Add user deletion and subdomain handling

2023-12-12 13:43:47 +01:00 · 2023-12-12 13:43:47 +01:00 · 7caff58cdf
commit 7caff58cdf
parent 3c9d92a497
10 changed files with 122 additions and 23 deletions
--- a/package.json
+++ b/package.json
@ -16,6 +16,7 @@
    "express-session": "^1.17.3",
    "sequelize": "^6.35.1",
    "serve-favicon": "^2.5.0",
-    "sqlite3": "^5.1.6"
+    "sqlite3": "^5.1.6",
+    "vhost": "^3.0.2"
  }
 }
--- a/src/html/pages/api/contacts/delete.js
+++ b/src/html/pages/api/contacts/delete.js
@ -0,0 +1,19 @@
+import { permissionBits } from "../../../../../utils/permissions.js";
+
+export default {
+    path: "/api/contacts/:phone",
+    requiresLogin: true,
+    permissions: permissionBits.ADMIN,
+    type: "delete",
+    async execute(request, response) {
+        const { phone } = request.params;
+        const contact = await global.database.contacts.findOne({
+            where: { phone: phone },
+        });
+        if (!contact) return response.status(404).send({ message: "Contact does not exist" });
+        
+        await contact.destroy();
+      
+        response.status(200).send({});
+    },
+};
--- a/src/html/pages/api/users/delete.js
+++ b/src/html/pages/api/users/delete.js
@ -0,0 +1,19 @@
+import { permissionBits } from "../../../../../utils/permissions.js";
+
+export default {
+    path: "/api/users/:username",
+    requiresLogin: true,
+    permissions: permissionBits.ADMIN,
+    type: "delete",
+    async execute(request, response) {
+        const { username } = request.params;
+        const user = await global.database.users.findOne({
+            where: { username: username },
+        });
+        if (!user) return response.status(404).send({ message: "User does not exist" });
+        
+        await user.destroy();
+      
+        response.status(200).send({});
+    },
+};
--- a/src/html/pages/dashboard/users/list.js
+++ b/src/html/pages/dashboard/users/list.js
@ -36,7 +36,7 @@ function genUserTable(users) {
        <tr>
          <td><a href='./${user.username}'>${user.username}</a></td>
          <td>${userPerms.join(", ")}</td>
-          <!--<td><button>Supprimer</button></td>-->
+          <td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
        </tr>`;
    }
    res += `</table>`;
--- a/src/html/pages/dashboard/users/show.js
+++ b/src/html/pages/dashboard/users/show.js
@ -1,6 +1,9 @@
-import { permissionBits, checkPermissions } from '../../../../../utils/permissions.js';
-import { readFile } from 'fs/promises';
-import { navbar } from '../../../../../utils/navbar.js';
+import {
+    permissionBits,
+    checkPermissions,
+} from "../../../../../utils/permissions.js";
+import { readFile } from "fs/promises";
+import { navbar } from "../../../../../utils/navbar.js";

 export default {
    path: "/dashboard/users/:username",
@ -9,22 +12,28 @@ export default {
    type: "get",
    async execute(request, response) {
        const { username } = request.params;
-        const user = await global.database.users.findOne({ where: { username: username } });
-        if(!user) return response.redirect('/dashboard/users');
-        const html = await readFile(`${process.env.WWW}/dashboard/users/info.html`);
-        response.send(html.toString()
-            .replace('<NAVBAR>', navbar(request.session))
-            .replace('<USERINFO>', getUserHTML(user))
+        const user = await global.database.users.findOne({
+            where: { username: username },
+        });
+        if (!user) return response.redirect("/dashboard/users");
+        const html = await readFile(
+            `${process.env.WWW}/dashboard/users/info.html`,
+        );
+        response.send(
+            html
+                .toString()
+                .replace("<NAVBAR>", navbar(request.session))
+                .replace("<USERINFO>", getUserHTML(user)),
        );
    },
-}
+};

