Security fixes (hopefully)

2024-09-25 09:45:04 +02:00 · 2024-09-25 09:45:04 +02:00 · 5d8a90e5a2
commit 5d8a90e5a2
parent e31c7de7ab
1 changed files with 30 additions and 5 deletions
--- a/py/db.py
+++ b/py/db.py
@ -5,6 +5,13 @@ import json
 class DB:
    def __init__(self):
        self.database = {}
+        self.emails = []
+
+    def ensure_username(self, data):
+        if hasattr(data, 'username'):
+            return data.get['username']
+        elif hasattr(data, 'email'):
+            return self.emails[data.get['username']]

    @staticmethod
    def hash_password(password):
@ -15,12 +22,30 @@ class DB:
    def add_user(self, data):
        username = data.get['username']
        password = data.get['password']
+        email = data.get['email']
        hashed_password = self.hash_password(password)
        user_data = {"hashed_password": hashed_password}
-        self.database[username] = user_data
+        if username not in self.database:
+            self.database[username] = user_data
+            self.emails[email] = username
+            return True
+        return False
+
+    def delete_user(self, data):
+        username = self.ensure_username(data)
+        data = data.get['data']
+        if not self.check_credentials(data):
+            return False
+
+        del self.database[username]
+        for i in self.emails:
+            if i == username:
+                del i
+        self.save_database()
+        return True

    def change_data(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
        data = data.get['data']
        if not self.check_credentials(data):
            return False
@ -30,7 +55,7 @@ class DB:
        return True

    def update_password(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
        new_password = data.get['new_password']
        if not self.check_credentials(data):
            return False
@ -41,7 +66,7 @@ class DB:
        return True

    def check_credentials(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
        password = data.get['password']
        if username not in self.database:
            return False
@ -51,7 +76,7 @@ class DB:
        return stored_hashed_password == entered_hashed_password

    def get_data(self, data):
-        username = data.get['username']
+        username = self.ensure_username(data)
        if not self.check_credentials(data):
            return None