Merge pull request #46 from jrtechs/users

Admin User Management (Closes #45)

admin/admin.js

@@ -27,27 +27,27 @@ module.exports=
      */
     main: function(request, clientAddress, templateContext, filename)
     {
-        console.log("admin main called");
         return new Promise(function(resolve, reject)
         {
             //if logged in
             if(request.session && request.session.user)
             {
-                console.log(filename);
                 templateContext.loggedIn = true;
                 utils.getPostData(request).then(function (postData)
                 {
-                    console.log("temp 1");
                     var page = "./adminHome.js";
                     if(filename.includes('/downloads'))
                     {
                         page = "./adminDownloads.js";
-                        console.log("downloads time")
                     }
                     else if(filename.includes("/posts"))
                     {
                         page = "./posts.js";
                     }
+                    else if(filename.includes("/users"))
+                    {
+                        page = "./users.js";
+                    }
 
                     require(page).main(postData, templateContext).then(function(template)
                     {
@@ -61,7 +61,8 @@ module.exports=
             }
             else
             {
-                require("./login/login.js").main(request, clientAddress, templateContext).then(function()
+                require("./login/login.js").main(request, clientAddress, templateContext)
+                    .then(function()
                 {
                     resolve();
                 }).catch(function(err)

admin/login/login.js

@@ -23,7 +23,7 @@ const processLogin = function(request, clientAddress, templateContext)
     {
         if(DEBUG)
         {
-            //what actually logs in the user
+            //logs in as first user in DB
             request.session.user = 1;
             console.log("user has logged in");
             templateContext.goodLoginAttempt = true;

admin/users.js

@@ -0,0 +1,175 @@
+/**
+ * File which deals with adding and removing downloads from
+ * the admin section of the website.
+ *
+ * @author Jeffery Russell 6-30-18
+ */
+
+/** Whiskers template file */
+const TEMPLATE_FILE = "admin/adminUsers.html";
+
+
+const includes = require('../includes/includes.js');
+
+//updates db
+const sql = require('../utils/sql');
+
+//parses post data
+const qs = require('querystring');
+
+
+/**
+ * Processes post requests from the addDownload form
+ *
+ * @param postData
+ * @returns {*|Promise}
+ */
+const addUserPostData = function(postData)
+{
+    return new Promise(function(resolve, reject)
+    {
+        const post = qs.parse(postData);
+        if(post.add_user)
+        {
+            sql.addUser(post.add_user_name, post.add_user_password)
+                .then(function()
+                {
+                    resolve();
+                }).catch(function(error)
+            {
+                reject(error);
+            })
+        }
+        else
+        {
+            resolve();
+        }
+    });
+};
+
+
+/**
+ * Removes a download if requested by the
+ * post data from an admin.
+ */
+const removeUserPost = function(postData)
+{
+    return new Promise(function(resolve, reject)
+    {
+        const post = qs.parse(postData);
+        console.log(post);
+        if(post.delete_user)
+        {
+            console.log("Removing user: " + post.delete_user);
+            sql.removeUser(post.delete_user).then(function()
+            {
+                resolve();
+            }).catch(function(err)
+            {
+                reject(err);
+            });
+        }
+        else
+        {
+            resolve();
+        }
+    });
+};
+
+
+/**
+ * Processes post data to determine if the user requested that
+ * a user be updated in the database.
+ */
+const editUserPost = function(postData, templateContext)
+{
+    return new Promise(function(resolve, reject)
+    {
+        const post = qs.parse(postData);
+        if(post.edit_user)
+        {
+            sql.getUserByID(post.edit_user).then(function(user)
+            {
+                if(user.length == 1)
+                {
+                    templateContext.edit_user = post.edit_user;
+                    templateContext.user_name = user[0].user_name;
+                    resolve();
+                }
+                else
+                {
+                    resolve();
+                }
+            }).catch(function(err)
+            {
+                reject(err);
+            });
+        }
+        else if(post.edit_user_2)
+        {
+            sql.updateUser(post.edit_user_2, post.edit_user_name, post.edit_user_password)
+                .then(function()
+            {
+                resolve();
+            })
+        }
+        else
+        {
+            resolve();
+        }
+    });
+};
+
+
+/**
+ * Fetches the download items in the database so that
+ * the template engine can use it to display them in
+ * a table.
+ *
+ * @param templateContext-- context item used by whiskers
+ * @returns {Promise}
+ */
+const getUserInformation = function(templateContext)
+{
+    return new Promise(function(resolve, reject)
+    {
+        sql.getAllUsers().then(function(users)
+        {
+            templateContext.users = users;
+            resolve();
+        }).catch(function(error)
+        {
+            reject(error);
+        });
+    });
+};
+
+
+module.exports=
+    {
+        /** Fetches context information for the template and handles
+         * post data for the downloads.
+         *
+         * @param postData posted by user
+         * @param templateContext json object used as the template context
+         * @returns {Promise} renders the template used for this page
+         */
+        main: function(postData, templateContext)
+        {
+            return new Promise(function(resolve, reject)
+            {
+                Promise.all([includes.fetchTemplate(TEMPLATE_FILE),
+                    addUserPostData(postData),
+                    removeUserPost(postData),
+                    editUserPost(postData, templateContext),
+                    getUserInformation(templateContext)]).then(function(template)
+                {
+                    resolve(template[0]);
+                }).catch(function(error)
+                {
+                    console.log("error in add downloads.js");
+                    reject(error);
+                });
+            });
+        }
+    };

