streamflow/backend/routes/settings.js

const express = require('express');
const router = express.Router();
const { authenticate } = require('../middleware/auth');
const { modifyLimiter, readLimiter } = require('../middleware/rateLimiter');
const { db } = require('../database/db');
const { validateSettings } = require('../middleware/inputValidation');
const logger = require('../utils/logger');

const SecurityAuditLogger = require('../utils/securityAudit');

// Get user settings
router.get('/', authenticate, readLimiter, async (req, res) => {
  const ip = req.ip || req.headers['x-forwarded-for'] || req.connection.remoteAddress;
  const userAgent = req.headers['user-agent'];

  db.all(
    'SELECT key, value FROM settings WHERE user_id = ?',
    [req.user.userId],
    async (err, settings) => {
      if (err) {
        return res.status(500).json({ error: 'Failed to fetch settings' });
      }
      
      // CWE-778: Log sensitive data access
      await SecurityAuditLogger.logSensitiveDataAccess(req.user.userId, 'settings', {
        ip,
        userAgent,
        recordCount: settings.length,
        scope: 'own',
        accessMethod: 'view'
      });
      
      // Convert array to object
      const settingsObj = {};
      settings.forEach(s => {
        try {
          settingsObj[s.key] = JSON.parse(s.value);
        } catch {
          settingsObj[s.key] = s.value;
        }
      });
      
      res.json(settingsObj);
    }
  );
});

// Update setting
router.put('/:key', authenticate, modifyLimiter, validateSettings, (req, res) => {
  const { key } = req.params;
  const { value } = req.body;
  
  const jsonValue = typeof value === 'string' ? value : JSON.stringify(value);
  
  db.run(
    `INSERT INTO settings (user_id, key, value, updated_at)
     VALUES (?, ?, ?, CURRENT_TIMESTAMP)
     ON CONFLICT(user_id, key) 
     DO UPDATE SET value = ?, updated_at = CURRENT_TIMESTAMP`,
    [req.user.userId, key, jsonValue, jsonValue],
    function(err) {
      if (err) {
        return res.status(500).json({ error: 'Failed to update setting' });
      }
      res.json({ key, value });
    }
  );
});

// Get specific setting
router.get('/:key', authenticate, readLimiter, (req, res) => {
  const { key } = req.params;
  
  // Validate key format
  if (!key || !/^[a-zA-Z0-9_.-]+$/.test(key)) {
    return res.status(400).json({ error: 'Invalid setting key' });
  }
  
  // Handle stream_settings specially - return defaults if not found
  if (key === 'stream_settings') {
    db.get(
      'SELECT value FROM settings WHERE user_id = ? AND key = ?',
      [req.user.userId, key],
      (err, setting) => {
        if (err) {
          return res.status(500).json({ error: 'Failed to fetch setting' });
        }
        
        // Return defaults if not found
        if (!setting) {
          return res.json({
            value: {
              hwaccel: 'auto',
              hwaccel_device: '/dev/dri/renderD128',
              codec: 'h264',
              preset: 'veryfast',
              buffer_size: '2M',
              max_bitrate: '8M'
            }
          });
        }
        
        try {
          res.json({ value: JSON.parse(setting.value) });
        } catch {
          res.json({ value: setting.value });
        }
      }
    );
    return;
  }
  
  db.get(
    'SELECT value FROM settings WHERE user_id = ? AND key = ?',
    [req.user.userId, key],
    (err, setting) => {
      if (err) {
        return res.status(500).json({ error: 'Failed to fetch setting' });
      }
      
      if (!setting) {
        return res.status(404).json({ error: 'Setting not found' });
      }
      
      try {
        res.json({ value: JSON.parse(setting.value) });
      } catch {
        res.json({ value: setting.value });
      }
    }
  );
});

module.exports = router;
Initial commit: StreamFlow IPTV platform 2025-12-17 00:42:43 +00:00			`const express = require('express');`
			`const router = express.Router();`
			`const { authenticate } = require('../middleware/auth');`
			`const { modifyLimiter, readLimiter } = require('../middleware/rateLimiter');`
			`const { db } = require('../database/db');`
			`const { validateSettings } = require('../middleware/inputValidation');`
			`const logger = require('../utils/logger');`

