canopy/src/controllers/api/account/passwordResetController.js

/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024-2025 Rainbownapkin and the TTN Community

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.*/

//NPM Imports
const {validationResult, matchedData} = require('express-validator');

//local imports
const passwordResetModel = require('../../../schemas/user/passwordResetSchema');
const sessionUtils = require('../../../utils/sessionUtils');
const altchaUtils = require('../../../utils/altchaUtils');
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');

//gateway for resetting password
module.exports.post = async function(req, res){
    try{
        //Check for validation errors
        const validResult = validationResult(req);

        //If there are none
        if(validResult.isEmpty()){
            //Get sanatized/validated data
            const {token, pass, confirmPass} = matchedData(req);
            //Verify Altcha Payload
            const verified = await altchaUtils.verify(req.body.verification);

            //If altcha verification failed
            if(!verified){
                return errorHandler(res, 'Altcha verification failed, Please refresh the page!', 'unauthorized');
            }

            //Kill users session since it *might* be the logged in user.
            //Though realisitcally this shouldn't matter since most people wouldn't be logged in when resetting passwords
            sessionUtils.killSession(req.session);

            //Consume the password reset token using given input
            const requestDB = await passwordResetModel.findOne({token});

            //If we have an invalid request
            if(requestDB == null){
                return errorHandler(res, 'Invalid request token!', 'unauthorized');
            }
            await requestDB.consume(pass, confirmPass);

            return res.sendStatus(200);
        }else{
            res.status(400);
            return res.send({errors: validResult.array()});
        }
    }catch(err){
        return exceptionHandler(res, err);
    }
}