doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixes lol
All checks were successful
Build and Push / build-all (push) Successful in 9m48s
Details

Browse source
This commit is contained in:
doomtube 2026-01-09 03:02:27 -05:00
parent 07b8e12197
commit a0e6d40679
11 changed files with 436 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

18
backend/src/controllers/UserController.cpp
View file

@ -445,7 +445,7 @@ void UserController::getCurrentUser(const HttpRequestPtr &req,
}
auto dbClient = app().getDbClient();
*dbClient << "SELECT id, username, is_admin, is_streamer, is_restreamer, is_bot, is_texter, is_sticker_creator, is_uploader, is_watch_creator, is_pgp_only, bio, avatar_url, banner_url, banner_position, banner_zoom, banner_position_x, graffiti_url, pgp_only_enabled_at, user_color, ubercoin_balance, created_at "
*dbClient << "SELECT id, username, is_admin, is_streamer, is_restreamer, is_bot, is_texter, is_sticker_creator, is_uploader, is_watch_creator, is_pgp_only, bio, avatar_url, banner_url, banner_position, banner_zoom, banner_position_x, graffiti_url, pgp_only_enabled_at, user_color, ubercoin_balance, created_at, screensaver_enabled, screensaver_timeout_minutes, screensaver_type "
"FROM users WHERE id = $1"
<< user.id
>> [callback](const Result& r) {
@ -478,6 +478,9 @@ void UserController::getCurrentUser(const HttpRequestPtr &req,
resp["user"]["colorCode"] = r[0]["user_color"].isNull() ? "#561D5E" : r[0]["user_color"].as<std::string>();
resp["user"]["ubercoinBalance"] = r[0]["ubercoin_balance"].isNull() ? 0.0 : r[0]["ubercoin_balance"].as<double>();
resp["user"]["createdAt"] = r[0]["created_at"].isNull() ? "" : r[0]["created_at"].as<std::string>();
resp["user"]["screensaverEnabled"] = r[0]["screensaver_enabled"].isNull() ? false : r[0]["screensaver_enabled"].as<bool>();
resp["user"]["screensaverTimeoutMinutes"] = r[0]["screensaver_timeout_minutes"].isNull() ? 5 : r[0]["screensaver_timeout_minutes"].as<int>();
resp["user"]["screensaverType"] = r[0]["screensaver_type"].isNull() ? "snowfall" : r[0]["screensaver_type"].as<std::string>();
callback(jsonResp(resp));
}
>> DB_ERROR(callback, "get user data");
@ -2703,19 +2706,26 @@ void UserController::updateScreensaver(const HttpRequestPtr &req,
bool enabled = (*json).isMember("enabled") ? (*json)["enabled"].asBool() : false;
int timeoutMinutes = (*json).isMember("timeout_minutes") ? (*json)["timeout_minutes"].asInt() : 5;
std::string type = (*json).isMember("type") ? (*json)["type"].asString() : "snowfall";
// Validate timeout range (1-30 minutes)
if (timeoutMinutes < 1) timeoutMinutes = 1;
if (timeoutMinutes > 30) timeoutMinutes = 30;
// Validate screensaver type
if (type != "snowfall" && type != "fractal_crystalline" && type != "random") {
type = "snowfall";
}
auto dbClient = app().getDbClient();
*dbClient << "UPDATE users SET screensaver_enabled = $1, screensaver_timeout_minutes = $2 WHERE id = $3"
<< enabled << timeoutMinutes << user.id
>> [callback, enabled, timeoutMinutes](const Result&) {
*dbClient << "UPDATE users SET screensaver_enabled = $1, screensaver_timeout_minutes = $2, screensaver_type = $3 WHERE id = $4"
<< enabled << timeoutMinutes << type << user.id
>> [callback, enabled, timeoutMinutes, type](const Result&) {
Json::Value resp;
resp["success"] = true;
resp["screensaver"]["enabled"] = enabled;
resp["screensaver"]["timeout_minutes"] = timeoutMinutes;
resp["screensaver"]["type"] = type;
callback(jsonResp(resp));
}
>> DB_ERROR_MSG(callback, "update screensaver settings", "Failed to update screensaver settings");

