1 files changed, 65 insertions, 0 deletions

diff --git a/src/routers/tmwa/middlewares/account.js b/src/routers/tmwa/middlewares/account.js
new file mode 100644
index 0000000..e29af24
--- /dev/null
+++ b/src/routers/tmwa/middlewares/account.js
@@ -0,0 +1,65 @@
+module.exports = exports = (req, res, next) => {
+    if (!req.body || !Reflect.has(req.body, "username") ||
+        !Reflect.has(req.body, "password") || !Reflect.has(req.body, "email") ||
+        !req.body.username.match(/^[a-zA-Z0-9]{4,23}$/) ||
+        !req.body.password.match(/^[a-zA-Z0-9]{4,23}$/) ||
+        !req.body.email.match(/^$|^(?:[a-zA-Z0-9.$&+=_~-]{1,34}@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,35}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,34}[a-zA-Z0-9])?){0,9})$/) ||
+        req.body.email.length >= 40)
+    {
+        res.status(400).json({
+            status: "error",
+            error: "malformed request"
+        });
+        console.info("a malformed request was received", req.ip, req.body);
+        req.app.locals.rate_limiting.add(req.ip);
+        setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000);
+        return;
+    }
+
+    req.app.locals.tmwa.db_pool.getConnection((err, db) => {
+        if (err) {
+            res.status(500).json({
+                status: "error",
+                error: "couldn't reach the database"
+            });
+            console.warn("a connection with the database couldn't be established");
+            return;
+        }
+
+        const query_params = {
+            "USERNAME": req.body.username,
+            "PASSWORD": req.body.password,
+            "EMAIL": req.body.email || "a@a.com",
+            "GENDER": "N",
+        };
+
+        db.query(`INSERT INTO ${req.app.locals.tmwa.db_tables.register} SET ?`, query_params, (err, rows, fields) => {
+            if (err) {
+                if (err.code === "ER_DUP_ENTRY") {
+                    res.status(409).json({
+                        status: "error",
+                        error: "already exists"
+                    });
+                    console.info("a request to create an already-existent account was received", req.ip, query_params.USERNAME);
+                    req.app.locals.rate_limiting.add(req.ip);
+                    setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 2000);
+                } else {
+                    res.status(500).json({
+                        status: "error",
+                        error: "couldn't add the user"
+                    });
+                    console.error("an unexpected sql error occured", err);
+                }
+            } else {
+                res.status(201).json({
+                    status: "success"
+                });
+                console.info(`an account was created: ${query_params.USERNAME}`);
+                req.app.locals.rate_limiting.add(req.ip);
+                setTimeout(() => req.app.locals.rate_limiting.delete(req.ip), 300000);
+            }
+
+            db.release(); // return this connection to the pool
+        });
+    });
+};