From ead85a4f7a1b64bec96fba68eb576f84872a6c7f Mon Sep 17 00:00:00 2001 From: jrtechs Date: Thu, 7 Feb 2019 22:01:49 -0500 Subject: [PATCH] A ton of work on refactoring the code to be more modular and use routes. --- configManager.js | 13 +++ html/home.html | 2 +- html/login.html | 2 +- html/users.html | 12 +- html/videos.html | 2 +- routes/users/addUser.js | 19 +++- routes/users/edituser.js | 18 ++- routes/users/index.js | 24 ++++ routes/users/login.js | 17 ++- routes/users/logout.js | 7 +- routes/users/removeuser.js | 13 ++- routes/users/revokeAPI.js | 16 ++- routes/users/updateUser.js | 16 ++- server.js | 224 ++++++++++++++++++------------------- user.js | 91 ++++++++------- utils.js | 59 ++++++++++ 16 files changed, 358 insertions(+), 177 deletions(-) create mode 100644 configManager.js create mode 100644 utils.js diff --git a/configManager.js b/configManager.js new file mode 100644 index 0000000..f568902 --- /dev/null +++ b/configManager.js @@ -0,0 +1,13 @@ +module.exports = + { + getConfiguration: function() + { + + }, + + syncToDisk: function() + { + + } + + }; \ No newline at end of file diff --git a/html/home.html b/html/home.html index f135e93..4f5e8fd 100644 --- a/html/home.html +++ b/html/home.html @@ -7,7 +7,7 @@

Welcome {username}.


-
+
diff --git a/html/login.html b/html/login.html index a67984b..6282931 100644 --- a/html/login.html +++ b/html/login.html @@ -4,7 +4,7 @@

Login

- +
diff --git a/html/users.html b/html/users.html index 9da3f76..d5baa7a 100644 --- a/html/users.html +++ b/html/users.html @@ -17,7 +17,7 @@

Edit User

- +
@@ -56,7 +56,7 @@

Current API Key

- +
Edit User - + @@ -118,7 +118,7 @@

Add New User

-
+
- +
@@ -181,7 +181,7 @@

Current API Key

{apiKey}

- +
diff --git a/html/videos.html b/html/videos.html index e90e048..05ab971 100644 --- a/html/videos.html +++ b/html/videos.html @@ -1,4 +1,4 @@ -

