Changes to Authentication

- changed to password encryption on client side
- modified login page
- renamed webapi to weblib
pull/33/head
Trivernis 6 years ago
parent d095922926
commit d3e1106d70

@ -11,7 +11,7 @@ const Discord = require("discord.js"),
prefix = args.prefix || config.prefix || '~',
gamepresence = args.game || config.presence;
let webapi = null;
let weblib = null;
class Bot {
constructor(callback) {
@ -105,11 +105,11 @@ class Bot {
* initializes the api webserver
*/
initializeWebserver() {
logger.verbose('Importing webapi');
webapi = require('./lib/webapi');
webapi.setLogger(logger);
logger.verbose('Importing weblib');
weblib = require('./lib/weblib');
weblib.setLogger(logger);
logger.verbose('Creating WebServer');
this.webServer = new webapi.WebServer(config.webservice.port || 8080);
this.webServer = new weblib.WebServer(config.webservice.port || 8080);
logger.debug('Setting Reference Objects to webserver');
this.webServer.setReferenceObjects({

@ -72,6 +72,7 @@ exports.DJ = class {
* Plays a file for the given filename.
* TODO: Implement queue
* @param filename
* @todo
*/
playFile(filename) {
if (this.connected) {

@ -28,17 +28,14 @@ exports.WebServer = class {
this.setReferenceObjects(referenceObjects);
}
/**
* TODO: Encrypt the password on client side.
*/
configureExpress() {
this.app.set('view engine', 'pug');
this.app.set('trust proxy', 1);
this.app.set('views', './web/http/');
if (this.app.get('env') === 'devlopment') {
if (this.app.get('env') === 'devlopment')
this.app.use(require('cors')());
}
this.app.use(require('cors')());
this.app.use(session({
secret: config.webservice.sessionSecret,
@ -52,11 +49,11 @@ exports.WebServer = class {
this.app.use(compression({
filter: (req, res) => {
if (req.headers['x-no-compression']) {
if (req.headers['x-no-compression'])
return false;
} else {
else
return compression.filter(req, res);
}
}
}));
this.app.use('/graphql', graphqlHTTP({
@ -67,22 +64,11 @@ exports.WebServer = class {
this.app.use(compileSass({
root: './web/http/'
}));
this.app.get('/', (req, res, next) => {
if (req.session.user) {
next();
} else {
res.render('login');
}
}, (req, res) => {
res.render('index');
});
this.app.use('/scripts', express.static('./web/http/scripts'));
this.app.post('/', (req, res) => {
if (!req.body.username || !req.body.password) {
if (!req.body.username || !req.body.password)
res.render('login', {msg: 'Please enter username and password.'});
} else {
this.maindb.get('SELECT * FROM users WHERE username = ? AND password = ?', [req.body.username, sha512(req.body.password)], (err, user) => {
else
this.maindb.get('SELECT * FROM users WHERE username = ? AND password = ?', [req.body.username, req.body.password], (err, user) => {
if (err || !user) {
if (err)
logger.warn(err.message);
@ -93,7 +79,15 @@ exports.WebServer = class {
res.render('index');
}
});
}
});
this.app.use('/scripts', express.static('./web/http/scripts'));
this.app.use((req, res, next) => {
if (req.session.user)
next();
else
res.render('login');
}, (req, res) => {
res.render('index');
});
}
@ -160,33 +154,6 @@ exports.WebServer = class {
});
}
authenticateByToken(req, res, next) {
if (req.headers.authorization
&& req.headers.authorization.split(' ')[0] === 'Bearer') {
let bearer = req.headers.authorization.split(' ')[1];
this.maindb.get('SELECT * FROM users WHERE token = ?', [bearer], (err, user) => {
if (err) {
logger.warn(err.message);
logger.debug('Unauthorized access');
res.status(401);
res.end('Unauthorized Access');
} else {
if (!user) {
res.status(401);
res.end('Unauthorized Access');
} else {
req.user = user;
next();
}
}
});
} else {
logger.debug('Unauthorized access');
res.status(401);
res.end('Unauthorized Access');
}
}
/**
* Setting all objects that web can query
* @param objects
@ -200,19 +167,19 @@ exports.WebServer = class {
token VARCHAR(255) UNIQUE NOT NULL,
scope INTEGER NOT NULL DEFAULT 0
)`, (err) => {
if (err) {
if (err)
logger.error(err.message);
}
});
this.root = {
client: {
guilds: (args) => {
let dcGuilds = objects.client.guilds.values();
if (args.id) {
if (args.id)
return [Array.from(dcGuilds)
.map((x) => new Guild(x, objects.getGuildHandler(x)))
.find(x => (x.id === args.id))];
} else {
else
try {
return Array.from(dcGuilds)
.slice(args.offset, args.offset + args.first)
@ -221,7 +188,7 @@ exports.WebServer = class {
logger.error(err.stack);
return null;
}
}
},
guildCount: () => {
return Array.from(objects.client.guilds.values()).length;
@ -242,14 +209,14 @@ exports.WebServer = class {
let dcGuilds = Array.from(objects.client.guilds.values());
return dcGuilds.filter((x) => {
let gh = objects.guildHandlers[x.id];
if (gh) {
if (gh)
if (gh.dj)
return gh.dj.playing;
else
return false;
} else {
else
return false;
}
}).length;
}
},
@ -270,18 +237,18 @@ exports.WebServer = class {
logEntries.push(new LogEntry(JSON.parse(line)));
});
lineReader.on('close', () => {
if (args.level) {
if (args.level)
logEntries = logEntries
.filter(x => (utils.logLevels[x.level] >= utils.logLevels[args.level]));
}
if (args.id) {
if (args.id)
logEntries = [logEntries.find(x => (x.id === args.id))];
}
if (args.first) {
if (args.first)
logEntries = logEntries.slice(args.offset, args.offset + args.first);
} else {
else
logEntries = logEntries.slice(logEntries.length - args.last);
}
resolve(logEntries);
});
});
@ -291,7 +258,7 @@ exports.WebServer = class {
};
/**
* generating an unique id
* generating an id
* @param valArr
* @returns {*}
*/
@ -305,6 +272,11 @@ function generateID(valArr) {
return md5(b64);
}
/**
* generating an unique id
* @param input
* @returns {*}
*/
function generateUUID(input) {
return generateID([input, (new Date()).getMilliseconds()]) + Date.now();
}
@ -327,11 +299,11 @@ class DJ {
thumbnail: utils.YouTube.getVideoThumbnailUrlFromUrl(x.url)
};
});
if (args.id) {
if (args.id)
return [queue.find(x => (x.id === args.id))];
} else {
else
return queue.slice(args.offset, args.offset + args.first);
}
}
get playing() {
@ -377,6 +349,9 @@ class DJ {
}
}
/**
* Used for graphql access to the discord.js Guild and lib/guilding/GuildHandler
*/
class Guild {
constructor(discordGuild, guildHandler) {
this.id = generateID(['Guild', discordGuild.id]);
@ -405,14 +380,14 @@ class Guild {
logger.error(err.message);
resolve(null);
} else {
for (let row of rows) {
for (let row of rows)
saved.push({
id: generateID(['Media', row.url]),
name: row.name,
url: row.url,
thumbnail: utils.YouTube.getVideoThumbnailUrlFromUrl(row.url)
});
}
resolve(saved);
}
});
@ -425,7 +400,7 @@ class Guild {
saved(args) {
return new Promise((resolve) => {
this.querySaved().then((result) => {
if (result) {
if (result)
if (args.id) {
resolve([result.find(x => (x.id === args.id))]);
} else if (args.name) {
@ -433,31 +408,34 @@ class Guild {
} else {
resolve(result.slice(args.offset, args.offset + args.first));
}
} else {
else
resolve(null);
}
});
});
}
roles(args) {
if (args.id) {
if (args.id)
return [this.prRoles.find(x => (x.id === args.id))];
} else {
else
return this.prRoles.slice(args.offset, args.offset + args.first);
}
}
members(args) {
if (args.id) {
if (args.id)
return [this.prMembers.find(x => (x.id === args.id))];
} else {
else
return this.prMembers.slice(args.offset, args.offset + args.first);
}
}
}
/**
* Used for graphql access to the discord.js Role
*/
class Role {
constructor(discordRole) {
this.id = generateID(['Role', discordRole.id]);
@ -469,14 +447,17 @@ class Role {
}
members(args) {
if (args.id) {
if (args.id)
return [this.prMembers.find(x => (x.id === args.id))];
} else {
else
return this.prMembers.slice(args.offset, args.offset + args.first);
}
}
}
/**
* Used for graphql access to the discord.js GuildMember
*/
class GuildMember {
constructor(discordGuildMember) {
this.id = generateID(['GuildMember', discordGuildMember.id]);
@ -489,14 +470,17 @@ class GuildMember {
}
roles(args) {
if (args.id) {
if (args.id)
return [this.prRoles.find(x => (x.id === args.id))];
} else {
else
return this.prRoles.slice(args.offset, args.offset + args.first);
}
}
}
/**
* Used for graphql access to the discord.js User
*/
class User {
constructor(discordUser) {
this.id = generateID(['User', discordUser.id]);
@ -513,6 +497,9 @@ class User {
}
}
/**
* Used for graphql access to log entries
*/
class LogEntry {
constructor(entry) {
this.id = generateID(['LogEntry', entry.level, entry.timestamp]);

