FuelRats · SuperManifolds · Feb 13, 2025 · Feb 12, 2025 · Feb 12, 2025
diff --git a/src/classes/APIError.mjs b/src/classes/APIError.mjs
@@ -1,6 +1,7 @@
 /* eslint-disable jsdoc/require-jsdoc */
-
 import UUID from 'pure-uuid'
+import * as constants from '../constants'
+
 import i18next from './Localisation'
 import StatusCode from './StatusCode'
 
@@ -17,7 +18,7 @@ export class APIError extends Error {
   constructor (source) {
     super()
 
-    this.id = new UUID(global.UUID_VERSION)
+    this.id = new UUID(constants.uuidVersion)
     this.source = source
   }
 

diff --git a/src/classes/Authentication.mjs b/src/classes/Authentication.mjs
@@ -1,5 +1,6 @@
 import bcrypt from 'bcrypt'
 import UUID from 'pure-uuid'
+import * as constants from '../constants'
 import {
   User, Token, Client, Reset, db,
 } from '../db'
@@ -68,8 +69,8 @@ class Authentication {
       throw new GoneAPIError({ pointer: '/data/attributes/email' })
     }
 
-    if (bcrypt.getRounds(user.password) > global.BCRYPT_ROUNDS_COUNT) {
-      const newRoundPassword = await bcrypt.hash(password, global.BCRYPT_ROUNDS_COUNT)
+    if (bcrypt.getRounds(user.password) > constants.bcryptRoundsCount) {
+      const newRoundPassword = await bcrypt.hash(password, constants.bcryptRoundsCount)
       User.update({
         password: newRoundPassword,
       }, {
@@ -169,8 +170,8 @@ class Authentication {
         throw new GoneAPIError({})
       }
 
-      if (bcrypt.getRounds(client.secret) > global.BCRYPT_ROUNDS_COUNT) {
-        const newRoundSecret = await bcrypt.hash(secret, global.BCRYPT_ROUNDS_COUNT)
+      if (bcrypt.getRounds(client.secret) > constants.bcryptRoundsCount) {
+        const newRoundSecret = await bcrypt.hash(secret, constants.bcryptRoundsCount)
         Client.update({
           secret: newRoundSecret,
         }, {
@@ -257,7 +258,7 @@ class Authentication {
     }
 
     let representedUser = undefined
-    if (new UUID(global.UUID_VERSION).parse(representing)) {
+    if (new UUID(constants.uuidVersion).parse(representing)) {
       representedUser = await User.findOne({
         where: {
           id: representing,

diff --git a/src/classes/WebSocket.mjs b/src/classes/WebSocket.mjs
@@ -2,6 +2,7 @@ import UUID from 'pure-uuid'
 import { URL } from 'url'
 import { WebSocketServer } from 'ws'
 import config from '../config'
+import * as constants from '../constants'
 import { User } from '../db'
 import logger from '../logging'
 import {
@@ -60,7 +61,7 @@ export default class WebSocket {
 
     WebSocket.wss.on('connection', async (client, req) => {
       client.req = req
-      client.clientId = new UUID(global.UUID_VERSION)
+      client.clientId = new UUID(constants.uuidVersion)
       client.subscriptions = []
 
 

diff --git a/src/constants.mjs b/src/constants.mjs
@@ -0,0 +1,3 @@
+export const websocketIdentifierRounds = 16
+export const bcryptRoundsCount = 12
+export const uuidVersion = 4
diff --git a/src/db/Client.mjs b/src/db/Client.mjs
@@ -1,5 +1,6 @@
 import bcrypt from 'bcrypt'
 
+import * as constants from '../constants'
 import Model, { column, table, type, validate } from './Model'
 import { OAuthClientName, isURL } from '../helpers/Validators'
 
@@ -47,7 +48,7 @@ export default class Client extends Model {
     if (!instance.changed('secret')) {
       return
     }
-    const hash = await bcrypt.hash(instance.get('secret'), global.BCRYPT_ROUNDS_COUNT)
+    const hash = await bcrypt.hash(instance.get('secret'), constants.bcryptRoundsCount)
     instance.set('secret', hash)
   }
 

diff --git a/src/db/User.mjs b/src/db/User.mjs
@@ -1,4 +1,5 @@
 import bcrypt from 'bcrypt'
+import * as constants from '../constants'
 import Model, { column, table, validate, type } from './Model'
 import { JSONObject } from '../helpers/Validators'
 
@@ -77,7 +78,7 @@ export default class User extends Model {
     if (!instance.changed('password')) {
       return
     }
-    const hash = await bcrypt.hash(instance.get('password'), global.BCRYPT_ROUNDS_COUNT)
+    const hash = await bcrypt.hash(instance.get('password'), constants.bcryptRoundsCount)
     instance.set('password', hash)
   }
 

diff --git a/src/index.mjs b/src/index.mjs
@@ -36,10 +36,6 @@ const app = new Koa()
 querystring(app)
 
 
-global.WEBSOCKET_IDENTIFIER_ROUNDS = 16
-global.BCRYPT_ROUNDS_COUNT = 12
-global.UUID_VERSION = 4
-
 try {
   npid.remove('api.pid')
   const pid = npid.create('api.pid')

diff --git a/src/routes/Rescues.mjs b/src/routes/Rescues.mjs
@@ -427,7 +427,7 @@ export default class Rescues extends APIResource {
       isFirstLimpet = entity.firstLimpet.userId === user.id
     }
 
-    if (isAssigned || isFirstLimpet) {
+    if (isAssigned || isFirstLimpet || entity.status !== 'closed') {
       return Permission.granted({ permissions: ['rescues.write.me'], connection: ctx })
     }