astatin3/Polyboard
1
0
Fork 0
mirror of https://github.com/Astatin3/Polyboard.git synced 2026-06-09 08:38:01 -06:00
Code Issues Packages Projects Releases Wiki Activity

Finally done!

Browse Source
This commit is contained in:
Astatin3
2024-02-20 10:25:34 -07:00
parent ef75228361
commit bd77a9fcc5
24 changed files with 645 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
Regular → Executable
View File
html/login.html
+4 -20
View File
@@ -14,29 +14,13 @@
</section> </section>
<script> <script>
//let socket = io()
usernamebox = document.getElementById('usernamebox')
passwordbox = document.getElementById('passwordbox')
function submit(){ function submit(){
const usernamebox = utils.getel('usernamebox')
const passwordbox = utils.getel('passwordbox')
authLogin(usernamebox.value, passwordbox.value) authLogin(usernamebox.value, passwordbox.value)
} }
window.main = ()=>{}
// function submit() {
// time = (new Date().getTime())
// hashpacket = usernamebox.value+sha256(passwordbox.value).toUpperCase()+time
// packet = {
// data: sha256(hashpacket),
// time: time
// }
// socket.emit('authreq', JSON.stringify(packet))
// //alert(sha256(passwordbox.value))
// //passwordbox.value = sha256(passwordbox.value)
// }
</script> </script>
html/nav.html
+9 -6
View File
@@ -1,21 +1,23 @@
<!DOCTYPE html> <html data-theme="dark">
<head> <head>
<link href="/src/pico.min.css" rel="stylesheet"> <link href="/src/pico.min.css" rel="stylesheet">
<link href="/src/style.css" rel="stylesheet"> <link href="/src/style.css" rel="stylesheet">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="color-scheme" content="light dark" />
<title><!--Place title here!!!--></title> <title><!--Place title here!!!--></title>
</head> </head>
<body> <body>
<nav class="navbar text-white noselect"> <nav class="navbar text-invert noselect">
<ul class="nav"> <ul class="nav">
<!--Place tabs here!!!--> <!--Place tabs here!!!-->
<h2 class="navconntext text-white" id="connecticon" onclick="window.location.reload()" style="cursor:pointer;"> <h2 class="navconntext text-invert" id="connecticon" onclick="window.location.reload()" style="cursor:pointer;">
Disconnected Disconnected
</h2> </h2>
</ul> </ul>
</nav> </nav>
<div class="navpanel text-white noselect"> <div class="navpanel text-invert noselect">
<a href="<!--Place defaultPage here!!!-->" class="text-white navTitle"> <a href="<!--Place defaultPage here!!!-->" class="text-invert navTitle">
<!--Place title here!!!--> <!--Place title here!!!-->
</a> </a>
<hr> <hr>
@@ -28,3 +30,4 @@
<div id="popupBox" class="popupBox"> </div> <div id="popupBox" class="popupBox"> </div>
<script type="module" src="/src/main.js"></script> <script type="module" src="/src/main.js"></script>
</body> </body>
</html>
html/src/auth.js
+12 -4
View File
@@ -5,6 +5,11 @@ let c = null
export function authClient(rawClient) { export function authClient(rawClient) {
c = this c = this
this.username = null
this.permGroups = null
this.accountCreated = null
this.passwordUpdated = null
this.id = null
this.rawClient = rawClient this.rawClient = rawClient
this.login = (username, password)=>{ this.login = (username, password)=>{
@@ -21,10 +26,6 @@ export function authClient(rawClient) {
}) })
} }
this.send = (data)=>{
}
this.clidata = (data)=>{ this.clidata = (data)=>{
const session = utils.getCookie('session') const session = utils.getCookie('session')
if(session != ''){ if(session != ''){
@@ -45,6 +46,13 @@ export function authClient(rawClient) {
} }
this.reauth = (data)=>{ this.reauth = (data)=>{
this.username = data.data.username
this.id = data.data.id
this.permGroups = data.data.permGroups
this.accountCreated = data.data.created
this.passwordUpdated = data.data.passwordUpdated
if(window.location.pathname == "/login"){ if(window.location.pathname == "/login"){
utils.popupSuccess('Connection', 'Successfully logged in!') utils.popupSuccess('Connection', 'Successfully logged in!')