includes/css/bootstrap.css

@@ -9706,5 +9706,5 @@ footer .footer-col
 footer .footer-below
 {
     padding: 25px 0;
-    background-color: #2C3E50;
+    background-color: #1a252f;
 }

includes/html/adminHeader.html

@@ -58,7 +58,7 @@
         <div class="collapse navbar-collapse" id="navbarSupportedContent">
             <ul class="navbar-nav mr-auto">
                 <li class="nav-item active">
-                    <a class="nav-link" href="https://jrtechs.net">Live Blog<span class="sr-only">(current)</span></a>
+                    <a class="nav-link" href="https://jrtechs.net">Live Blog</a>
                 </li>
                 <li class="nav-item">
                     <a class="nav-link" href="/admin">Admin Home</a>
@@ -69,6 +69,9 @@
                 <li class="nav-item">
                     <a class="nav-link" href="/admin/downloads">Downloads</a>
                 </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="/admin/users">Users</a>
+                </li>
             </ul>
             <ul class="nav navbar-nav navbar-right">
                 <li class="nav-item">

sites/admin.js

@@ -1,9 +1,6 @@
 //sending static content
 const includes = require('../includes/includes.js');
 
-//used for file IO
-const utils = require('../utils/utils.js');
-
 
 //used to append static content to result
 const contentLoader = require('../includes/staticContentServer.js');
@@ -40,12 +37,13 @@ module.exports=
                 const file = "../admin/admin.js";
 
                 var templateContext = Object();
-                Promise.all([includes.printAdminHeader(templateContext),
+                Promise.all([includes.fetchTemplate("admin/adminMain.html"),
+                    includes.printAdminHeader(templateContext),
                     require(file).main(request, clientAddress, templateContext, filename),
                     includes.printFooter(templateContext),
-                    includes.fetchTemplate("admin/adminMain.html")]).then(function(content)
+                    ]).then(function(content)
                 {
-                    result.write(whiskers.render(content.join(''), templateContext));
+                    result.write(whiskers.render(content[0], templateContext));
                     result.end();
 
                 }).catch(function(err)

templates/admin/adminHome.html

@@ -94,7 +94,7 @@
                             <td>{cat.name}</td>
                             <td>{cat.url}</td>
                             <td>{cat.category_id}</td>
-                        </tr>>
+                        </tr>
                     {/for}
                 </tbody>
             </table>

