diff --git a/exemple.env b/exemple.env index c9e8ec3..9f270a0 100644 --- a/exemple.env +++ b/exemple.env @@ -1,3 +1,4 @@ GITHUB_CLIENT_ID= GITHUB_CLIENT_SECRET= -SESSION_SECRET= \ No newline at end of file +SESSION_SECRET= +APP_URL=http://exemple:8080 \ No newline at end of file diff --git a/index.js b/index.js index a6220ef..fb53fac 100644 --- a/index.js +++ b/index.js @@ -21,7 +21,6 @@ databaseService.sync().then(() => { }) -require('dotenv').config() app.use(bodyParser.urlencoded({ extended: false })) diff --git a/model/server.model.js b/model/server.model.js index c888bf7..ca02b3c 100644 --- a/model/server.model.js +++ b/model/server.model.js @@ -24,6 +24,10 @@ Server.init({ secret: { type: DataTypes.STRING, required: true, + }, + tmp: { + type: DataTypes.STRING, + required: true, } }, { sequelize, diff --git a/routes/admin/groups.route.js b/routes/admin/groups.route.js index 793bbfc..315ec23 100644 --- a/routes/admin/groups.route.js +++ b/routes/admin/groups.route.js @@ -4,6 +4,7 @@ const User = require("../../model/user.model"); const Group = require("../../model/group.model"); const Server = require("../../model/server.model"); const {groupServerList} = require("../../services/groups.service"); +const url = require("url"); groupService = require("../../services/groups.service"); memberService = require("../../services/members.service"); @@ -17,7 +18,7 @@ router.get("/", (req, res) => { for (x in groups) { groups[x]['servers'] = groups2[x].dataValues.accesses } - res.render('admin/groups', { "groups": groups }) + res.render('admin/groups', { "groups": groups, locals: {alert: req.query.alert, alert_type: req.query.type} }) }) }) } catch (e) { @@ -29,20 +30,45 @@ router.get("/", (req, res) => { router.post("/add", (req, res) => { if (req.body.group_name) { groupService.addGroup(req.body.group_name).then((result) => { - res.redirect("/admin/groups") + res.redirect(url.format({ + pathname:'/admin/groups', + query: { + "alert": "✅ Group " + req.body.group_name + " added.", + "type": "success" + } + })); }) } else { - res.redirect("/admin/groups") + res.redirect(url.format({ + pathname:'/admin/groups', + query: { + "alert": "⚠ī¸ Missing or invalid arguments.", + "type": "warning" + } + })); } }) router.get("/delete/:group", (req, res) => { try { groupService.delGroup(req.params.group).then((result) => { - res.redirect("/admin/groups") + res.redirect(url.format({ + pathname:'/admin/groups', + query: { + "alert": "🗑ī¸ Group " + req.params.group + " deleted.", + "type": "success" + } + })); }) } catch (e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/groups', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }); @@ -54,30 +80,47 @@ router.get("/:name", async (req, res) => { res.render('admin/group_new') } else { Group.findOne({ where: { name: req.params.name } }).then((group) => { - groupService.groupUserList(req.params.name).then((result) => { - User.findAll().then((users) => { - for (user in users) { - if (Object.keys(result).includes(users[user].dataValues.id.toString())) { - delete users[user] - } - } - groupService.groupServerList(req.params.name).then((result2) => { - Server.findAll().then((servers) => { - for (server in servers) { - if (Object.keys(result2).includes(servers[server].dataValues.hostname)) { - delete servers[server] - } + if (group) { + groupService.groupUserList(req.params.name).then((result) => { + User.findAll().then((users) => { + for (user in users) { + if (Object.keys(result).includes(users[user].dataValues.id.toString())) { + delete users[user] } - res.render('admin/group_edit', { "group": group, "inGroup": result, "outGroup": users, "inServer": result2, "outServer": servers}); + } + groupService.groupServerList(req.params.name).then((result2) => { + Server.findAll().then((servers) => { + for (server in servers) { + if (Object.keys(result2).includes(servers[server].dataValues.hostname)) { + delete servers[server] + } + } + res.render('admin/group_edit', { "group": group, "inGroup": result, "outGroup": users, "inServer": result2, "outServer": servers}); + }); }); - }); - }) - }); + }) + }); + } else { + res.redirect(url.format({ + pathname:'/admin/groups', + query: { + "alert": "⚠ī¸ Missing or invalid group.", + "type": "warning" + } + })); + } }) ; } } catch(e){ console.log(e) + res.redirect(url.format({ + pathname:'/admin/groups', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }) diff --git a/routes/admin/servers.route.js b/routes/admin/servers.route.js index 29b5d37..8c7b373 100644 --- a/routes/admin/servers.route.js +++ b/routes/admin/servers.route.js @@ -3,6 +3,7 @@ const User = require("../../model/user.model"); const Group = require("../../model/group.model"); const Server = require("../../model/server.model"); const url = require('url'); +require('dotenv').config() memberService = require("../../services/members.service"); serverService = require("../../services/server.service"); @@ -12,14 +13,28 @@ var router = express.Router(); router.get("/", (req, res) => { try { Server.findAll().then((servers) => { - if (req.query.alert) { - res.render('admin/servers', { "servers": servers, locals: { alert: req.query.alert, alert_type: req.query.type} }) - } else { - res.render('admin/servers', { "servers": servers }) + if (req.query.alert === "secretDisplay") { + var tmp = '' + var secret_display = {} + servers.forEach((server) => { + if (server.hostname === req.query.server) { + secret_display.content = server.tmp + secret_display.url = process.env.APP_URL + secret_display.name = server.hostname + } + }) } + res.render('admin/servers', { "servers": servers, locals: {secret: secret_display, alert: req.query.alert, alert_type: req.query.type} }) }); } catch (e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }) @@ -27,46 +42,64 @@ router.get("/", (req, res) => { router.post("/add", (req, res) => { try { if (req.body.server_hostname && req.body.server_ip && req.body.server_username) { - serverService.addServer(req.body.server_hostname, req.body.server_ip, req.body.server_username).then((result) => { + serverService.addServer(req.body.server_hostname, req.body.server_ip, req.body.server_username).then((secret) => { + res.redirect(url.format({ + pathname:'/admin/servers', + query: { + "server": req.body.server_hostname, + "alert": "secretDisplay" + } + })); - res.redirect("/admin/servers") }) } else { res.redirect(url.format({ pathname:'/admin/servers', query: { - "alert": "Please check the value of your fields or if the server does not already exist.", + "alert": "⚠ī¸ Please check the value of your fields or if the server does not already exist.", "type": "danger" } })); } } catch (e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/servers', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }) router.get("/delete/:server", (req, res) => { try { serverService.delServer(req.params.server).then((result) => { - res.redirect("/admin/servers") + res.redirect(url.format({ + pathname:'/admin/servers', + query: { + "alert": "✅ Server " + req.params.server + " deleted.", + "type": "success" + } + })); }) } catch (e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/servers', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }); -router.get("/:name", async (req, res) => { - try { - if (req.params.name === "new") { - res.render('admin/server_new') - } else { - console.log('a') - } - } catch(e){ - console.log(e) - } +router.get("/new", async (req, res) => { + res.render('admin/server_new') }) diff --git a/routes/admin/users.route.js b/routes/admin/users.route.js index 1bc4ce3..bcc612f 100644 --- a/routes/admin/users.route.js +++ b/routes/admin/users.route.js @@ -1,6 +1,7 @@ const express = require('express'); const User = require("../../model/user.model"); const Key = require("../../model/key.model"); +const url = require("url"); keyService = require("../../services/keys.service"); groupService = require("../../services/groups.service"); @@ -13,7 +14,7 @@ var router = express.Router(); router.get("/",async (req, res) => { try { User.findAll().then((users) => { - res.render('admin/users', { "users": users}) + res.render('admin/users', { "users": users, locals: {alert: req.query.alert, alert_type: req.query.type}}) }) } catch(e) { console.log(e) @@ -25,13 +26,32 @@ router.get("/delete/:userId", (req, res) => { try { if (req.params.userId != req.session.user.id) { userService.delUser(req.params.userId).then((result) => { - res.redirect("/admin/users") + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "🗑ī¸ User " + req.params.userId + " deleted.", + "type": "success" + } + })); }) } else { - res.redirect("/admin/users") + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "☚ī¸", + "type": "danger" + } + })); } } catch(e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }); @@ -40,21 +60,46 @@ router.get("/delete/:userId", (req, res) => { router.get("/:id", async (req, res) => { try { User.findOne({ where: { id: req.params.id } }).then((user) => { - Key.findAll({where: { "idOwner": user.id}}).then((keys) => { - res.render('admin/user_edit', { "keys": keys, "user": user})}); - }); + Key.findAll({where: {"idOwner": user.id}}).then((keys) => { + res.render('admin/user_edit', { + "keys": keys, + "user": user, + locals: {alert: req.query.alert, alert_type: req.query.type} + }) + }); + }) } catch(e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }) router.get("/:id/deleteKey/:key", (req, res) => { try { keyService.delKey(req.params.key, req.params.id).then((result) => { - res.redirect("/admin/users/"+req.params.id) + res.redirect(url.format({ + pathname:"/admin/users/"+req.params.id, + query: { + "alert": "🗑ī¸ Key " + req.params.key + " deleted.", + "type": "success" + } + })); }) } catch (e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }); @@ -62,13 +107,32 @@ router.post("/:id/addKey", (req, res) => { try { if (req.body.key_content && req.body.key_name) { keyService.addKey(req.body.key_content, req.body.key_name, req.params.id).then((result) => { - res.redirect("/admin/users/"+req.params.id) + res.redirect(url.format({ + pathname:"/admin/users/"+req.params.id, + query: { + "alert": "✅ Key " + req.body.key_name + " added.", + "type": "success" + } + })); }) } else { - res.redirect("/admin/users/"+req.params.id) + res.redirect(url.format({ + pathname:"/admin/users/"+req.params.id, + query: { + "alert": "⚠ī¸ Missing