Videos

+

Videos

diff --git a/routes/users/addUser.js b/routes/users/addUser.js index 3858c60..17d40a2 100644 --- a/routes/users/addUser.js +++ b/routes/users/addUser.js @@ -1,10 +1,25 @@ const routes = require('express').Router(); +const utils = require("../../utils"); +const userUtils = require("../../user"); -routes.get('/', (request, result) => +routes.post('/', (request, result) => { - + if(utils.checkPrivilege(request) === utils.PRIVILEGE.ADMIN) + { + console.log(request.body); + var admin = false; + if(request.body.admin === 'on') + admin = true; + userUtils.addUser(request.body.username, request.body.password,admin); + result.redirect('/users'); + } + else + { + result.status(401); + result.send('None shall pass'); + } }); module.exports = routes; \ No newline at end of file diff --git a/routes/users/edituser.js b/routes/users/edituser.js index 3858c60..5da14c9 100644 --- a/routes/users/edituser.js +++ b/routes/users/edituser.js @@ -1,10 +1,24 @@ const routes = require('express').Router(); +const utils = require("../../utils"); +const userUtils = require("../../user"); -routes.get('/', (request, result) => +routes.post('/', (request, result) => { - + if(utils.checkPrivilege(request) === utils.PRIVILEGE.ADMIN) + { + var admin = false; + if(request.body.admin === 'on') + admin = true; + userUtils.editUser(request.body.id, request.body.username, request.body.password,admin); + result.redirect('/users'); + } + else + { + result.status(401); + result.send('None shall pass'); + } }); module.exports = routes; \ No newline at end of file diff --git a/routes/users/index.js b/routes/users/index.js index 3690a91..04049c5 100644 --- a/routes/users/index.js +++ b/routes/users/index.js @@ -2,6 +2,30 @@ const routes = require('express').Router(); const utils = require("../../utils"); +const addUser = require('./addUser'); +routes.get('/addUser', addUser); + +const editUser = require('./edituser'); +routes.get('/edituser', editUser); + +const login = require('./login'); +routes.get('/login', login); + + +const logout = require('./logout'); +routes.get('/logout', logout); + +const removeuser = require('./removeuser'); +routes.get('/removeuser', removeuser); + + +const revokeAPI = require('./revokeAPI'); +routes.get('/revokeAPI', revokeAPI); + + +const updateUser = require('./updateUser'); +routes.get('/updateUser', updateUser); + routes.get('/', (request, result) => { utils.renderHTML(request, result, "users.html", getUserInformation); diff --git a/routes/users/login.js b/routes/users/login.js index 3858c60..ca9f382 100644 --- a/routes/users/login.js +++ b/routes/users/login.js @@ -1,10 +1,21 @@ const routes = require('express').Router(); +const userUtils = require("../../user"); - -routes.get('/', (request, result) => +routes.post('/', (request, result) => { - + if(userUtils.checkLogin(request.body.username, request.body.password)) + { + request.session.login = true; + request.session.username = request.body.username; + request.session.userID = userUtils.getID(request.body.username); + request.session.API = userUtils.getAPIKEY(request.body.username); + if(userUtils.isAdmin(request.body.username)) + { + request.session.admin = true; + } + } + result.redirect('/'); }); module.exports = routes; \ No newline at end of file diff --git a/routes/users/logout.js b/routes/users/logout.js index 3858c60..0345766 100644 --- a/routes/users/logout.js +++ b/routes/users/logout.js @@ -1,10 +1,11 @@ const routes = require('express').Router(); - -routes.get('/', (request, result) => +routes.post('/', (request, result) => { - + request.session.login = false; + request.session.admin = false; + result.redirect('/'); }); module.exports = routes; \ No newline at end of file diff --git a/routes/users/removeuser.js b/routes/users/removeuser.js index 3858c60..0875e57 100644 --- a/routes/users/removeuser.js +++ b/routes/users/removeuser.js @@ -1,10 +1,21 @@ const routes = require('express').Router(); +const utils = require("../../utils"); +const userUtils = require("../../user"); routes.get('/', (request, result) => { - + if(utils.checkPrivilege(request) === utils.PRIVILEGE.ADMIN) + { + userUtils.removeUser(request.body.id); + result.redirect('/users'); + } + else + { + result.status(401); + result.send('None shall pass'); + } }); module.exports = routes; \ No newline at end of file diff --git a/routes/users/revokeAPI.js b/routes/users/revokeAPI.js index 3858c60..9888e48 100644 --- a/routes/users/revokeAPI.js +++ b/routes/users/revokeAPI.js @@ -1,10 +1,22 @@ const routes = require('express').Router(); +const utils = require("../../utils"); +const userUtils = require("../../user"); -routes.get('/', (request, result) => +routes.post('/', (request, result) => { - + if(utils.checkPrivilege(request) === utils.PRIVILEGE.ADMIN) + { + userUtils.revokeAPI(request.body.username, config); + request.session.API = userUtils.getAPIKEY(request.session.username); + } + else if (checkPrivilege(request) === PRIVILEGE.MEMBER) + { + userUtils.revokeAPI(request.session.username); + request.session.API = userUtils.getAPIKEY(request.session.username); + } + result.redirect('/users'); }); module.exports = routes; \ No newline at end of file diff --git a/routes/users/updateUser.js b/routes/users/updateUser.js index 3858c60..62a0197 100644 --- a/routes/users/updateUser.js +++ b/routes/users/updateUser.js @@ -1,10 +1,22 @@ const routes = require('express').Router(); +const utils = require("../../utils"); +const userUtils = require("../../user"); -routes.get('/', (request, result) => +routes.post('/', (request, result) => { - + if(utils.checkPrivilege(request) >= utils.PRIVILEGE.MEMBER) + { + var admin = false; + userUtils.editUser(request.session.userID, request.body.username, request.body.password,admin); + result.redirect('/users'); + } + else + { + result.status(401); + result.send('None shall pass'); + } }); module.exports = routes; \ No newline at end of file diff --git a/server.js b/server.js index ff6dec3..44e8d21 100644 --- a/server.js +++ b/server.js @@ -244,129 +244,129 @@ app.get('/video/', function(request, result) }); -app.post('/revokeAPI', function(request, result) -{ - if(checkPrivilege(request) === PRIVILEGE.ADMIN) - { - userUtils.revokeAPI(request.body.username, config); - request.session.API = userUtils.getAPIKEY(request.session.username, config); - fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); - } - else if (checkPrivilege(request) === PRIVILEGE.MEMBER) - { - userUtils.revokeAPI(request.session.username, config); - request.session.API = userUtils.getAPIKEY(request.session.username, config); - fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); - } - result.redirect('/users'); -}); +// app.post('/revokeAPI', function(request, result) +// { +// if(checkPrivilege(request) === PRIVILEGE.ADMIN) +// { +// userUtils.revokeAPI(request.body.username, config); +// request.session.API = userUtils.getAPIKEY(request.session.username, config); +// fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); +// } +// else if (checkPrivilege(request) === PRIVILEGE.MEMBER) +// { +// userUtils.revokeAPI(request.session.username, config); +// request.session.API = userUtils.getAPIKEY(request.session.username, config); +// fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); +// } +// result.redirect('/users'); +// }); -app.post('/addUser', function(request, result) -{ - if(checkPrivilege(request) === PRIVILEGE.ADMIN) - { - console.log(request.body); - var admin = false; - if(request.body.admin === 'on') - admin = true; - userUtils.addUser(request.body.username, request.body.password,admin, config); - fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); - result.redirect('/users'); - } - else - { - result.status(401); - result.send('None shall pass'); - } -}); +// app.post('/addUser', function(request, result) +// { +// if(checkPrivilege(request) === PRIVILEGE.ADMIN) +// { +// console.log(request.body); +// var admin = false; +// if(request.body.admin === 'on') +// admin = true; +// userUtils.addUser(request.body.username, request.body.password,admin, config); +// fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); +// result.redirect('/users'); +// } +// else +// { +// result.status(401); +// result.send('None shall pass'); +// } +// }); -app.post('/edituser', function(request, result) -{ - if(checkPrivilege(request) === PRIVILEGE.ADMIN) - { - var admin = false; - if(request.body.admin === 'on') - admin = true; - userUtils.editUser(request.body.id, request.body.username, request.body.password,admin, config); - fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); - result.redirect('/users'); - } - else - { - result.status(401); - result.send('None shall pass'); - } -}); +// app.post('/edituser', function(request, result) +// { +// if(checkPrivilege(request) === PRIVILEGE.ADMIN) +// { +// var admin = false; +// if(request.body.admin === 'on') +// admin = true; +// userUtils.editUser(request.body.id, request.body.username, request.body.password,admin, config); +// fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); +// result.redirect('/users'); +// } +// else +// { +// result.status(401); +// result.send('None shall pass'); +// } +// }); -app.post('/updateUser', function(request, result) -{ - if(checkPrivilege(request) >= PRIVILEGE.MEMBER) - { - console.log(request.session.userID); - var admin = false; - userUtils.editUser(request.session.userID, request.body.username, request.body.password,admin, config); - fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); - result.redirect('/users'); - } - else - { - result.status(401); - result.send('None shall pass'); - } -}); +// app.post('/updateUser', function(request, result) +// { +// if(checkPrivilege(request) >= PRIVILEGE.MEMBER) +// { +// console.log(request.session.userID); +// var admin = false; +// userUtils.editUser(request.session.userID, request.body.username, request.body.password,admin, config); +// fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); +// result.redirect('/users'); +// } +// else +// { +// result.status(401); +// result.send('None shall pass'); +// } +// }); -const PRIVILEGE = {NOBODY: 0, MEMBER: 1, ADMIN: 2}; -const checkPrivilege = function(request) -{ - if(request.session.login !