} }
html/src/main.js
+7 -8
View File
@@ -7,21 +7,20 @@ const hostname = window.location.href.split('/')[2]
//import * as crypto from "/src/crypto-js.min.js" //import * as crypto from "/src/crypto-js.min.js"
let rawClient = new packets.rawClient('/listen') let client = new packets.rawClient('/listen')
let client = new auth.authClient(rawClient) let authClient = new auth.authClient(client)
window.utils = utils window.utils = utils
window.packets = packets window.packets = packets
window.auth = auth window.auth = auth
window.jsonpack = jsonpack window.jsonpack = jsonpack
window.rawClient = rawClient window.client = client
window.authClient = client window.authClient = authClient
window.authLogin = client.login window.authLogin = authClient.login
window.sendAuth = client.send window.send = client.send
window.sendRaw = rawClient.send window.addListener = client.addRawTypeListener
window.addListener = rawClient.addRawTypeListener
window.addListener('popupInfo', (data)=>{ window.addListener('popupInfo', (data)=>{
window.utils.popupInfo(data.data.title, data.data.msg) window.utils.popupInfo(data.data.title, data.data.msg)
html/src/pico.min.css
Vendored Regular → Executable
View File
html/src/style.css
+12 -8
View File
@@ -11,21 +11,24 @@
--background-0: #212529; --background-0: #212529;
--background-1: #404040; --background-1: #404040;
--nav-color: rgba(0,0,0,0.3);
--text-0: #242424; --text-0: #242424;
--text-1: #d3d3d3; --text-1: #d3d3d3;
--text-black: #242424; --text-black: #242424;
--text-white: #d3d3d3; --text-white: var(--pico-primary-inverse);
--success-1:#059100; --success-1:#059100;
--warning-1:#ffdc3e; --warning-1:#ffdc3e;
--error-1: #b60f0f; --error-1: #b60f0f;
--font: "UbuntuMono"; --font: "UbuntuMono";
--pico-font-family: UbuntuMono, regular;
} }
* { * {
font-family: var(--font); font-family: var(--font) !important;
} }
body { body {
@@ -44,17 +47,18 @@ body {
width: calc(100% - var(--sidenavwidth)); width: calc(100% - var(--sidenavwidth));
height: calc(100% - var(--topnavheight)); height: calc(100% - var(--topnavheight));
padding: 5px; padding: 5px;
overflow: scroll;
} }
.text-white { .text-invert {
color: var(--text-white) !important; color: var(--pico-primary-inverse) !important;
font-family: var(--font); font-family: var(--font);
} }
.text-black { /* .text-black {
color: var(--text-black) !important; color: var(--text-black) !important;
font-family: var(--font); font-family: var(--font);
} } */
.half-left { .half-left {
position: relative; position: relative;
@@ -80,7 +84,7 @@ body {
padding:5px; padding:5px;
padding-left: calc(var(--sidenavwidth) + 10px); padding-left: calc(var(--sidenavwidth) + 10px);
z-index: 10; z-index: 10;
background-color: var(--background-0); background-color: var(--nav-color);
} }
.navbar ul { .navbar ul {
@@ -115,7 +119,7 @@ body {
height:100%; height:100%;
resize: left; resize: left;
z-index: 20; z-index: 20;
background-color: var(--background-0); background-color: var(--nav-color);
} }
.navpanel details { .navpanel details {
html/src/utils.js
+21 -12
View File
@@ -1,4 +1,4 @@
export const getEl = (id)=>{return document.getElementById(id)} export const getel = (id)=>{return document.getElementById(id)}
export const setCookie = (name, value, hours = 1, path = '/') => { export const setCookie = (name, value, hours = 1, path = '/') => {
const expires = new Date(Date.now() + hours * 6e4).toUTCString() const expires = new Date(Date.now() + hours * 6e4).toUTCString()
@@ -66,13 +66,22 @@ export function iconauth() {
// } // }
export function modal(elem, identifier, bgcolor, header, textColor, title, innerHTML) { export function getatribinarr(arr, atribname, value){
for(let i=0;i<arr.length;i++){
if(arr[i][atribname] == value){
return arr[i]
}
}
return null
}
export function modal(elem, bgcolor, header, textColor, title, innerHTML) {
elem.innerHTML += ` elem.innerHTML += `
<dialog class="example ${textColor}" open> <dialog class="example ${textColor}" open>
<article style="background-color:${bgcolor};"> <article style="background-color:${bgcolor};">
<header style="background-color:${header};"> <header style="background-color:${header};">
<p class='noselect' style='font-size:10px;opacity:0.75'>${formatTime(getUnixTime())}</p> <p class='noselect ${textColor}' style='font-size:10px;opacity:0.75'>${formatTime(getUnixTime())}</p>
<a class="close ${textColor}" onclick="${identifier}.removeChild(this.parentElement.parentElement.parentElement)"></a> <a class="close ${textColor}" onclick="this.parentElement.parentElement.parentElement.remove()"></a>
