2017-08-27 18:39:30 +00:00
|
|
|
import express from 'express'
|
2017-12-01 11:35:47 +00:00
|
|
|
|
2017-10-09 14:38:27 +00:00
|
|
|
import ensureLogin from '../../scripts/ensureLogin'
|
2017-08-27 18:39:30 +00:00
|
|
|
import wrap from '../../scripts/asyncRoute'
|
2017-08-28 15:42:16 +00:00
|
|
|
import API from '../api/admin'
|
2017-12-01 11:35:47 +00:00
|
|
|
import {User} from '../api'
|
2017-08-27 18:39:30 +00:00
|
|
|
|
|
|
|
const router = express.Router()
|
|
|
|
const apiRouter = express.Router()
|
|
|
|
|
2017-08-28 15:42:16 +00:00
|
|
|
// Check for privilege required to access the admin panel
|
2017-10-09 14:38:27 +00:00
|
|
|
router.use(ensureLogin, wrap(async (req, res, next) => {
|
2017-08-27 18:39:30 +00:00
|
|
|
if (!req.session.privilege) {
|
2017-08-28 15:42:16 +00:00
|
|
|
let u = await User.get(req.session.user)
|
2017-08-27 18:39:30 +00:00
|
|
|
req.session.privilege = u.nw_privilege
|
|
|
|
}
|
|
|
|
|
|
|
|
if (req.session.user && req.session.privilege !== 5) {
|
|
|
|
return res.redirect('/login')
|
|
|
|
}
|
|
|
|
|
|
|
|
res.locals.server_time = process.uptime()
|
|
|
|
next()
|
|
|
|
}))
|
|
|
|
|
2017-08-28 15:42:16 +00:00
|
|
|
/* ================
|
|
|
|
* ASK PASSWORD
|
|
|
|
* ================
|
|
|
|
*/
|
|
|
|
|
2017-08-28 17:32:54 +00:00
|
|
|
router.get('/access', (req, res) => {
|
2017-08-28 15:42:16 +00:00
|
|
|
if (!req.session.accesstime || req.session.accesstime < Date.now()) {
|
|
|
|
return res.status(401).jsonp({error: 'Access expired'})
|
|
|
|
}
|
|
|
|
|
|
|
|
res.jsonp({access: req.session.accesstime - Date.now()})
|
|
|
|
})
|
|
|
|
|
|
|
|
// Post password to continue
|
|
|
|
router.post('/', wrap(async (req, res, next) => {
|
|
|
|
if (!req.body.password) return next()
|
|
|
|
|
|
|
|
if (req.body.csrf !== req.session.csrf) {
|
|
|
|
req.flash('message', {error: true, text: 'Invalid session token'})
|
|
|
|
return next()
|
|
|
|
}
|
|
|
|
|
|
|
|
let passReady = await User.Login.password(req.session.user, req.body.password)
|
|
|
|
if (passReady) {
|
2017-08-28 22:36:13 +00:00
|
|
|
req.session.accesstime = Date.now() + 600000 // 10 minutes
|
2017-08-28 15:42:16 +00:00
|
|
|
return res.redirect('/admin')
|
|
|
|
} else {
|
|
|
|
req.flash('message', {error: true, text: 'Invalid password'})
|
|
|
|
}
|
|
|
|
|
|
|
|
next()
|
|
|
|
}))
|
|
|
|
|
|
|
|
// Ensure that the admin panel is not kept open for prolonged time
|
|
|
|
router.use(wrap(async (req, res, next) => {
|
|
|
|
if (req.session.accesstime) {
|
2017-08-28 17:32:54 +00:00
|
|
|
if (req.session.accesstime > Date.now()) {
|
2017-08-28 22:36:13 +00:00
|
|
|
req.session.accesstime = Date.now() + 600000
|
2017-08-28 17:32:54 +00:00
|
|
|
return next()
|
|
|
|
}
|
|
|
|
|
2017-08-28 15:42:16 +00:00
|
|
|
delete req.session.accesstime
|
|
|
|
}
|
|
|
|
|
|
|
|
res.render('user/password', {post: '/admin'})
|
|
|
|
}))
|
|
|
|
|
2017-08-27 18:39:30 +00:00
|
|
|
/* =========
|
|
|
|
* VIEWS
|
|
|
|
* =========
|
|
|
|
*/
|
|
|
|
|
|
|
|
router.get('/', (req, res) => {
|
|
|
|
res.render('admin/index')
|
|
|
|
})
|
|
|
|
|
|
|
|
router.get('/oauth2', wrap(async (req, res) => {
|
|
|
|
res.render('admin/oauth2')
|
|
|
|
}))
|
|
|
|
|
|
|
|
/* =======
|
|
|
|
* API
|
|
|
|
* =======
|
|
|
|
*/
|
|
|
|
|
2017-08-28 15:42:16 +00:00
|
|
|
apiRouter.get('/users', wrap(async (req, res) => {
|
|
|
|
let page = parseInt(req.query.page)
|
|
|
|
if (isNaN(page) || page < 1) {
|
|
|
|
page = 1
|
|
|
|
}
|
|
|
|
|
2017-08-28 22:36:13 +00:00
|
|
|
let users = await API.getAllUsers(page, req.session.user.id)
|
2017-08-28 15:42:16 +00:00
|
|
|
res.jsonp(users)
|
|
|
|
}))
|
|
|
|
|
2017-08-28 22:36:13 +00:00
|
|
|
/* ===============
|
|
|
|
* OAuth2 Data
|
|
|
|
* ===============
|
|
|
|
*/
|
