr) {
+            await db.query('ROLLBACK');
+            throw txErr;
+        }
+
    } catch (err) {
        console.error(err);
        if (err.code === '23505') { // Unique violation
@@ -50,7 +117,7 @@ router.post('/login/verify', async (req, res) => {

    try {
        const result = await db.query(
-            'SELECT id, hashed_auth_key, encrypted_master_key, encrypted_private_keys FROM users WHERE username = $1',
+            'SELECT id, hashed_auth_key, encrypted_master_key, encrypted_private_keys, public_identity_key FROM users WHERE username = $1',
            [username]
        );

@@ -66,7 +133,8 @@ router.post('/login/verify', async (req, res) => {
                success: true,
                userId: user.id,
                encryptedMK: user.encrypted_master_key,
-                encryptedPrivateKeys: user.encrypted_private_keys
+                encryptedPrivateKeys: user.encrypted_private_keys,
+                publicKey: user.public_identity_key // Return Public Key
            });
        } else {
            res.status(401).json({ error: 'Invalid credentials' });
@@ -77,4 +145,14 @@ router.post('/login/verify', async (req, res) => {
    }
 });

+router.get('/users/public-keys', async (req, res) => {
+    try {
+        const result = await db.query('SELECT id, public_identity_key FROM users');
+        res.json(result.rows);
+    } catch (err) {
+        console.error(err);
+        res.status(500).json({ error: 'Server error' });
+    }
+});
+
 module.exports = router;