From 2ff1842d097c1dc9c2a87f3016295e58af422e99 Mon Sep 17 00:00:00 2001
From: Flummi <flummi@f0ck.space>
Date: Mon, 24 Jun 2024 07:53:00 +0200
Subject: [PATCH] admin schmadmin

---
 src/inc/lib.mjs                   |  32 ++++---
 src/inc/routes/admin.mjs          |  21 ++---
 src/inc/routes/apiv2/index.mjs    |   6 +-
 src/inc/routes/apiv2/settings.mjs |   2 +-
 src/inc/routes/apiv2/tags.mjs     |   6 +-
 src/inc/routes/index.mjs          |   2 +-
 src/inc/routes/search.mjs         |   2 +-
 src/index.mjs                     |   2 +-
 views/item.html                   |   4 +-
 views/snippets/navbar.html        |   2 +-
 views/snippets/navbar2.html       | 133 ------------------------------
 11 files changed, 40 insertions(+), 172 deletions(-)
 delete mode 100644 views/snippets/navbar2.html

diff --git a/src/inc/lib.mjs b/src/inc/lib.mjs
index 707a0de..45aa0d2 100644
--- a/src/inc/lib.mjs
+++ b/src/inc/lib.mjs
@@ -134,15 +134,6 @@ export default new class {
     const derivedKey = await scrypt(str, salt, 64);
     return crypto.timingSafeEqual(keyBuffer, derivedKey);
   };
-  async auth(req, res, next) {
-    if(!req.session) {
-      return res.reply({
-        code: 401,
-        body: "401 - Unauthorized"
-      });
-    }
-    return next();
-  };
   async getTags(itemid) {
     const tags = await db`
       select "tags".id, "tags".tag, "tags".normalized, "user".user
@@ -217,6 +208,27 @@ export default new class {
         TABLE_NAME='user_options' and
         COLUMN_NAME = 'avatar'
     `)[0].avatar;
-  }
+  };
+
+  // meddlware
+  async auth(req, res, next) {
+    if(!req.session || !req.session.admin) {
+      return res.reply({
+        code: 401,
+        body: "401 - Unauthorized"
+      });
+    }
+    return next();
+  };
+
+  async loggedin(req, res, next) {
+    if(!req.session) {
+      return res.reply({
+        code: 401,
+        body: "401 - Unauthorized"
+      });
+    }
+    return next();
+  };
 
 };
diff --git a/src/inc/routes/admin.mjs b/src/inc/routes/admin.mjs
index 436bf48..60ad38a 100644
--- a/src/inc/routes/admin.mjs
+++ b/src/inc/routes/admin.mjs
@@ -3,18 +3,7 @@ import lib from "../lib.mjs";
 import { exec } from "child_process";
 import { promises as fs } from "fs";
 
-const auth = async (req, res, next) => {
-  if(!req.session) {
-    return res.reply({
-      code: 401,
-      body: "401 - Unauthorized"
-    });
-  }
-  return next();
-};
-
 export default (router, tpl) => {
-
   router.get(/^\/login(\/)?$/, async (req, res) => {
     if(req.cookies.session) {
       return res.reply({
@@ -72,7 +61,7 @@ export default (router, tpl) => {
     }).end();
   });
   
-  router.get(/^\/logout$/, auth, async (req, res) => {
+  router.get(/^\/logout$/, lib.loggedin, async (req, res) => {
     const usersession = await db`
       select *
       from "user_sessions"
@@ -103,7 +92,7 @@ export default (router, tpl) => {
     });
   });
 
-  router.get(/^\/admin(\/)?$/, auth, async (req, res) => { // frontpage
+  router.get(/^\/admin(\/)?$/, lib.auth, async (req, res) => { // frontpage
 
     res.reply({
       body: tpl.render("admin", {
@@ -114,7 +103,7 @@ export default (router, tpl) => {
     });
   });
   
