Browse Source

Revoke api key functionality added.

pull/6/head
jrtechs 5 years ago
parent
commit
10bd53ffd2
3 changed files with 111 additions and 24 deletions
  1. +71
    -24
      html/users.html
  2. +20
    -0
      server.js
  3. +20
    -0
      user.js

+ 71
- 24
html/users.html View File

@ -1,15 +1,17 @@
<script> <script>
function editHostForm(id, username)
function editHostForm(id, username, apiKey)
{ {
$("#editUserBox").css("display", "block");
$("#editUserBox").css("display", "");
$("#useridLabel").val(id); $("#useridLabel").val(id);
$("#usernameLabel").val(username); $("#usernameLabel").val(username);
$("#revokeAPIUsername").val(username);
$("#apiDisplay").html(apiKey);
} }
</script> </script>
<div id="editUserBox" class="row" style="display:none"> <div id="editUserBox" class="row" style="display:none">
<!-- Edit User --> <!-- Edit User -->
<div class="col-md-6">
<div class="col-md-6 col-12">
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h3 class="text-center">Edit User</h3> <h3 class="text-center">Edit User</h3>
@ -42,6 +44,29 @@
</div> </div>
<br> <br>
</div> </div>
<!-- Edit API -->
<div class="col-md-6 col-12">
<div class="card">
<div class="card-header">
<h3 class="text-center">API Settings</h3>
</div>
<div class="card-body">
<h4>Current API Key</h4>
<p id="apiDisplay"></p>
<form action="/revokeAPI" method ="post" class="p-2">
<input class="form-control" id="revokeAPIUsername" type="text" name="username" value="" hidden>
<div class="text-center">
<input type="submit" name="revoke_api" value="Generate New API Key"
class="btn btn-lg btn-secondary"/>
</div>
</form>
</div>
</div>
<br>
</div>
</div> </div>
{if admin} {if admin}
@ -70,7 +95,7 @@
<td>{user.id}</td> <td>{user.id}</td>
<td>{user.admin}</td> <td>{user.admin}</td>
<td> <td>
<button onclick="editHostForm({user.id}, '{user.username}')" class="btn btn-secondary">Edit User</button>
<button onclick="editHostForm({user.id}, '{user.username}', '{user.api}')" class="btn btn-secondary">Edit User</button>
</td> </td>
<td> <td>
<form action="/removeuser" method ="post" > <form action="/removeuser" method ="post" >
@ -121,29 +146,51 @@
</div> </div>
{else} {else}
{if loggedIn} {if loggedIn}
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h3 class="text-center">Update Profile</h3>
<div class="row">
<div class="col-md-6 col-12">
<div class="card">
<div class="card-header">
<h3 class="text-center">Update Profile</h3>
</div>
<div class="card-body">
<form action="/updateUser" method ="post" class="p-2">
<div class="form-group">
<input class="form-control" id="usernameLabel" type="text" name="username" value="{username}" required>
<label>User Name</label>
</div>
<div class="form-group">
<input class="form-control" type="password" name="password" required>
<label>Password</label>
</div>
<div class="text-center">
<input type="submit" name="Update Profile" value="Update User"
class="btn btn-lg btn-secondary"/>
</div>
</form>
</div>
</div> </div>
<div class="card-body">
<form action="/updateUser" method ="post" class="p-2">
<div class="form-group">
<input class="form-control" id="usernameLabel" type="text" name="username" value="{username}" required>
<label>User Name</label>
</div>
<div class="form-group">
<input class="form-control" type="password" name="password" required>
<label>Password</label>
</div>
<div class="text-center">
<input type="submit" name="Update Profile" value="Update User"
class="btn btn-lg btn-secondary"/>
</div>
</form>
<br>
</div>
<div class="col-md-6 col-12">
<div class="card">
<div class="card-header">
<h3 class="text-center">API Settings</h3>
</div>
<div class="card-body">
<h4>Current API Key</h4>
<p>{apiKey}</p>
<form action="/revokeAPI" method ="post" class="p-2">
<div class="text-center">
<input type="submit" name="revoke_api" value="Generate New API Key"
class="btn btn-lg btn-secondary"/>
</div>
</form>
</div>
</div> </div>
<br>
</div> </div>
<br>
</div> </div>
{else} {else}
<h1 class="align-content-center">Login Required</h1> <h1 class="align-content-center">Login Required</h1>

+ 20
- 0
server.js View File

@ -66,6 +66,8 @@ function renderHTML(request, result, templateFile, templateDependencyFunction)
function getUserInformation(templateContext, request) function getUserInformation(templateContext, request)
{ {
templateContext.users = config.users; templateContext.users = config.users;
templateContext.apiKey = request.session.API;
templateContext.id = request.session.userID; templateContext.id = request.session.userID;
templateContext.username = request.session.username; templateContext.username = request.session.username;
} }
@ -90,6 +92,7 @@ app.post('/login', function(request, result)
request.session.login = true; request.session.login = true;
request.session.username = request.body.username; request.session.username = request.body.username;
request.session.userID = userUtils.getID(request.body.username, config); request.session.userID = userUtils.getID(request.body.username, config);
request.session.API = userUtils.getAPIKEY(request.body.username, config);
if(userUtils.isAdmin(request.body.username, config)) if(userUtils.isAdmin(request.body.username, config))
{ {
request.session.admin = true; request.session.admin = true;
@ -185,6 +188,23 @@ app.get('/video/', function(request, result)
}); });
app.post('/revokeAPI', function(request, result)
{
if(checkPrivilege(request) === PRIVILEGE.ADMIN)
{
userUtils.revokeAPI(request.body.username, config);
request.session.API = userUtils.getAPIKEY(request.session.username, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
}
else if (checkPrivilege(request) === PRIVILEGE.MEMBER)
{
userUtils.revokeAPI(request.session.username, config);
request.session.API = userUtils.getAPIKEY(request.session.username, config);
fileIO.writeJSONToFile(CONFIG_FILE_NAME, config);
}
result.redirect('/users');
});
app.post('/addUser', function(request, result) app.post('/addUser', function(request, result)
{ {

+ 20
- 0
user.js View File

@ -89,6 +89,26 @@ module.exports =
return configuration.users[index].id; return configuration.users[index].id;
}, },
revokeAPI: function(username, configuration)
{
var index = getIndexOfUser(username, configuration);
if(index !== -1)
{
configuration.users[index].api = generateRandomAPIKey();
}
},
getAPIKEY: function(username, configuration)
{
var index = getIndexOfUser(username, configuration);
if(index !== -1)
return configuration.users[index].api;
return 0;
},
/** /**
* Checks to see if there was a valid login attempt * Checks to see if there was a valid login attempt
* *

Loading…
Cancel
Save