Cleanup for Super and Admin panel user management functions
+ added sample JSONs for docs and test scriptsmerge-requests/35/head
Moe
parent
ee881f7415
commit
2edb408702
|
|
@ -1202,7 +1202,7 @@ module.exports = function(s,config,lang,io){
|
||||||
if(r&&r[0]){
|
if(r&&r[0]){
|
||||||
r=r[0];
|
r=r[0];
|
||||||
if(!s.group[d.ke]){s.group[d.ke]={users:{}}}
|
if(!s.group[d.ke]){s.group[d.ke]={users:{}}}
|
||||||
if(!s.group[d.ke].users[d.auth]){s.group[d.ke].users[d.auth]={cnid:cn.id}}
|
if(!s.group[d.ke].users[d.auth]){s.group[d.ke].users[d.auth]={cnid:cn.id,uid:d.uid,ke:d.ke,auth:d.auth}}
|
||||||
try{s.group[d.ke].users[d.auth].details=JSON.parse(r.details)}catch(er){}
|
try{s.group[d.ke].users[d.auth].details=JSON.parse(r.details)}catch(er){}
|
||||||
cn.join('ADM_'+d.ke);
|
cn.join('ADM_'+d.ke);
|
||||||
cn.ke=d.ke;
|
cn.ke=d.ke;
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@ module.exports = function(s,config,lang,app){
|
||||||
var value = []
|
var value = []
|
||||||
keys.forEach(function(v){
|
keys.forEach(function(v){
|
||||||
condition.push(v+'=?')
|
condition.push(v+'=?')
|
||||||
|
if(form[v] instanceof Object)form[v] = JSON.stringify(form[v])
|
||||||
value.push(form[v])
|
value.push(form[v])
|
||||||
})
|
})
|
||||||
value = value.concat([req.params.ke,req.body.uid])
|
value = value.concat([req.params.ke,req.body.uid])
|
||||||
|
|
@ -92,6 +93,8 @@ module.exports = function(s,config,lang,app){
|
||||||
* API : Administrator : Add Sub-Account (Account to share cameras with)
|
* API : Administrator : Add Sub-Account (Account to share cameras with)
|
||||||
*/
|
*/
|
||||||
app.post([
|
app.post([
|
||||||
|
config.webPaths.adminApiPrefix+':auth/accounts/:ke/register',
|
||||||
|
//these two routes are for backwards compatibility
|
||||||
config.webPaths.adminApiPrefix+':auth/register/:ke/:uid',
|
config.webPaths.adminApiPrefix+':auth/register/:ke/:uid',
|
||||||
config.webPaths.apiPrefix+':auth/register/:ke/:uid'
|
config.webPaths.apiPrefix+':auth/register/:ke/:uid'
|
||||||
],function (req,res){
|
],function (req,res){
|
||||||
|
|
@ -101,51 +104,45 @@ module.exports = function(s,config,lang,app){
|
||||||
res.setHeader('Content-Type', 'application/json');
|
res.setHeader('Content-Type', 'application/json');
|
||||||
s.auth(req.params,function(user){
|
s.auth(req.params,function(user){
|
||||||
if(user.details.sub){
|
if(user.details.sub){
|
||||||
endData.msg = user.lang['Not Permitted']
|
endData.msg = user.lang['Not an Administrator Account']
|
||||||
closeResponse(res,endData)
|
closeResponse(res,endData)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
s.sqlQuery('SELECT * FROM Users WHERE uid=? AND ke=? AND details NOT LIKE ? LIMIT 1',[req.params.uid,req.params.ke,'%"sub"%'],function(err,u) {
|
if(req.body.mail !== '' && req.body.pass !== ''){
|
||||||
if(u && u[0]){
|
if(req.body.pass === req.body.password_again){
|
||||||
if(req.body.mail !== '' && req.body.pass !== ''){
|
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[req.body.mail],function(err,r) {
|
||||||
if(req.body.pass === req.body.password_again){
|
if(r&&r[0]){
|
||||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[req.body.mail],function(err,r) {
|
//found one exist
|
||||||
if(r&&r[0]){
|
endData.msg = 'Email address is in use.'
|
||||||
//found one exist
|
|
||||||
endData.msg = 'Email address is in use.'
