From 2edb408702a69a70a477f1c5fa1dbd0452afd056 Mon Sep 17 00:00:00 2001 From: Moe Date: Wed, 24 Oct 2018 16:41:02 -0700 Subject: [PATCH] Cleanup for Super and Admin panel user management functions + added sample JSONs for docs and test scripts --- libs/socketio.js | 2 +- libs/webServerAdminPaths.js | 73 ++++++++++++++++----------------- libs/webServerPaths.js | 22 +++++----- libs/webServerSuperPaths.js | 38 ++++++++++------- test/testAdminUserDelete.json | 11 +++++ test/testAdminUserEdit.json | 31 ++++++++++++++ test/testAdminUserRegister.json | 26 ++++++++++++ test/testSubUserDelete.json | 4 ++ test/testSubUserEdit.json | 10 +++++ test/testSubUserRegister.json | 5 +++ 10 files changed, 156 insertions(+), 66 deletions(-) create mode 100644 test/testAdminUserDelete.json create mode 100644 test/testAdminUserEdit.json create mode 100644 test/testAdminUserRegister.json create mode 100644 test/testSubUserDelete.json create mode 100644 test/testSubUserEdit.json create mode 100644 test/testSubUserRegister.json diff --git a/libs/socketio.js b/libs/socketio.js index de8e735a..0f7058dc 100644 --- a/libs/socketio.js +++ b/libs/socketio.js @@ -1202,7 +1202,7 @@ module.exports = function(s,config,lang,io){ if(r&&r[0]){ r=r[0]; if(!s.group[d.ke]){s.group[d.ke]={users:{}}} - if(!s.group[d.ke].users[d.auth]){s.group[d.ke].users[d.auth]={cnid:cn.id}} + if(!s.group[d.ke].users[d.auth]){s.group[d.ke].users[d.auth]={cnid:cn.id,uid:d.uid,ke:d.ke,auth:d.auth}} try{s.group[d.ke].users[d.auth].details=JSON.parse(r.details)}catch(er){} cn.join('ADM_'+d.ke); cn.ke=d.ke; diff --git a/libs/webServerAdminPaths.js b/libs/webServerAdminPaths.js index 872d7e2b..fddb5698 100644 --- a/libs/webServerAdminPaths.js +++ b/libs/webServerAdminPaths.js @@ -31,6 +31,7 @@ module.exports = function(s,config,lang,app){ var value = [] keys.forEach(function(v){ condition.push(v+'=?') + if(form[v] instanceof Object)form[v] = JSON.stringify(form[v]) value.push(form[v]) }) value = value.concat([req.params.ke,req.body.uid]) @@ -92,6 +93,8 @@ module.exports = function(s,config,lang,app){ * API : Administrator : Add Sub-Account (Account to share cameras with) */ app.post([ + config.webPaths.adminApiPrefix+':auth/accounts/:ke/register', + //these two routes are for backwards compatibility config.webPaths.adminApiPrefix+':auth/register/:ke/:uid', config.webPaths.apiPrefix+':auth/register/:ke/:uid' ],function (req,res){ @@ -101,51 +104,45 @@ module.exports = function(s,config,lang,app){ res.setHeader('Content-Type', 'application/json'); s.auth(req.params,function(user){ if(user.details.sub){ - endData.msg = user.lang['Not Permitted'] + endData.msg = user.lang['Not an Administrator Account'] closeResponse(res,endData) return } - s.sqlQuery('SELECT * FROM Users WHERE uid=? AND ke=? AND details NOT LIKE ? LIMIT 1',[req.params.uid,req.params.ke,'%"sub"%'],function(err,u) { - if(u && u[0]){ - if(req.body.mail !== '' && req.body.pass !== ''){ - if(req.body.pass === req.body.password_again){ - s.sqlQuery('SELECT * FROM Users WHERE mail=?',[req.body.mail],function(err,r) { - if(r&&r[0]){ - //found one exist - endData.msg = 'Email address is in use.' - }else{ - //create new - endData.msg = 'New Account Created' - endData.ok = true - var newId = s.gid() - var details = s.s({ - sub: "1", - allmonitors: "1" - }) - s.sqlQuery('INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',[req.params.ke,newId,req.body.mail,s.createHash(req.body.pass),details]) - s.tx({ - f: 'add_sub_account', - details: details, - ke: req.params.ke, - uid: newId, - mail: req.body.mail - },'ADM_'+req.params.ke) - } - res.end(s.prettyPrint(endData)) - }) + if(req.body.mail !== '' && req.body.pass !