 function getUserHTML(user) {
    const userPermDict = checkPermissions(user.permissions);
    let userPerms = [];
    for (const [key, value] of Object.entries(userPermDict)) {
-        if(value && key != "default") userPerms.push(key);
-    };
+        if (value && key != "default") userPerms.push(key);
+    }
    let res = `
      <table>
        <tr>
@ -35,7 +44,7 @@ function getUserHTML(user) {
        <tr>
          <td>${user.username}</td>
          <td>${userPerms.join(", ")}</td>
-          <td><button>Supprimer</button></td>
+          <td><button onclick="deleteUser('${user.username}');">Supprimer</button></td>
        </tr>
      </table>`;
    return res;
--- a/utils/handler.js
+++ b/utils/handler.js
@ -80,6 +80,25 @@ async function deployHandler(app) {
            );
        });
    }
+
+    for(const endpoint of handler.delete) {
+        app.delete(endpoint.path, async (request, response) => {
+            console.log("DELETE: " + request.originalUrl);
+            
+            if (endpoint.requiresLogin && !request.session.user) {
+                return response.redirect("/login");
+            }
+            if (endpoint.permissions) {
+                if((endpoint.permissions & request.session.user.permissions) == 0) {
+                    return response.status(403).send("Vous n'avez pas la permission d'effectuer cette action !");
+                }
+            }
+            return await endpoint.execute(
+                request,
+                response,
+            );
+        });
+    }
 }

 function parseURL(URL) {
--- a/web.js
+++ b/web.js
@ -2,9 +2,11 @@ import express from "express";
 import session from "express-session";
 import { deployHandler } from "./utils/handler.js";
 import favicon from "serve-favicon";
+import vhost from "vhost";

 async function launchWeb() {
    const app = express();
+    const routerApp = express();

    app.use(express.json()); // Used to parse JSON bodies
    app.use(express.urlencoded({ extended: false })); //Parse URL-encoded bodies
@ -15,6 +17,7 @@ async function launchWeb() {
            saveUninitialized: true,
        }),
    );
+    routerApp.use(vhost(`${process.env.SERVER_URL}`, app));

    app.use("/assets", express.static(`${process.env.WWW}/assets`));
    app.use(favicon(`${process.env.WWW}/assets/images/favicon.ico`));
@ -22,8 +25,10 @@ async function launchWeb() {
    await deployHandler(app);

    const PORT = process.env.PORT || 3000;
-    app.listen(PORT, () => {
-        console.log(`App available at http://localhost:${PORT}`);
+    routerApp.listen(PORT, () => {
+        console.log(
+            `App available at http://${process.env.SERVER_URL}:${PORT}`,
+        );
    });
 }

--- a/www/dashboard/index.html
+++ b/www/dashboard/index.html
@ -1,3 +1,4 @@
+<!DOCTYPE html>
 <html>
 <head>
    <meta charset="UTF-8">
--- a/www/dashboard/users/info.html
+++ b/www/dashboard/users/info.html
@ -11,8 +11,21 @@
  </style>
 </head>
 <body>
-<NAVBAR>
-<USERINFO>
-<a href='./'><p>Retour</p></a>
+  <script>
+    function deleteUser(username) {
+        fetch(`/api/users/${username}`, {
+            method: "DELETE",
+        })
+        .then(async (response) => {
+            const res = await response.json();
+            console.log(res);
+            if(!response.ok) return alert(res.message);
+            location.reload();
+        });
+    }
+  </script>
+  <NAVBAR>
+  <USERINFO>
+  <a href='./'><p>Retour</p></a>
 </body>
 </html>
--- a/www/dashboard/users/list.html
+++ b/www/dashboard/users/list.html
@ -11,8 +11,21 @@
  </style>
 </head>
 <body>
-<NAVBAR>
-<USERTABLE>
-<a href='./'><p>Retour</p></a>
+  <script>
+    function deleteUser(username) {
+        fetch(`/api/users/${username}`, {
+            method: "DELETE",
+        })
+        .then(async (response) => {
+            const res = await response.json();
+            console.log(res);
+            if(!response.ok) return alert(res.message);
+            location.reload();
+        });
+    }
+  </script>
+  <NAVBAR>
+  <USERTABLE>
+  <a href='./'><p>Retour</p></a>
 </body>
 </html>