== true) - return PRIVILEGE.NOBODY; - else if(request.session.admin === true) - return PRIVILEGE.ADMIN; - return PRIVILEGE.MEMBER; -}; - -app.post('/removeuser', function(request, result) -{ - if(checkPrivilege(request) === PRIVILEGE.ADMIN) - { - userUtils.removeUser(request.body.id, config); - fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); - result.redirect('/users'); - } - else - { - result.status(401); - result.send('None shall pass'); - } -}); +// const PRIVILEGE = {NOBODY: 0, MEMBER: 1, ADMIN: 2}; +// const checkPrivilege = function(request) +// { +// if(request.session.login !== true) +// return PRIVILEGE.NOBODY; +// else if(request.session.admin === true) +// return PRIVILEGE.ADMIN; +// return PRIVILEGE.MEMBER; +// }; + +// app.post('/removeuser', function(request, result) +// { +// if(checkPrivilege(request) === PRIVILEGE.ADMIN) +// { +// userUtils.removeUser(request.body.id, config); +// fileIO.writeJSONToFile(CONFIG_FILE_NAME, config); +// result.redirect('/users'); +// } +// else +// { +// result.status(401); +// result.send('None shall pass'); +// } +// }); -app.post('/logout', function(request, result) -{ - request.session.login = false; - request.session.admin = false; - result.redirect('/'); -}); +// app.post('/logout', function(request, result) +// { +// request.session.login = false; +// request.session.admin = false; +// result.redirect('/'); +// }); -app.post('/login', function(request, result) -{ - if(userUtils.checkLogin(request.body.username, request.body.password, config)) - { - request.session.login = true; - request.session.username = request.body.username; - request.session.userID = userUtils.getID(request.body.username, config); - request.session.API = userUtils.getAPIKEY(request.body.username, config); - if(userUtils.isAdmin(request.body.username, config)) - { - request.session.admin = true; - } - } - result.redirect('/'); -}); +// app.post('/login', function(request, result) +// { +// if(userUtils.checkLogin(request.body.username, request.body.password, config)) +// { +// request.session.login = true; +// request.session.username = request.body.username; +// request.session.userID = userUtils.getID(request.body.username, config); +// request.session.API = userUtils.getAPIKEY(request.body.username, config); +// if(userUtils.isAdmin(request.body.username, config)) +// { +// request.session.admin = true; +// } +// } +// result.redirect('/'); +// }); app.listen(config.port, () => console.log(`App listening on port ${config.port}!`)); \ No newline at end of file diff --git a/user.js b/user.js index 04c4594..206b399 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,12 @@ /** Crypto package used for hashing */ const crypto = require('crypto'); + +const configManager = require("./configManager"); + +var users = configManager.getConfiguration().users; + + /** * Helper function to generate a hashed password * from a given plain text password. @@ -52,13 +58,13 @@ const hashPassword = function(password, salt) * Fetches the index of the user in the configuration. If the * user does not exists a -1 is returned. */ -const getIndexOfUser = function(username, configuration) +const getIndexOfUser = function(username) { - for(var i = 0; i < configuration.users.length; i++) + for(var i = 0; i < users.length; i++) { - if (username === configuration.users[i].username) + if (username === users[i].username) { - if(username === configuration.users[i].username) + if(username === users[i].username) { return i; } @@ -71,11 +77,11 @@ const getIndexOfUser = function(username, configuration) module.exports = { - isValidAPI: function(apiKey, configuration) + isValidAPI: function(apiKey) { - for(var i = 0; i < configuration.users.length; i++) + for(var i = 0; i < users.length; i++) { - if(configuration.users[i].api === apiKey) + if(users[i].api === apiKey) { return true; } @@ -83,41 +89,42 @@ module.exports = return false; }, - isAdmin: function(username, configuration) + isAdmin: function(username) { - var index = getIndexOfUser(username, configuration); + var index = getIndexOfUser(username); if(index !== -1) { - return configuration.users[index].admin; + return users[index].admin; } return false; }, - getID: function(username, configuration) + getID: function(username) { - var index = getIndexOfUser(username, configuration); - return configuration.users[index].id; + var index = getIndexOfUser(username); + return users[index].id; }, - revokeAPI: function(username, configuration) + revokeAPI: function(username) { - var index = getIndexOfUser(username, configuration); + var index = getIndexOfUser(username); if(index !