jrtechs
/
jrtechs-HomeBrewPlex
mirror of https://github.com/jrtechs/HomeBrewPlex.git
1
0
Fork 0
Code Issues 0 Releases 1 Wiki Activity
Browse Source

Updated system to keep track of administrator privileges and api keys for users.

pull/6/head
jrtechs 5 years ago
parent
5adecca31b
commit
0d1f384079
3 changed files with 118 additions and 58 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +58
    -43
      html/users.html
  2. +33
    -10
      server.js
  3. +27
    -5
      user.js

+ 58
- 43
html/users.html View File

@ -29,6 +29,11 @@
<input class="form-control" type="password" name="password" required>
<label>Password</label>
</div>
<div class="form-group">
<input class="form-control w-100" type="checkbox" name="admin">
<label>Admin</label>
</div>
<div class="text-center">
<input type="submit" name="add_user" value="Update User"
class="btn btn-lg btn-secondary"/>
@ -40,29 +45,31 @@
</div>
</div>
<div class="row">
<!-- Current Users -->
<div class="col-md-6">
<div class='card'>
<div class="card-header">
<h3 class="text-center">Users</h3>
</div>
<div class="card-body">
<table class="table table-striped">
<thead class="thead-dark">
{if admin}
<div class="row">
<!-- Current Users -->
<div class="col-md-8">
<div class='card'>
<div class="card-header">
<h3 class="text-center">Users</h3>
</div>
<div class="card-body">
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<td>User Name</td>
<td>User ID</td>
<td>Admin</td>
<td>Edit</td>
<td>Terminate</td>
</tr>
</thead>
<tbody>
{for user in users}
</thead>
<tbody>
{for user in users}
<tr>
<td>{user.username}</td>
<td>{user.id}</td>
<td>{user.admin}</td>
<td>
<button onclick="editHostForm({user.id}, '{user.username}')" class="btn btn-secondary">Edit User</button>
</td>
@ -73,38 +80,46 @@
</form>
</td>
</tr>
{/for}
</tbody>
</table>
{/for}
</tbody>
</table>
</div>
</div>
</div>
</div>
<!-- Add User -->
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h3 class="text-center">Add New User</h3>
</div>
<div class="card-body">
<form action="/addUser" method ="post" class="p-2">
<div class="form-group">
<label> User Name
<input class="form-control w-100" type="text" name="username" required>
</label>
</div>
<div class="form-group">
<label>Password
<input class="form-control w-100" type="password" name="password" required>
</label>
</div>
<div class="text-center">
<input type="submit" name="add_user" value="Create User"
class="btn btn-lg btn-secondary"/>
</div>
</form>
<!-- Add User -->
<div class="col-md-4">
<div class="card">
<div class="card-header">
<h3 class="text-center">Add New User</h3>
</div>
<div class="card-body">
<form action="/addUser" method ="post" class="p-2">
<div class="form-group">
<label> User Name
<input class="form-control w-100" type="text" name="username" required>
</label>
</div>
<div class="form-group">
<label>Password
<input class="form-control w-100" type="password" name="password" required>
</label>
</div>
<div class="form-group">
<label>Admin
<input class="form-control w-100" type="checkbox" name="admin">
</label>
</div>
<div class="text-center">
<input type="submit" name="add_user" value="Create User"
class="btn btn-lg btn-secondary"/>
</div>
</form>
</div>
</div>
<br>
</div>
<br>
</div>
</div>
{else}
This is an admin page.
{/if}

