From 651f8704157e3e912d1fc93878ce00c8f37777dc Mon Sep 17 00:00:00 2001 From: Ninjdai Date: Thu, 7 Dec 2023 10:58:13 +0100 Subject: [PATCH] Update permissions; Add user creation form --- src/html/pages/api/call.js | 2 +- src/html/pages/api/users.js | 36 +++++++++++++++--- src/html/pages/dashboard/index.js | 2 +- src/html/pages/dashboard/users_create.js | 19 +++++++--- src/html/pages/root/call.js | 2 +- web.js | 48 +++++++++++++++--------- www/dashboard/users/create.html | 16 +++++--- 7 files changed, 87 insertions(+), 38 deletions(-) diff --git a/src/html/pages/api/call.js b/src/html/pages/api/call.js index 262369c..f5ab902 100644 --- a/src/html/pages/api/call.js +++ b/src/html/pages/api/call.js @@ -3,7 +3,7 @@ import { permissionBits } from '../../../../utils/permissions.js'; export default { path: "/api/contacts/call", requiresLogin: true, - permissions: [permissionBits.CALL], + permissions: permissionBits.CALL, type: "post", async execute(request, response) { global.events.submitEvent.emit("call", request.body); diff --git a/src/html/pages/api/users.js b/src/html/pages/api/users.js index 7cc3d80..45584cf 100644 --- a/src/html/pages/api/users.js +++ b/src/html/pages/api/users.js @@ -1,15 +1,39 @@ +import { permissionBits } from "../../../../utils/permissions.js"; + export default { - path: "/api/users/*", + path: "/api/users(/*)?", requiresLogin: true, + permissions: permissionBits.ADMIN, type: "post", async execute(request, response) { - const path = request.originalUrl.split("/")[3]; + const username = request.originalUrl.split("/")[3]; + const operation = request.originalUrl.split("/")[4]; const args = request.body; - switch(path) { - case 'create': + switch (operation) { + case "create": + if ( + await global.database.users.findOne({ + where: { username: username }, + }) + ) return response.redirect("/dashboard/users/create?error=User already exists"); + console.log(`Creating user ${username}`); + + let permissions = Number(args.permissions); + if (isNaN(permissions)) { + permissions = 0; + for (const permissionBit of args.permissions) { + permissions += Number(permissionBit); + } + } + if(!(permissions & permissionBits.DEFAULT)) permissions ^= permissionBits.DEFAULT; + await global.database.users.create({ + username: username, + password: args.password, + permissions: permissions, + }); break; - case 'delete': + case "delete": break; } }, -} +}; diff --git a/src/html/pages/dashboard/index.js b/src/html/pages/dashboard/index.js index bf6e78a..30b7255 100644 --- a/src/html/pages/dashboard/index.js +++ b/src/html/pages/dashboard/index.js @@ -5,7 +5,7 @@ import { permissionBits } from '../../../../utils/permissions.js'; export default { path: "/dashboard", requiresLogin: true, - permissions: permissionBits.ADMIN, + permissions: permissionBits.DEFAULT, type: "get", async execute(request, response) { const res = await readFile(`${process.env.WWW}/dashboard/index.html`, "utf8") diff --git a/src/html/pages/dashboard/users_create.js b/src/html/pages/dashboard/users_create.js index 11046c6..1bef92c 100644 --- a/src/html/pages/dashboard/users_create.js +++ b/src/html/pages/dashboard/users_create.js @@ -1,14 +1,21 @@ -import { readFile } from 'fs/promises'; -import { navbar } from '../../../../utils/navbar.js'; -import { permissionBits } from '../../../../utils/permissions.js'; +import { readFile } from "fs/promises"; +import { navbar } from "../../../../utils/navbar.js"; +import { permissionBits } from "../../../../utils/permissions.js"; export default { path: "/dashboard/users/create", requiresLogin: true, permissions: permissionBits.ADMIN, type: "get", - async execute(request, response) { - const res = await readFile(`${process.env.WWW}/dashboard/users/create.html`, "utf8") + async