== -1) { - configuration.users[index].api = generateRandomAPIKey(); + users[index].api = generateRandomAPIKey(); } + configManager.syncToDisk(); }, - getAPIKEY: function(username, configuration) + getAPIKEY: function(username) { - var index = getIndexOfUser(username, configuration); + var index = getIndexOfUser(username); if(index !== -1) - return configuration.users[index].api; + return users[index].api; return 0; }, @@ -126,17 +133,16 @@ module.exports = * * @param username * @param password - * @param configuration * @returns {boolean} */ - checkLogin: function(username, password, configuration) + checkLogin: function(username, password) { - const userIndex = getIndexOfUser(username, configuration); + const userIndex = getIndexOfUser(username); if(userIndex === -1) return false; - const hashedPassword = hashPassword(password, configuration.users[userIndex].salt); - return configuration.users[userIndex].password == hashedPassword; + const hashedPassword = hashPassword(password, users[userIndex].salt); + return users[userIndex].password == hashedPassword; }, @@ -145,28 +151,29 @@ module.exports = * * @param username * @param password - * @param configuration * @returns {boolean} */ - addUser: function(username, password, admin, configuration) + addUser: function(username, password, admin) { - const userIndex = getIndexOfUser(username, configuration); + const userIndex = getIndexOfUser(username); if(userIndex !== -1) return false; // user already exists var newUser = new Object(); newUser.username = username; newUser.api = generateRandomAPIKey(); - if(configuration.users.length === 0) + if(users.length === 0) newUser.id = 1; else - newUser.id = configuration.users[configuration.users.length -1].id + 1; + newUser.id = users[users.length -1].id + 1; const passObject = createHashedPasswordObject(password); newUser.salt = passObject.salt; newUser.password = passObject.pass; newUser.admin = admin; - configuration.users.push(newUser); + users.push(newUser); + configManager.syncToDisk(); + return true; }, @@ -177,36 +184,38 @@ module.exports = * @param id * @param userName * @param password - * @param configuration */ - editUser: function(id, userName, password, admin, configuration) + editUser: function(id, userName, password, admin) { - for(var i = 0; i < configuration.users.length; i++) + for(var i = 0; i < users.length; i++) { - if (configuration.users[i].id=== id) + if (users[i].id=== id) { console.log("User account updated."); - configuration.users[i].username = userName; - configuration.users[i].admin = admin; + users[i].username = userName; + users[i].admin = admin; var passObj = createHashedPasswordObject(password); - configuration.users[i].salt = passObj.salt; - configuration.users[i].password = passObj.pass; + users[i].salt = passObj.salt; + users[i].password = passObj.pass; } } + + configManager.syncToDisk(); }, /** * Removes a user account from the configuration * @param id - * @param configuration */ - removeUser: function(id, configuration) + removeUser: function(id) { - configuration.users = configuration.users.filter(function(value, index, arr) + users = users.filter(function(value, index, arr) { return value.id + "" !== id }); + + configManager.syncToDisk(); } }; diff --git a/utils.js b/utils.js new file mode 100644 index 0000000..95e1ba3 --- /dev/null +++ b/utils.js @@ -0,0 +1,59 @@ +function fetchInTemplate(templateContext, templateKey, filename) +{ + templateContext[templateKey] = fileIO.getFile(filename); +} + + +const PRIVILEGE = {NOBODY: 0, MEMBER: 1, ADMIN: 2}; + +/** Template engine */ +const whiskers = require('whiskers'); + +module.exports = + { + renderHTML: function(request, result, templateFile, templateDependencyFunction) + { + var templateContext = Object(); + var prom = []; + + prom.push(fileIO.getFile("./html/mainTemplate.html")); + prom.push(fetchInTemplate(templateContext, "header", "./html/header.html")); + prom.push(fetchInTemplate(templateContext, "footer", "./html/footer.html")); + if(checkPrivilege(request) >= PRIVILEGE.MEMBER) + { + templateContext.loggedIn = true; + if(checkPrivilege(request) === PRIVILEGE.ADMIN) + templateContext.admin = true; + if(templateDependencyFunction !== null) + prom.push(templateDependencyFunction(templateContext, request)); + prom.push(fetchInTemplate(templateContext, "main","./html/" + templateFile)); + } + else + { + prom.push(fetchInTemplate(templateContext, "login","./html/login.html")); + } + + Promise.all(prom).then(function(content) + { + result.write(whiskers.render(content[0], templateContext)); + result.end(); + }); + }, + + PRIVILEGE: + { + NOBODY: 0, + MEMBER: 1, + ADMIN: 2 + }, + + + checkPrivilege: function(request) + { + if(request.session.login !== true) + return module.exports.PRIVILEGE.NOBODY; + else if(request.session.admin === true) + return module.exports.PRIVILEGE.ADMIN; + return module.exports.RIVILEGE.MEMBER; + } + }; \ No newline at end of file