or invalid arguments.", + "type": "warning" + } + })); } } catch(e) { console.log(e) + res.redirect(url.format({ + pathname:'/admin/users', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }) diff --git a/routes/endpoint/update.route.js b/routes/endpoint/update.route.js index 94596d0..eeea21b 100644 --- a/routes/endpoint/update.route.js +++ b/routes/endpoint/update.route.js @@ -11,16 +11,20 @@ const serverService = require("../../services/server.service"); router.get("/:server", async (req, res) => { try { Server.findOne({ where: { hostname: req.params.server } }).then((server) => { - if (bcrypt.compareSync(req.body.secret, server.secret)) { - serverService.getServerKeys(req.params.server).then((result) => { - var raw = '' - for (x in result) { - raw += '# ' + x + '\n' + result[x] + '\n\n' - } - res.send(raw) - }) + if (server) { + if (bcrypt.compareSync(req.body.secret, server.secret)) { + serverService.getServerKeys(req.params.server).then((result) => { + var raw = '' + for (x in result) { + raw += '# ' + x + '\n' + result[x] + '\n\n' + } + res.send(raw) + }) + } else { + res.send("invalid request") + } } else { - res.send("invalid secret") + res.send("invalid request") } }) } catch (e) { diff --git a/routes/keys.route.js b/routes/keys.route.js index 78633ae..b87e181 100644 --- a/routes/keys.route.js +++ b/routes/keys.route.js @@ -2,6 +2,7 @@ const express = require('express'); const keyService = require("../services/keys.service"); const Key = require("../model/key.model"); +const url = require("url"); var router = express.Router(); @@ -17,13 +18,32 @@ router.post("/add", (req, res) => { try { if (req.body.key_content && req.body.key_name) { keyService.addKey(req.body.key_content, req.body.key_name, req.session.user.id).then((result) => { - res.redirect("/keys") + res.redirect(url.format({ + pathname:'/keys', + query: { + "alert": "✅ Key " + req.body.key_name + " added.", + "type": "success" + } + })); }) } else { - res.redirect("/keys") + res.redirect(url.format({ + pathname:'/keys', + query: { + "alert": "⚠ī¸ Missing or invalid arguments.", + "type": "warning" + } + })); } } catch (e) { console.log(e) + res.redirect(url.format({ + pathname:'/keys', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }) @@ -31,10 +51,23 @@ router.post("/add", (req, res) => { router.get("/delete/:key", (req, res) => { try { keyService.delKey(req.params.key, req.session.user.id).then((result) => { - res.redirect("/keys") + res.redirect(url.format({ + pathname:'/keys', + query: { + "alert": "🗑ī¸ Key " + req.params.key + " deleted.", + "type": "success" + } + })); }) } catch(e) { console.log(e) + res.redirect(url.format({ + pathname:'/keys', + query: { + "alert": "⚠ī¸ An error occured, ask your admin to check logs.", + "type": "danger" + } + })); } }); @@ -43,10 +76,11 @@ router.get("/delete/:key", (req, res) => { router.get("/", (req, res) => { try { Key.findAll({where: {idOwner: req.session.user.id}}).then((keys) => { - res.render('keys', { "keys": keys }) + res.render('keys', { "keys": keys, locals: {alert: req.query.alert, alert_type: req.query.type} }) }) } catch(e) { console.log(e) + } }); diff --git a/services/groups.service.js b/services/groups.service.js index 0a5ba88..390fb59 100644 --- a/services/groups.service.js +++ b/services/groups.service.js @@ -107,8 +107,6 @@ async function groupServerList(groupName) { } -groupServerList('admin') - module.exports = { addGroup, delGroup, diff --git a/services/server.service.js b/services/server.service.js index f276482..3f6f8ca 100644 --- a/services/server.service.js +++ b/services/server.service.js @@ -16,15 +16,21 @@ async function addServer(hostname, ip, username) { } else { if (hostname && ip && username && regexp_space.test(hostname, username) && regexp_ip.test(ip)) { var secret_generated= (Math.random() + 1).toString(36).substring(2); - console.log('secret: TODO' + secret_generated) Server.create({ hostname: hostname.toLowerCase(), ip: ip, username: username.toLowerCase(), - secret: bcrypt.hashSync(secret_generated, bcrypt.genSaltSync(10)) + secret: bcrypt.hashSync(secret_generated, bcrypt.genSaltSync(10)), + tmp: secret_generated }).then((result) => { - console.log('Server ' + result.hostname + ' added to database') - return secret_generated + try { + console.log('Server ' + result.hostname + ' added to database') + return secret_generated + } finally { + setTimeout(function() { + serverSecretDestroy(hostname) + },100) + } }); } else { return false; @@ -34,6 +40,12 @@ async function addServer(hostname, ip, username) { }); } +async function serverSecretDestroy(hostname){ + Server.findOne({where: { hostname: hostname}}).then((result) => { + result.tmp = 'destroyed' + result.save() + }); +} async function delServer(hostname) { @@ -90,9 +102,12 @@ async function getServerListForUserId(userId) { return result } + + module.exports = { addServer, delServer, getServerKeys, - getServerListForUserId + getServerListForUserId, + serverSecretDestroy }; \ No newline at end of file diff --git a/views/admin/groups.ejs b/views/admin/groups.ejs index be6144e..6633de9 100644 --- a/views/admin/groups.ejs +++ b/views/admin/groups.ejs @@ -2,6 +2,11 @@