+ 33
- 10
server.js View File

@ -8,7 +8,6 @@ const fileIO = require('./fileIO');
const userUtils = require('./user.js');
const recursive = require('./recursiveTraversal');
const fs = require('fs');
@ -28,7 +27,7 @@ app.use(session({ secret: config.sessionSecret, cookie: { maxAge: 6000000 }}));
/** Template engine */
const whiskers = require('whiskers');
var rootDir = '/home/jeff/public/Movies/';
var rootDir = '/home/jeff/public/Shows/';
function fetchInTemplate(templateContext, templateKey, filename)
{
@ -43,9 +42,11 @@ function renderHTML(request, result, templateFile, templateDependencyFunction)
prom.push(fileIO.getFile("./html/mainTemplate.html"));
prom.push(fetchInTemplate(templateContext, "header", "./html/header.html"));
prom.push(fetchInTemplate(templateContext, "footer", "./html/footer.html"));
if(request.session.login === true)
if(checkPrivilege(request) >= PRIVILEGE.MEMBER)
{
templateContext.loggedIn = true;
if(checkPrivilege(request) === PRIVILEGE.ADMIN)
templateContext.admin = true;
if(templateDependencyFunction !== null)
prom.push(templateDependencyFunction(templateContext, request));
prom.push(fetchInTemplate(templateContext, "main","./html/" + templateFile));
@ -85,6 +86,12 @@ app.post('/login', function(request, result)
{
request.session.login = true;
request.session.username = request.body.username;
if(userUtils.isAdmin(request.body.username, config))
{
request.session.admin = true;
}
}
result.redirect('/');
});
@ -127,7 +134,7 @@ app.get('/watch', (req, res) => renderHTML(req, res, "watch.html", getVideoTempl
app.get('/video/', function(request, result)
{
if(request.session.login === true)
if(checkPrivilege(request) >= PRIVILEGE.MEMBER)
{
var videoID = request.query.v;
const path = rootDir + videoID;
@ -179,9 +186,13 @@ app.get('/video/', function(request, result)
app.post('/addUser', function(request, result)
{
if(request.session.login === true)
if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
userUtils.addUser(request.body.username, request.body.password, config);
console.log(request.body);
var admin = false;
if(request.body.admin === 'on')
admin = true;
userUtils.addUser(request.body.username, request.body.password,admin, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
result.redirect('/users');
}
@ -195,9 +206,12 @@ app.post('/addUser', function(request, result)
app.post('/edituser', function(request, result)
{
if(request.session.login === true)
if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
userUtils.editUser(request.body.id, request.body.username, request.body.password, config);
var admin = false;
if(request.body.admin === 'on')
admin = true;
userUtils.editUser(request.body.id, request.body.username, request.body.password,admin, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
result.redirect('/users');
}
@ -208,11 +222,19 @@ app.post('/edituser', function(request, result)
}
});
const PRIVILEGE = {NOBODY: 0, MEMBER: 1, ADMIN: 2};
const checkPrivilege = function(request)
{
if(request.session.login !== true)
return PRIVILEGE.NOBODY;
else if(request.session.admin === true)
return PRIVILEGE.ADMIN;
return PRIVILEGE.MEMBER;
};
app.post('/removeuser', function(request, result)
{
if(request.session.login === true)
if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
userUtils.removeUser(request.body.id, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
@ -228,6 +250,7 @@ app.post('/removeuser', function(request, result)
app.post('/logout', function(request, result)
{
request.session.login = false;
request.session.admin = false;
result.redirect('/');
});

+ 27
- 5
user.js View File

@ -27,6 +27,13 @@ const createHashedPasswordObject = function(password)
};
const generateRandomAPIKey = function()
{
const randBuff = crypto.randomBytes(64);
return crypto.createHash('sha256').update(randBuff).digest('hex');
};
/**
* Hashes a pasword with a aprticular salt
* using the crypto library
@ -63,6 +70,18 @@ const getIndexOfUser = function(username, configuration)
module.exports =
{
isAdmin: function(username, configuration)
{
var index = getIndexOfUser(username, configuration);
if(index !== -1)
{
return configuration.users[index].admin;
}
return false;
},
/**
* Checks to see if there was a valid login attempt
*
@ -81,6 +100,7 @@ module.exports =
return configuration.users[userIndex].password == hashedPassword;
},
/**
* Adds a user to the configuration
*
@ -89,7 +109,7 @@ module.exports =
* @param configuration
* @returns {boolean}
*/
addUser: function(username, password, configuration)
addUser: function(username, password, admin, configuration)
{
const userIndex = getIndexOfUser(username, configuration);
if(userIndex !== -1)
@ -97,7 +117,7 @@ module.exports =
var newUser = new Object();
newUser.username = username;
newUser.api = generateRandomAPIKey();
if(configuration.users.length === 0)
newUser.id = 1;
else
@ -106,12 +126,12 @@ module.exports =
const passObject = createHashedPasswordObject(password);
newUser.salt = passObject.salt;
newUser.password = passObject.pass;
newUser.admin = admin;
configuration.users.push(newUser);
return true;
},
/**
* Edits a user based on their id
*
@ -120,13 +140,14 @@ module.exports =
* @param password
* @param configuration
*/
editUser: function(id, userName, password, configuration)
editUser: function(id, userName, password, admin, configuration)
{
for(var i = 0; i < configuration.users.length; i++)
{
if (configuration.users[i].id + "" === id)
{
configuration.users[i].username = userName;
configuration.users[i].admin = admin;
var passObj = createHashedPasswordObject(password);
configuration.users[i].salt = passObj.salt;
@ -135,6 +156,7 @@ module.exports =
}
},
/**
* Removes a user account from the configuration
* @param id

Write Preview
Loading…
Cancel
Save