${title} ${title}
</header> </header>
${innerHTML} ${innerHTML}
@@ -87,12 +96,12 @@ export function addPopup(bgcolor, isDark, title, content) {
let textColor let textColor
if(isDark){ if(isDark){
header = 'rgba(255,255,255,0.05)' header = 'rgba(255,255,255,0.05)'
textColor = 'text-white' textColor = "text-invert"
}else{ }else{
header = 'rgba(0,0,0,0.2)' header = 'rgba(0,0,0,0.2)'
textColor = 'text-black' textColor = ""
} }
modal(elem, "document.getElementById('popupBox')", bgcolor, header, textColor, title, `<p class='${textColor}'>${content}</p>`) modal(elem, bgcolor, header, textColor, title, `<p class='${textColor}'>${content}</p>`)
} }
@@ -118,14 +127,14 @@ export function confirmBox(bgcolor, isDark, title, yesFunc, noFunc) {
let textColor let textColor
if(isDark){ if(isDark){
header = 'rgba(255,255,255,0.05)' header = 'rgba(255,255,255,0.05)'
textColor = 'text-white' textColor = "text-invert"
}else{ }else{
header = 'rgba(0,0,0,0.2)' header = 'rgba(0,0,0,0.2)'
textColor = 'text-black' textColor = ""
} }
modal(elem, 'document.body', bgcolor, header, textColor, title, ` modal(elem, bgcolor, header, textColor, title, `
<button class="outline half-left" onclick="document.body.removeChild(this.parentElement.parentElement);${yesFunc}">Yes</button> <button class="outline half-left" onclick="${yesFunc};document.body.removeChild(this.parentElement.parentElement)">Yes</button>
<button class="half-right" onclick="document.body.removeChild(this.parentElement.parentElement);${noFunc}">No</button>`) <button class="half-right" onclick="${noFunc};document.body.removeChild(this.parentElement.parentElement)">No</button>`)
} }
export function getUnixTime() { export function getUnixTime() {
modules/chat/chat.html
-33
View File
@@ -1,33 +0,0 @@
<link rel="stylesheet" href="https://unpkg.com/xterm@4.11.0/css/xterm.css"/>
<script src="https://unpkg.com/xterm@4.11.0/lib/xterm.js"></script>
<script src="https://unpkg.com/xterm-addon-fit@0.5.0/lib/xterm-addon-fit.js"></script>
<script src="https://unpkg.com/xterm-addon-web-links@0.4.0/lib/xterm-addon-web-links.js"></script>
<script src="https://unpkg.com/xterm-addon-search@0.8.0/lib/xterm-addon-search.js"></script>
<h4>This is an example chat module</h4>
<div id="term"></div>
<script>
window.main = ()=>{
const term = new Terminal({
cursorBlink: true,
macOptionIsMeta: true,
scrollback: true,
});
const fit = new FitAddon.FitAddon()
term.loadAddon(fit)
term.loadAddon(new WebLinksAddon.WebLinksAddon())
term.loadAddon(new SearchAddon.SearchAddon())
term.open(utils.getEl("term"))
fit.fit()
term.onData((data) => {
term.write(data);
})
function resize(){fit.fit()}
window.onresize = resize
}
</script>
modules/chat/main.py
-12
View File
@@ -1,12 +0,0 @@
mm = None
def test(ac, data):
mm.sendPopupColor(ac.rawClient, 'test!', 'test!', '#600060', True)
def init(moduleMaster):
global mm
mm = moduleMaster
mm.addAuthEventListener('exampleTest', test)
def main():
pass
modules/chat/module.json
-20
View File
@@ -1,20 +0,0 @@
{
"name": "chat",
"creators": ["ASTATIN3"],
"version": "1.0",
"entrypoint": "modules/chat/main.py",
"tabs": [
{
"name": "chat",
"defaultPage": "chat",
"pages": [
{
"type": "page",
"name": "chat",
"requiredPermGroup": "",
"location": "modules/chat/chat.html"
}
]
}
]
}
modules/example/example.html
Regular → Executable
+9 -3
View File
@@ -1,10 +1,16 @@
<h4>This is a very simple example module!</h4>
<button id="testButton" onclick="testFunc()">test!</button> <main class="container">
<h4>This is a very simple example module!</h4>
<button id="testButton" onclick="testFunc()">test!</button>
</main>
<script> <script>
window.main = ()=>{}
function getel(el) {return document.getElementById(el)} function getel(el) {return document.getElementById(el)}
function testFunc() { function testFunc() {
window.sendRaw('test1', { window.send('exampleTest', {
data: 'test!' data: 'test!'
}) })
} }
modules/example/main.py
Regular → Executable
View File
modules/example/module.json
Regular → Executable
View File
modules/main/Dashboard.html
Regular → Executable
+5 -11
View File
@@ -1,11 +1,5 @@
<p>Test!</p> <main class="container">
<button id="testButton" onclick="testFunc()">test!</button> <h1><!--Place title here!!!--></h1>
<script> <h5>A very dynamic dashboard, with many features</h5>
function getel(el) {return document.getElementById(el)} <p>Check back later for the docs, but for now you can look at the pre-existing modules as examples.</p>
</main>
function testFunc() {
window.sendRaw('test1', {
data: 'test!'