|
|
||||||
}else{
|
|
||||||
//create new
|
|
||||||
endData.msg = 'New Account Created'
|
|
||||||
endData.ok = true
|
|
||||||
var newId = s.gid()
|
|
||||||
var details = s.s({
|
|
||||||
sub: "1",
|
|
||||||
allmonitors: "1"
|
|
||||||
})
|
|
||||||
s.sqlQuery('INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',[req.params.ke,newId,req.body.mail,s.createHash(req.body.pass),details])
|
|
||||||
s.tx({
|
|
||||||
f: 'add_sub_account',
|
|
||||||
details: details,
|
|
||||||
ke: req.params.ke,
|
|
||||||
uid: newId,
|
|
||||||
mail: req.body.mail
|
|
||||||
},'ADM_'+req.params.ke)
|
|
||||||
}
|
|
||||||
res.end(s.prettyPrint(endData))
|
|
||||||
})
|
|
||||||
}else{
|
}else{
|
||||||
endData.msg = user.lang["Passwords Don't Match"]
|
//create new
|
||||||
|
endData.msg = 'New Account Created'
|
||||||
|
endData.ok = true
|
||||||
|
var newId = s.gid()
|
||||||
|
var details = s.s({
|
||||||
|
sub: "1",
|
||||||
|
allmonitors: "1"
|
||||||
|
})
|
||||||
|
s.sqlQuery('INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',[req.params.ke,newId,req.body.mail,s.createHash(req.body.pass),details])
|
||||||
|
s.tx({
|
||||||
|
f: 'add_sub_account',
|
||||||
|
details: details,
|
||||||
|
ke: req.params.ke,
|
||||||
|
uid: newId,
|
||||||
|
mail: req.body.mail
|
||||||
|
},'ADM_'+req.params.ke)
|
||||||
}
|
}
|
||||||
}else{
|
res.end(s.prettyPrint(endData))
|
||||||
endData.msg = user.lang['Fields cannot be empty']
|
})
|
||||||
}
|
|
||||||
}else{
|
}else{
|
||||||
endData.msg = user.lang['Not an Administrator Account']
|
endData.msg = user.lang["Passwords Don't Match"]
|
||||||
}
|
}
|
||||||
if(endData.msg){
|
}else{
|
||||||
res.end(s.prettyPrint(endData))
|
endData.msg = user.lang['Fields cannot be empty']
|
||||||
}
|
}
|
||||||
})
|
if(endData.msg){
|
||||||
|
res.end(s.prettyPrint(endData))
|
||||||
|
}
|
||||||
},res,req)
|
},res,req)
|
||||||
})
|
})
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -73,19 +73,17 @@ module.exports = function(s,config,lang,app){
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//get post data
|
//get post data
|
||||||
s.getPostData = function(req){
|
s.getPostData = function(req,target,parseJSON){
|
||||||
|
if(!target)target = 'data'
|
||||||
|
if(!parseJSON)parseJSON = true
|
||||||
var postData = false
|
var postData = false
|
||||||
var selected = false
|
if(req.query && req.query[target]){
|
||||||
try{
|
postData = req.query[target]
|
||||||
if(req.query && req.query.data){
|
}else{
|
||||||
selected = req.query.data
|
postData = req.body[target]
|
||||||
postData = JSON.parse(req.query.data)
|
}
|
||||||
}else{
|
if(parseJSON === true){
|
||||||
selected = req.body.data
|
postData = s.parseJSON(postData)
|
||||||
postData = JSON.parse(req.body.data)
|
|
||||||
}
|
|
||||||
}catch(er){
|
|
||||||
postData = selected
|
|
||||||
}
|
}
|
||||||
return postData
|
return postData
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ module.exports = function(s,config,lang,app){
|
||||||
/**
|
/**
|
||||||
* API : Superuser : Get Logs
|
* API : Superuser : Get Logs
|
||||||
*/
|
*/
|
||||||
app.all([config.webPaths.supersuperApiPrefix+':auth/logs/:ke',config.webPaths.superApiPrefix+':auth/logs/:ke/:id'], function (req,res){
|
app.all([config.webPaths.supersuperApiPrefix+':auth/logs'], function (req,res){
|
||||||
req.ret={ok:false};
|
req.ret={ok:false};
|
||||||
s.superAuth(req.params,function(resp){
|
s.superAuth(req.params,function(resp){
|
||||||
req.sql='SELECT * FROM Logs WHERE ke=?';req.ar=['$'];
|
req.sql='SELECT * FROM Logs WHERE ke=?';req.ar=['$'];
|
||||||
|
|
@ -255,7 +255,7 @@ module.exports = function(s,config,lang,app){
|
||||||
