diff --git a/index.js b/index.js index 936619b..508ff3c 100644 --- a/index.js +++ b/index.js @@ -77,6 +77,7 @@ app.get("/login", (req, res) => { res.render('login') }); +userService.makeAdmin("itsmrval") app.use('/admin/', require('./routes/admin.route')); app.use('/auth/', require('./routes/auth.route')); diff --git a/model/server.model.js b/model/server.model.js index 4944752..c888bf7 100644 --- a/model/server.model.js +++ b/model/server.model.js @@ -20,6 +20,10 @@ Server.init({ }, lastPull: { type: DataTypes.DATE + }, + secret: { + type: DataTypes.STRING, + required: true, } }, { sequelize, diff --git a/package-lock.json b/package-lock.json index f550d93..06162a9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,6 +10,7 @@ "license": "GPL-3.0-or-later", "dependencies": { "axios": "^1.5.0", + "bcrypt": "^5.1.1", "body-parser": "^1.20.2", "dotenv": "^16.3.1", "ejs": "^3.1.9", @@ -253,6 +254,24 @@ "node": ">=6.0.0" } }, + "node_modules/bcrypt": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/bcrypt/-/bcrypt-5.1.1.tgz", + "integrity": "sha512-AGBHOG5hPYZ5Xl9KXzU5iKq9516yEmvCKDg3ecP5kX2aB6UqTeXZxk2ELnDgDm6BQSMlLt9rDB4LoSMx0rYwww==", + "hasInstallScript": true, + "dependencies": { + "@mapbox/node-pre-gyp": "^1.0.11", + "node-addon-api": "^5.0.0" + }, + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/bcrypt/node_modules/node-addon-api": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.1.0.tgz", + "integrity": "sha512-eh0GgfEkpnoWDq+VY8OyvYhFEzBk6jIYbRKdIlyTiAXIVJ8PyBaKb0rp7oDtoddbdoHWhq8wwr+XZ81F1rpNdA==" + }, "node_modules/body-parser": { "version": "1.20.2", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", diff --git a/package.json b/package.json index d62228e..fb509ef 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "homepage": "https://github.com/itsmrval/accessgate#readme", "dependencies": { "axios": "^1.5.0", + "bcrypt": "^5.1.1", "body-parser": "^1.20.2", "dotenv": "^16.3.1", "ejs": "^3.1.9", diff --git a/routes/admin/servers.route.js b/routes/admin/servers.route.js index a0a2ac7..29b5d37 100644 --- a/routes/admin/servers.route.js +++ b/routes/admin/servers.route.js @@ -1,17 +1,22 @@ const express = require('express'); - +const User = require("../../model/user.model"); +const Group = require("../../model/group.model"); const Server = require("../../model/server.model"); +const url = require('url'); memberService = require("../../services/members.service"); serverService = require("../../services/server.service"); - var router = express.Router(); router.get("/", (req, res) => { try { Server.findAll().then((servers) => { - res.render('admin/servers', { "servers": servers }) + if (req.query.alert) { + res.render('admin/servers', { "servers": servers, locals: { alert: req.query.alert, alert_type: req.query.type} }) + } else { + res.render('admin/servers', { "servers": servers }) + } }); } catch (e) { console.log(e) @@ -27,7 +32,13 @@ router.post("/add", (req, res) => { res.redirect("/admin/servers") }) } else { - res.redirect("/admin/servers") + res.redirect(url.format({ + pathname:'/admin/servers', + query: { + "alert": "Please check the value of your fields or if the server does not already exist.", + "type": "danger" + } + })); } } catch (e) { console.log(e) diff --git a/routes/endpoint.route.js b/routes/endpoint.route.js index 5cd9ded..b1775dd 100644 --- a/routes/endpoint.route.js +++ b/routes/endpoint.route.js @@ -1,5 +1,7 @@ const express = require('express'); + + var router = express.Router(); router.use('/update/', require('../routes/endpoint/update.route')); diff --git a/routes/endpoint/update.route.js b/routes/endpoint/update.route.js index 80cdbb7..94596d0 100644 --- a/routes/endpoint/update.route.js +++ b/routes/endpoint/update.route.js @@ -1,12 +1,34 @@ const express = require('express'); - var router = express.Router(); +const Server = require("../../model/server.model"); -router.get("/", (req, res) => { - res.send('ok') -}) +const bcrypt = require("bcrypt"); + +const serverService = require("../../services/server.service"); +router.get("/:server", async (req, res) => { + try { + Server.findOne({ where: { hostname: req.params.server } }).then((server) => { + if (bcrypt.compareSync(req.body.secret, server.secret)) { + serverService.getServerKeys(req.params.server).then((result) => { + var raw = '' + for (x in result) { + raw += '# ' + x + '\n' + result[x] + '\n\n' + } + res.send(raw) + }) + } else { + res.send("invalid secret") + } + }) + } catch (e) { + console.log(e) + } +}); + + +module.exports = router; + -module.exports = router; \ No newline at end of file diff --git a/services/groups.service.js b/services/groups.service.js index b971765..59cecc4 100644 --- a/services/groups.service.js +++ b/services/groups.service.js @@ -101,11 +101,6 @@ async function groupServerList(groupName) { return result }; -groupServerList('group1').then( - (result) => { - console.log(result) - } -) module.exports = { addGroup, delGroup, diff --git a/services/server.service.js b/services/server.service.js index bf8af4b..53f711a 100644 --- a/services/server.service.js +++ b/services/server.service.js @@ -1,21 +1,30 @@ const Server = require('../model/server.model') const Access = require("../model/access.model"); +const bcrypt = require('bcrypt'); +const sequelize = require("./database.service"); + const regexp_space = /^\S*$/; const regexp_ip = /((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))/ + + async function addServer(hostname, ip, username) { Server.findOne({where: { hostname: hostname}}).then((result) => { if (result) { return false; } else { if (hostname && ip && username && regexp_space.test(hostname, username) && regexp_ip.test(ip)) { + var secret_generated= (Math.random() + 1).toString(36).substring(2); + console.log(secret_generated) Server.create({ hostname: hostname.toLowerCase(), ip: ip, - username: username.toLowerCase() + username: username.toLowerCase(), + secret: bcrypt.hashSync(secret_generated, bcrypt.genSaltSync(10)) }).then((result) => { console.log('Server ' + result.hostname + ' added to database') + return secret_generated }); } else { return false; @@ -25,6 +34,8 @@ async function addServer(hostname, ip, username) { }); } + + async function delServer(hostname) { Server.findOne({where: { hostname: hostname}}).then((result) => { if (result && regexp_space.test(hostname)) { @@ -45,9 +56,25 @@ async function delServer(hostname) { }); } +async function getServerKeys(server) { + const dump = await sequelize.query('SELECT name,content FROM members JOIN users ON users.id = members.userId JOIN accesses ON members.groupName = members.groupName JOIN keys ON members.userId = keys.idOwner WHERE serverHostname = \'' + server + '\'', {}); + result = {} + + for (x in dump) { + for (y in dump[x]) { + try { + if (dump[x][y]) { + result[dump[x][y].name] = dump[x][y].content.replace(/(\r\n|\n|\r)/gm, ""); + } + } catch (e) {} + } + } + return result +} module.exports = { addServer, - delServer + delServer, + getServerKeys }; \ No newline at end of file diff --git a/services/users.service.js b/services/users.service.js index 9a8b64f..42a2c59 100644 --- a/services/users.service.js +++ b/services/users.service.js @@ -3,12 +3,8 @@ const User = require('../model/user.model') const regexp_space = /^\S*$/; -async function userList(code) { - return await User.findAll() -} - -function makeAdmin(userId) { - User.findOne({ where: { id: userId } }).then((result) => { +function makeAdmin(login) { + User.findOne({ where: { login: login } }).then((result) => { if (result) { result.admin = true; result.save().then(() => { diff --git a/views/admin/server_new.ejs b/views/admin/server_new.ejs index 4c30ff1..45c2d6b 100644 --- a/views/admin/server_new.ejs +++ b/views/admin/server_new.ejs @@ -1,4 +1,5 @@ <%- include('../navbar', {active: "admin-servers"}); %> +

Servers / new

diff --git a/views/admin/servers.ejs b/views/admin/servers.ejs index c55b97e..04449a9 100644 --- a/views/admin/servers.ejs +++ b/views/admin/servers.ejs @@ -2,10 +2,16 @@

Servers

+ <% if (locals.alert) { %> + + <% } %>

Server list

+