})
}
</script>
modules/main/adminSettings.html
Regular → Executable
+243 -6
View File
@@ -1,11 +1,248 @@
<p>Test!</p> <main class="container">
<button id="testButton" onclick="testFunc()">test!</button> <h3>User Settings</h3>
<h4>Users</h4>
<table role="grid">
<thead>
<tr>
<th scope="col">Username</th>
<th scope="col">Created</th>
<th scope="col">Pass Updated</th>
<th scope="col">Groups</th>
<th scope="col">Manage</th>
</tr>
</thead>
<tbody id="userTable"></tbody>
</table>
<h4>Sessions</h4>
<table role="grid">
<thead>
<tr>
<th scope="col">Username</th>
<th scope="col">Address</th>
<th scope="col">Path</th>
<th scope="col">Expires</th>
<th scope="col">Manage</th>
</tr>
</thead>
<tbody id="sessionTable"></tbody>
</table>
<button onclick="addUser()">Add New User</button>
</main>
<script> <script>
function getel(el) {return document.getElementById(el)} let userData = {}
function testFunc() { function promptUnauth(clientid) {
window.sendRaw('test1', { utils.confirmBox('var(--card-sectionning-background-color)', true, 'Are you sure you want to log this session out?', `unauthSession('${clientid}')`, '')
data: 'test!' }
function unauthSession(id) {
window.send('unauth', id)
}
function addUser() {
const elem = document.body
const bgcolor = 'var(--card-sectionning-background-color)'
const header = 'rgba(255,255,255,0.05)'
const textColor = 'text-white'
const title = "Add user"
utils.modal(elem, bgcolor, header, textColor, title, `
<input autocomplete="new-password" id="username" placeholder="Username"></input>
<input autocomplete="new-password" id="groups" placeholder="User groups (Users, Admins, ...)"></input>
<input autocomplete="new-password" id="password1" type="password" placeholder="New Password"></input>
<input autocomplete="new-password" id="password2" type="password" placeholder="Retype new Password"></input>
<button class="outline half-left" onclick="this.parentElement.parentElement.remove()">Cancel</button>
<button class="half-right" onclick="addUserPrompt()">Submit</button>`)
// For some reason, after opening a second modal, the first one is not deleted.
// So I have to maually delete it using document.body.children[5].remove()
}
function addUserPrompt() {
const username = utils.getel("username").value
const groups = utils.getel("groups").value
const password1 = utils.getel("password1").value
const password2 = utils.getel("password2").value
document.body.children[5].remove()
if(username == "" || password1 == "" || password2 == ""){
utils.popupError("Error", "Please fill out all areas of form")
return
}else if(password1 != password2){
utils.popupError("Error", "Passwords don't match")
return
}
const elem = document.body
const bgcolor = 'var(--card-sectionning-background-color)'
const header = 'rgba(255,255,255,0.05)'
const textColor = 'text-white'
const title = "Add user"
utils.modal(elem, bgcolor, header, textColor, title, `
<p>Are you sure you want to add this user?</p>
<p>Username: ${username}</p>
<p>Groups: ${groups}</p>
<p>Password: (hidden)</p>
<br>
<button class="outline half-left" onclick="addUserSubmit('${username}','${groups}','${password1}');this.parentElement.parentElement.remove()">Yes</button>
<button class="half-right" onclick="this.parentElement.parentElement.remove()">No</button>`)
return
}
function addUserSubmit(username, groups, password) {
client.send("addUserRequest", {
username: username,
groups: groups.split(", "),
password: utils.sha256(password)
}) })
} }
function manageUser(id) {
const elem = document.body
const bgcolor = 'var(--card-sectionning-background-color)'
const header = 'rgba(255,255,255,0.05)'
const textColor = 'text-white'
const title = "Manage user"
utils.modal(elem, bgcolor, textColor, header, title, `
<button onclick="promptDisconnectSessions('${id}')">Disconnect all sessions</button>
<button onclick="promptChangePassword('${id}');this.parentElement.parentElement.remove()">Edit Password</button>
<button onclick="promptChangeGroups('${id}');this.parentElement.parentElement.remove()">Edit Groups</button>
<button onclick="promptRemoveUser('${id}');this.parentElement.parentElement.remove()">Delete</button>
<button class="outline" onclick="this.parentElement.parentElement.remove()">Cancel</button>
`)
}
function promptDisconnectSessions(id) {
document.body.children[5].remove()
utils.confirmBox('var(--card-sectionning-background-color)', true, 'Are you sure you want to disconnect all sessions for this user?', `disconnectSessions('${id}')`, '')
}
function disconnectSessions(id) {
client.send("disconnectAllSessions", {
id: id
})
}
function promptChangePassword(id) {
document.body.children[5].remove()
const elem = document.body
const bgcolor = 'var(--card-sectionning-background-color)'
const header = 'rgba(255,255,255,0.05)'
const textColor = 'text-white'
const title = "Manage user"
utils.modal(elem, bgcolor, textColor, header, title, `
<input autocomplete="new-password" id="password1" type="password" placeholder="New Password"></input>
<input autocomplete="new-password" id="password2" type="password" placeholder="Retype new Password"></input>
<button class="outline half-left" onclick="this.parentElement.parentElement.remove()">Cancel</button>
<button class="half-right" onclick="changePassword('${id}')">Submit</button>
`)
}
function changePassword(id) {
const password1 = utils.getel("password1").value
const password2 = utils.getel("password2").value
document.body.children[5].remove()
if(password1 == "" || password2 == ""){
