Cleanup for Super and Admin panel user management functions
+ added sample JSONs for docs and test scriptsmerge-requests/35/head
Moe
parent
ee881f7415
commit
2edb408702
|
|
@ -1202,7 +1202,7 @@ module.exports = function(s,config,lang,io){
|
|||
if(r&&r[0]){
|
||||
r=r[0];
|
||||
if(!s.group[d.ke]){s.group[d.ke]={users:{}}}
|
||||
if(!s.group[d.ke].users[d.auth]){s.group[d.ke].users[d.auth]={cnid:cn.id}}
|
||||
if(!s.group[d.ke].users[d.auth]){s.group[d.ke].users[d.auth]={cnid:cn.id,uid:d.uid,ke:d.ke,auth:d.auth}}
|
||||
try{s.group[d.ke].users[d.auth].details=JSON.parse(r.details)}catch(er){}
|
||||
cn.join('ADM_'+d.ke);
|
||||
cn.ke=d.ke;
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ module.exports = function(s,config,lang,app){
|
|||
var value = []
|
||||
keys.forEach(function(v){
|
||||
condition.push(v+'=?')
|
||||
if(form[v] instanceof Object)form[v] = JSON.stringify(form[v])
|
||||
value.push(form[v])
|
||||
})
|
||||
value = value.concat([req.params.ke,req.body.uid])
|
||||
|
|
@ -92,6 +93,8 @@ module.exports = function(s,config,lang,app){
|
|||
* API : Administrator : Add Sub-Account (Account to share cameras with)
|
||||
*/
|
||||
app.post([
|
||||
config.webPaths.adminApiPrefix+':auth/accounts/:ke/register',
|
||||
//these two routes are for backwards compatibility
|
||||
config.webPaths.adminApiPrefix+':auth/register/:ke/:uid',
|
||||
config.webPaths.apiPrefix+':auth/register/:ke/:uid'
|
||||
],function (req,res){
|
||||
|
|
@ -101,51 +104,45 @@ module.exports = function(s,config,lang,app){
|
|||
res.setHeader('Content-Type', 'application/json');
|
||||
s.auth(req.params,function(user){
|
||||
if(user.details.sub){
|
||||
endData.msg = user.lang['Not Permitted']
|
||||
endData.msg = user.lang['Not an Administrator Account']
|
||||
closeResponse(res,endData)
|
||||
return
|
||||
}
|
||||
s.sqlQuery('SELECT * FROM Users WHERE uid=? AND ke=? AND details NOT LIKE ? LIMIT 1',[req.params.uid,req.params.ke,'%"sub"%'],function(err,u) {
|
||||
if(u && u[0]){
|
||||
if(req.body.mail !== '' && req.body.pass !== ''){
|
||||
if(req.body.pass === req.body.password_again){
|
||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[req.body.mail],function(err,r) {
|
||||
if(r&&r[0]){
|
||||
//found one exist
|
||||
endData.msg = 'Email address is in use.'
|
||||
}else{
|
||||
//create new
|
||||
endData.msg = 'New Account Created'
|
||||
endData.ok = true
|
||||
var newId = s.gid()
|
||||
var details = s.s({
|
||||
sub: "1",
|
||||
allmonitors: "1"
|
||||
})
|
||||
s.sqlQuery('INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',[req.params.ke,newId,req.body.mail,s.createHash(req.body.pass),details])
|
||||
s.tx({
|
||||
f: 'add_sub_account',
|
||||
details: details,
|
||||
ke: req.params.ke,
|
||||
uid: newId,
|
||||
mail: req.body.mail
|
||||
},'ADM_'+req.params.ke)
|
||||
}
|
||||
res.end(s.prettyPrint(endData))
|
||||
})
|
||||
if(req.body.mail !== '' && req.body.pass !== ''){
|
||||
if(req.body.pass === req.body.password_again){
|
||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[req.body.mail],function(err,r) {
|
||||
if(r&&r[0]){
|
||||
//found one exist
|
||||
endData.msg = 'Email address is in use.'
|
||||
}else{
|
||||
endData.msg = user.lang["Passwords Don't Match"]
|
||||
//create new
|
||||
endData.msg = 'New Account Created'
|
||||
endData.ok = true
|
||||
var newId = s.gid()
|
||||
var details = s.s({
|
||||
sub: "1",
|
||||
allmonitors: "1"
|
||||
})
|
||||
s.sqlQuery('INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',[req.params.ke,newId,req.body.mail,s.createHash(req.body.pass),details])
|
||||
s.tx({
|
||||
f: 'add_sub_account',
|
||||
details: details,
|
||||
ke: req.params.ke,
|
||||
uid: newId,
|
||||
mail: req.body.mail
|
||||
},'ADM_'+req.params.ke)
|
||||
}
|
||||
}else{
|
||||
endData.msg = user.lang['Fields cannot be empty']
|
||||
}
|
||||
res.end(s.prettyPrint(endData))
|
||||
})
|
||||
}else{
|
||||
endData.msg = user.lang['Not an Administrator Account']
|
||||
endData.msg = user.lang["Passwords Don't Match"]
|
||||
}
|
||||
if(endData.msg){
|
||||
res.end(s.prettyPrint(endData))
|
||||
}
|
||||
})
|
||||
}else{
|
||||
endData.msg = user.lang['Fields cannot be empty']
|
||||
}
|
||||
if(endData.msg){
|
||||
res.end(s.prettyPrint(endData))
|
||||
}
|
||||
},res,req)
|
||||
})
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -73,19 +73,17 @@ module.exports = function(s,config,lang,app){
|
|||
}
|
||||
}
|
||||
//get post data
|
||||
s.getPostData = function(req){
|
||||
s.getPostData = function(req,target,parseJSON){
|
||||
if(!target)target = 'data'
|
||||
if(!parseJSON)parseJSON = true
|
||||
var postData = false
|
||||
var selected = false
|
||||
try{
|
||||
if(req.query && req.query.data){
|
||||
selected = req.query.data
|
||||
postData = JSON.parse(req.query.data)
|
||||
}else{
|
||||
selected = req.body.data
|
||||
postData = JSON.parse(req.body.data)
|
||||
}
|
||||
}catch(er){
|
||||
postData = selected
|
||||
if(req.query && req.query[target]){
|
||||
postData = req.query[target]
|
||||
}else{
|
||||
postData = req.body[target]
|
||||
}
|
||||
if(parseJSON === true){
|
||||
postData = s.parseJSON(postData)
|
||||
}
|
||||
return postData
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ module.exports = function(s,config,lang,app){
|
|||
/**
|
||||
* API : Superuser : Get Logs
|
||||
*/
|
||||
app.all([config.webPaths.supersuperApiPrefix+':auth/logs/:ke',config.webPaths.superApiPrefix+':auth/logs/:ke/:id'], function (req,res){
|
||||
app.all([config.webPaths.supersuperApiPrefix+':auth/logs'], function (req,res){
|
||||
req.ret={ok:false};
|
||||
s.superAuth(req.params,function(resp){
|
||||
req.sql='SELECT * FROM Logs WHERE ke=?';req.ar=['$'];
|
||||
|
|
@ -255,7 +255,7 @@ module.exports = function(s,config,lang,app){
|
|||
var form = s.getPostData(req)
|
||||
if(form){
|
||||
if(form.mail !== '' && form.pass !== ''){
|
||||
if(form.pass === form.password_again){
|
||||
if(form.pass === form.password_again || form.pass === form.pass_again){
|
||||
isCallbacking = true
|
||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[form.mail],function(err,r) {
|
||||
if(r&&r[0]){
|
||||
|
|
@ -272,6 +272,10 @@ module.exports = function(s,config,lang,app){
|
|||
}else{
|
||||
form.ke = form.ke.replace(/[`~!@#$%^&*()_|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, '')
|
||||
}
|
||||
//check if "details" is object
|
||||
if(form.details instanceof Object){
|
||||
form.details = JSON.stringify(form.details)
|
||||
}
|
||||
//write user to db
|
||||
s.sqlQuery(
|
||||
'INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',
|
||||
|
|
@ -314,7 +318,7 @@ module.exports = function(s,config,lang,app){
|
|||
}
|
||||
var form = s.getPostData(req)
|
||||
if(form){
|
||||
var account = s.parseJSON(req.body.account)
|
||||
var account = s.getPostData(req,'account')
|
||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[account.mail],function(err,r) {
|
||||
if(r && r[0]){
|
||||
r = r[0]
|
||||
|
|
@ -338,7 +342,7 @@ module.exports = function(s,config,lang,app){
|
|||
if(set==='ke'||set==='password_again'||!form[v]){return}
|
||||
set.push(v+'=?')
|
||||
if(v === 'details'){
|
||||
form[v] = JSON.stringify(Object.assign(details,JSON.parse(form[v])))
|
||||
form[v] = s.stringJSON(Object.assign(details,s.parseJSON(form[v])))
|
||||
}
|
||||
values.push(form[v])
|
||||
})
|
||||
|
|
@ -375,25 +379,29 @@ module.exports = function(s,config,lang,app){
|
|||
var close = function(){
|
||||
res.end(s.prettyPrint(endData))
|
||||
}
|
||||
var account = s.parseJSON(req.body.account)
|
||||
var account = s.getPostData(req,'account')
|
||||
s.sqlQuery('DELETE FROM Users WHERE uid=? AND ke=? AND mail=?',[account.uid,account.ke,account.mail])
|
||||
s.sqlQuery('DELETE FROM API WHERE uid=? AND ke=?',[account.uid,account.ke])
|
||||
if(req.body.deleteSubAccounts === '1'){
|
||||
if(s.getPostData(req,'deleteSubAccounts',false) === '1'){
|
||||
s.sqlQuery('DELETE FROM Users WHERE ke=?',[account.ke])
|
||||
}
|
||||
if(req.body.deleteMonitors === '1'){
|
||||
s.sqlQuery('SELECT FROM Monitors WHERE ke=?',[account.ke],function(err,monitors){
|
||||
monitors.forEach(function(monitor){
|
||||
s.camera('stop',monitor)
|
||||
})
|
||||
s.sqlQuery('DELETE FROM Monitors WHERE ke=?',[account.ke])
|
||||
if(s.getPostData(req,'deleteMonitors',false) == '1'){
|
||||
s.sqlQuery('SELECT * FROM Monitors WHERE ke=?',[account.ke],function(err,monitors){
|
||||
if(monitors && monitors[0]){
|
||||
monitors.forEach(function(monitor){
|
||||
s.camera('stop',monitor)
|
||||
})
|
||||
s.sqlQuery('DELETE FROM Monitors WHERE ke=?',[account.ke])
|
||||
}
|
||||
})
|
||||
}
|
||||
if(req.body.deleteVideos === '1'){
|
||||
if(s.getPostData(req,'deleteVideos',false) == '1'){
|
||||
s.sqlQuery('DELETE FROM Videos WHERE ke=?',[account.ke])
|
||||
fs.unlink(s.dir.videos+account.ke)
|
||||
fs.chmod(s.dir.videos+account.ke,0o777,function(err){
|
||||
fs.unlink(s.dir.videos+account.ke,function(err){})
|
||||
})
|
||||
}
|
||||
if(req.body.deleteEvents === '1'){
|
||||
if(s.getPostData(req,'deleteEvents',false) == '1'){
|
||||
s.sqlQuery('DELETE FROM Events WHERE ke=?',[account.ke])
|
||||
}
|
||||
s.tx({f:'delete_account',ke:account.ke,uid:account.uid,mail:account.mail},'$')
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
"account": {
|
||||
"mail": "[LOGIN ADDRESS]",
|
||||
"ke": "[GROUP KEY]",
|
||||
"uid": "[USER ID]"
|
||||
},
|
||||
"deleteSubAccounts": "1",
|
||||
"deleteMonitors": "1",
|
||||
"deleteVideos": "1",
|
||||
"deleteEvents": "1"
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
"data": {
|
||||
"mail": "[GROUP KEY]",
|
||||
"ke": "[GROUP KEY]",
|
||||
"pass": "[PASSWORD]",
|
||||
"password_again": "[PASSWORD AGAIN]",
|
||||
"details": {
|
||||
"factorAuth": "0",
|
||||
"size": "10000",
|
||||
"days": "5",
|
||||
"event_days": "10",
|
||||
"log_days": "10",
|
||||
"max_camera": "",
|
||||
"permissions": "all",
|
||||
"edit_size": "1",
|
||||
"edit_days": "1",
|
||||
"edit_event_days": "1",
|
||||
"edit_log_days": "1",
|
||||
"use_admin": "1",
|
||||
"use_aws_s3": "1",
|
||||
"use_webdav": "1",
|
||||
"use_discordbot": "1",
|
||||
"use_ldap": "1"
|
||||
}
|
||||
},
|
||||
"account": {
|
||||
"mail": "[GROUP KEY]",
|
||||
"ke": "[GROUP KEY]",
|
||||
"uid": "[USER ID]"
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
{
|
||||
"data": {
|
||||
"mail": "[LOGIN ADDRESS]",
|
||||
"ke": "[GROUP KEY]",
|
||||
"pass": "[PASSWORD]",
|
||||
"password_again": "[PASSWORD AGAIN]",
|
||||
"details": {
|
||||
"factorAuth": "0",
|
||||
"size": "10000",
|
||||
"days": "5",
|
||||
"event_days": "10",
|
||||
"log_days": "10",
|
||||
"max_camera": "",
|
||||
"permissions": "all",
|
||||
"edit_size": "1",
|
||||
"edit_days": "1",
|
||||
"edit_event_days": "1",
|
||||
"edit_log_days": "1",
|
||||
"use_admin": "1",
|
||||
"use_aws_s3": "1",
|
||||
"use_webdav": "1",
|
||||
"use_discordbot": "1",
|
||||
"use_ldap": "1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"uid" : "[SUB-ACCOUNT USER ID]",
|
||||
"mail" : "[SUB-ACCOUNT LOGIN ADDRESS]"
|
||||
}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
"uid": "[SUB-ACCOUNT USER ID]",
|
||||
"mail": "[SUB-ACCOUNT LOGIN ADDRESS]",
|
||||
"data": {
|
||||
"details": {
|
||||
"sub": "1",
|
||||
"allmonitors": "1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"mail": "[SUB-ACCOUNT LOGIN ADDRESS]",
|
||||
"pass": "[SUB-ACCOUNT PASSWORD]",
|
||||
"password_again": "[SUB-ACCOUNT PASSWORD]"
|
||||
}
|
||||
Loading…
Reference in New Issue