From 5d8a90e5a28e64ad88f0f742df4700aa967be71e Mon Sep 17 00:00:00 2001
From: Patrick_Pluto <patrick_pluto@noreply.codeberg.org>
Date: Wed, 25 Sep 2024 09:45:04 +0200
Subject: [PATCH] Security fixes (hopefully)

---
 py/db.py | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/py/db.py b/py/db.py
index 76470c9..a4405d1 100644
--- a/py/db.py
+++ b/py/db.py
@@ -5,6 +5,13 @@ import json
 class DB:
     def __init__(self):
         self.database = {}
+        self.emails = []
+
+    def ensure_username(self, data):
+        if hasattr(data, 'username'):
+            return data.get['username']
+        elif hasattr(data, 'email'):
+            return self.emails[data.get['username']]
 
     @staticmethod
     def hash_password(password):
@@ -15,12 +22,30 @@ class DB:
     def add_user(self, data):
         username = data.get['username']
         password = data.get['password']
+        email = data.get['email']
         hashed_password = self.hash_password(password)
         user_data = {"hashed_password": hashed_password}
-        self.database[username] = user_data
+        if username not in self.database:
+            self.database[username] = user_data
+            self.emails[email] = username
+            return True
+        return False
+
+    def delete_user(self, data):
+        username = self.ensure_username(data)
+        data = data.get['data']
+        if not self.check_credentials(data):
+            return False
+
+        del self.database[username]
+        for i in self.emails:
+            if i == username:
+                del i
+        self.save_database()
+        return True
 
     def change_data(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
         data = data.get['data']
         if not self.check_credentials(data):
             return False
@@ -30,7 +55,7 @@ class DB:
         return True
 
     def update_password(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
         new_password = data.get['new_password']
         if not self.check_credentials(data):
             return False
@@ -41,7 +66,7 @@ class DB:
         return True
 
     def check_credentials(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
         password = data.get['password']
         if username not in self.database:
             return False
@@ -51,7 +76,7 @@ class DB:
         return stored_hashed_password == entered_hashed_password
 
     def get_data(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
         if not self.check_credentials(data):
             return None