Fixed to allow users to edit their own entries

index.js

@@ -1,7 +1,6 @@
 const express = require('express')
 const bodyParser = require('body-parser');
 const list = require("./listManager.js");
-const { response } = require('express');
 const app = express()
 
 app.use(bodyParser.json(),function (req, res, next) {
@@ -13,8 +12,6 @@ app.use(bodyParser.json(),function (req, res, next) {
     next()
     })
 
-
-
 app.get('/status/:status', function (req, res) {
     list.getStatus(req.params.status).then(r => {
         res.send(JSON.stringify(r))
@@ -28,9 +25,15 @@ app.get('/account/:username', function (req, res) {
 })
 
 app.post('/submit', function (req, res) {
-    console.log(req.body)
     list.writeUser(req.body).then(r => {
         res.send(JSON.stringify(r))
     })
 })
+
+app.post('/approve', function (req, res) {
+    list.approveUser(req.body).then(r => {
+        res.send(JSON.stringify(r))
+    })
+})
+
 app.listen(3000)

listManager.js

@@ -1,14 +1,15 @@
 const fetch = require('node-fetch')
 const secp256k1 = require('secp256k1')
 const bs58 = require('base-x')("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz")
-const allowedUsers = require("./users.js")
 var mongo = require("./mongoHelp.js")
 
 
-async function verifyMsg (obj, username) {
+async function verifyMsg (obj) {
-    if (!allowedUsers.includes(obj.sender)) {
+    userLookup = await mongo.get("list","allowedUsers",{user:obj.sender})
+    senderProtectionCheck = await mongo.get("list","allowedUsers",{user:obj.user})
+    if (userLookup.length == 0 ) {
         return {"Message": "User Not Allowed"}
-    } else if (allowedUsers.includes(username)) {
+    } else if (senderProtectionCheck.length != 0) {
         return {"Message": "Can't modify trusted users"}
     } else {
         result = await fetch("https://avalon.d.tube/account/"+obj.sender)
@@ -19,7 +20,6 @@ async function verifyMsg (obj, username) {
         if (sender.keys)
         for (let i = 0; i < sender.keys.length; i++) 
                 allowedPubKeys.push(sender.keys[i].pub)
-        console.log(allowedPubKeys)        
         for (let i = 0; i < allowedPubKeys.length; i++) {
             var bufferHash = Buffer.from(obj.hash, 'hex')
             var b58sign = bs58.decode(obj.signature)
@@ -32,35 +32,79 @@ async function verifyMsg (obj, username) {
     }
 }
 
-// {
-//     "user": "bigbootybitch",
-//     "status": "black",
-//     "reason": "1",
-//     "sender": "nannal",
-//     "ts": 1602024774158,
-//     "hash": "e5eb92c035c2528af5311998d14bf0be3ced0e87505c8f6481ce7ca63148b974",
-//     "signature": "bjNjRSnuJokydPzGCKZy7kExDeAT8mUS3iCzRzQR3y5owaBh1Mhh2UyPLHqR3bzxsK6fw13JtvCz65exPr2JsGB"
-//   }
-  
-
 list = {
-    getStatus: async () => {
+    getStatus: async (status) => {
        return await mongo.get("list","list",{"status": status})
     },
     getUser: async (username) => {
-        return await mongo.get("list","list",{"user": username})
+        res = await mongo.get("list","list",{"user": username})
+        return res[0]
     },
     writeUser: async (obj) => {
         ver = await verifyMsg(obj)
         if (ver == true) {
-            console.log(obj)
+            limitedObj={
-            mongo.put("list","list",obj)
+                user: obj.user,
+                status: obj.status,
+                reason: obj.reason,
+                sender: obj.sender,
+                ts: obj.ts,
+                hash: obj.hash,
+                signature: obj.signature,
+            }
+            res = await mongo.get("list","list",{"user": limitedObj.user})
+            if (res.length > 0 ){
+                if (limitedObj.sender == res[0].sender){
+                    mongo.update("list","list",{"user": limitedObj.user}, limitedObj)
+                } else {
+                    console.log(res[0])
+                    return {"Message": "This user is controlled by "+res[0].sender+" contact them to modify this entry, in an emergency contant nannal"}
+                }
+                
+            } else {
+                mongo.put("list","list", limitedObj)
+            }
+            mongo.update("list","list",{"user": limitedObj.user}, limitedObj)
             return {"Message":"Success"}
         } else {
             return ver
         }
         
     },
+    approveUser: async (obj) => {
+        ver = await verifyMsg(obj)
+        if (ver == true) {
+            limitedObj={
+                user: obj.user,
+                sender: obj.sender,
+                ts: obj.ts,
+                hash: obj.hash,
+                signature: obj.signature,
+            }
+            res = await mongo.get("list","allowedUsers",{"user": limitedObj.user})
+            if (res.length > 0 ){
+                return {"message":"User already approved by "+res.sender}
+            } else {
+                mongo.put("list","allowedUsers", limitedObj)
+                return {"Message":"Success"}
+            }
+            
+            
+        } else {
+            return ver
+        }
+        
+    },
+    verifyUser: async (obj) => {
+        ver = await verifyMsg(obj)
+        if (ver == true) {
+            limitedObj ={
+
+            }
+        } else {
+            return ver
+        }
+    }
 }
 
 module.exports = list

users.js

@@ -1,3 +1,3 @@
-users = ["nannal", "hightouch"]
+users = ["nannal", "hightouch", "tibfox"]
 
 module.exports = users