From 10cfd0b21ca064bfcfc832236b9a38b986892965 Mon Sep 17 00:00:00 2001 From: flavio Date: Sat, 18 Nov 2023 11:40:57 +0000 Subject: [PATCH] Added simple change password html inside authenticated page and changed the way users are stored in the users.json file --- src/lib/Server.js | 34 ++++++++++++++++++++++++++++++---- src/users.json | 29 +++++++++++++---------------- src/www/index.html | 26 ++++++++++++++++++++++++++ src/www/js/api.js | 8 ++++++++ src/www/js/app.js | 25 ++++++++++++++++++++++++- 5 files changed, 101 insertions(+), 21 deletions(-) diff --git a/src/lib/Server.js b/src/lib/Server.js index 009ab4a3..038732a1 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -48,15 +48,15 @@ module.exports = class Server { }; })) .post('/api/session', Util.promisify(async req => { - // Post authentication + // Authentication const { username, password, } = req.body; // Check if the credentials are correct - const tmp = await fs.readFile(path.join(USERS_PATH, 'users.json')); - const { users } = JSON.parse(tmp); + const usersJson = await fs.readFile(path.join(USERS_PATH, 'users.json'), 'utf8'); + const users = JSON.parse(usersJson); const user = users.find(findUser => findUser.username === username); if (typeof user !== 'object') { @@ -68,12 +68,12 @@ module.exports = class Server { } req.session.authenticated = true; + req.session.username = user.username; req.session.save(); debug(`New Session: ${req.session.id}`); })) - // WireGuard .use((req, res, next) => { if (req.session && req.session.authenticated) { @@ -91,6 +91,32 @@ module.exports = class Server { debug(`Deleted Session: ${sessionId}`); })) + .post('/api/updatePassword', Util.promisify(async req => { + const { + newPassword, + checkPassword, + } = req.body; + const username = req.session.username; + + const usersJson = await fs.readFile(path.join(USERS_PATH, 'users.json'), 'utf8'); + const users = JSON.parse(usersJson); + const user = users.find(findUser => findUser.username === username); + + if (typeof user !== 'object') { + throw new ServerError('This session.username does not exists', 401); + } + + if (newPassword !== checkPassword) { + throw new ServerError("Passwords don't match", 401); + } + + user.password = newPassword; + await fs.writeFile(path.join(USERS_PATH, 'users.json'), JSON.stringify(users, false, 2), { + mode: 0o660, + }); + + })) + // WireGuard .get('/api/wireguard/client', Util.promisify(async req => { return WireGuard.getClients(); })) diff --git a/src/users.json b/src/users.json index b772443b..0a7f63c6 100644 --- a/src/users.json +++ b/src/users.json @@ -1,17 +1,14 @@ -{ - "users": [ - { - "username": "alice", - "password": "password123" - }, - { - "username": "bob", - "password": "notpassword777" - }, - { - "username": "roberto", - "password": "yespassword999" - } - ] +[ + { + "username": "alice", + "password": "password123" + }, + { + "username": "bob", + "password": "notpassword777" + }, + { + "username": "roberto", + "password": "yespassword999" } - \ No newline at end of file +] \ No newline at end of file diff --git a/src/www/index.html b/src/www/index.html index 5425a0de..43c5d275 100644 --- a/src/www/index.html +++ b/src/www/index.html @@ -54,6 +54,32 @@ + +
+ + + + + + + + +
+
diff --git a/src/www/js/api.js b/src/www/js/api.js index a957f455..6c3a42c8 100644 --- a/src/www/js/api.js +++ b/src/www/js/api.js @@ -58,6 +58,14 @@ class API { }); } + async changePassword({ newPassword, checkPassword }) { + return this.call({ + method: 'post', + path: '/updatePassword', + body: { newPassword, checkPassword }, + }); + } + async getClients() { return this.call({ method: 'get', diff --git a/src/www/js/app.js b/src/www/js/app.js index c95e8ebe..26cd5fbd 100644 --- a/src/www/js/app.js +++ b/src/www/js/app.js @@ -28,8 +28,11 @@ new Vue({ data: { authenticated: null, authenticating: false, - username: null, password: null, + username: null, + newPassword: null, + checkPassword: null, + changingPassword: null, clients: null, clientsPersist: {}, @@ -208,6 +211,26 @@ new Vue({ alert(err.message || err.toString()); }); }, + updatePassword(e) { + e.preventDefault(); + + this.changingPassword = true; + this.api.changePassword({ + newPassword: this.newPassword, + checkPassword: this.checkPassword, + }) + .then(() => { + alert("Password Changed!"); + }) + .catch(err => { + alert(err.message || err.toString()); + }) + .finally(() => { + this.newPassword = null; + this.checkPassword = null; + this.changingPassword = null; + }); + }, createClient() { const name = this.clientCreateName; if (!name) return;