utils.popupError("Error", "Please fill out all areas of form")
return
}else if(password1 != password2){
utils.popupError("Error", "Passwords don't match")
return
}
client.send("passwordChangeRequest", {
id: id,
new: utils.sha256(password1)
})
}
function promptChangeGroups(id) {
document.body.children[5].remove()
const user = utils.getatribinarr(userData, 'id', id)
const elem = document.body
const bgcolor = 'var(--card-sectionning-background-color)'
const header = 'rgba(255,255,255,0.05)'
const textColor = 'text-white'
const title = "Edit groups"
utils.modal(elem, bgcolor, textColor, header, title, `
<input autocomplete="new-password" id="groups" placeholder="User groups (Users, Admins, ...)" value="${user.permGroups.join(", ")}"></input>
<button class="half-left" onclick="this.parentElement.parentElement.remove()">Cancel</button>
<button class="outline half-right" onclick="changeGroups('${id}')">Submit</button>
`)
}
function changeGroups(id) {
const groups = utils.getel("groups").value
document.body.children[5].remove()
if(groups == ""){
utils.popupError("Error", "Please fill out all areas of form")
return
}
client.send("changeGroupsRequest", {
id: id,
groups: groups.split(", ")
})
}
function promptRemoveUser(id) {
document.body.children[5].remove()
utils.confirmBox('var(--card-sectionning-background-color)', true, 'Are you sure you want to remove this user?', `removeUser('${id}')`, '')
}
function removeUser(id) {
client.send("deleteUserRequest", {
id: id
})
}
window.main = ()=>{
window.addListener("sessions", (data)=>{
users = data.data.users
html = ""
userData = users
for(let i=0;i<users.length;i++){
html += `
<tr>
<td>${users[i].username}</td>
<td>${utils.formatTime(users[i].created)}</td>
<td>${utils.formatTime(users[i].passwordUpdated)}</td>
<td>${users[i].permGroups.join(", ")}</td>
<td><a href="#" onclick="manageUser('${users[i].id}')">Manage</a></td>
</tr>
`
}
utils.getel('userTable').innerHTML = html
sessions = data.data.sessions
html = ""
for(let i=0;i<sessions.length;i++){
html += `
<tr>
<td>${sessions[i].username}</td>
<td>${sessions[i].address}</td>
<td>${sessions[i].currentPage}</td>
<td>${utils.formatTime(sessions[i].timeout)}</td>
<td><a href="#" onclick="promptUnauth('${sessions[i].clientid}')">Logout</a></td>
</tr>
`
}
utils.getel('sessionTable').innerHTML = html
})
}
</script> </script>
modules/main/main.py
Regular → Executable
+177 -20
View File
@@ -1,10 +1,54 @@
mm = None mm = None
def init(moduleMaster):
global mm
mm = moduleMaster
# User settings
mm.addAuthEventListener('logout', logout)
mm.addAuthEventListener('unauth', unauth)
mm.addAuthEventListener('passwordChangeRequest', changePassword)
# Admin settings
mm.addAuthEventListener('addUserRequest', addUser)
mm.addAuthEventListener('disconnectAllSessions', disconnectAllSessions)
mm.addAuthEventListener('changeGroupsRequest', changeGroups)
mm.addAuthEventListener('deleteUserRequest', deleteUser)
# mm.addAuthEventListener('login', disconnectAllSessions)
mm.addPageEventListener('/main/User', loadSessions)
mm.addPageEventListener('/main/Admin', loadSessionsAdmin)
def main():
pass
def logout(ac, data): def logout(ac, data):
ac.send('redir', { mm.unauth(ac)
"location": "/"
})
mm.authServer.unauth(ac)
def unauth(ac, data):
removeClient = mm.getAuthClientByID(data['data'])
if removeClient == None:
return
if removeClient.user != ac.user and not mm.userInGroup(ac, "Admins"):
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
mm.unauth(removeClient)
mm.sendPopupSuccess(ac.rawClient, "Success", "Client removed!")
if(ac.currentPage == "/main/Admin" and mm.userInGroup(ac, "Admins")):
loadSessionsAdmin(ac)
else:
loadSessions(ac)
def loadSessions(ac): def loadSessions(ac):
obj = [] obj = []
@@ -21,23 +65,136 @@ def loadSessions(ac):
# obj.append(client.session) # obj.append(client.session)
ac.send('sessions', obj) ac.send('sessions', obj)
def unauth(ac, data):
removeClient = mm.getAuthClientByID(data['data'])
if removeClient == None: def changePassword(ac, data):
# If the account is not an admin, and the username is the same, and the password is correct => Change password
# If the account is not an admin, and the username is the same, and the password not correct and => Incorrect Password
# If the account is not an admin, and the username is not the same => Access denied
# If the account is an admin, and the username is the same, and the password is correct => Change password
# If the account is an admin, and the username is the same, and the password is not correct => Incorrect Password
# If the account is an admin, and the username is not the same => Change password
isAdmin = mm.userInGroup(ac, 'Admins')
correctName = ac.user.id == data['data']['id']
if isAdmin and not 'old' in data['data']:
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return return
if removeClient.user == ac.user:
removeClient.send('redir', {
"location": "/" if isAdmin or correctName:
if not isAdmin and ac.user.sha256passwordhash != data['data']['old']:
mm.sendPopupError(ac.rawClient, "Error", "Incorrect Password")
return
elif isAdmin and correctName and ac.user.sha256passwordhash != data['data']['old']:
mm.sendPopupError(ac.rawClient, "Error", "Incorrect Password")
return
else:
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
user = mm.getUserById(data['data']['id'])
if user == None:
mm.sendPopupError(ac.rawClient, "Error", "Invalid id")
return
mm.setUserPassword(user, data['data']['new'])
mm.sendPopupSuccess(ac.rawClient, "Success", "Password updated!")
