Osb0rn3 · January 9, 2024 15:06 · manitofigh · Jan 11, 2024 · Rednexie · Oct 11, 2024
diff --git a/secure-code-2.js b/secure-code-2.js
 const express = require('express');
 const { Sequelize, DataTypes } = require('sequelize');
 const crypto = require('crypto');
 const Joi = require('joi');
 const bcrypt = require('bcrypt');
 const sendResetEmail = require('./sendmail');

 const app = express().use(express.json());

 const sequelize = new Sequelize(process.env.DB_NAME, process.env.DB_USER, process.env.DB_PASS, { host: 'localhost', dialect: 'mysql' });
 const User = sequelize.define('User', {
    email: { type: DataTypes.STRING, allowNull: false, unique: true },
    password: { type: DataTypes.STRING, allowNull: false },
    resetToken: { type: DataTypes.STRING },
    resetTokenExpiration: { type: DataTypes.DATE, allowNull: true }
 });

 sequelize.sync({ force: true }).then(async () => {
    const adminUser = await User.findOne({ where: { email: '[email protected]' } });

    if (!adminUser) {
        const hashedPassword = await bcrypt.hash(process.env.ADMIN_PASSWORD, 10);
        await User.create({ email: '[email protected]', password: hashedPassword });
    }
 })

 app.post('/forgot-password', async (req, res) => {
    const { error } = Joi.object({ email: Joi.string().required().min(1) }).validate(req.body, { presence: 'required' });
    if (error) return res.status(400).json({ error: error.details[0].message });

    try {
        const user = await User.findOne({ where: { email: req.body.email } });
        if (!user) return res.status(400).json({ message: 'User not found' });

        const [resetToken, resetTokenExpiration] = [crypto.randomBytes(20).toString('hex'), Date.now() + 180000];
        [user.resetToken, user.resetTokenExpiration] = [resetToken, resetTokenExpiration];
        await user.save();

        sendResetEmail(req.body.email, resetToken); // Basic email sending function

        res.json({ message: 'Reset email sent successfully' });
    } catch (error) {
        console.error(error);
        res.status(500).json({ message: 'Internal Server Error' });
    }
 });

 const PORT = process.env.PORT || 3000;
 app.listen(PORT, () => console.log(`Server is running on port ${PORT}`));
	const express = require('express');
	const { Sequelize, DataTypes } = require('sequelize');
	const crypto = require('crypto');
	const Joi = require('joi');
	const bcrypt = require('bcrypt');
	const sendResetEmail = require('./sendmail');

	const app = express().use(express.json());

	const sequelize = new Sequelize(process.env.DB_NAME, process.env.DB_USER, process.env.DB_PASS, { host: 'localhost', dialect: 'mysql' });
	const User = sequelize.define('User', {
	email: { type: DataTypes.STRING, allowNull: false, unique: true },
	password: { type: DataTypes.STRING, allowNull: false },
	resetToken: { type: DataTypes.STRING },
	resetTokenExpiration: { type: DataTypes.DATE, allowNull: true }
	});

	sequelize.sync({ force: true }).then(async () => {
	const adminUser = await User.findOne({ where: { email: '[email protected]' } });

	if (!adminUser) {
	const hashedPassword = await bcrypt.hash(process.env.ADMIN_PASSWORD, 10);
	await User.create({ email: '[email protected]', password: hashedPassword });
	}
	})

	app.post('/forgot-password', async (req, res) => {
	const { error } = Joi.object({ email: Joi.string().required().min(1) }).validate(req.body, { presence: 'required' });
	if (error) return res.status(400).json({ error: error.details[0].message });

	try {
	const user = await User.findOne({ where: { email: req.body.email } });
	if (!user) return res.status(400).json({ message: 'User not found' });

	const [resetToken, resetTokenExpiration] = [crypto.randomBytes(20).toString('hex'), Date.now() + 180000];
	[user.resetToken, user.resetTokenExpiration] = [resetToken, resetTokenExpiration];
	await user.save();

	sendResetEmail(req.body.email, resetToken); // Basic email sending function

	res.json({ message: 'Reset email sent successfully' });
	} catch (error) {
	console.error(error);
	res.status(500).json({ message: 'Internal Server Error' });
	}
	});

	const PORT = process.env.PORT \|\| 3000;
	app.listen(PORT, () => console.log(`Server is running on port ${PORT}`));