MIGDYN/irclogger_web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Frontend: Implement support for adding channels

Browse Source
This commit is contained in:
mrkubax10 2023-09-15 21:01:26 +02:00
parent 3155946a67
commit fe114e749c
3 changed files with 102 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
frontend.pm
View File

@ -486,6 +486,25 @@ sub sendResponse {
} }
} }
sub createUser {
my $aName = $_[0];
my $aPassword = $_[1];
my $aPrivileges = $_[2];
my $aConnection = $_[3];
my $id = 0;
my $query = $aConnection->prepare(qq(select id from users order by rowid desc limit 1;));
$query->execute();
my @row = $query->fetchrow_array();
if(scalar(@row)>0) {
$id = $row[0]+1;
}
my $password = Digest::SHA::sha256_hex($aPassword);
$query = $aConnection->prepare(qq(insert into users values($id, ?, ?, ?);));
$query->execute($aName, $aPassword, $aPrivileges);
}
sub httpServerWorker { sub httpServerWorker {
my $db = DBI->connect("DBI:SQLite:dbname=$configuration::database", "", "", {RaiseError=>1}); my $db = DBI->connect("DBI:SQLite:dbname=$configuration::database", "", "", {RaiseError=>1});
my $query = $db->prepare(qq(select id from users;)); my $query = $db->prepare(qq(select id from users;));
@ -493,9 +512,7 @@ sub httpServerWorker {
my @row = $query->fetchrow_array(); my @row = $query->fetchrow_array();
if(scalar(@row)==0) { if(scalar(@row)==0) {
# Create default user # Create default user
my $password = Digest::SHA::sha256_hex("admin"); createUser("admin", "admin", 2, $db);
$query = $db->prepare(qq(insert into users values(0, "admin", "$password", 2);));
$query->execute();
} }
my $server = new IO::Socket::INET(LocalHost=>"localhost", LocalPort=>$configuration::httpServerPort, Proto=>"tcp", Listen=>1, Reuse=>1); my $server = new IO::Socket::INET(LocalHost=>"localhost", LocalPort=>$configuration::httpServerPort, Proto=>"tcp", Listen=>1, Reuse=>1);