if isAdmin:
loadSessionsAdmin(ac)
def loadSessionsAdmin(ac):
if not mm.userInGroup(ac, 'Admins'):
return
obj = {
'users': [],
'sessions': []
}
for client in mm.authServer.clients:
obj['sessions'].append({
'username': client.username,
'address': client.rawClient.address,
'currentPage': client.currentPage,
'clientid': client.rawClient.clientid,
'timeout': client.timeout
}) })
mm.unauth(removeClient) for user in mm.authServer.users:
loadSessions(ac) obj['users'].append({
'username': user.username,
'permGroups': user.permGroups,
'id': user.id,
'created': user.created,
'passwordUpdated': user.passwordUpdated
})
ac.send('sessions', obj)
def init(moduleMaster):
global mm
mm = moduleMaster
mm.addAuthEventListener('logout', logout)
mm.addAuthEventListener('unauth', unauth)
mm.addPageEventListener('/main/User', loadSessions)
def main():
pass def addUser(ac, data):
if not mm.userInGroup(ac, 'Admins'):
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
mm.addUser(
data['data']['username'],
data['data']['groups'],
data['data']['password'])
loadSessionsAdmin(ac)
def disconnectAllSessions(ac, data):
if not mm.userInGroup(ac, 'Admins'):
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
user = mm.getUserById(data['data']['id'])
for client in mm.authServer.clients:
if client.user == user:
mm.unauth(client)
loadSessionsAdmin(ac)
def changeGroups(ac, data):
if not mm.userInGroup(ac, 'Admins'):
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
user = mm.getUserById(data['data']['id'])
if user == None:
mm.sendPopupError(ac.rawClient, "Error", "Invalid id")
return
if user == ac.user:
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
mm.setUserGroups(user, data['data']['groups'])
mm.sendPopupSuccess(ac.rawClient, "Success", "Groups updated!")
loadSessionsAdmin(ac)
def deleteUser(ac, data):
if not mm.userInGroup(ac, 'Admins'):
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
user = mm.getUserById(data['data']['id'])
if user == None:
mm.sendPopupError(ac.rawClient, "Error", "Invalid id")
return
if user == ac.user:
mm.sendPopupError(ac.rawClient, "Error", "You are not authorised")
return
mm.deleteUser(user)
mm.sendPopupSuccess(ac.rawClient, "Success", "User deleted!")
loadSessionsAdmin(ac)
modules/main/module.json
Regular → Executable
+1 -7
View File
@@ -24,16 +24,10 @@
"requiredPermGroup": "", "requiredPermGroup": "",
"location": "modules/main/userSettings.html" "location": "modules/main/userSettings.html"
}, },
{
"type": "page",
"name": "Program",
"requiredPermGroup": "Admin",
"location": "modules/main/programSettings.html"
},
{ {
"type": "page", "type": "page",
"name": "Admin", "name": "Admin",
"requiredPermGroup": "Admin", "requiredPermGroup": "Admins",
"location": "modules/main/adminSettings.html" "location": "modules/main/adminSettings.html"
} }
] ]
modules/main/programSettings.html
-11
View File
@@ -1,11 +0,0 @@
<p>Test!</p>
<button id="testButton" onclick="testFunc()">test!</button>
<script>
function getel(el) {return document.getElementById(el)}
function testFunc() {
window.sendRaw('test1', {
data: 'test!'