Groups

+ <% if (locals.alert) { %> + + <% } %>

Group list

diff --git a/views/admin/servers.ejs b/views/admin/servers.ejs index fa0491b..2e3f2d8 100644 --- a/views/admin/servers.ejs +++ b/views/admin/servers.ejs @@ -2,11 +2,26 @@

Servers

- <% if (locals.alert) { %> + <% if (locals.alert && (!locals.secret)) { %> <% } %> + <% if (locals.secret) { %> + <% if (locals.secret.content === "destroyed") { %> + + <% } else { %> + + + <% } %> + + <% } %>

Server list

diff --git a/views/admin/user_edit.ejs b/views/admin/user_edit.ejs index bbed824..6351f6f 100644 --- a/views/admin/user_edit.ejs +++ b/views/admin/user_edit.ejs @@ -1,6 +1,11 @@ <%- include('../navbar', {active: "admin-users"}); %>

Users / <%= user.login %>

+ <% if (locals.alert) { %> + + <% } %>

SSH Keys

diff --git a/views/admin/users.ejs b/views/admin/users.ejs index 4fcd63c..d5da32d 100644 --- a/views/admin/users.ejs +++ b/views/admin/users.ejs @@ -1,6 +1,11 @@ <%- include('../navbar', {active: "admin-users"}); %>

Users

+ <% if (locals.alert) { %> + + <% } %>

User list

diff --git a/views/keys.ejs b/views/keys.ejs index f13b57c..ff05a36 100644 --- a/views/keys.ejs +++ b/views/keys.ejs @@ -1,6 +1,11 @@ <%- include('navbar', {active: "keys"}); %>

Dashboard / keys

+ <% if (locals.alert) { %> + + <% } %>

SSH Keys