diff --git a/html/users.html b/html/users.html
index ca18f35..4aada34 100644
--- a/html/users.html
+++ b/html/users.html
@@ -29,6 +29,11 @@
+
+
-
\ No newline at end of file
+{else}
+ This is an admin page.
+{/if}
diff --git a/server.js b/server.js
index 331ebe2..9731d5a 100644
--- a/server.js
+++ b/server.js
@@ -8,7 +8,6 @@ const fileIO = require('./fileIO');
const userUtils = require('./user.js');
-
const recursive = require('./recursiveTraversal');
const fs = require('fs');
@@ -28,7 +27,7 @@ app.use(session({ secret: config.sessionSecret, cookie: { maxAge: 6000000 }}));
/** Template engine */
const whiskers = require('whiskers');
-var rootDir = '/home/jeff/public/Movies/';
+var rootDir = '/home/jeff/public/Shows/';
function fetchInTemplate(templateContext, templateKey, filename)
{
@@ -43,9 +42,11 @@ function renderHTML(request, result, templateFile, templateDependencyFunction)
prom.push(fileIO.getFile("./html/mainTemplate.html"));
prom.push(fetchInTemplate(templateContext, "header", "./html/header.html"));
prom.push(fetchInTemplate(templateContext, "footer", "./html/footer.html"));
- if(request.session.login === true)
+ if(checkPrivilege(request) >= PRIVILEGE.MEMBER)
{
templateContext.loggedIn = true;
+ if(checkPrivilege(request) === PRIVILEGE.ADMIN)
+ templateContext.admin = true;
if(templateDependencyFunction !== null)
prom.push(templateDependencyFunction(templateContext, request));
prom.push(fetchInTemplate(templateContext, "main","./html/" + templateFile));
@@ -85,6 +86,12 @@ app.post('/login', function(request, result)
{
request.session.login = true;
request.session.username = request.body.username;
+
+ if(userUtils.isAdmin(request.body.username, config))
+ {
+ request.session.admin = true;
+ }
+
}
result.redirect('/');
});
@@ -127,7 +134,7 @@ app.get('/watch', (req, res) => renderHTML(req, res, "watch.html", getVideoTempl
app.get('/video/', function(request, result)
{
- if(request.session.login === true)
+ if(checkPrivilege(request) >= PRIVILEGE.MEMBER)
{
var videoID = request.query.v;
const path = rootDir + videoID;
@@ -179,9 +186,13 @@ app.get('/video/', function(request, result)
app.post('/addUser', function(request, result)
{
- if(request.session.login === true)
+ if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
- userUtils.addUser(request.body.username, request.body.password, config);
+ console.log(request.body);
+ var admin = false;
+ if(request.body.admin === 'on')
+ admin = true;
+ userUtils.addUser(request.body.username, request.body.password,admin, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
result.redirect('/users');
}
@@ -195,9 +206,12 @@ app.post('/addUser', function(request, result)
app.post('/edituser', function(request, result)
{
- if(request.session.login === true)
+ if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
- userUtils.editUser(request.body.id, request.body.username, request.body.password, config);
+ var admin = false;
+ if(request.body.admin === 'on')
+ admin = true;
+ userUtils.editUser(request.body.id, request.body.username, request.body.password,admin, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
result.redirect('/users');
}
@@ -208,11 +222,19 @@ app.post('/edituser', function(request, result)
}
});
-
+const PRIVILEGE = {NOBODY: 0, MEMBER: 1, ADMIN: 2};
+const checkPrivilege = function(request)
+{
+ if(request.session.login !== true)
+ return PRIVILEGE.NOBODY;
+ else if(request.session.admin === true)
+ return PRIVILEGE.ADMIN;
+ return PRIVILEGE.MEMBER;
+};
app.post('/removeuser', function(request, result)
{
- if(request.session.login === true)
+ if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
userUtils.removeUser(request.body.id, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
@@ -228,6 +250,7 @@ app.post('/removeuser', function(request, result)
app.post('/logout', function(request, result)
{
request.session.login = false;
+ request.session.admin = false;
result.redirect('/');
});
diff --git a/user.js b/user.js
index 09ee1d7..213a623 100644
--- a/user.js
+++ b/user.js
@@ -27,6 +27,13 @@ const createHashedPasswordObject = function(password)
};
+const generateRandomAPIKey = function()
+{
+ const randBuff = crypto.randomBytes(64);
+ return crypto.createHash('sha256').update(randBuff).digest('hex');
+};
+
+
/**
* Hashes a pasword with a aprticular salt
* using the crypto library
@@ -63,6 +70,18 @@ const getIndexOfUser = function(username, configuration)
module.exports =
{
+
+ isAdmin: function(username, configuration)
+ {
+ var index = getIndexOfUser(username, configuration);
+
+ if(index !== -1)
+ {
+ return configuration.users[index].admin;
+ }
+ return false;
+ },
+
/**
* Checks to see if there was a valid login attempt
*
@@ -81,6 +100,7 @@ module.exports =
return configuration.users[userIndex].password == hashedPassword;
},
+
/**
* Adds a user to the configuration
*
@@ -89,7 +109,7 @@ module.exports =
* @param configuration
* @returns {boolean}
*/
- addUser: function(username, password, configuration)
+ addUser: function(username, password, admin, configuration)
{
const userIndex = getIndexOfUser(username, configuration);
if(userIndex !== -1)
@@ -97,7 +117,7 @@ module.exports =
var newUser = new Object();
newUser.username = username;
-
+ newUser.api = generateRandomAPIKey();
if(configuration.users.length === 0)
newUser.id = 1;
else
@@ -106,12 +126,12 @@ module.exports =
const passObject = createHashedPasswordObject(password);
newUser.salt = passObject.salt;
newUser.password = passObject.pass;
-
+ newUser.admin = admin;
configuration.users.push(newUser);
-
return true;
},
+
/**
* Edits a user based on their id
*
@@ -120,13 +140,14 @@ module.exports =
* @param password
* @param configuration
*/
- editUser: function(id, userName, password, configuration)
+ editUser: function(id, userName, password, admin, configuration)
{
for(var i = 0; i < configuration.users.length; i++)
{
if (configuration.users[i].id + "" === id)
{
configuration.users[i].username = userName;
+ configuration.users[i].admin = admin;
var passObj = createHashedPasswordObject(password);
configuration.users[i].salt = passObj.salt;
@@ -135,6 +156,7 @@ module.exports =
}
},
+
/**
* Removes a user account from the configuration
* @param id