12
backend/src/services/AuthService.cpp
View file

@ -443,7 +443,7 @@ void AuthService::loginUser(const std::string& username, const std::string& pass
return;
}
*dbClient << "SELECT id, username, password_hash, is_admin, is_moderator, is_streamer, is_restreamer, is_bot, is_texter, is_pgp_only, is_disabled, bio, avatar_url, banner_url, banner_position, banner_zoom, banner_position_x, graffiti_url, pgp_only_enabled_at, user_color, screensaver_enabled, screensaver_timeout_minutes "
*dbClient << "SELECT id, username, password_hash, is_admin, is_moderator, is_streamer, is_restreamer, is_bot, is_texter, is_pgp_only, is_disabled, bio, avatar_url, banner_url, banner_position, banner_zoom, banner_position_x, graffiti_url, pgp_only_enabled_at, user_color, screensaver_enabled, screensaver_timeout_minutes, screensaver_type "
"FROM users WHERE username = $1 LIMIT 1"
<< username
>> [password, callback, this](const Result& r) {
@ -506,6 +506,7 @@ void AuthService::loginUser(const std::string& username, const std::string& pass
user.colorCode = r[0]["user_color"].isNull() ? "#561D5E" : r[0]["user_color"].as<std::string>();
user.screensaverEnabled = r[0]["screensaver_enabled"].isNull() ? false : r[0]["screensaver_enabled"].as<bool>();
user.screensaverTimeoutMinutes = r[0]["screensaver_timeout_minutes"].isNull() ? 5 : r[0]["screensaver_timeout_minutes"].as<int>();
user.screensaverType = r[0]["screensaver_type"].isNull() ? "snowfall" : r[0]["screensaver_type"].as<std::string>();
std::string token = generateToken(user);
callback(true, token, user);
@ -601,7 +602,7 @@ void AuthService::verifyPgpLogin(const std::string& username, const std::string&
}
*dbClient << "SELECT pk.public_key, u.id, u.username, u.is_admin, u.is_moderator, u.is_streamer, u.is_restreamer, u.is_bot, u.is_texter, "
"u.is_pgp_only, u.is_disabled, u.bio, u.avatar_url, u.banner_url, u.banner_position, u.banner_zoom, u.banner_position_x, u.graffiti_url, u.pgp_only_enabled_at, u.user_color, u.screensaver_enabled, u.screensaver_timeout_minutes "
"u.is_pgp_only, u.is_disabled, u.bio, u.avatar_url, u.banner_url, u.banner_position, u.banner_zoom, u.banner_position_x, u.graffiti_url, u.pgp_only_enabled_at, u.user_color, u.screensaver_enabled, u.screensaver_timeout_minutes, u.screensaver_type "
"FROM pgp_keys pk JOIN users u ON pk.user_id = u.id "
"WHERE u.username = $1 ORDER BY pk.created_at DESC LIMIT 1"
<< username
@ -654,6 +655,7 @@ void AuthService::verifyPgpLogin(const std::string& username, const std::string&
user.colorCode = r[0]["user_color"].isNull() ? "#561D5E" : r[0]["user_color"].as<std::string>();
user.screensaverEnabled = r[0]["screensaver_enabled"].isNull() ? false : r[0]["screensaver_enabled"].as<bool>();
user.screensaverTimeoutMinutes = r[0]["screensaver_timeout_minutes"].isNull() ? 5 : r[0]["screensaver_timeout_minutes"].as<int>();
user.screensaverType = r[0]["screensaver_type"].isNull() ? "snowfall" : r[0]["screensaver_type"].as<std::string>();
std::string token = generateToken(user);
callback(true, token, user);
@ -921,7 +923,7 @@ void AuthService::fetchUserInfo(int64_t userId, std::function<void(bool, const U
return;
}
*dbClient << "SELECT id, username, is_admin, is_moderator, is_streamer, is_restreamer, is_bot, is_texter, is_pgp_only, bio, avatar_url, banner_url, banner_position, banner_zoom, banner_position_x, graffiti_url, pgp_only_enabled_at, user_color, screensaver_enabled, screensaver_timeout_minutes "
*dbClient << "SELECT id, username, is_admin, is_moderator, is_streamer, is_restreamer, is_bot, is_texter, is_pgp_only, bio, avatar_url, banner_url, banner_position, banner_zoom, banner_position_x, graffiti_url, pgp_only_enabled_at, user_color, screensaver_enabled, screensaver_timeout_minutes, screensaver_type "
"FROM users WHERE id = $1 LIMIT 1"
<< userId
>> [callback](const Result& r) {
@ -952,6 +954,7 @@ void AuthService::fetchUserInfo(int64_t userId, std::function<void(bool, const U
user.colorCode = r[0]["user_color"].isNull() ? "#561D5E" : r[0]["user_color"].as<std::string>();
user.screensaverEnabled = r[0]["screensaver_enabled"].isNull() ? false : r[0]["screensaver_enabled"].as<bool>();
user.screensaverTimeoutMinutes = r[0]["screensaver_timeout_minutes"].isNull() ? 5 : r[0]["screensaver_timeout_minutes"].as<int>();
user.screensaverType = r[0]["screensaver_type"].isNull() ? "snowfall" : r[0]["screensaver_type"].as<std::string>();
callback(true, user);
} catch (const std::exception& e) {
@ -1075,7 +1078,7 @@ void AuthService::validateAndRotateRefreshToken(const std::string& refreshToken,
*dbClient << "SELECT rtf.id, rtf.user_id, rtf.family_id, rtf.expires_at, rtf.revoked, "
"u.username, u.is_admin, u.is_moderator, u.is_streamer, u.is_restreamer, "
"u.is_bot, u.is_texter, u.is_pgp_only, u.is_disabled, u.user_color, u.avatar_url, "
"u.token_version, u.screensaver_enabled, u.screensaver_timeout_minutes "
"u.token_version, u.screensaver_enabled, u.screensaver_timeout_minutes, u.screensaver_type "
"FROM refresh_token_families rtf "
"JOIN users u ON rtf.user_id = u.id "
"WHERE rtf.current_token_hash = $1"
@ -1138,6 +1141,7 @@ void AuthService::validateAndRotateRefreshToken(const std::string& refreshToken,
user.tokenVersion = row["token_version"].isNull() ? 1 : row["token_version"].as<int>();
user.screensaverEnabled = row["screensaver_enabled"].isNull() ? false : row["screensaver_enabled"].as<bool>();
user.screensaverTimeoutMinutes = row["screensaver_timeout_minutes"].isNull() ? 5 : row["screensaver_timeout_minutes"].as<int>();
user.screensaverType = row["screensaver_type"].isNull() ? "snowfall" : row["screensaver_type"].as<std::string>();
// Generate new tokens (rotation)
std::string newRefreshToken = generateRefreshToken();

1
backend/src/services/AuthService.h
View file

@ -31,6 +31,7 @@ struct UserInfo {
int tokenVersion = 1; // SECURITY FIX #10: Token version for revocation
bool screensaverEnabled = false; // Screensaver feature enabled
int screensaverTimeoutMinutes = 5; // Idle timeout before screensaver activates (1-30)
std::string screensaverType = "snowfall"; // Screensaver type: snowfall, fractal_crystalline, random
};
// Result structure for refresh token operations