2017-08-28 17:32:54 +00:00
|
|
|
apiRouter.get('/clients', wrap(async (req, res) => {
|
|
|
|
let page = parseInt(req.query.page)
|
|
|
|
if (isNaN(page) || page < 1) {
|
|
|
|
page = 1
|
|
|
|
}
|
|
|
|
|
|
|
|
let clients = await API.getAllClients(page)
|
|
|
|
res.jsonp(clients)
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.get('/client/:id', wrap(async (req, res) => {
|
|
|
|
let id = parseInt(req.params.id)
|
|
|
|
if (isNaN(id)) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid number'})
|
|
|
|
}
|
|
|
|
|
|
|
|
let client = await API.getClient(id)
|
|
|
|
if (!client) return res.status(400).jsonp({error: 'Invalid client'})
|
|
|
|
|
|
|
|
res.jsonp(client)
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.post('/client/new', wrap(async (req, res) => {
|
|
|
|
if (req.body.csrf !== req.session.csrf) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid session'})
|
|
|
|
}
|
|
|
|
|
2017-11-30 21:13:14 +00:00
|
|
|
await API.createClient(req.body, req.session.user)
|
2017-08-28 17:32:54 +00:00
|
|
|
|
|
|
|
res.status(204).end()
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.post('/client/update', wrap(async (req, res) => {
|
2017-08-30 12:23:45 +00:00
|
|
|
let id = parseInt(req.body.id)
|
|
|
|
|
|
|
|
if (!id || isNaN(id)) return res.status(400).jsonp({error: 'ID missing'})
|
|
|
|
|
2017-08-28 17:32:54 +00:00
|
|
|
if (req.body.csrf !== req.session.csrf) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid session'})
|
|
|
|
}
|
|
|
|
|
2017-11-30 21:13:14 +00:00
|
|
|
await API.updateClient(id, req.body)
|
2017-08-28 17:32:54 +00:00
|
|
|
|
|
|
|
res.status(204).end()
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.post('/client/new_secret/:id', wrap(async (req, res) => {
|
|
|
|
let id = parseInt(req.params.id)
|
|
|
|
if (isNaN(id)) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid number'})
|
|
|
|
}
|
|
|
|
|
|
|
|
let client = await API.newSecret(id)
|
|
|
|
|
|
|
|
res.jsonp(client)
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.post('/client/delete/:id', wrap(async (req, res) => {
|
|
|
|
let id = parseInt(req.params.id)
|
|
|
|
if (isNaN(id)) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid number'})
|
|
|
|
}
|
|
|
|
|
|
|
|
let client = await API.removeClient(id)
|
|
|
|
|
|
|
|
res.jsonp(client)
|
|
|
|
}))
|
|
|
|
|
2017-08-28 22:36:13 +00:00
|
|
|
/* ========
|
|
|
|
* Bans
|
|
|
|
* ========
|
|
|
|
*/
|
|
|
|
|
|
|
|
apiRouter.get('/bans', wrap(async (req, res) => {
|
|
|
|
let page = parseInt(req.query.page)
|
|
|
|
if (isNaN(page) || page < 1) {
|
|
|
|
page = 1
|
|
|
|
}
|
|
|
|
|
|
|
|
let bans = await API.getAllBans(page)
|
|
|
|
res.jsonp(bans)
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.post('/ban/pardon/:id', wrap(async (req, res) => {
|
|
|
|
let id = parseInt(req.params.id)
|
|
|
|
if (isNaN(id)) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid number'})
|
|
|
|
}
|
|
|
|
|
|
|
|
let ban = await API.removeBan(id)
|
|
|
|
|
|
|
|
res.jsonp(ban)
|
|
|
|
}))
|
|
|
|
|
|
|
|
apiRouter.post('/ban', wrap(async (req, res) => {
|
|
|
|
if (!req.body.user_id) return res.status(400).jsonp({error: 'ID missing'})
|
|
|
|
if (req.body.csrf !== req.session.csrf) {
|
|
|
|
return res.status(400).jsonp({error: 'Invalid session'})
|
|
|
|
}
|
|
|
|
|
|
|
|
let result = await API.addBan(req.body, req.session.user.id)
|
|
|
|
|
|
|
|
res.jsonp(result)
|
|
|
|
}))
|
|
|
|
|
2017-08-28 17:32:54 +00:00
|
|
|
apiRouter.use((err, req, res, next) => {
|
|
|
|
console.error(err)
|
2017-11-30 21:13:14 +00:00
|
|
|
return res.status(400).jsonp({error: err.message})
|
2017-08-28 17:32:54 +00:00
|
|
|
})
|
|
|
|
|
2017-08-27 18:39:30 +00:00
|
|
|
router.use('/api', apiRouter)
|
|
|
|
|
|
|
|
module.exports = router
|