121
frontend_routes.pm
View File

@ -27,6 +27,35 @@ use feature qw(switch);
use strict; use strict;
use warnings; use warnings;
sub verifyRequestPrivileges {
my $aRequest = $_[0];
my $aClient = $_[1];
my $aPrivileges = $_[2];
my $aConnection = $_[3];
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
frontend::redirect($aClient, "/");
return 0;
}
if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
return 0;
}
if(!defined($aRequest->{"content"})) {
frontend::sendBadRequest($aClient, "Request content required");
return 0;
}
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
$query->execute($session->{"username"});
my @row = $query->fetchrow_array();
if($row[0]<$aPrivileges) {
frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
return 0;
}
return 1;
}
sub verifyChannelAccess { sub verifyChannelAccess {
my $aRequest = $_[0]; my $aRequest = $_[0];
my $aClient = $_[1]; my $aClient = $_[1];
@ -309,35 +338,48 @@ sub handlePath {
return 1; return 1;
} }
when("/add_server_action") { when("/add_user_action") {
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) { if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
frontend::redirect($aClient, "/");
return 1; return 1;
} }
if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
return 1;
}
if(!defined($aRequest->{"content"})) {
frontend::sendBadRequest($aClient, "Request content required");
return 1;
}
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
$query->execute($session->{"username"});
my @row = $query->fetchrow_array();
if($row[0]<2) {
frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
return 1;
}
my %parameters = frontend::parsePathParameters($aRequest->{"content"}); my %parameters = frontend::parsePathParameters($aRequest->{"content"});
if(!defined($parameters{"name"})) { if(!defined($parameters{"name"}) || length($parameters{"name"})==0) {
frontend::sendBadRequest($aClient, "Username required");
return 1;
}
if(!defined($parameters{"password"}) || length($parameters{"password"})==0) {
frontend::sendBadRequest($aClient, "Password required");
return 1;
}
if(!defined($parameters{"confirmPassword"}) || length($parameters{"confirmPassword"})==0) {
frontend::sendBadRequest($aClient, "Confirm password required");
return 1;
}
if($parameters{"password"} ne $parameters{"confirmPassword"}) {
frontend::sendBadRequest($aClient, "Password and confirm password don't match");
return 1;
}
my $query = $aConnection->prepare(qq(select id from users where name=?;));
$query->execute($parameters{"name"});
my @row = $query->fetchrow_array();
if(scalar(@row)>0) {
frontend::sendConflict($aClient, "User $parameters{'name'} already exists");
return 1;
}
frontend::createUser($parameters{"name"}, $parameters{"password"}, defined($parameters{"operator"}), $aConnection);
frontend::redirect($aClient, "/user_added.html");
return 1;
}
when("/add_server_action") {
if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
return 1;
}
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
if(!defined($parameters{"name"}) || length($parameters{"name"})==0) {
frontend::sendBadRequest($aClient, "Server name required"); frontend::sendBadRequest($aClient, "Server name required");
return 1; return 1;
} }
if(!defined($parameters{"address"})) { if(!defined($parameters{"address"}) || length($parameters{"address"})==0) {
frontend::sendBadRequest($aClient, "Server address required"); frontend::sendBadRequest($aClient, "Server address required");
return 1; return 1;
} }
@ -346,9 +388,9 @@ sub handlePath {
$port = $parameters{"port"}; $port = $parameters{"port"};
} }
$query = $aConnection->prepare(qq(select id from servers where name=?;)); my $query = $aConnection->prepare(qq(select id from servers where name=?;));
$query->execute($parameters{"name"}); $query->execute($parameters{"name"});
@row = $query->fetchrow_array(); my @row = $query->fetchrow_array();
if(scalar(@row)>0) { if(scalar(@row)>0) {
frontend::sendConflict($aClient, "Server with name $parameters{'name'} already exists"); frontend::sendConflict($aClient, "Server with name $parameters{'name'} already exists");
return 1; return 1;
@ -369,41 +411,22 @@ sub handlePath {
return 1; return 1;
} }
when("/add_channel_action") { when("/add_channel_action") {
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) { if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
frontend::redirect($aClient, "/");
return 1; return 1;
} }
if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
return 1;
}
if(!defined($aRequest->{"content"})) {
frontend::sendBadRequest($aClient, "Request content required");
return 1;
}
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
$query->execute($session->{"username"});
my @row = $query->fetchrow_array();
if($row[0]<2) {
frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
return 1;
}
my %parameters = frontend::parsePathParameters($aRequest->{"content"}); my %parameters = frontend::parsePathParameters($aRequest->{"content"});
if(!defined($parameters{"channel"})) { if(!defined($parameters{"channel"}) length($parameters{"channel"})==0) {
frontend::sendBadRequest($aClient, "Channel name required"); frontend::sendBadRequest($aClient, "Channel name required");
return 1; return 1;
} }
if(!defined($parameters{"server"})) { if(!defined($parameters{"server"}) || length($parameters{"server"})==0) {
frontend::sendBadRequest($aClient, "Server ID required"); frontend::sendBadRequest($aClient, "Server ID required");
return 1; return 1;
} }
$query = $aConnection->prepare(qq(select name from servers where id=?;)); my $query = $aConnection->prepare(qq(select name from servers where id=?;));
$query->execute($parameters{"server"}); $query->execute($parameters{"server"});
@row = $query->fetchrow_array(); my @row = $query->fetchrow_array();
if(scalar(@row)==0) { if(scalar(@row)==0) {
frontend::sendBadRequest($aClient, "Invalid server ID"); frontend::sendBadRequest($aClient, "Invalid server ID");
return 1; return 1;

10
static/user_added.html Normal file
View File

@ -0,0 +1,10 @@
<!DOCTYPE HTML>
<html>
<head>
<title>User added</title>
</head>
<body>
<p>User successfully added</p>
<a href="/panel">Return to user panel</a>
</body>
</html>