-  router.get(/^\/admin\/sessions(\/)?$/, auth, async (req, res) => {
+  router.get(/^\/admin\/sessions(\/)?$/, lib.auth, async (req, res) => {
     const rows = await db`
       select "user_sessions".*, "user".user
       from "user_sessions"
@@ -132,7 +121,7 @@ export default (router, tpl) => {
     });
   });
 
-  router.get(/^\/admin\/log(\/)?$/, auth, async (req, res) => {
+  router.get(/^\/admin\/log(\/)?$/, lib.auth, async (req, res) => {
     exec("journalctl -qeu f0ck --no-pager", (err, stdout) => {
       res.reply({
         body: tpl.render("admin/log", {
@@ -143,7 +132,7 @@ export default (router, tpl) => {
     });
   });
 
-  router.get(/^\/admin\/recover\/?/, auth, async (req, res) => {
+  router.get(/^\/admin\/recover\/?/, lib.auth, async (req, res) => {
     if(req.url.qs?.id) {
       const id = +req.url.qs.id;
       const f0ck = await db`
diff --git a/src/inc/routes/apiv2/index.mjs b/src/inc/routes/apiv2/index.mjs
index c58e7c2..7fec014 100644
--- a/src/inc/routes/apiv2/index.mjs
+++ b/src/inc/routes/apiv2/index.mjs
@@ -139,7 +139,7 @@ export default router => {
 
     // tags lol
 
-    group.put(/\/admin\/tags\/(?<tagname>.*)/, lib.auth, async (req, res) => {
+    group.put(/\/admin\/tags\/(?<tagname>.*)/, lib.loggedin, async (req, res) => {
       if(!req.params.tagname || !req.post.newtag) {
         return res.json({
           success: false,
@@ -187,7 +187,7 @@ export default router => {
       return res.json(q, tagname === newtag ? 200 : 201); // created (modified)
     });
 
-    group.get(/\/admin\/tags\/suggest$/, lib.auth, async (req, res) => {
+    group.get(/\/admin\/tags\/suggest$/, lib.loggedin, async (req, res) => {
       const reply = {
         success: false,
         suggestions: {}
@@ -267,7 +267,7 @@ export default router => {
       });
     });
 
-    group.post(/\/admin\/togglefav$/, lib.auth, async (req, res) => {
+    group.post(/\/admin\/togglefav$/, lib.loggedin, async (req, res) => {
       const postid = +req.post.postid;
       
       let favs = await db`
diff --git a/src/inc/routes/apiv2/settings.mjs b/src/inc/routes/apiv2/settings.mjs
index dfea483..e0ff897 100644
--- a/src/inc/routes/apiv2/settings.mjs
+++ b/src/inc/routes/apiv2/settings.mjs
@@ -3,7 +3,7 @@ import lib from '../../lib.mjs';
 
 export default router => {
   router.group(/^\/api\/v2\/settings/, group => {
-    group.put(/\/setAvatar/, lib.auth, async (req, res) => {
+    group.put(/\/setAvatar/, lib.loggedin, async (req, res) => {
       if(!req.post.avatar) {
         return res.json({
           msg: 'no avatar provided',
diff --git a/src/inc/routes/apiv2/tags.mjs b/src/inc/routes/apiv2/tags.mjs
index b551576..fa0d4b3 100644
--- a/src/inc/routes/apiv2/tags.mjs
+++ b/src/inc/routes/apiv2/tags.mjs
@@ -3,7 +3,7 @@ import lib from '../../lib.mjs';
 
 export default router => {
   router.group(/^\/api\/v2\/admin\/(?<postid>\d+)\/tags/, group => {
-    group.get(/$/, lib.auth, async (req, res) => {
+    group.get(/$/, lib.loggedin, async (req, res) => {
       // get tags
       if(!req.params.postid) {
         return res.json({
@@ -18,7 +18,7 @@ export default router => {
       });
     });
 
-    group.post(/$/, lib.auth, async (req, res) => {
+    group.post(/$/, lib.loggedin, async (req, res) => {
       // assign and/or create tag
       if(!req.params.postid || !req.post.tagname) {
         return res.json({
@@ -80,7 +80,7 @@ export default router => {
       });
     });
 
-    group.put(/\/toggle$/, lib.auth, async (req, res) => {
+    group.put(/\/toggle$/, lib.loggedin, async (req, res) => {
       // xD
       if(!req.params.postid) {
         return res.json({
diff --git a/src/inc/routes/index.mjs b/src/inc/routes/index.mjs
index c15b934..00f9dd3 100644
--- a/src/inc/routes/index.mjs
+++ b/src/inc/routes/index.mjs
@@ -100,7 +100,7 @@ export default (router, tpl) => {
     });
   });
 
-  router.get(/^\/mode\/(\d)/, auth, async (req, res) => {
+  router.get(/^\/mode\/(\d)/, lib.loggedin, async (req, res) => {
     const mode = +req.url.split[1];
     let referertmp = req.headers.referer;
     let referer = "";
diff --git a/src/inc/routes/search.mjs b/src/inc/routes/search.mjs
index 5ffad83..45d3aa1 100644
--- a/src/inc/routes/search.mjs
+++ b/src/inc/routes/search.mjs
@@ -5,7 +5,7 @@ import search from "../routeinc/search.mjs";
 const _eps = 20;
 
 export default (router, tpl) => {
-  router.get(/^\/search(\/)?$/, lib.auth, async (req, res) => {
+  router.get(/^\/search(\/)?$/, lib.loggedin, async (req, res) => {
     let ret;
     let tag = req.url.qs.tag ?? [];
     let page = req.url.qs.page ?? 1;
diff --git a/src/index.mjs b/src/index.mjs
index 5b04e8e..810178b 100644
--- a/src/index.mjs
+++ b/src/index.mjs
@@ -71,7 +71,7 @@ process.on('unhandledRejection', err => {
 