== ''){ + if(req.body.pass === req.body.password_again){ + s.sqlQuery('SELECT * FROM Users WHERE mail=?',[req.body.mail],function(err,r) { + if(r&&r[0]){ + //found one exist + endData.msg = 'Email address is in use.' }else{ - endData.msg = user.lang["Passwords Don't Match"] + //create new + endData.msg = 'New Account Created' + endData.ok = true + var newId = s.gid() + var details = s.s({ + sub: "1", + allmonitors: "1" + }) + s.sqlQuery('INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',[req.params.ke,newId,req.body.mail,s.createHash(req.body.pass),details]) + s.tx({ + f: 'add_sub_account', + details: details, + ke: req.params.ke, + uid: newId, + mail: req.body.mail + },'ADM_'+req.params.ke) } - }else{ - endData.msg = user.lang['Fields cannot be empty'] - } + res.end(s.prettyPrint(endData)) + }) }else{ - endData.msg = user.lang['Not an Administrator Account'] + endData.msg = user.lang["Passwords Don't Match"] } - if(endData.msg){ - res.end(s.prettyPrint(endData)) - } - }) + }else{ + endData.msg = user.lang['Fields cannot be empty'] + } + if(endData.msg){ + res.end(s.prettyPrint(endData)) + } },res,req) }) /** diff --git a/libs/webServerPaths.js b/libs/webServerPaths.js index fdfd86bd..316c4ac2 100644 --- a/libs/webServerPaths.js +++ b/libs/webServerPaths.js @@ -73,19 +73,17 @@ module.exports = function(s,config,lang,app){ } } //get post data - s.getPostData = function(req){ + s.getPostData = function(req,target,parseJSON){ + if(!target)target = 'data' + if(!parseJSON)parseJSON = true var postData = false - var selected = false - try{ - if(req.query && req.query.data){ - selected = req.query.data - postData = JSON.parse(req.query.data) - }else{ - selected = req.body.data - postData = JSON.parse(req.body.data) - } - }catch(er){ - postData = selected + if(req.query && req.query[target]){ + postData = req.query[target] + }else{ + postData = req.body[target] + } + if(parseJSON === true){ + postData = s.parseJSON(postData) } return postData } diff --git a/libs/webServerSuperPaths.js b/libs/webServerSuperPaths.js index 2c5c133b..78936e97 100644 --- a/libs/webServerSuperPaths.js +++ b/libs/webServerSuperPaths.js @@ -10,7 +10,7 @@ module.exports = function(s,config,lang,app){ /** * API : Superuser : Get Logs */ - app.all([config.webPaths.supersuperApiPrefix+':auth/logs/:ke',config.webPaths.superApiPrefix+':auth/logs/:ke/:id'], function (req,res){ + app.all([config.webPaths.supersuperApiPrefix+':auth/logs'], function (req,res){ req.ret={ok:false}; s.superAuth(req.params,function(resp){ req.sql='SELECT * FROM Logs WHERE ke=?';req.ar=['$']; @@ -255,7 +255,7 @@ module.exports = function(s,config,lang,app){ var form = s.getPostData(req) if(form){ if(form.mail !== '' && form.pass !== ''){ - if(form.pass === form.password_again){ + if(form.pass === form.password_again || form.pass === form.pass_again){ isCallbacking = true s.sqlQuery('SELECT * FROM Users WHERE mail=?',[form.mail],function(err,r) { if(r&&r[0]){ @@ -272,6 +272,10 @@ module.exports = function(s,config,lang,app){ }else{ form.ke = form.ke.replace(/[`~!@#$%^&*()_|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, '') } + //check if "details" is object + if(form.details instanceof Object){ + form.details = JSON.stringify(form.details) + } //write user to db s.sqlQuery( 'INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)', @@ -314,7 +318,7 @@ module.exports = function(s,config,lang,app){ } var form = s.getPostData(req) if(form){ - var account = s.parseJSON(req.body.account) + var account = s.getPostData(req,'account') s.sqlQuery('SELECT * FROM Users WHERE mail=?',[account.mail],function(err,r) { if(r && r[0]){ r = r[0] @@ -338,7 +342,7 @@ module.exports = function(s,config,lang,app){ if(set==='ke'||set==='password_again'||!form[v]){return} set.push(v+'=?') if(v === 'details'){ - form[v] = JSON.stringify(Object.assign(details,JSON.parse(form[v]))) + form[v] = s.stringJSON(Object.assign(details,s.parseJSON(form[v]))) } values.push(form[v]) }) @@ -375,25 +379,29 @@ module.exports = function(s,config,lang,app){ var close = function(){ res.end(s.prettyPrint(endData)) } - var account = s.parseJSON(req.body.account) + var account = s.getPostData(req,'account') s.sqlQuery('DELETE FROM Users WHERE uid=? AND ke=? AND mail=?',[account.uid,account.ke,account.mail]) s.sqlQuery('DELETE FROM API WHERE uid=? AND ke=?',[account.uid,account.ke]) - if(req.body.deleteSubAccounts === '1'){ + if(s.getPostData(req,'deleteSubAccounts',false) === '1'){ s.sqlQuery('DELETE FROM Users WHERE ke=?',[account.ke]) } - if(req.body.deleteMonitors === '1'){ - s.sqlQuery('SELECT FROM Monitors WHERE ke=?',[account.ke],function(err,monitors){ - monitors.forEach(function(monitor){ - s.camera('stop',monitor) - }) - s.sqlQuery('DELETE FROM Monitors WHERE ke=?',[account.ke]) + if(s.getPostData(req,'deleteMonitors',false) == '1'){ + s.sqlQuery('SELECT * FROM Monitors WHERE ke=?',[account.ke],function(err,monitors){ + if(monitors && monitors[0]){ + monitors.forEach(function(monitor){ + s.camera('stop',monitor) + }) + s.sqlQuery('DELETE FROM Monitors WHERE ke=?',[account.ke]) + } }) } - if(req.body.deleteVideos === '1'){ + if(s.getPostData(req,'deleteVideos',false) == '1'){ s.sqlQuery('DELETE FROM Videos WHERE ke=?',[account.ke]) - fs.unlink(s.dir.videos+account.ke) + fs.chmod(s.dir.videos+account.ke,0o777,function(err){ + fs.unlink(s.dir.videos+account.ke,function(err){}) + }) } - if(req.body.deleteEvents === '1'){ + if(s.getPostData(req,'deleteEvents',false) == '1'){ s.sqlQuery('DELETE FROM Events WHERE ke=?',[account.ke]) } s.tx({f:'delete_account',ke:account.ke,uid:account.uid,mail:account.mail},'$') diff --git a/test/testAdminUserDelete.json b/test/testAdminUserDelete.json new file mode 100644 index 00000000..414cad3c --- /dev/null +++ b/test/testAdminUserDelete.json @@ -0,0 +1,11 @@ +{ + "account": { + "mail": "[LOGIN ADDRESS]", + "ke": "[GROUP KEY]", + "uid": "[USER ID]" + }, + "deleteSubAccounts": "1", + "deleteMonitors": "1", + "deleteVideos": "1", + "deleteEvents": "1" +} diff --git a/test/testAdminUserEdit.json b/test/testAdminUserEdit.json new file mode 100644 index 00000000..47b35ce7 --- /dev/null +++ b/test/testAdminUserEdit.json @@ -0,0 +1,31 @@ +{ + "data": { + "mail": "[GROUP KEY]", + "ke": "[GROUP KEY]", + "pass": "[PASSWORD]", + "password_again": "[PASSWORD AGAIN]", + "details": { + "factorAuth": "0", + "size": "10000", + "days": "5", + "event_days": "10", + "log_days": "10", + "max_camera": "", + "permissions": "all", + "edit_size": "1", + "edit_days": "1", + "edit_event_days": "1", + "edit_log_days": "1", + "use_admin": "1", + "use_aws_s3": "1", + "use_webdav": "1", + "use_discordbot": "1", + "use_ldap": "1" + } + }, + "account": { + "mail": "[GROUP KEY]", + "ke": "[GROUP KEY]", + "uid": "[USER ID]" + } +} diff --git a/test/testAdminUserRegister.json b/test/testAdminUserRegister.json new file mode 100644 index 00000000..6cd1a046 --- /dev/null +++ b/test/testAdminUserRegister.json @@ -0,0 +1,26 @@ +{ + "data": { + "mail": "[LOGIN ADDRESS]", + "ke": "[GROUP KEY]", + "pass": "[PASSWORD]", + "password_again": "[PASSWORD AGAIN]", + "details": { + "factorAuth": "0", + "size": "10000", + "days": "5", + "event_days": "10", + "log_days": "10", + "max_camera": "", + "permissions": "all", + "edit_size": "1", + "edit_days": "1", + "edit_event_days": "1", + "edit_log_days": "1", + "use_admin": "1", + "use_aws_s3": "1", + "use_webdav": "1", + "use_discordbot": "1", + "use_ldap": "1" + } + } +} diff --git a/test/testSubUserDelete.json b/test/testSubUserDelete.json new file mode 100644 index 00000000..7ab5a0ff --- /dev/null +++ b/test/testSubUserDelete.json @@ -0,0 +1,4 @@ +{ + "uid" : "[SUB-ACCOUNT USER ID]", + "mail" : "[SUB-ACCOUNT LOGIN ADDRESS]" +} diff --git a/test/testSubUserEdit.json b/test/testSubUserEdit.json new file mode 100644 index 00000000..c55f0185 --- /dev/null +++ b/test/testSubUserEdit.json @@ -0,0 +1,10 @@ +{ + "uid": "[SUB-ACCOUNT USER ID]", + "mail": "[SUB-ACCOUNT LOGIN ADDRESS]", + "data": { + "details": { + "sub": "1", + "allmonitors": "1" + } + } +} diff --git a/test/testSubUserRegister.json b/test/testSubUserRegister.json new file mode 100644 index 00000000..1c5864ea --- /dev/null +++ b/test/testSubUserRegister.json @@ -0,0 +1,5 @@ +{ + "mail": "[SUB-ACCOUNT LOGIN ADDRESS]", + "pass": "[SUB-ACCOUNT PASSWORD]", + "password_again": "[SUB-ACCOUNT PASSWORD]" +}