admin schmadmin
All checks were successful
fetch npm modules / f0ck the f0cker (push) Successful in 19s
All checks were successful
fetch npm modules / f0ck the f0cker (push) Successful in 19s
This commit is contained in:
Flummi
@ -134,15 +134,6 @@ export default new class {
|
||||
const derivedKey = await scrypt(str, salt, 64);
|
||||
return crypto.timingSafeEqual(keyBuffer, derivedKey);
|
||||
};
|
||||
async auth(req, res, next) {
|
||||
if(!req.session) {
|
||||
return res.reply({
|
||||
code: 401,
|
||||
body: "401 - Unauthorized"
|
||||
});
|
||||
}
|
||||
return next();
|
||||
};
|
||||
async getTags(itemid) {
|
||||
const tags = await db`
|
||||
select "tags".id, "tags".tag, "tags".normalized, "user".user
|
||||
@ -217,6 +208,27 @@ export default new class {
|
||||
TABLE_NAME='user_options' and
|
||||
COLUMN_NAME = 'avatar'
|
||||
`)[0].avatar;
|
||||
}
|
||||
};
|
||||
|
||||
// meddlware
|
||||
async auth(req, res, next) {
|
||||
if(!req.session || !req.session.admin) {
|
||||
return res.reply({
|
||||
code: 401,
|
||||
body: "401 - Unauthorized"
|
||||
});
|
||||
}
|
||||
return next();
|
||||
};
|
||||
|
||||
async loggedin(req, res, next) {
|
||||
if(!req.session) {
|
||||
return res.reply({
|
||||
code: 401,
|
||||
body: "401 - Unauthorized"
|
||||
});
|
||||
}
|
||||
return next();
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
@ -3,18 +3,7 @@ import lib from "../lib.mjs";
|
||||
import { exec } from "child_process";
|
||||
import { promises as fs } from "fs";
|
||||
|
||||
const auth = async (req, res, next) => {
|
||||
if(!req.session) {
|
||||
return res.reply({
|
||||
code: 401,
|
||||
body: "401 - Unauthorized"
|
||||
});
|
||||
}
|
||||
return next();
|
||||
};
|
||||
|
||||
export default (router, tpl) => {
|
||||
|
||||
router.get(/^\/login(\/)?$/, async (req, res) => {
|
||||
if(req.cookies.session) {
|
||||
return res.reply({
|
||||
@ -72,7 +61,7 @@ export default (router, tpl) => {
|
||||
}).end();
|
||||
});
|
||||
|
||||
router.get(/^\/logout$/, auth, async (req, res) => {
|
||||
router.get(/^\/logout$/, lib.loggedin, async (req, res) => {
|
||||
const usersession = await db`
|
||||
select *
|
||||
from "user_sessions"
|
||||
@ -103,7 +92,7 @@ export default (router, tpl) => {
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin(\/)?$/, auth, async (req, res) => { // frontpage
|
||||
router.get(/^\/admin(\/)?$/, lib.auth, async (req, res) => { // frontpage
|
||||
|
||||
res.reply({
|
||||
body: tpl.render("admin", {
|
||||
@ -114,7 +103,7 @@ export default (router, tpl) => {
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/sessions(\/)?$/, auth, async (req, res) => {
|
||||
router.get(/^\/admin\/sessions(\/)?$/, lib.auth, async (req, res) => {
|
||||
const rows = await db`
|
||||
select "user_sessions".*, "user".user
|
||||
from "user_sessions"
|
||||
@ -132,7 +121,7 @@ export default (router, tpl) => {
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/log(\/)?$/, auth, async (req, res) => {
|
||||
router.get(/^\/admin\/log(\/)?$/, lib.auth, async (req, res) => {
|
||||
exec("journalctl -qeu f0ck --no-pager", (err, stdout) => {
|
||||
res.reply({
|
||||
body: tpl.render("admin/log", {
|
||||
@ -143,7 +132,7 @@ export default (router, tpl) => {
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/admin\/recover\/?/, auth, async (req, res) => {
|
||||
router.get(/^\/admin\/recover\/?/, lib.auth, async (req, res) => {
|
||||
if(req.url.qs?.id) {
|
||||
const id = +req.url.qs.id;
|
||||
const f0ck = await db`
|
||||
|
||||
@ -139,7 +139,7 @@ export default router => {
|
||||
|
||||
// tags lol
|
