fix: Remade perms
This commit is contained in:
48
src/index.ts
48
src/index.ts
@@ -22,11 +22,6 @@ declare global {
|
|||||||
namespace Express {
|
namespace Express {
|
||||||
export interface User extends IUser {
|
export interface User extends IUser {
|
||||||
_id: mongoose.Types.ObjectId;
|
_id: mongoose.Types.ObjectId;
|
||||||
// pass: string;
|
|
||||||
// uname: string;
|
|
||||||
// admin?: number;
|
|
||||||
// locked?: boolean;
|
|
||||||
// room?: string
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -34,7 +29,7 @@ declare global {
|
|||||||
//#region express initialization
|
//#region express initialization
|
||||||
var app = express();
|
var app = express();
|
||||||
app.use(bodyParser.json())
|
app.use(bodyParser.json())
|
||||||
app.use(bodyParser.urlencoded({extended: true}))
|
app.use(bodyParser.urlencoded({ extended: true }))
|
||||||
app.use(cors({
|
app.use(cors({
|
||||||
origin: ["http://localhost:4200", `https://${process.env.DOMAIN}`,],
|
origin: ["http://localhost:4200", `https://${process.env.DOMAIN}`,],
|
||||||
credentials: true
|
credentials: true
|
||||||
@@ -44,7 +39,7 @@ app.use(session({
|
|||||||
rolling: true,
|
rolling: true,
|
||||||
secret: process.env.SECRET,
|
secret: process.env.SECRET,
|
||||||
saveUninitialized: false,
|
saveUninitialized: false,
|
||||||
store: MongoStore.create({mongoUrl: connectionString, dbName: "ipwa", collectionName: "sessions", touchAfter: 60, autoRemove: 'disabled'}),
|
store: MongoStore.create({ mongoUrl: connectionString, dbName: "ipwa", collectionName: "sessions", touchAfter: 60, autoRemove: 'disabled' }),
|
||||||
cookie: {
|
cookie: {
|
||||||
maxAge: 1209600000,
|
maxAge: 1209600000,
|
||||||
}
|
}
|
||||||
@@ -53,32 +48,32 @@ app.use(passport.session())
|
|||||||
//#endregion
|
//#endregion
|
||||||
|
|
||||||
//#region Passport strategies initialization
|
//#region Passport strategies initialization
|
||||||
passport.use("normal",new LocalStrategy(async function verify(uname,pass,done) {
|
passport.use("normal", new LocalStrategy(async function verify(uname, pass, done) {
|
||||||
let query = await User.findOne({uname: uname.toLowerCase()})
|
let query = await User.findOne({ uname: uname.toLowerCase() })
|
||||||
if (query) {
|
if (query) {
|
||||||
if (query.locked == true) return done({type: "locked", message: "Twoje konto jest zablokowane. Skontaktuj się z administratorem."}, false)
|
if (query.locked == true) return done({ type: "locked", message: "Twoje konto jest zablokowane. Skontaktuj się z administratorem." }, false)
|
||||||
var timeout = security.check(query._id)
|
var timeout = security.check(query._id)
|
||||||
if (timeout) {
|
if (timeout) {
|
||||||
timeout = Math.ceil(timeout / 1000 / 60)
|
timeout = Math.ceil(timeout / 1000 / 60)
|
||||||
return done({type: "timeout", message: `Zbyt wiele nieudanych prób logowania. Odczekaj ${timeout} minut lub skontaktuj się z administratorem.`}, false)
|
return done({ type: "timeout", message: `Zbyt wiele nieudanych prób logowania. Odczekaj ${timeout} minut lub skontaktuj się z administratorem.` }, false)
|
||||||
}
|
}
|
||||||
if (await bcrypt.compare(pass, query.pass)) {
|
if (await bcrypt.compare(pass, query.pass)) {
|
||||||
return done(null, query)
|
return done(null, query)
|
||||||
} else {
|
} else {
|
||||||
security.addAttempt(query._id)
|
security.addAttempt(query._id)
|
||||||
done({type: "unf"}, false)
|
done({ type: "unf" }, false)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
done({type: "unf"}, false)
|
done({ type: "unf" }, false)
|
||||||
}
|
}
|
||||||
}))
|
}))
|
||||||
//#endregion
|
//#endregion
|
||||||
|
|
||||||
passport.serializeUser(function(user, done) {
|
passport.serializeUser(function (user, done) {
|
||||||
done(null, user._id);
|
done(null, user._id);
|
||||||
});
|
});
|
||||||
|
|
||||||
passport.deserializeUser(async function(id, done) {
|
passport.deserializeUser(async function (id, done) {
|
||||||
let query = await User.findById(id)
|
let query = await User.findById(id)
|
||||||
if (query) {
|
if (query) {
|
||||||
done(null, query)
|
done(null, query)
|
||||||
@@ -89,6 +84,7 @@ passport.deserializeUser(async function(id, done) {
|
|||||||
|
|
||||||
var server = app.listen(8080, async () => {
|
var server = app.listen(8080, async () => {
|
||||||
await mongoose.connect(connectionString);
|
await mongoose.connect(connectionString);
|
||||||
|
await dataMigration()
|
||||||
if (process.send) process.send("ready")
|
if (process.send) process.send("ready")
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -97,4 +93,24 @@ app.use('/', routes)
|
|||||||
process.on('SIGINT', () => {
|
process.on('SIGINT', () => {
|
||||||
server.close()
|
server.close()
|
||||||
mongoose.disconnect().then(() => process.exit(0), () => process.exit(1))
|
mongoose.disconnect().then(() => process.exit(0), () => process.exit(1))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
async function dataMigration() {
|
||||||
|
//#region User
|
||||||
|
var users = await User.find({ admin: { $type: "int" } }).lean()
|
||||||
|
users.forEach(async v => {
|
||||||
|
var oldFlags = v.admin as unknown as number
|
||||||
|
var newFlags: string[] | undefined = []
|
||||||
|
if ((oldFlags & 1) == 1) newFlags.push("news")
|
||||||
|
if ((oldFlags & 2) == 2) newFlags.push("menu")
|
||||||
|
if ((oldFlags & 4) == 4) newFlags.push("notif")
|
||||||
|
if ((oldFlags & 8) == 8) newFlags.push("groups")
|
||||||
|
if ((oldFlags & 16) == 16) newFlags.push("accs")
|
||||||
|
if ((oldFlags & 32) == 32) newFlags.push("super")
|
||||||
|
if ((oldFlags & 64) == 64) newFlags.push("keys")
|
||||||
|
if ((oldFlags & 128) == 128) newFlags.push("grades")
|
||||||
|
if (newFlags.length == 0) newFlags = undefined
|
||||||
|
await User.findByIdAndUpdate(v._id, { $set: { admin: newFlags } })
|
||||||
|
})
|
||||||
|
//#endregion
|
||||||
|
}
|
||||||
|
|||||||
@@ -44,15 +44,15 @@ accsRouter.put('/:id', async (req, res)=> {
|
|||||||
res.status(404).send("User not found")
|
res.status(404).send("User not found")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if (req.body.flags) {
|
if (req.body.admin) {
|
||||||
if (adminCond(req.user.admin, Perms.Superadmin)) {
|
if (adminCond(req.user.admin, Perms.Superadmin)) {
|
||||||
if (adminCond(user.admin, Perms.Superadmin)) {
|
if (adminCond(user.admin, Perms.Superadmin)) {
|
||||||
res.status(400).send("Cannot edit other superadmins")
|
res.status(400).send("Cannot edit other superadmins")
|
||||||
} else {
|
} else {
|
||||||
if (adminCond(req.body.flags, Perms.Superadmin)) {
|
if (adminCond(req.body.admin, Perms.Superadmin)) {
|
||||||
res.status(400).send("Cannot set superadmin")
|
res.status(400).send("Cannot set superadmin")
|
||||||
} else {
|
} else {
|
||||||
await user.set({uname: req.body.uname, room: req.body.room, admin: req.body.flags, fname: req.body.fname, surname: req.body.surname, groups: req.body.groups}).save()
|
await user.set({uname: req.body.uname, room: req.body.room, admin: req.body.admin, fname: req.body.fname, surname: req.body.surname, groups: req.body.groups}).save()
|
||||||
res.send({status: 200})
|
res.send({status: 200})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,10 +1,11 @@
|
|||||||
|
import { Perms } from "@/utility";
|
||||||
import mongoose, { Types, Schema } from "mongoose"
|
import mongoose, { Types, Schema } from "mongoose"
|
||||||
|
|
||||||
export interface IUser {
|
export interface IUser {
|
||||||
uname: string;
|
uname: string;
|
||||||
pass: string;
|
pass: string;
|
||||||
room?: string;
|
room?: string;
|
||||||
admin?: number;
|
admin?: Perms[];
|
||||||
locked?: boolean;
|
locked?: boolean;
|
||||||
fname?: string;
|
fname?: string;
|
||||||
surname?: string;
|
surname?: string;
|
||||||
@@ -17,7 +18,7 @@ const userSchema = new Schema<IUser>({
|
|||||||
uname: {type: String, required: true},
|
uname: {type: String, required: true},
|
||||||
pass: {type: String, required: true, default: "$2y$10$wxDhf.XiXkmdKrFqYUEa0.F4Bf.pDykZaMmgjvyLyeRP3E/Xy0hbC"},
|
pass: {type: String, required: true, default: "$2y$10$wxDhf.XiXkmdKrFqYUEa0.F4Bf.pDykZaMmgjvyLyeRP3E/Xy0hbC"},
|
||||||
room: {type: String, default: ""},
|
room: {type: String, default: ""},
|
||||||
admin: Number,
|
admin: [{type: String}],
|
||||||
locked: {type: Boolean, default: false},
|
locked: {type: Boolean, default: false},
|
||||||
fname: {type: String, default: ""},
|
fname: {type: String, default: ""},
|
||||||
surname: {type: String, default: ""},
|
surname: {type: String, default: ""},
|
||||||
|
|||||||
@@ -15,14 +15,14 @@ var isadmin = (req: Request, res: Response, next: NextFunction) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
enum Perms {
|
enum Perms {
|
||||||
News = 1,
|
News = "news",
|
||||||
Menu = 2,
|
Menu = "menu",
|
||||||
Notif = 4,
|
Notif = "notif",
|
||||||
Groups = 8,
|
Groups = "groups",
|
||||||
Accs = 16,
|
Accs = "accs",
|
||||||
Superadmin = 32,
|
Superadmin = "super",
|
||||||
Key = 64,
|
Key = "keys",
|
||||||
Clean = 128,
|
Clean = "grades",
|
||||||
}
|
}
|
||||||
|
|
||||||
var adminPerm = (perm: Perms) => {
|
var adminPerm = (perm: Perms) => {
|
||||||
@@ -34,8 +34,8 @@ var adminPerm = (perm: Perms) => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var adminCond = (adminInt = 0, perm: Perms) => {
|
var adminCond = (perms: Perms[], perm: Perms) => {
|
||||||
return (adminInt & perm) == perm
|
return perms.includes(perm)
|
||||||
}
|
}
|
||||||
|
|
||||||
export function project<T extends object>(obj: T | any, projection?: (keyof T)[] | { [key in keyof T]: any}): Partial<T> {
|
export function project<T extends object>(obj: T | any, projection?: (keyof T)[] | { [key in keyof T]: any}): Partial<T> {
|
||||||
|
|||||||
Reference in New Issue
Block a user