})
}
</script>
modules/main/userSettings.html
Regular → Executable
+43 -24
View File
@@ -1,6 +1,7 @@
<main class="container"> <main class="container">
<h3>User Settings</h3> <h3>User Settings</h3>
<p>Sessions</p> <div id="details"></div>
<h4>Sessions</h4>
<table role="grid"> <table role="grid">
<thead> <thead>
<tr> <tr>
@@ -8,7 +9,7 @@
<th scope="col">Address</th> <th scope="col">Address</th>
<th scope="col">Path</th> <th scope="col">Path</th>
<th scope="col">Expires</th> <th scope="col">Expires</th>
<th scope="col">Remove</th> <th scope="col">Manage</th>
</tr> </tr>
</thead> </thead>
<tbody id="sessionTable"></tbody> <tbody id="sessionTable"></tbody>
@@ -26,12 +27,12 @@
} }
function logout() { function logout() {
window.sendRaw('logout', {}) window.send('logout', {})
utils.setCookie('session', '') utils.setCookie('session', '')
} }
function unauthClient(id) { function unauthSession(id) {
window.sendRaw('unauth', id) window.send('unauth', id)
} }
function changePassword() { function changePassword() {
@@ -41,16 +42,45 @@
const textColor = 'text-white' const textColor = 'text-white'
const title = "Change password" const title = "Change password"
utils.modal(elem, 'document.body',bgcolor, header, textColor, title, ` utils.modal(elem, bgcolor, header, textColor, title, `
<input type="password" placeholder="Old Password"></input> <input id="oldPassword" type="password" placeholder="Old Password"></input>
<input type="password" placeholder="New Password"></input> <input autocomplete="new-password" id="password1" type="password" placeholder="New Password"></input>
<input type="password" placeholder="Retype new Password"></input> <input autocomplete="new-password" id="password2" type="password" placeholder="Retype new Password"></input>
<button>Submit</button>`) <button onclick="passwordSubmit();document.body.removeChild(this.parentElement.parentElement)">Submit</button>`)
} }
function passwordSubmit() {
const oldPassword = utils.getel("oldPassword").value
const password1 = utils.getel("password1").value
const password2 = utils.getel("password2").value
if(oldPassword == "" || password1 == "" || password2 == ""){
utils.popupError("Error", "Please fill out all areas of form")
return
}else if(password1 != password2){
utils.popupError("Error", "Passwords don't match")
return
}
client.send("passwordChangeRequest", {
id: authClient.id,
old: utils.sha256(oldPassword),
new: utils.sha256(password1)
})
}
window.main = ()=>{ window.main = ()=>{
const sessionTable = document.getElementById('sessionTable')
window.addListener("reauth", (data)=>{
let details = utils.getel('details')
details.innerHTML += "<p>Username: " + authClient.username + "</p>"
details.innerHTML += "<p>Groups: " + authClient.permGroups.join(", ") + "</p>"
details.innerHTML += "<p>Created: " + utils.formatTime(authClient.accountCreated) + "</p>"
details.innerHTML += "<p>Password Updated: " + utils.formatTime(authClient.passwordUpdated) + "</p>"
})
window.addListener("sessions", (data)=>{ window.addListener("sessions", (data)=>{
sessions = data.data sessions = data.data
@@ -62,25 +92,14 @@
<td>${sessions[i].address}</td> <td>${sessions[i].address}</td>
<td>${sessions[i].currentPage}</td> <td>${sessions[i].currentPage}</td>
<td>${utils.formatTime(sessions[i].timeout)}</td> <td>${utils.formatTime(sessions[i].timeout)}</td>
<td><a href="#" onclick="promptUnauth('${sessions[i].clientid}')">Logout</a></td> <td><a href="#" onclick="unauthSession('${sessions[i].clientid}')">Logout</a></td>
</tr> </tr>
` `
} }
sessionTable.innerHTML = html utils.getel('sessionTable').innerHTML = html
}) })
} }
</script> </script>
<!--
#################################################
New Credentials - THESE ONLY WILL BE PRINTED ONCE
########
Username: User
Password: 67FFCdfb9dB827fB
########
Username: Admin
Password: eB0BB402900DfE5A
#################################################
-->
src/auth.py
+15 -2
View File
@@ -12,7 +12,10 @@ class authUser:
def __init__(self): def __init__(self):
self.username = None self.username = None
self.permGroups = [] self.permGroups = []
self.id = None
self.sha256passwordhash = None self.sha256passwordhash = None
self.passwordUpdated = None
self.created = None
class authClient: class authClient:
def __init__(self): def __init__(self):
@@ -21,7 +24,7 @@ class authClient:
self.currentPage = "/login" self.currentPage = "/login"
self.user = None self.user = None
self.timeout = utils.getUnixTime() + (60 * 60 * 1000) self.timeout = utils.getUnixTime() + (6 * 60 * 60 * 1000)
self.loginTime = utils.getUnixTime() self.loginTime = utils.getUnixTime()
self.lastReauth = utils.getUnixTime() self.lastReauth = utils.getUnixTime()
@@ -58,7 +61,11 @@ class authServer:
isValid = False isValid = False
validAcc = None validAcc = None
for acc in self.users: for acc in self.users:
hash = utils.hash(str(acc.username)+str(acc.sha256passwordhash)+str(data['data']['salt'])) hash = utils.hash(
str(acc.username)+
str(acc.sha256passwordhash)+
str(data['data']['salt']))
if hash == str(data['data']['data']): if hash == str(data['data']['data']):
isValid = True isValid = True
validAcc = acc validAcc = acc
@@ -115,7 +122,10 @@ class authServer:
ac.send('reauth', { ac.send('reauth', {
'username': ac.username, 'username': ac.username,
'id': ac.user.id,
'permGroups': ac.user.permGroups, 'permGroups': ac.user.permGroups,
'created': ac.user.created,
'passwordUpdated': ac.user.passwordUpdated,
'timeout': ac.timeout 'timeout': ac.timeout
}) })
@@ -174,6 +184,9 @@ class authServer:
for acc in data: for acc in data:
user = authUser() user = authUser()
user.username = acc['username'] user.username = acc['username']
user.id = acc['id']
user.sha256passwordhash = acc['sha256passwordhash'] user.sha256passwordhash = acc['sha256passwordhash']
user.permGroups = acc['permGroups'] user.permGroups = acc['permGroups']
user.created = acc['created']
user.passwordUpdated = acc['passwordUpdated']
self.users.append(user) self.users.append(user)
src/modules.py
Regular → Executable
+76 -5
View File
@@ -97,8 +97,6 @@ class moduleMaster():
# for tab in webserv.webtabs: # for tab in webserv.webtabs:
# tab.compileHtml('User') # tab.compileHtml('User')
def initModules(self, webserv): def initModules(self, webserv):
self.webserv = webserv self.webserv = webserv
self.app = webserv.app self.app = webserv.app
@@ -114,9 +112,79 @@ class moduleMaster():
for module in self.modules: for module in self.modules:
module.run() module.run()
def runModules(self):
for module in self.modules:
module.run()
def reloadUsers(self):
self.authServer.reloadUsers()
def editUser(self, user, varname, value):
path = utils.getRoot('data/')+'creds.json'
logins = json.loads(utils.readFile(path))
for userdata in logins:
if userdata['username'] == user.username:
userdata[varname] = value
utils.writeFile(path, json.dumps(logins, sort_keys=True, indent=2))
def setUserPassword(self, user, hash):
for ac in self.authServer.clients:
if ac.user == user:
self.unauth(ac)
self.editUser(user, 'sha256passwordhash', hash)
self.editUser(user, 'passwordUpdated', utils.getUnixTime())
self.authServer.reloadUsers()
def setUserGroups(self, user, groups):
for ac in self.authServer.clients:
if ac.user == user:
self.unauth(ac)
self.editUser(user, 'permGroups', groups)
self.authServer.reloadUsers()
def addUser(self, user, groups, hash):
path = utils.getRoot('data/')+'creds.json'
time = utils.getUnixTime()
logins = json.loads(utils.readFile(path))
logins.append({
'username': user,
'permGroups': groups,
'created': time,
'id': utils.randID(16),
'passwordUpdated': time,
'sha256passwordhash': hash
})
utils.writeFile(path, json.dumps(logins, sort_keys=True, indent=2))
self.authServer.reloadUsers()
def deleteUser(self, user):
path = utils.getRoot('data/')+'creds.json'
time = utils.getUnixTime()
logins = json.loads(utils.readFile(path))
for login in logins:
if login['id'] == user.id:
logins.remove(login)
utils.writeFile(path, json.dumps(logins, sort_keys=True, indent=2))
self.authServer.reloadUsers()
def userInGroup(self, ac, group):
if not self.authServer.validAc(ac):
return False
if (group != "") and not (group in ac.user.permGroups):
return False
return True
def getUserByName(self, name):
returnArr = []
for user in self.authServer.users:
if user.username == name:
returnArr.append(user)
return returnArr
def getUserById(self, id):
return utils.getatribinarr(self.authServer.users, 'id', id)
@@ -173,6 +241,9 @@ class moduleMaster():
def unauth(self, ac): def unauth(self, ac):
ac.send('redir', {
"location": "/"
})
self.authServer.unauth(ac) self.authServer.unauth(ac)
src/utils.py
+8
View File
@@ -79,6 +79,8 @@ def genDefaultAccounts():
print(f'Password: {adminPassword}') print(f'Password: {adminPassword}')
print('#################################################') print('#################################################')
time = getUnixTime()
return json.dumps( return json.dumps(
[ [
{ {
@@ -86,6 +88,9 @@ def genDefaultAccounts():
'permGroups': [ 'permGroups': [
'Users' 'Users'
], ],
'id': randID(16),
'created': time,
'passwordUpdated': time,
'sha256passwordhash': hash(userPassword) 'sha256passwordhash': hash(userPassword)
}, },
{ {
@@ -94,6 +99,9 @@ def genDefaultAccounts():
'Users', 'Users',
'Admins' 'Admins'
], ],
'id': randID(16),
'created': time,
'passwordUpdated': time,
'sha256passwordhash': hash(adminPassword) 'sha256passwordhash': hash(adminPassword)
} }
], sort_keys=True, indent=2) ], sort_keys=True, indent=2)
src/web.py
+1 -1
View File
@@ -52,7 +52,7 @@ class webpage():
def compileHtml(self, tabname, permGroups): def compileHtml(self, tabname, permGroups):
html = '<li' html = '<li'
if self.requiredPermGroup == '' or (self.requiredPermGroup in permGroups): if (self.requiredPermGroup == '') or (self.requiredPermGroup in permGroups):
html += f' onclick=\'window.location="/{tabname}/{self.name}"\'>' +\ html += f' onclick=\'window.location="/{tabname}/{self.name}"\'>' +\
self.name self.name
else: else: