endpoint/update with secret & co

2023-09-11 22:21:34 +02:00 · 2023-09-11 22:21:34 +02:00 · 7c6c82f47b
parent 6ad785f480
commit 7c6c82f47b
12 changed files with 107 additions and 22 deletions
--- a/index.js
+++ b/index.js
@ -77,6 +77,7 @@ app.get("/login", (req, res) => {
    res.render('login')
 });
 userService.makeAdmin("itsmrval")
 app.use('/admin/', require('./routes/admin.route'));
 app.use('/auth/', require('./routes/auth.route'));
--- a/model/server.model.js
+++ b/model/server.model.js
@ -20,6 +20,10 @@ Server.init({
    },
    lastPull: {
        type: DataTypes.DATE
    },
    secret: {
        type: DataTypes.STRING,
        required: true,
    }
 }, {
    sequelize,
--- a/package-lock.json
+++ b/package-lock.json
@ -10,6 +10,7 @@
      "license": "GPL-3.0-or-later",
      "dependencies": {
        "axios": "^1.5.0",
        "bcrypt": "^5.1.1",
        "body-parser": "^1.20.2",
        "dotenv": "^16.3.1",
        "ejs": "^3.1.9",
@ -253,6 +254,24 @@
        "node": ">=6.0.0"
      }
    },
    "node_modules/bcrypt": {
      "version": "5.1.1",
      "resolved": "https://registry.npmjs.org/bcrypt/-/bcrypt-5.1.1.tgz",
      "integrity": "sha512-AGBHOG5hPYZ5Xl9KXzU5iKq9516yEmvCKDg3ecP5kX2aB6UqTeXZxk2ELnDgDm6BQSMlLt9rDB4LoSMx0rYwww==",
      "hasInstallScript": true,
      "dependencies": {
        "@mapbox/node-pre-gyp": "^1.0.11",
        "node-addon-api": "^5.0.0"
      },
      "engines": {
        "node": ">= 10.0.0"
      }
    },
    "node_modules/bcrypt/node_modules/node-addon-api": {
      "version": "5.1.0",
      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.1.0.tgz",
      "integrity": "sha512-eh0GgfEkpnoWDq+VY8OyvYhFEzBk6jIYbRKdIlyTiAXIVJ8PyBaKb0rp7oDtoddbdoHWhq8wwr+XZ81F1rpNdA=="
    },
    "node_modules/body-parser": {
      "version": "1.20.2",
      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
--- a/package.json
+++ b/package.json
@ -18,6 +18,7 @@
  "homepage": "https://github.com/itsmrval/accessgate#readme",
  "dependencies": {
    "axios": "^1.5.0",
    "bcrypt": "^5.1.1",
    "body-parser": "^1.20.2",
    "dotenv": "^16.3.1",
    "ejs": "^3.1.9",
--- a/routes/admin/servers.route.js
+++ b/routes/admin/servers.route.js
@ -1,17 +1,22 @@
 const express = require('express');
-
+const User = require("../../model/user.model");
 const Group = require("../../model/group.model");
 const Server = require("../../model/server.model");
 const url = require('url');
 memberService = require("../../services/members.service");
 serverService = require("../../services/server.service");
 var router = express.Router();
 router.get("/", (req, res) => {
    try {
        Server.findAll().then((servers) => {
            if (req.query.alert) {
                res.render('admin/servers', { "servers": servers, locals: { alert: req.query.alert, alert_type: req.query.type} })
            } else {
                res.render('admin/servers', { "servers": servers })
            }
        });
    } catch (e) {
        console.log(e)
@ -27,7 +32,13 @@ router.post("/add", (req, res) => {
                res.redirect("/admin/servers")
            })
        } else {
-            res.redirect("/admin/servers")
+            res.redirect(url.format({
                pathname:'/admin/servers',
                query: {
                    "alert": "Please check the value of your fields or if the server does not already exist.",
                    "type": "danger"
                }
            }));
        }
    } catch (e) {
        console.log(e)
--- a/routes/endpoint.route.js
+++ b/routes/endpoint.route.js
@ -1,5 +1,7 @@
 const express = require('express');
 var router = express.Router();
 router.use('/update/', require('../routes/endpoint/update.route'));
--- a/routes/endpoint/update.route.js
+++ b/routes/endpoint/update.route.js
@ -1,12 +1,34 @@
 const express = require('express');
 var router = express.Router();
 const Server = require("../../model/server.model");
-router.get("/", (req, res) => {
+const bcrypt = require("bcrypt");
-    res.send('ok')
+
 const serverService = require("../../services/server.service");
 router.get("/:server", async (req, res) => {
    try {
        Server.findOne({ where: { hostname: req.params.server } }).then((server) => {
            if (bcrypt.compareSync(req.body.secret, server.secret)) {
                serverService.getServerKeys(req.params.server).then((result) => {
                    var raw = ''
                    for (x in result) {
                        raw += '# ' + x + '\n' + result[x] + '\n\n'
                    }
                    res.send(raw)
                })
-
+            } else {
                res.send("invalid secret")
            }
        })
    } catch (e) {
        console.log(e)
    }
 });
 module.exports = router;
--- a/services/groups.service.js
+++ b/services/groups.service.js
@ -101,11 +101,6 @@ async function groupServerList(groupName) {
    return result
 };
 groupServerList('group1').then(
    (result) => {
        console.log(result)
    }
 )
 module.exports = {
    addGroup,
    delGroup,
--- a/services/server.service.js
+++ b/services/server.service.js
@ -1,21 +1,30 @@
 const Server = require('../model/server.model')
 const Access = require("../model/access.model");
 const bcrypt = require('bcrypt');
 const sequelize = require("./database.service");
 const regexp_space = /^\S*$/;
 const regexp_ip = /((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$))/
 async function addServer(hostname, ip, username) {
    Server.findOne({where: { hostname: hostname}}).then((result) => {
        if (result) {
            return false;
        } else {
            if (hostname && ip && username && regexp_space.test(hostname, username) && regexp_ip.test(ip)) {
                var secret_generated= (Math.random() + 1).toString(36).substring(2);
                console.log(secret_generated)
                Server.create({
                    hostname: hostname.toLowerCase(),
                    ip: ip,
-                    username: username.toLowerCase()
+                    username: username.toLowerCase(),
                    secret: bcrypt.hashSync(secret_generated, bcrypt.genSaltSync(10))
                }).then((result) => {
                    console.log('Server ' + result.hostname + ' added to database')
                    return secret_generated
                });
            } else {
                return false;
@ -25,6 +34,8 @@ async function addServer(hostname, ip, username) {
    });
 }
 async function delServer(hostname) {
    Server.findOne({where: { hostname: hostname}}).then((result) => {
        if (result && regexp_space.test(hostname)) {
@ -45,9 +56,25 @@ async function delServer(hostname) {
    });
 }
 async function getServerKeys(server) {
    const dump = await sequelize.query('SELECT name,content FROM members JOIN users ON users.id = members.userId JOIN accesses ON members.groupName = members.groupName JOIN keys ON members.userId = keys.idOwner WHERE serverHostname = \'' + server + '\'', {});
    result = {}
    for (x in dump) {
        for (y in dump[x]) {
            try {
                if (dump[x][y]) {
                    result[dump[x][y].name] = dump[x][y].content.replace(/(\r\n|\n|\r)/gm, "");
                }
            } catch (e) {}
        }
    }
    return result
 }
 module.exports = {
    addServer,
-    delServer
+    delServer,
    getServerKeys
 };
--- a/services/users.service.js
+++ b/services/users.service.js
@ -3,12 +3,8 @@ const User = require('../model/user.model')
 const regexp_space = /^\S*$/;
-async function userList(code) {
+function makeAdmin(login) {
-    return await User.findAll()
+    User.findOne({ where: { login: login } }).then((result) => {
 }
 function makeAdmin(userId) {
    User.findOne({ where: { id: userId } }).then((result) => {
        if (result) {
            result.admin = true;
            result.save().then(() => {
--- a/views/admin/server_new.ejs
+++ b/views/admin/server_new.ejs
@ -1,4 +1,5 @@
 <%- include('../navbar', {active: "admin-servers"}); %>
 <div class="container-fluid">
    <h3 class="text-dark mb-4"><a style="text-decoration: none" href="/admin/groups">Servers</a> / new </h3>
    <div class="card shadow mb-5">
--- a/views/admin/servers.ejs
+++ b/views/admin/servers.ejs
@ -2,10 +2,16 @@
 <div class="container-fluid">
    <h3 class="text-dark mb-4">Servers</h3>
    <% if (locals.alert) { %>
        <div class="alert alert-<%= locals.alert_type %>" role="alert">
            <%= locals.alert %>
        </div>
    <% } %>
    <div class="card shadow">
        <div class="card-header py-3">
            <p class="text-primary m-0 fw-bold">Server list</p>
        </div>
        <div class="card-body">
            <div class="row">
                <div class="col-md-6 text-nowrap">