@ -2,10 +2,12 @@ doctype html
html
head
link(type='text/css' rel='stylesheet' href='sass/style.sass')
script(type='text/javascript' src='scripts/lib/sha512.min.js')
script(src='https://code.jquery.com/jquery-3.3.1.min.js')
script(type='text/javascript' src='scripts/login.js')
body
h1 Login
h3 #{message}
form(action='/' method='POST')
input(name='username' type='text' required placeholder='Username')
input(name='password' type='password' required placeholder='Password')
button(type='submit') Log in
input(id='username' name='username' type='text' required placeholder='Username')
input(id='password' name='password' type='password' required placeholder='Password')
button(type='submit' onclick='login()') Log in

File diff suppressed because one or more lines are too long

@ -0,0 +1,16 @@
/* eslint-disable */
function login() {
let username = document.querySelector('#username').value;
let password = sha512(document.querySelector('#password').value);
$.post({
url: "/",
data: JSON.stringify({
username: username,
password: password
}),
contentType: "application/json"
}).done((res) => {
document.write(res);
});
}

@ -1,3 +1,5 @@
/* eslint-disable */
let latestLogs = [];
let status = {
@ -28,9 +30,6 @@ function postQuery(query) {
return new Promise((resolve) => {
$.post({
url: "/graphql",
headers: {
Authorization: `Bearer ${localStorage.apiToken}`
},
data: JSON.stringify({
query: query
}),
@ -113,7 +112,6 @@ function queryGuild(guildId) {
}
/**
* TODO: Play/Pause as status
* @param guildId
*/
function queryGuildStatus(guildId) {
@ -278,9 +276,6 @@ function queryLogs(count) {
}
function startUpdating() {
if (!localStorage.apiToken || localStorage.apiToken.length < 0)
localStorage.apiToken = prompt('Please provide an api token: ');
queryStatic();
setInterval(queryStatic, 3600000);
queryStatus();

Loading…
Cancel
Save