yetangitu/timelimit-server
1
0
Fork 0
mirror of https://codeberg.org/timelimit/timelimit-server.git synced 2025-10-04 10:19:26 +02:00
Code Issues Projects Releases Wiki Activity

Remove GUI from the admin API

Browse source
This commit is contained in:
Jonas Lochmann 2020-02-03 01:00:00 +01:00
parent 719af663f5
commit 1f210b32c8
No known key found for this signature in database
GPG key ID: 8B8C9AEE10FA5B36
4 changed files with 27 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

41
src/api/admin.ts
View file

@ -15,14 +15,13 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { urlencoded } from 'body-parser'
import * as escape from 'escape-html'
import { json } from 'body-parser'
import { Router } from 'express'
import { BadRequest, Conflict, Forbidden } from 'http-errors'
import { BadRequest, Conflict } from 'http-errors'
import { Database } from '../database'
import { addPurchase } from '../function/purchase'
import { getStatusMessage, setStatusMessage } from '../function/statusmessage'
import { generateAuthToken, generatePurchaseId } from '../util/token'
import { generatePurchaseId } from '../util/token'
import { WebsocketApi } from '../websocket'
export const createAdminRouter = ({ database, websocket }: {
@ -31,12 +30,6 @@ export const createAdminRouter = ({ database, websocket }: {
}) => {
const router = Router()
const serverToken = generateAuthToken()
router.get('/', (_, res) => {
res.send('<html><body><a href="/admin/status">status</a><br><a href="/admin/status-message">Status message</a><br><a href="/admin/unlock-premium">unlock premium</a></body></html>')
})
router.get('/status', (_, res) => {
res.json({
websocketClients: websocket.countConnections()
@ -47,23 +40,21 @@ export const createAdminRouter = ({ database, websocket }: {
try {
const currentStatusMessage = await getStatusMessage({ database })
res.send('<html><body><form action="/admin/status-message" method="post"><textarea name="smessage" rows="20" cols="100">' + escape(currentStatusMessage) + '</textarea><input type="submit" value="Save"><input type="hidden" name="token" value="' + escape(serverToken) + '"></form></body></html>')
res.json({
statusMessage: currentStatusMessage
})
} catch (ex) {
next(ex)
}
})
router.post('/status-message', urlencoded({ extended: false }), async (req, res, next) => {
router.post('/status-message', json(), async (req, res, next) => {
try {
if (typeof req.body !== 'object' || typeof req.body.smessage !== 'string' || typeof req.body.token !== 'string') {
if (typeof req.body !== 'object' || typeof req.body.message !== 'string') {
throw new BadRequest()
}
if (req.body.token !== serverToken) {
throw new Forbidden()
}
const newStatusMessage = req.body.smessage as string
const newStatusMessage = req.body.message as string
await setStatusMessage({ database, newStatusMessage })
@ -75,24 +66,16 @@ export const createAdminRouter = ({ database, websocket }: {
}
})
router.get('/unlock-premium', (_, res) => (
res.send('<html><body><form action="/admin/unlock-premium" method="post">mail: <input name="mail" /><br><input type="radio" name="duration" value="month" />Month<br /><input type="radio" name="duration" value="year" />Year<br><input type="submit" value="Unlock"><input type="hidden" name="token" value="' + escape(serverToken) + '"></form></body></html>')
))
router.post('/unlock-premium', urlencoded({ extended: false }), async (req, res, next) => {
router.post('/unlock-premium', json(), async (req, res, next) => {
try {
if (typeof req.body !== 'object' || typeof req.body.mail !== 'string' || typeof req.body.duration !== 'string' || typeof req.body.token !== 'string') {
if (typeof req.body !== 'object' || typeof req.body.mail !== 'string' || typeof req.body.duration !== 'string') {
throw new BadRequest()
}
if (req.body.token !== serverToken) {
throw new Forbidden()
}
const mail: string = req.body.mail
const type: string = req.body.duration
if (type !== 'month' && type !== 'year') {
if (type !== 'month' && type !== 'year' || mail === '') {
throw new BadRequest()
}