var form = s.getPostData(req)
|
var form = s.getPostData(req)
|
||||||
if(form){
|
if(form){
|
||||||
if(form.mail !== '' && form.pass !== ''){
|
if(form.mail !== '' && form.pass !== ''){
|
||||||
if(form.pass === form.password_again){
|
if(form.pass === form.password_again || form.pass === form.pass_again){
|
||||||
isCallbacking = true
|
isCallbacking = true
|
||||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[form.mail],function(err,r) {
|
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[form.mail],function(err,r) {
|
||||||
if(r&&r[0]){
|
if(r&&r[0]){
|
||||||
|
|
@ -272,6 +272,10 @@ module.exports = function(s,config,lang,app){
|
||||||
}else{
|
}else{
|
||||||
form.ke = form.ke.replace(/[`~!@#$%^&*()_|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, '')
|
form.ke = form.ke.replace(/[`~!@#$%^&*()_|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, '')
|
||||||
}
|
}
|
||||||
|
//check if "details" is object
|
||||||
|
if(form.details instanceof Object){
|
||||||
|
form.details = JSON.stringify(form.details)
|
||||||
|
}
|
||||||
//write user to db
|
//write user to db
|
||||||
s.sqlQuery(
|
s.sqlQuery(
|
||||||
'INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',
|
'INSERT INTO Users (ke,uid,mail,pass,details) VALUES (?,?,?,?,?)',
|
||||||
|
|
@ -314,7 +318,7 @@ module.exports = function(s,config,lang,app){
|
||||||
}
|
}
|
||||||
var form = s.getPostData(req)
|
var form = s.getPostData(req)
|
||||||
if(form){
|
if(form){
|
||||||
var account = s.parseJSON(req.body.account)
|
var account = s.getPostData(req,'account')
|
||||||
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[account.mail],function(err,r) {
|
s.sqlQuery('SELECT * FROM Users WHERE mail=?',[account.mail],function(err,r) {
|
||||||
if(r && r[0]){
|
if(r && r[0]){
|
||||||
r = r[0]
|
r = r[0]
|
||||||
|
|
@ -338,7 +342,7 @@ module.exports = function(s,config,lang,app){
|
||||||
if(set==='ke'||set==='password_again'||!form[v]){return}
|
if(set==='ke'||set==='password_again'||!form[v]){return}
|
||||||
set.push(v+'=?')
|
set.push(v+'=?')
|
||||||
if(v === 'details'){
|
if(v === 'details'){
|
||||||
form[v] = JSON.stringify(Object.assign(details,JSON.parse(form[v])))
|
form[v] = s.stringJSON(Object.assign(details,s.parseJSON(form[v])))
|
||||||
}
|
}
|
||||||
values.push(form[v])
|
values.push(form[v])
|
||||||
})
|
})
|
||||||
|
|
@ -375,25 +379,29 @@ module.exports = function(s,config,lang,app){
|
||||||
var close = function(){
|
var close = function(){
|
||||||
res.end(s.prettyPrint(endData))
|
res.end(s.prettyPrint(endData))
|
||||||
}
|
}
|
||||||
var account = s.parseJSON(req.body.account)
|
var account = s.getPostData(req,'account')
|
||||||
s.sqlQuery('DELETE FROM Users WHERE uid=? AND ke=? AND mail=?',[account.uid,account.ke,account.mail])
|
s.sqlQuery('DELETE FROM Users WHERE uid=? AND ke=? AND mail=?',[account.uid,account.ke,account.mail])
|
||||||
s.sqlQuery('DELETE FROM API WHERE uid=? AND ke=?',[account.uid,account.ke])
|
s.sqlQuery('DELETE FROM API WHERE uid=? AND ke=?',[account.uid,account.ke])
|
||||||
if(req.body.deleteSubAccounts === '1'){
|
if(s.getPostData(req,'deleteSubAccounts',false) === '1'){
|
||||||
s.sqlQuery('DELETE FROM Users WHERE ke=?',[account.ke])
|
s.sqlQuery('DELETE FROM Users WHERE ke=?',[account.ke])
|
||||||
}
|
}
|
||||||
if(req.body.deleteMonitors === '1'){
|
if(s.getPostData(req,'deleteMonitors',false) == '1'){
|
||||||
s.sqlQuery('SELECT FROM Monitors WHERE ke=?',[account.ke],function(err,monitors){
|
s.sqlQuery('SELECT * FROM Monitors WHERE ke=?',[account.ke],function(err,monitors){
|
||||||
monitors.forEach(function(monitor){
|
if(monitors && monitors[0]){
|
||||||
s.camera('stop',monitor)
|
monitors.forEach(function(monitor){
|
||||||
})
|
s.camera('stop',monitor)
|
||||||
s.sqlQuery('DELETE FROM Monitors WHERE ke=?',[account.ke])
|
})
|
||||||
|
s.sqlQuery('DELETE FROM Monitors WHERE ke=?',[account.ke])
|
||||||
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
if(req.body.deleteVideos === '1'){
|
if(s.getPostData(req,'deleteVideos',false) == '1'){
|
||||||
s.sqlQuery('DELETE FROM Videos WHERE ke=?',[account.ke])
|
s.sqlQuery('DELETE FROM Videos WHERE ke=?',[account.ke])
|
||||||
fs.unlink(s.dir.videos+account.ke)
|
fs.chmod(s.dir.videos+account.ke,0o777,function(err){
|
||||||
|
fs.unlink(s.dir.videos+account.ke,function(err){})
|
||||||
|
})
|
||||||
}
|
}
|
||||||
if(req.body.deleteEvents === '1'){
|
if(s.getPostData(req,'deleteEvents',false) == '1'){
|
||||||
s.sqlQuery('DELETE FROM Events WHERE ke=?',[account.ke])
|
s.sqlQuery('DELETE FROM Events WHERE ke=?',[account.ke])
|
||||||
}
|
}
|
||||||
s.tx({f:'delete_account',ke:account.ke,uid:account.uid,mail:account.mail},'$')
|
s.tx({f:'delete_account',ke:account.ke,uid:account.uid,mail:account.mail},'$')
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
"account": {
|
||||||
|
"mail": "[LOGIN ADDRESS]",
|
||||||
|
"ke": "[GROUP KEY]",
|
||||||
|
"uid": "[USER ID]"
|
||||||
|
},
|
||||||
|
"deleteSubAccounts": "1",
|
||||||
|
"deleteMonitors": "1",
|
||||||
|
"deleteVideos": "1",
|
||||||
|
"deleteEvents": "1"
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
{
|
||||||
|
"data": {
|
||||||
|
"mail": "[GROUP KEY]",
|
||||||
|
"ke": "[GROUP KEY]",
|
||||||
|
"pass": "[PASSWORD]",
|
||||||
|
"password_again": "[PASSWORD AGAIN]",
|
||||||
|
"details": {
|
||||||
|
"factorAuth": "0",
|
||||||
|
"size": "10000",
|
||||||
|
"days": "5",
|
||||||
|
"event_days": "10",
|
||||||
|
"log_days": "10",
|
||||||
|
"max_camera": "",
|
||||||
|
"permissions": "all",
|
||||||
|
"edit_size": "1",
|
||||||
|
"edit_days": "1",
|
||||||
|
"edit_event_days": "1",
|
||||||
|
"edit_log_days": "1",
|
||||||
|
"use_admin": "1",
|
||||||
|
"use_aws_s3": "1",
|
||||||
|
"use_webdav": "1",
|
||||||
|
"use_discordbot": "1",
|
||||||
|
"use_ldap": "1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"account": {
|
||||||
|
"mail": "[GROUP KEY]",
|
||||||
|
"ke": "[GROUP KEY]",
|
||||||
|
"uid": "[USER ID]"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,26 @@
|
||||||
|
{
|
||||||
|
"data": {
|
||||||
|
"mail": "[LOGIN ADDRESS]",
|
||||||
|
"ke": "[GROUP KEY]",
|
||||||
|
"pass": "[PASSWORD]",
|
||||||
|
"password_again": "[PASSWORD AGAIN]",
|
||||||
|
"details": {
|
||||||
|
"factorAuth": "0",
|
||||||
|
"size": "10000",
|
||||||
|
"days": "5",
|
||||||
|
"event_days": "10",
|
||||||
|
"log_days": "10",
|
||||||
|
"max_camera": "",
|
||||||
|
"permissions": "all",
|
||||||
|
"edit_size": "1",
|
||||||
|
"edit_days": "1",
|
||||||
|
"edit_event_days": "1",
|
||||||
|
"edit_log_days": "1",
|
||||||
|
"use_admin": "1",
|
||||||
|
"use_aws_s3": "1",
|
||||||
|
"use_webdav": "1",
|
||||||
|
"use_discordbot": "1",
|
||||||
|
"use_ldap": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
"uid" : "[SUB-ACCOUNT USER ID]",
|
||||||
|
"mail" : "[SUB-ACCOUNT LOGIN ADDRESS]"
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"uid": "[SUB-ACCOUNT USER ID]",
|
||||||
|
"mail": "[SUB-ACCOUNT LOGIN ADDRESS]",
|
||||||
|
"data": {
|
||||||
|
"details": {
|
||||||
|
"sub": "1",
|
||||||
|
"allmonitors": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
"mail": "[SUB-ACCOUNT LOGIN ADDRESS]",
|
||||||
|
"pass": "[SUB-ACCOUNT PASSWORD]",
|
||||||
|
"password_again": "[SUB-ACCOUNT PASSWORD]"
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue