Nothing much here yet...
@@ -16,7 +35,7 @@
- Reset All Audiobooks
+ Reset All Audiobooks
@@ -41,7 +60,8 @@
export default {
data() {
return {
- isResettingAudiobooks: false
+ isResettingAudiobooks: false,
+ users: null
}
},
computed: {
@@ -53,6 +73,19 @@ export default {
scan() {
this.$root.socket.emit('scan')
},
+ clickAddUser() {
+ this.$toast.info('Under Construction: User management coming soon.')
+ },
+ loadUsers() {
+ this.$axios
+ .$get('/api/users')
+ .then((users) => {
+ this.users = users
+ })
+ .catch((error) => {
+ console.error('Failed', error)
+ })
+ },
resetAudiobooks() {
if (confirm('WARNING! This action will remove all audiobooks from the database including any updates or matches you have made. This does not do anything to your actual files. Shall we continue?')) {
this.isResettingAudiobooks = true
@@ -70,6 +103,39 @@ export default {
}
}
},
- mounted() {}
+ mounted() {
+ this.loadUsers()
+ }
}
-
\ No newline at end of file
+
+
+
\ No newline at end of file
diff --git a/server/ApiController.js b/server/ApiController.js
index 53567083..ab0dd248 100644
--- a/server/ApiController.js
+++ b/server/ApiController.js
@@ -28,7 +28,9 @@ class ApiController {
this.router.get('/metadata/:id/:trackIndex', this.getMetadata.bind(this))
this.router.patch('/match/:id', this.match.bind(this))
+ this.router.get('/users', this.getUsers.bind(this))
this.router.delete('/user/audiobook/:id', this.resetUserAudiobookProgress.bind(this))
+ this.router.patch('/user/password', this.userChangePassword.bind(this))
this.router.post('/authorize', this.authorize.bind(this))
@@ -156,6 +158,11 @@ class ApiController {
res.sendStatus(200)
}
+ getUsers(req, res) {
+ if (req.user.type !== 'root') return res.sendStatus(403)
+ return res.json(this.db.users.map(u => u.toJSONForBrowser()))
+ }
+
async resetUserAudiobookProgress(req, res) {
req.user.resetAudiobookProgress(req.params.id)
await this.db.updateEntity('user', req.user)
@@ -163,6 +170,10 @@ class ApiController {
res.sendStatus(200)
}
+ userChangePassword(req, res) {
+ this.auth.userChangePassword(req, res)
+ }
+
getGenres(req, res) {
res.json({
genres: this.db.getGenres()
diff --git a/server/Auth.js b/server/Auth.js
index b048a041..f4cd57a7 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -114,65 +114,50 @@ class Auth {
}
}
- async checkAuth(req, res) {
- var username = req.body.username
- Logger.debug('Check Auth', username, !!req.body.password)
+ comparePassword(password, user) {
+ if (user.type === 'root' && !password && !user.pash) return true
+ if (!password || !user.pash) return false
+ return bcrypt.compare(password, user.pash)
+ }
- var matchingUser = this.users.find(u => u.username === username)
- if (!matchingUser) {
+ async userChangePassword(req, res) {
+ var { password, newPassword } = req.body
+ newPassword = newPassword || ''
+ var matchingUser = this.users.find(u => u.id === req.user.id)
+
+ // Only root can have an empty password
+ if (matchingUser.type !== 'root' && !newPassword) {
return res.json({
- error: 'User not found'
+ error: 'Invalid new password - Only root can have an empty password'
})
}
- var cleanedUser = { ...matchingUser }
- delete cleanedUser.pash
-
- // check for empty password (default)
- if (!req.body.password) {
- if (!matchingUser.pash) {
- res.cookie('user', username, { signed: true })
- return res.json({
- user: cleanedUser
- })
- } else {
- return res.json({
- error: 'Invalid Password'
- })
- }
+ var compare = await this.comparePassword(password, matchingUser)
+ if (!compare) {
+ return res.json({
+ error: 'Invalid password'
+ })
}
- // Set root password first time
- if (matchingUser.type === 'root' && !matchingUser.pash && req.body.password && req.body.password.length > 1) {
- console.log('Set root pash')
- var pw = await this.hashPass(req.body.password)
+ var pw = ''
+ if (newPassword) {
+ pw = await this.hashPass(newPassword)
if (!pw) {
return res.json({
error: 'Hash failed'
})
}
- this.users = this.users.map(u => {
- if (u.username === matchingUser.username) {
- u.pash = pw
- }
- return u
- })
- await this.saveAuthDb()
- return res.json({
- setroot: true,
- user: cleanedUser
- })
}
- var compare = await bcrypt.compare(req.body.password, matchingUser.pash)
- if (compare) {
- res.cookie('user', username, { signed: true })
+ matchingUser.pash = pw
+ var success = await this.db.updateEntity('user', matchingUser)
+ if (success) {
res.json({
- user: cleanedUser
+ success: true
})
} else {
res.json({
- error: 'Invalid Password'
+ error: 'Unknown error'
})
}
}
diff --git a/server/Db.js b/server/Db.js
index 173ffe09..c60025f1 100644
--- a/server/Db.js
+++ b/server/Db.js
@@ -143,8 +143,10 @@ class Db {
this[arrayKey] = this[arrayKey].map(e => {
return e.id === entity.id ? entity : e
})
+ return true
}).catch((error) => {
Logger.error(`[DB] Update entity ${entityName} Failed: ${error}`)
+ return false
})
}
diff --git a/server/Server.js b/server/Server.js
index 04db36bf..e7eb1935 100644
--- a/server/Server.js
+++ b/server/Server.js
@@ -3,7 +3,6 @@ const express = require('express')
const http = require('http')
const SocketIO = require('socket.io')
const fs = require('fs-extra')
-const cookieparser = require('cookie-parser')
const Auth = require('./Auth')
const Watcher = require('./Watcher')
@@ -101,7 +100,6 @@ class Server {
this.server = http.createServer(app)
- app.use(cookieparser('secret_family_recipe'))
app.use(this.auth.cors)
// Static path to generated nuxt