||||
|
||||
group.put(/\/admin\/tags\/(?<tagname>.*)/, lib.auth, async (req, res) => {
|
||||
group.put(/\/admin\/tags\/(?<tagname>.*)/, lib.loggedin, async (req, res) => {
|
||||
if(!req.params.tagname || !req.post.newtag) {
|
||||
return res.json({
|
||||
success: false,
|
||||
@ -187,7 +187,7 @@ export default router => {
|
||||
return res.json(q, tagname === newtag ? 200 : 201); // created (modified)
|
||||
});
|
||||
|
||||
group.get(/\/admin\/tags\/suggest$/, lib.auth, async (req, res) => {
|
||||
group.get(/\/admin\/tags\/suggest$/, lib.loggedin, async (req, res) => {
|
||||
const reply = {
|
||||
success: false,
|
||||
suggestions: {}
|
||||
@ -267,7 +267,7 @@ export default router => {
|
||||
});
|
||||
});
|
||||
|
||||
group.post(/\/admin\/togglefav$/, lib.auth, async (req, res) => {
|
||||
group.post(/\/admin\/togglefav$/, lib.loggedin, async (req, res) => {
|
||||
const postid = +req.post.postid;
|
||||
|
||||
let favs = await db`
|
||||
|
||||
@ -3,7 +3,7 @@ import lib from '../../lib.mjs';
|
||||
|
||||
export default router => {
|
||||
router.group(/^\/api\/v2\/settings/, group => {
|
||||
group.put(/\/setAvatar/, lib.auth, async (req, res) => {
|
||||
group.put(/\/setAvatar/, lib.loggedin, async (req, res) => {
|
||||
if(!req.post.avatar) {
|
||||
return res.json({
|
||||
msg: 'no avatar provided',
|
||||
|
||||
@ -3,7 +3,7 @@ import lib from '../../lib.mjs';
|
||||
|
||||
export default router => {
|
||||
router.group(/^\/api\/v2\/admin\/(?<postid>\d+)\/tags/, group => {
|
||||
group.get(/$/, lib.auth, async (req, res) => {
|
||||
group.get(/$/, lib.loggedin, async (req, res) => {
|
||||
// get tags
|
||||
if(!req.params.postid) {
|
||||
return res.json({
|
||||
@ -18,7 +18,7 @@ export default router => {
|
||||
});
|
||||
});
|
||||
|
||||
group.post(/$/, lib.auth, async (req, res) => {
|
||||
group.post(/$/, lib.loggedin, async (req, res) => {
|
||||
// assign and/or create tag
|
||||
if(!req.params.postid || !req.post.tagname) {
|
||||
return res.json({
|
||||
@ -80,7 +80,7 @@ export default router => {
|
||||
});
|
||||
});
|
||||
|
||||
group.put(/\/toggle$/, lib.auth, async (req, res) => {
|
||||
group.put(/\/toggle$/, lib.loggedin, async (req, res) => {
|
||||
// xD
|
||||
if(!req.params.postid) {
|
||||
return res.json({
|
||||
|
||||
@ -100,7 +100,7 @@ export default (router, tpl) => {
|
||||
});
|
||||
});
|
||||
|
||||
router.get(/^\/mode\/(\d)/, auth, async (req, res) => {
|
||||
router.get(/^\/mode\/(\d)/, lib.loggedin, async (req, res) => {
|
||||
const mode = +req.url.split[1];
|
||||
let referertmp = req.headers.referer;
|
||||
let referer = "";
|
||||
|
||||
@ -5,7 +5,7 @@ import search from "../routeinc/search.mjs";
|
||||
const _eps = 20;
|
||||
|
||||
export default (router, tpl) => {
|
||||
router.get(/^\/search(\/)?$/, lib.auth, async (req, res) => {
|
||||
router.get(/^\/search(\/)?$/, lib.loggedin, async (req, res) => {
|
||||
let ret;
|
||||
let tag = req.url.qs.tag ?? [];
|
||||
let page = req.url.qs.page ?? 1;
|
||||
|
||||
@ -71,7 +71,7 @@ process.on('unhandledRejection', err => {
|
||||
|
||||
if(req.cookies.session) {
|
||||
const user = await db`
|
||||
select "user".id, "user".login, "user".user, "user".level, "user_sessions".id as sess_id, "user_options".*
|
||||
select "user".id, "user".login, "user".user, "user".admin, "user_sessions".id as sess_id, "user_options".*
|
||||
from "user_sessions"
|
||||
left join "user" on "user".id = "user_sessions".user_id
|
||||
left join "user_options" on "user_options".user_id = "user_sessions".user_id
|
||||
|
||||
Reference in New Issue
Block a user