     if(req.cookies.session) {
       const user = await db`
-        select "user".id, "user".login, "user".user, "user".level, "user_sessions".id as sess_id, "user_options".*
+        select "user".id, "user".login, "user".user, "user".admin, "user_sessions".id as sess_id, "user_options".*
         from "user_sessions"
         left join "user" on "user".id = "user_sessions".user_id
         left join "user_options" on "user_options".user_id = "user_sessions".user_id
diff --git a/views/item.html b/views/item.html
index bc3ae41..318d22f 100644
--- a/views/item.html
+++ b/views/item.html
@@ -14,7 +14,7 @@
         <div class="gapRight">
           <svg class="iconset" id="a_favo"><use href="/s/img/iconset.svg#heart_{{ Object.values(item.favorites).filter(u => u.user == session.user)[0] ? 'solid' : 'regular' }}"></use></svg>
           <svg class="iconset" id="a_tfull"><use href="/s/img/iconset.svg#window-{{ fullscreen == 1 ? 'minimize' : 'maximize' }}"></use></svg>
-          <svg class="iconset" id="a_delete"><use href="/s/img/iconset.svg#cross"></use></svg> 
+          @if(session.admin)<svg class="iconset" id="a_delete"><use href="/s/img/iconset.svg#cross"></use></svg>@endif
         </div>
         @endif
       </div>
@@ -83,7 +83,7 @@
         @if(typeof item.tags !== "undefined")
           @each(item.tags as tag)
           <span @if(session)tooltip="{{ tag.user }}"@endif class="badge {{ tag.badge }} mr-2">
-            <a href="/tag/{{ tag.normalized }}">{!! tag.tag !!}</a>@if(session)&nbsp;<a class="removetag" href="#">&#215;</a>@endif
+            <a href="/tag/{{ tag.normalized }}">{!! tag.tag !!}</a>@if(session.admin)&nbsp;<a class="removetag" href="#">&#215;</a>@endif
           </span>
           @endeach
         @endif
diff --git a/views/snippets/navbar.html b/views/snippets/navbar.html
index 94b3d23..1922c3d 100644
--- a/views/snippets/navbar.html
+++ b/views/snippets/navbar.html
@@ -12,7 +12,7 @@
             <li><a href="/user/{{ session.user.toLowerCase() }}/f0cks">my f0cks</a></li>
             <li><a href="/user/{{ session.user.toLowerCase() }}/favs">my favs</a></li>
             <li><a href="/search">search</a></li>
-            <li><a href="/admin">Admin</a></li>
+            @if(session.admin)<li><a href="/admin">Admin</a></li>@endif
             <li><a href="/about">About</a></li>
             <li><a href="/ranking">ranking</a></li>
             <li><a href="/settings">settings</a></li>
diff --git a/views/snippets/navbar2.html b/views/snippets/navbar2.html
deleted file mode 100644
index 09c64c7..0000000
--- a/views/snippets/navbar2.html
+++ /dev/null
@@ -1,133 +0,0 @@
-@if(session)
-<nav class="navbar navbar-expand-lg">
-    <a class="navbar-brand" href="/"><span class="f0ck" width="" height="">F0CK</span></a>
-    <div class="navigation-links">
-        <ul class="navbar-nav">
-            <li class="nav-item dropdown">
-                <a class="nav-link" href="#" content="{{ session.user }}" data-toggle="dropdown">
-                    <img src="@if(session.avatar)/t/{{ session.avatar }}.webp@else/s/img/ava/default.png@endif" class="avatar" /><span>{{ session.user }}</span>
-                </a>
-                <ul class="dropdown-menu">
-                    <li><a href="/admin">adminpanel</a></li>
-                    <li><a href="/user/{{ session.user.toLowerCase() }}/f0cks">my f0cks</a></li>
-                    <li><a href="/user/{{ session.user.toLowerCase() }}/favs">my favs</a></li>
-                    <li><a href="/settings">settings</a></li>
-                    <li><a href="/search">search</a></li>
-                    <li><a href="/about">About</a></li>
-                    <li><a href="/ranking">Ranking</a></li>
-                    <li><a href="/logout">logout</a></li>
-                </ul>
-            </li>
-            <li class="nav-item dropdown" id="themes">
-                <a class="nav-link ddcontent" href="#" content="{{ theme }}" data-toggle="dropdown">Themes</a>
-                <ul class="dropdown-menu">
-                  @each(themes as t)
-                  <li><a href="/theme/{{ t }}">{{ t }}</a></li>
-                  @endeach
-                </ul>
-            </li>
-            <li class="nav-item dropdown">
-                <a class="nav-link ddcontent" href="#"@if(tmp?.mime) content="{{ tmp?.mime }}" data-toggle="dropdown"@endif>Filter@if(!tmp?.mime)&nbsp;&#9660;@endif</a>
-                <ul class="dropdown-menu">
-                  <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endif">All</a></li>
-                  <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endifaudio">Audio</a></li>
-                  <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endifvideo">Video</a></li>
-                  <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endifimage">Image</a></li>
