update index & auth to use postgres

liberals/auth.js

@@ -1,31 +1,20 @@
-import { globalConfig } from "../index.js"
+import { globalConfig, db } from "../index.js"
 
 /**
- * Checks if a token exists in the sessions file (authentication) and if it has the correct permissions (authorization)
+ * (DEPRECATED) Checks if a token exists in the sessions file (authentication) and if it has the correct permissions (authorization)
  * @param {string} token Token as received by client
  * @param {string} scope Scope the token will need to have in order to succeed
- * @returns True for successful authentication and authorization, false if either fail
+ * @returns {boolean} True for successful authentication and authorization, false if either fail
  */
 async function checkToken(token,scope) {
-    return await fetch(`${process.env.API_DBHOST}/auth/sessions`, {
-        headers: { "Authorization": `Basic ${btoa(process.env.API_DBCRED)}`}
-    }).then(fetchRes => {
-
-        return fetchRes.json().then(dbRes => { 
-
-            if (dbRes.sessions[token] == undefined) { // If the token is not on the sessions list then reject
-                return false
-            } else if (dbRes.sessions[token].scopes.includes(scope)) { // If the token is on the seesions list and includes the scope then accept
-                return true
-            } else { // Otherwise reject
-                return false
-            }
-
-        })
-
-    }).catch(error => {
-        console.log(`ERROR: auth.js: Fetch failed: ${error}`)
-        return false
+    return await db`select s.token, s.scopes, s.expires, u.username from sessions s join users u on s.owner = u.id where s.token = ${token}`.then(response => {
+        if (response.length === 0) {
+            return false
+        } else if (response[0]?.scopes.split(",").includes(scope)) {
+            return true
+        } else {
+            return false
+        }
     })
 }