Exists()) { // Account already exists $account->Load(); if (password_verify($password, $account->password)) throw new UnauthenticatedException($account->id, 401); $session = new Session(account_id: $account->id); } else { // Create a new account $session = new Session(account_id: $account->Save()); } return api_json([ "token" => $session->Save(), "auth_date" => $session->date_authenticated ]); } public static function getAccount($id): string { $account = new Account(id: $id); $account->Load(); return api_json([ "id" => $id, "username" => $account->username, "verified" => $account->verified, "bio" => $account->bio, "pictureHash" => $account->picture_hash ]); } public static function search(): string { $query = input("query"); $account = new Account(username: $query); $accounts = $account->LoadMany(); return api_json($accounts); } public static function getVideos($id): string { $account = new Account(id: $id); $data = Hajeebtok::$Database->Query("SELECT * FROM videos WHERE author_id = :author_id", ["author_id" => $account->id]); if (empty($data)) throw new VideoNotFoundException(0, 404); return api_json($data); } public static function getPicture($id): string { $signedIn = signed_in(request()); if($signedIn) { $account = new Account(id: $id); $account->Load(); $picturePath = APP_ROOT . "/usercontent/pictures/$account->picture_hash.png"; } else { // this is hardcoded because i dont care $picturePath = APP_ROOT . "/usercontent/pictures/premium_" . rand(1, 57) . ".png"; } $mimeTypes = new MimeTypes(); $pictureContents = file_get_contents($picturePath); $pictureSize = filesize($picturePath); $mime = $mimeTypes->getMimeType(pathinfo($picturePath, PATHINFO_EXTENSION)); $response = response(); $response->header("Content-Type: $mime"); $response->header("Content-Length: $pictureSize"); $response->header("Cache-Control: max-age=3600, public"); return $pictureContents; } public static function getAvailablePremiumProfilePictures(): string { $pictures = []; for ($i = 1; $i <= 57; $i++) { $pictures[] = $i; } return api_json($pictures); } public static function getPremiumProfilePicture($id): string { $picturePath = APP_ROOT . "/usercontent/pictures/premium_$id.png"; $mimeTypes = new MimeTypes(); $pictureContents = file_get_contents($picturePath); $pictureSize = filesize($picturePath); $mime = $mimeTypes->getMimeType(pathinfo($picturePath, PATHINFO_EXTENSION)); $response = response(); $response->header("Content-Type: $mime"); $response->header("Content-Length: $pictureSize"); $response->header("Cache-Control: max-age=3600, public"); return $pictureContents; } public static function updateAccount(): string { if(!signed_in(request())) throw new UnauthenticatedException(0, 401); $id = get_token_id(request()); $picture_hash = input("picture_hash"); $picture = request()->getInputHandler()->file("picture"); $bio = input("bio"); if(empty($picture) && !empty($picture_hash)) { $validPictureHashList = [ "default", "premium_1", "premium_2", "premium_3", "premium_4", "premium_5", "premium_6", "premium_7", "premium_8", "premium_9", "premium_10", "premium_11", "premium_12", "premium_13", "premium_14", "premium_15", "premium_16", "premium_17", "premium_18", "premium_19", "premium_20", "premium_21", "premium_22", "premium_23", "premium_24", "premium_25", "premium_26", "premium_27", "premium_28", "premium_29", "premium_30", "premium_31", "premium_32", "premium_33", "premium_34", "premium_35", "premium_36", "premium_37", "premium_38", "premium_39", "premium_40", "premium_41", "premium_42", "premium_43", "premium_44", "premium_45", "premium_46", "premium_47", "premium_48", "premium_49", "premium_50", "premium_51", "premium_52", "premium_53", "premium_54", "premium_55", "premium_56", "premium_57" ]; if(!in_array($picture_hash, $validPictureHashList)) throw new SecurityFaultException("Attempt to path trace on /update endpoint.",400); } else if (!empty($picture) && empty($picture_hash)) { $picture_hash = hash("sha256", $picture); $picturePath = APP_ROOT . "/usercontent/pictures/$picture_hash.png"; imagepng(imagecreatefromstring(file_get_contents($picture), $picturePath)); // save image } $old_account = new Account(id: $id); $old_account->Load(); $new_account = new Account( id: $id, username: $old_account->username, password: $old_account->password, picture_hash: $picture_hash ?? $old_account->picture_hash, verified: $old_account->verified, bio: $bio ?? $old_account->bio, ); $new_account->Update(); return api_json([ "id" => $new_account->id, "username" => $new_account->username, "pictureHash" => $new_account->picture_hash, "bio" => $new_account->bio, "verified" => $new_account->verified, ]); } // todo turn this into middleware public static function corsBullshit() { $response = response(); $response->header("Access-Control-Allow-Origin: *"); $response->header("Access-Control-Allow-Headers: Authorization, Content-Type"); } public static function RegisterRoutes(): void { SimpleRouter::group([ "prefix" => "/account/", ], function () { SimpleRouter::get("/{id}/get", [AccountController::class, "getAccount"]); SimpleRouter::get("/{id}/videos", [AccountController::class, "getVideos"]); SimpleRouter::get("/{id}/picture", [AccountController::class, "getPicture"]); SimpleRouter::post("/token", [AccountController::class, "getToken"]); SimpleRouter::post("/search", [AccountController::class, "search"]); SimpleRouter::post("/update", [AccountController::class, "updateAccount"]); SimpleRouter::options("/update", [AccountController::class, "corsBullshit"]); SimpleRouter::get("/availablePremiumProfilePictures", [AccountController::class, "getAvailablePremiumProfilePictures"]); SimpleRouter::get("/getPremiumProfilePicture/{id}", [AccountController::class, "getPremiumProfilePicture"]); }); } }