Skip to content

Commit

Permalink
API: ensure user is active in checkLogin helper
Browse files Browse the repository at this point in the history
  • Loading branch information
@M1CK431
M1CK431 committed Aug 14, 2023
1 parent b4bb715 commit 7b4f98d
Show file tree
Hide file tree
Showing 10 changed files with 73 additions and 71 deletions.
68 changes: 34 additions & 34 deletions server/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -435,7 +435,7 @@ let needSetup = false;
return;
}

checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);

let user = await R.findOne("user", " id = ? AND active = 1 ", [
Expand Down Expand Up @@ -484,7 +484,7 @@ let needSetup = false;
return;
}

checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);

await R.exec("UPDATE `user` SET twofa_status = 1 WHERE id = ? ", [
Expand Down Expand Up @@ -516,7 +516,7 @@ let needSetup = false;
return;
}

checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);
await TwoFA.disable2FA(socket.userID);

Expand All @@ -539,7 +539,7 @@ let needSetup = false;

socket.on("verifyToken", async (token, currentPassword, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);

let user = await R.findOne("user", " id = ? AND active = 1 ", [
Expand Down Expand Up @@ -571,7 +571,7 @@ let needSetup = false;

socket.on("twoFAStatus", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let user = await R.findOne("user", " id = ? AND active = 1 ", [
socket.userID,
Expand Down Expand Up @@ -632,7 +632,7 @@ let needSetup = false;

socket.on("getUsers", async callback => {
try {
checkLogin(socket);
await checkLogin(socket);

const users = await sendUserList(socket);

Expand All @@ -650,7 +650,7 @@ let needSetup = false;

socket.on("getUser", async (userID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

const user = await getUser(userID);

Expand All @@ -668,7 +668,7 @@ let needSetup = false;

socket.on("saveUser", async (user, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

await saveUser(socket, user);
await sendUserList(socket);
Expand All @@ -688,7 +688,7 @@ let needSetup = false;
// Add a new monitor
socket.on("add", async (monitor, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let bean = R.dispense("monitor");

let notificationIDList = monitor.notificationIDList;
Expand Down Expand Up @@ -742,7 +742,7 @@ let needSetup = false;
socket.on("editMonitor", async (monitor, callback) => {
try {
let removeGroupChildren = false;
checkLogin(socket);
await checkLogin(socket);

let bean = await R.findOne("monitor", " id = ? ", [ monitor.id ]);

Expand Down Expand Up @@ -868,7 +868,7 @@ let needSetup = false;

socket.on("getMonitorList", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await server.sendMonitorList(socket);
callback({
ok: true,
Expand All @@ -884,7 +884,7 @@ let needSetup = false;

socket.on("getMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.info("monitor", `Get Monitor: ${monitorID} User ID: ${socket.userID}`);

Expand All @@ -905,7 +905,7 @@ let needSetup = false;

socket.on("getMonitorBeats", async (monitorID, period, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.info("monitor", `Get Monitor Beats: ${monitorID} User ID: ${socket.userID}`);

Expand Down Expand Up @@ -938,7 +938,7 @@ let needSetup = false;
// Start or Resume the monitor
socket.on("resumeMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await startMonitor(socket.userID, monitorID);
await server.sendMonitorList(socket);

Expand All @@ -957,7 +957,7 @@ let needSetup = false;

socket.on("pauseMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await pauseMonitor(socket.userID, monitorID);
await server.sendMonitorList(socket);

Expand All @@ -976,7 +976,7 @@ let needSetup = false;

socket.on("deleteMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.info("manage", `Delete Monitor: ${monitorID} User ID: ${socket.userID}`);

Expand Down Expand Up @@ -1015,7 +1015,7 @@ let needSetup = false;

socket.on("getTags", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

const list = await R.findAll("tag");

Expand All @@ -1034,7 +1034,7 @@ let needSetup = false;

socket.on("addTag", async (tag, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let bean = R.dispense("tag");
bean.name = tag.name;
Expand All @@ -1056,7 +1056,7 @@ let needSetup = false;

socket.on("editTag", async (tag, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let bean = await R.findOne("tag", " id = ? ", [ tag.id ]);
if (bean == null) {
Expand Down Expand Up @@ -1086,7 +1086,7 @@ let needSetup = false;

socket.on("deleteTag", async (tagID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

await R.exec("DELETE FROM tag WHERE id = ? ", [ tagID ]);

Expand All @@ -1105,7 +1105,7 @@ let needSetup = false;

socket.on("addMonitorTag", async (tagID, monitorID, value, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

await R.exec("INSERT INTO monitor_tag (tag_id, monitor_id, value) VALUES (?, ?, ?)", [
tagID,
Expand All @@ -1128,7 +1128,7 @@ let needSetup = false;

socket.on("editMonitorTag", async (tagID, monitorID, value, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

await R.exec("UPDATE monitor_tag SET value = ? WHERE tag_id = ? AND monitor_id = ?", [
value,
Expand All @@ -1151,7 +1151,7 @@ let needSetup = false;

socket.on("deleteMonitorTag", async (tagID, monitorID, value, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

await R.exec("DELETE FROM monitor_tag WHERE tag_id = ? AND monitor_id = ? AND value = ?", [
tagID,
Expand All @@ -1177,7 +1177,7 @@ let needSetup = false;

socket.on("changePassword", async (userID, password, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

if (! password.newPassword) {
throw new Error("Invalid new password");
Expand Down Expand Up @@ -1205,7 +1205,7 @@ let needSetup = false;

socket.on("getSettings", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const data = await getSettings("general");

if (!data.serverTimezone) {
Expand All @@ -1227,7 +1227,7 @@ let needSetup = false;

socket.on("setSettings", async (data, currentPassword, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

// If currently is disabled auth, don't need to check
// Disabled Auth + Want to Disable Auth => No Check
Expand Down Expand Up @@ -1276,7 +1276,7 @@ let needSetup = false;
// Add or Edit
socket.on("addNotification", async (notification, notificationID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let notificationBean = await Notification.save(notification, notificationID, socket.userID);
await sendNotificationList(socket);
Expand All @@ -1297,7 +1297,7 @@ let needSetup = false;

socket.on("deleteNotification", async (notificationID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

await Notification.delete(notificationID, socket.userID);
await sendNotificationList(socket);
Expand All @@ -1317,7 +1317,7 @@ let needSetup = false;

socket.on("testNotification", async (notification, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let msg = await Notification.send(notification, notification.name + " Testing");

Expand All @@ -1338,7 +1338,7 @@ let needSetup = false;

socket.on("checkApprise", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
callback(Notification.checkApprise());
} catch (e) {
callback(false);
Expand All @@ -1347,7 +1347,7 @@ let needSetup = false;

socket.on("uploadBackup", async (uploadedJSON, importHandle, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let backupData = JSON.parse(uploadedJSON);

Expand Down Expand Up @@ -1552,7 +1552,7 @@ let needSetup = false;

socket.on("clearEvents", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.info("manage", `Clear Events Monitor: ${monitorID} User ID: ${socket.userID}`);

Expand All @@ -1578,7 +1578,7 @@ let needSetup = false;

socket.on("clearHeartbeats", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.info("manage", `Clear Heartbeats Monitor: ${monitorID} User ID: ${socket.userID}`);

Expand All @@ -1602,7 +1602,7 @@ let needSetup = false;

socket.on("clearStatistics", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.info("manage", `Clear Statistics User ID: ${socket.userID}`);

Expand Down
10 changes: 5 additions & 5 deletions server/socket-handlers/api-key-socket-handler.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module.exports.apiKeySocketHandler = (socket) => {
// Add a new api key
socket.on("addAPIKey", async (key, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

let clearKey = nanoid(40);
let hashedKey = passwordHash.generate(clearKey);
Expand Down Expand Up @@ -52,7 +52,7 @@ module.exports.apiKeySocketHandler = (socket) => {

socket.on("getAPIKeyList", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await sendAPIKeyList(socket);
callback({
ok: true,
Expand All @@ -68,7 +68,7 @@ module.exports.apiKeySocketHandler = (socket) => {

socket.on("deleteAPIKey", async (keyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.debug("apikeys", `Deleted API Key: ${keyID} User ID: ${socket.userID}`);

Expand All @@ -93,7 +93,7 @@ module.exports.apiKeySocketHandler = (socket) => {

socket.on("disableAPIKey", async (keyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.debug("apikeys", `Disabled Key: ${keyID} User ID: ${socket.userID}`);

Expand All @@ -120,7 +120,7 @@ module.exports.apiKeySocketHandler = (socket) => {

socket.on("enableAPIKey", async (keyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);

log.debug("apikeys", `Enabled Key: ${keyID} User ID: ${socket.userID}`);

Expand Down
10 changes: 5 additions & 5 deletions server/socket-handlers/cloudflared-socket-handler.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {

socket.on(prefix + "join", async () => {
try {
checkLogin(socket);
await checkLogin(socket);
socket.join("cloudflared");
io.to(socket.userID).emit(prefix + "installed", cloudflared.checkInstalled());
io.to(socket.userID).emit(prefix + "running", cloudflared.running);
Expand All @@ -43,14 +43,14 @@ module.exports.cloudflaredSocketHandler = (socket) => {

socket.on(prefix + "leave", async () => {
try {
checkLogin(socket);
await checkLogin(socket);
socket.leave("cloudflared");
} catch (error) { }
});

socket.on(prefix + "start", async (token) => {
try {
checkLogin(socket);
await checkLogin(socket);
if (token && typeof token === "string") {
await setSetting("cloudflaredTunnelToken", token);
cloudflared.token = token;
Expand All @@ -63,7 +63,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {

socket.on(prefix + "stop", async (currentPassword, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const disabledAuth = await setting("disableAuth");
if (!disabledAuth) {
await doubleCheckPassword(socket, currentPassword);
Expand All @@ -79,7 +79,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {

socket.on(prefix + "removeToken", async () => {
try {
checkLogin(socket);
await checkLogin(socket);
await setSetting("cloudflaredTunnelToken", "");
} catch (error) { }
});
Expand Down
Loading

0 comments on commit 7b4f98d

Please sign in to comment.