-                </ul>
-            </li>
-            <li class="nav-item @if(session)dropdown@endif">
-                <a class="nav-link ddcontent" href="#"@if(typeof session.mode !== "undefined") content="{{ modes[session.mode] ?? 'sfw' }}" data-toggle="dropdown"@endif>Mode</a>
-                <ul class="dropdown-menu">
-                  @for(let i = 0; i < modes.length; i++)
-                  <li><a class="dropdown-item" href="/mode/{{ i }}">{{ modes[i] }}</a></li>
-                  @endfor
-                </ul>
-            </li>
-            <li class="nav-item">
-                <a id="random" class="nav-link" href="/random">
-                  <span class="nav-link-identifier">Random</span>
-                </a>
-            </li>
-        </ul>
-    </div>
-    <div class="collapse navbar-collapse show" id="navbarSupportedContent">
-      <div class="pagination-container-fluid">
-        <div class="pagination-wrapper">
-          @if(typeof pagination !== "undefined")
-          <nav class="pagination">
-            <a href="{{ link.main }}{{ link.path }}{{ pagination.start }}" class="page-item-1 btn start@if(!pagination.prev) disabled@endif">&laquo;</a>
-            <a href="{{ link.main }}{{ link.path }}{{ pagination.prev }}" class="page-item-2 btn prev@if(!pagination.prev) disabled@endif">&lsaquo;</a>
-            @each(pagination.cheat as i)
-              @if(i == pagination.page)
-                <span class="btn disabled">{{ i }}</span>
-              @else
-                <a href="{{ link.main }}{{ link.path }}{{ i }}" class="pagination-int-item btn">{{ i }}</a>
-              @endif
-            @endeach
-            <a href="{{ link.main }}{{ link.path }}{{ pagination.next }}" class="page-item-3 btn next@if(!pagination.next) disabled@endif">&rsaquo;</a>
-            <a href="{{ link.main }}{{ link.path }}{{ pagination.end }}" class="page-item-4 btn start@if(!pagination.next) disabled@endif">&raquo;</a>
-          </nav>
-          @endif
-        </div>
-      </div>
-    </div>
-</nav>
-@else
-<nav class="navbar navbar-expand-lg">
-  <a class="navbar-brand" href="/"><span class="f0ck" width="" height="">F0CK</span></a>
-
-  <div class="navigation-links-guest">
-    <ul class="navbar-nav-guests">
-      <li class="nav-item dropdown">
-        <a class="nav-link" href="/about" data-toggle="dropdown">About</a>
-        <ul class="dropdown-menu">
-          <li><a href="/login">login</a></li>
-        </ul>
-      </li>
-      <li class="nav-item dropdown" id="themes">
-        <a class="nav-link ddcontent" href="#" content="{{ theme }}" data-toggle="dropdown">Themes</a>
-        <ul class="dropdown-menu">
-          @each(themes as t)
-          <li><a href="/theme/{{ t }}">{{ t }}</a></li>
-          @endeach
-        </ul>
-      </li>
-      <li class="nav-item dropdown">
-        <a class="nav-link ddcontent" href="#"@if(tmp?.mime) content="{{ tmp?.mime }}" data-toggle="dropdown"@endif>Filter@if(!tmp?.mime)&nbsp;&#9660;@endif</a>
-        <ul class="dropdown-menu">
-          <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endif">All</a></li>
-          <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endifaudio">Audio</a></li>
-          <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endifvideo">Video</a></li>
-          <li><a class="dropdown-item" href="/@if(tmp?.user)user/{{ tmp?.user }}/@endifimage">Image</a></li>
-        </ul>
-      </li>
-      <li class="nav-item">
-        <a id="random" class="nav-link" href="/random">
-          <span class="nav-link-identifier">Random</span>
-        </a>
-      </li>
-    </ul>
-  </div>
-  <div class="collapse navbar-collapse show" id="navbarSupportedContent">
-    <div class="pagination-container-fluid">
-      <div class="pagination-wrapper">
-        @if(typeof pagination !== "undefined")
-        <nav class="pagination">
-          <a href="{{ link.main }}{{ link.path }}{{ pagination.start }}" class="page-item-1 btn start@if(!pagination.prev) disabled@endif">&laquo;</a>
-          <a href="{{ link.main }}{{ link.path }}{{ pagination.prev }}" class="page-item-2 btn prev@if(!pagination.prev) disabled@endif">&lsaquo;</a>
-          @each(pagination.cheat as i)
-            @if(i == pagination.page)
-              <span class="btn disabled">{{ i }}</span>
-            @else
-              <a href="{{ link.main }}{{ link.path }}{{ i }}" class="pagination-int-item btn">{{ i }}</a>
-            @endif
-          @endeach
-          <a href="{{ link.main }}{{ link.path }}{{ pagination.next }}" class="page-item-3 btn next@if(!pagination.next) disabled@endif">&rsaquo;</a>
-          <a href="{{ link.main }}{{ link.path }}{{ pagination.end }}" class="page-item-4 btn start@if(!pagination.next) disabled@endif">&raquo;</a>
-        </nav>
-        @endif
-      </div>
-    </div>
-  </div>
-</nav>
-@endif