templates/admin/adminUsers.html

@@ -0,0 +1,95 @@
+
+{if edit_user}
+<div class="row">
+    <div class="col-12">
+        <div class='blogPost'>
+            <h1 class="text-center">Edit User</h1>
+            <form action="/admin/users/" method ="post" >
+                <div class="form-group">
+                    <input class="form-control" type="text" name="edit_user_name" value='{user_name}' required>
+                    <label class="w3-label w3-validate">User Name</label>
+                </div>
+                <div class="form-group">
+                    <input class="form-control" type="password" name="edit_user_password" value='' required>
+                    <label class="w3-label w3-validate">Password</label>
+                </div>
+                <div>
+                    <input type="submit" name="submit" value="Edit" class="btn btn-lg btn-secondary"/>
+                </div>
+                <input type='hidden' name='edit_user_2' value='{edit_user}'/>
+            </form>
+        </div>
+        <br>
+    </div>
+</div>
+{/if}
+
+
+<div class="row">
+    <!-- Current Users -->
+    <div class="col-md-6">
+        <div class='blogPost'>
+            <h1 class="text-center">Users</h1>
+            <div class="">
+                <table class="table table-striped">
+                    <thead class="thead-dark">
+                    <tr>
+                        <td>User ID</td>
+                        <td>User Name</td>
+                        <td>Edit</td>
+                        <td>Delete</td>
+                    </tr>
+                    </thead>
+
+                    <tbody>
+                    {for user in users}
+                    <tr>
+                        <td>
+                            {user.user_id}
+                        </td>
+                        <td>
+                            {user.user_name}
+                        </td>
+                        <td>
+                            <form action="/admin/users/" method ="post" >
+                                <input type="submit" name="submit" value="Edit" class="btn btn-secondary"/>
+                                <input type='hidden' name='edit_user' value='{user.user_id}' />
+                            </form>
+                        </td>
+                        <td>
+                            <form action="/admin/users/" method ="post" >
+                                <input type="submit" name="submit" value="Delete" class="btn btn-secondary"/>
+                                <input type='hidden' name='delete_user' value='{user.user_id}' />
+                            </form>
+                        </td>
+                    </tr>
+                    {/for}
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+
+    <!-- Add User -->
+    <div class="col-md-6">
+        <div class="blogPost">
+            <h1 class="text-center">Add New User</h1>
+
+            <form action="/admin/users/" method ="post" class="p-2">
+                <div class="form-group">
+                    <input class="form-control" type="text" name="add_user_name" required>
+                    <label>User Name</label>
+                </div>
+                <div class="form-group">
+                    <input class="form-control" type="password" name="add_user_password" required>
+                    <label>Password</label>
+                </div>
+                <div class="text-center">
+                    <input type="submit" name="add_user" value="Create User"
+                           class="btn btn-lg btn-secondary"/>
+                </div>
+            </form>
+        </div>
+        <br>
+    </div>
+</div>

utils/sql.js

@@ -56,6 +56,60 @@ const fetch = function(sqlStatement)
 };
 
 
+/**
+ * Function used to use insert statements into the database
+ *
+ * Don't worry, the input gets sanitized
+ *
+ * @param sqlStatement
+ * @return the id of the new record - if there is one
+ */
+const insert = function(sqlStatement)
+{
+    return new Promise(function(resolve, reject)
+    {
+        con.query(sanitizer.sanitize(sqlStatement), function (err, result)
+        {
+            if (err)
+            {
+                console.log(err);
+                reject();
+            }
+            resolve(result.insertId);
+        });
+    })
+};
+
+
+/**
+ * Helper function to generate a hashed password
+ * from a given plain text password.
+ *
+ * This uses 64 bits of entropy as the random salt
+ * and uses sha256 hashing method to hash the password
+ * combined with the salt.
+ *
+ * @param password
+ * @returns {Object pass: hashedPassword, salt: salt used to hash}
+ */
+const createHashedPassword = function(password)
+{
+    const randBuff = crypto.randomBytes(64);
+
+    const salt = crypto.createHash('sha256').update(randBuff).digest('hex');
+
+    const hashPass = crypto.createHash('sha256')
+        .update(password + salt)
+        .digest('hex');
+
+    var hashPassObject = new Object();
+    hashPassObject.pass = hashPass;
+    hashPassObject.salt = salt;
+
+    return hashPassObject;
+};
+
+
 /**
  * Helper function which fetches the category url for all the
  * posts returned in the posts table and appends them to the
@@ -95,30 +149,6 @@ const fetchWithCategoryInformation = function(sqlPosts)
 
 module.exports=
 {
-    /**
-     * Function used to use insert statements into the database
-     *
-     * Don't worry, the input gets sanitized
-     *
-     * @param sqlStatement
-     * @return the id of the new record - if there is one
-     */
-    insert : function(sqlStatement)
-    {
-        return new Promise(function(resolve, reject)
-        {
-            con.query(sanitizer.sanitize(sqlStatement), function (err, result)
-            {
-                if (err)
-                {
-                    console.log(err);
-                    reject();
-                }
-                resolve(result.insertId);
-            });
-        })
-    },
-
     /**
      * function which fetches the sql info on a post based on it's sql id
      * @param id
@@ -187,7 +217,7 @@ module.exports=
      */
     getCategories : function()
     {
-        var q = "select * from categories";
+        const q = "select * from categories";
         return fetch(q);
     },
 
@@ -343,6 +373,58 @@ module.exports=
         return fetch("select * from posts order by published desc");
     },
 
+    getAllUsers: function()
+    {
+        return fetch("select * from users");
+    },
+
+    getUserByID: function(userID)
+    {
+        const cleanID = sanitizer.sanitize(userID);
+
+        const q = "select * from users where user_id='" + cleanID + "'";
+
+        return fetch(q);
+    },
+
+
+
+    removeUser: function(user_id)
+    {
+        const cleanID = sanitizer.sanitize(user_id);
+
+        return insert("delete from users where user_id='" + cleanID + "'");
+    },
+
+    addUser: function(username, password)
+    {
+        const cleanName = sanitizer.sanitize(username);
+        const cleanPassword = sanitizer.sanitize(password);
+        const hashedPassword = createHashedPassword(cleanPassword);
+
+        const q = "insert into users(user_name, password, salt) values('" + cleanName + "'," +
+            "'" + hashedPassword.pass +  "','" + hashedPassword.salt + "')";
+
+        return insert(q);
+    },
+
+
+    updateUser: function(userID, username, password)
+    {
+        const cleanID = sanitizer.sanitize(userID);
+        const cleanName = sanitizer.sanitize(username);
+        const cleanPassword = sanitizer.sanitize(password);
+        const hashedPassword = createHashedPassword(cleanPassword);
+
+        const q = "update users " +
+                "set user_name='" + cleanName + "'" +
+                ",password='" + hashedPassword.pass + "'" +
+                ",salt='" + hashedPassword.salt + "'" +
+                " where user_id='" + cleanID + "'";
+
+        return insert(q);
+    },
+
 
     /**
      * Fetches the sql category information based on it's id
@@ -397,7 +479,7 @@ module.exports=
                     (sqlRow[0].download_count + 1) + "' where download_id='" +
                     sqlRow[0].download_id + "'";
                 console.log(q);
-                module.exports.insert(q).then(function(r)
+                insert(q).then(function(r)
                 {
                     resolve(sqlRow);
                 }).catch(function(err)
@@ -436,7 +518,7 @@ module.exports=
         const q = "insert into downloads (name, file, download_count) " +
             "values('" + name + "', '" + file + "', '0')";
 
-        return module.exports.insert(q);
+        return insert(q);
     },
 
 
@@ -448,7 +530,7 @@ module.exports=
     {
         const q = "delete from downloads where download_id='" + id + "'";
 
-        return module.exports.insert(q);
+        return insert(q);
     },
 
 
@@ -478,7 +560,7 @@ module.exports=
 
         console.log(q);
 
-        return module.exports.insert(q);
+        return insert(q);
     },
 
 
@@ -551,6 +633,6 @@ module.exports=
         const q = "insert into traffic_log (url, ip, date) values " +
             "('" + page + "', '" + ip + "', now())";
 
-        module.exports.insert(q);
+        insert(q);
     }
 };

utils/utils.js

@@ -149,29 +149,5 @@ module.exports=
     print404: function()
     {
         return this.include("includes/html/404.html");
-    },
-
-
-    /**
-     * Displays 404 error to user
-     *
-     * @param result
-     * @returns {*}
-     */
-    printWrongHost: function()
-    {
-        return this.include("includes/html/incorrectHost.html");
-    },
-
-
-    /**
-     * Displays a ban message to the user
-     *
-     * @param result
-     * @returns {*}
-     */
-    printBannedPage: function()
-    {
-        return this.include("includes/html/banHammer.html");
     }
 };