			`const SecurityAuditLogger = require('../utils/securityAudit');`

			`// Get user settings`
			`router.get('/', authenticate, readLimiter, async (req, res) => {`
			`const ip = req.ip \|\| req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress;`
			`const userAgent = req.headers['user-agent'];`

			`db.all(`
			`'SELECT key, value FROM settings WHERE user_id = ?',`
			`[req.user.userId],`
			`async (err, settings) => {`
			`if (err) {`
			`return res.status(500).json({ error: 'Failed to fetch settings' });`
			`}`

			`// CWE-778: Log sensitive data access`
			`await SecurityAuditLogger.logSensitiveDataAccess(req.user.userId, 'settings', {`
			`ip,`
			`userAgent,`
			`recordCount: settings.length,`
			`scope: 'own',`
			`accessMethod: 'view'`
			`});`

			`// Convert array to object`
			`const settingsObj = {};`
			`settings.forEach(s => {`
			`try {`
			`settingsObj[s.key] = JSON.parse(s.value);`
			`} catch {`
			`settingsObj[s.key] = s.value;`
			`}`
			`});`

			`res.json(settingsObj);`
			`}`
			`);`
			`});`

			`// Update setting`
			`router.put('/:key', authenticate, modifyLimiter, validateSettings, (req, res) => {`
			`const { key } = req.params;`
			`const { value } = req.body;`

			`const jsonValue = typeof value === 'string' ? value : JSON.stringify(value);`

			`db.run(`
			`INSERT INTO settings (user_id, key, value, updated_at)
			`VALUES (?, ?, ?, CURRENT_TIMESTAMP)`
			`ON CONFLICT(user_id, key)`
			DO UPDATE SET value = ?, updated_at = CURRENT_TIMESTAMP`,
			`[req.user.userId, key, jsonValue, jsonValue],`
			`function(err) {`
			`if (err) {`
			`return res.status(500).json({ error: 'Failed to update setting' });`
			`}`
			`res.json({ key, value });`
			`}`
			`);`
			`});`

			`// Get specific setting`
			`router.get('/:key', authenticate, readLimiter, (req, res) => {`
			`const { key } = req.params;`

			`// Validate key format`
			`if (!key \|\| !/^[a-zA-Z0-9_.-]+$/.test(key)) {`
			`return res.status(400).json({ error: 'Invalid setting key' });`
			`}`

			`// Handle stream_settings specially - return defaults if not found`
			`if (key === 'stream_settings') {`
			`db.get(`
			`'SELECT value FROM settings WHERE user_id = ? AND key = ?',`
			`[req.user.userId, key],`
			`(err, setting) => {`
			`if (err) {`
			`return res.status(500).json({ error: 'Failed to fetch setting' });`
			`}`

			`// Return defaults if not found`
			`if (!setting) {`
			`return res.json({`
			`value: {`
			`hwaccel: 'auto',`
			`hwaccel_device: '/dev/dri/renderD128',`
			`codec: 'h264',`
			`preset: 'veryfast',`
			`buffer_size: '2M',`
			`max_bitrate: '8M'`
			`}`
			`});`
			`}`

			`try {`
			`res.json({ value: JSON.parse(setting.value) });`
			`} catch {`
			`res.json({ value: setting.value });`
			`}`
			`}`
			`);`
			`return;`
			`}`

			`db.get(`
			`'SELECT value FROM settings WHERE user_id = ? AND key = ?',`
			`[req.user.userId, key],`
			`(err, setting) => {`
			`if (err) {`
			`return res.status(500).json({ error: 'Failed to fetch setting' });`
			`}`

			`if (!setting) {`
			`return res.status(404).json({ error: 'Setting not found' });`
			`}`

			`try {`
			`res.json({ value: JSON.parse(setting.value) });`
			`} catch {`
			`res.json({ value: setting.value });`
			`}`
			`}`
			`);`
			`});`

			`module.exports = router;`