execute(request, response, args) { + let res = await readFile( + `${process.env.WWW}/dashboard/users/create.html`, + "utf8", + ); + if(args?.error) res += ` + `; response.send(res.replaceAll("", navbar(request.session))); }, -} +}; diff --git a/src/html/pages/root/call.js b/src/html/pages/root/call.js index 21238e5..36c63f1 100644 --- a/src/html/pages/root/call.js +++ b/src/html/pages/root/call.js @@ -6,7 +6,7 @@ import { permissionBits } from "../../../../utils/permissions.js"; export default { path: "/calls", requiresLogin: true, - permissions: [permissionBits.CALL], + permissions: permissionBits.CALL, type: "get", async execute(request, response) { const res = await generateCallResponse(request.session); diff --git a/web.js b/web.js index a5965ff..87f18cb 100644 --- a/web.js +++ b/web.js @@ -23,23 +23,20 @@ async function launchWeb() { app.post("*", async (request, response) => { console.log("POST: " + request.originalUrl); - if (!global.handler.post[request.originalUrl]) return; - if ( - global.handler.post[request.originalUrl].requiresLogin && - !request.session.user - ) { + let handled = global.handler.post[request.originalUrl]; + + if(!handled) for(const path of Object.keys(global.handler.post)) { + if(new RegExp(path).test(request.originalUrl)) handled = global.handler.post[path]; + } + + if (!handled) return console.log(request.originalUrl); + if (handled.requiresLogin && !request.session.user) { return response.redirect("/login"); } - if ( - global.handler.post[request.originalUrl].permissions && - global.handler.post[request.originalUrl].permissions.reduce( - (a, b) => a + b, - ) & - (request.session.user.permissions == 0) - ) { - return response.status(403); + if (handled.permissions) { + if((handled.permissions & request.session.user.permissions) == 0) return response.status(403).send("Vous n'avez pas la permission d'effectuer cette action !"); } - return await global.handler.post[request.originalUrl].execute( + return await handled.execute( request, response, ); @@ -49,12 +46,20 @@ async function launchWeb() { const [path, args] = parseURL(request.originalUrl); //console.log(parseURL(request.originalUrl)); console.log(`GET: ${path}${args ? "?" + args : ""}`); + let handled = global.handler.get[path]; - if (!global.handler.get[path]) return; - if (global.handler.get[path].requiresLogin && !request.session.user) { + if(!handled) for(const path of Object.keys(global.handler.get)) { + if(new RegExp(path).test(request.originalUrl)) handled = global.handler.get[path]; + } + + if (!handled) return; + if (handled.requiresLogin && !request.session.user) { return response.redirect("/login"); } - return await global.handler.get[path].execute(request, response, args); + if (handled.permissions) { + if((handled.permissions & request.session.user.permissions) == 0) return response.status(403).send("Vous n'avez pas la permission d'accéder cette page !"); + } + return await handled.execute(request, response, args); }); const PORT = process.env.PORT || 3000; @@ -66,7 +71,14 @@ async function launchWeb() { function parseURL(URL) { const spURL = URL.split("?"); const path = spURL[0]; - const args = spURL[1]; + if(!spURL[1]) return [path, {}]; + + const args = {}; + for (let i = 0; i < spURL[1].split("=").length; i+=2) { + const key = spURL[1].split("=")[i]; + const val = spURL[1].split("=")[i+1]; + args[key] = val; + } return [path, args]; } diff --git a/www/dashboard/users/create.html b/www/dashboard/users/create.html index 6e654b8..00c1490 100644 --- a/www/dashboard/users/create.html +++ b/www/dashboard/users/create.html @@ -76,17 +76,23 @@ a { text-align: center; } + -
+

Création de compte

Formulaire de création de compte.

- - + + @@ -95,7 +101,7 @@ a {

Permissions