diff --git a/.gitignore b/.gitignore index 87921b1..7b08c2f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,6 @@ /setup.json /file_info.json /node_modules/ -/data/ \ No newline at end of file +/data/ +/.idea/ +.vscode/ \ No newline at end of file diff --git a/Middlewares/authMiddleware.js b/Middlewares/authMiddleware.js index 5308906..9b6abf0 100644 --- a/Middlewares/authMiddleware.js +++ b/Middlewares/authMiddleware.js @@ -1,34 +1,48 @@ -const fs = require('fs'); +const fs = require('fs').promises; const path = require('path'); const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../config/logs'); -const debug = require('debug')('app:authMiddleware'); const authMiddleware = async (req, res, next) => { - if (req.isAuthenticated() || (req.session && req.session.user && req.session.user.name)) { - const data = await fs.promises.readFile(path.join(__dirname, '../data', 'user.json'), 'utf8'); - const users = JSON.parse(data); - const user = users.find(user => user.name === (req.session.user && req.session.user.name)); + try { + if (req.isAuthenticated()) { - if (!user) { - authLogger.info('User is not authenticated and user name is not set'); - return res.redirect('/auth/login'); + const data = await fs.readFile(path.join(__dirname, '../data', 'user.json'), 'utf8'); + const users = JSON.parse(data); + + const sessionUser = req.user; + + + if (!sessionUser) { + authLogger.info('Session user is undefined'); + return res.redirect('/auth/login'); + } + + if (!sessionUser.id && !sessionUser.name) { + authLogger.info('Session user lacks both id and name'); + return res.redirect('/auth/login'); + } + + const user = users.find(user => user.id === sessionUser.id || user.name === sessionUser.name); + + if (!user) { + authLogger.info('User not found in user.json'); + return res.redirect('/auth/login'); + } + + req.session.user = user; + res.locals.user = user; + req.userData = user; + + return next(); + } else { + authLogger.info(`Authentication failed for IP: ${req.ip}, User Agent: ${req.headers['user-agent']}. Redirecting to login.`); + res.redirect('/auth/login'); + } + } catch (error) { + authLogger.error('Error in authentication middleware:', error); + return next(error); } - - if (!req.session.user) { - authLogger.info('User connection attempt in progress, verification in progress...'); - authLogger.info(`Login successfully completed, logged in user is: id=${user.id}, name=${user.name}, role=${user.role}, IP: ${req.ip}, User Agent: ${req.headers['user-agent']}`); - } - - res.locals.user = user; - req.session.user = user; - req.userData = user; - return next(); - } else { - authLogger.info(`Authentication failed for IP: ${req.ip}, User Agent: ${req.headers['user-agent']}. Redirecting to login.`); - debug('User is not authenticated, redirecting to login...'); - res.redirect('/auth/login'); - } }; -module.exports = authMiddleware; \ No newline at end of file +module.exports = authMiddleware; diff --git a/models/Passport-Discord.js b/models/Passport-Discord.js index f36dceb..ebb55bf 100644 --- a/models/Passport-Discord.js +++ b/models/Passport-Discord.js @@ -1,96 +1,95 @@ const passport = require('passport'); const DiscordStrategy = require('passport-discord').Strategy; -const fs = require('fs'); +const fs = require('fs').promises; const path = require('path'); const setupFilePath = path.join(__dirname, '../data', 'setup.json'); -let setupData; -try { - setupData = JSON.parse(fs.readFileSync(setupFilePath, 'utf-8')); - console.log('Setup data loaded:', setupData); -} catch (err) { - console.error('Error reading setup.json:', err); +async function loadSetupData() { + try { + const setupFileContent = await fs.readFile(setupFilePath, 'utf-8'); + return JSON.parse(setupFileContent); + } catch (err) { + console.error('Error reading setup.json:', err); + return null; + } } -const callbackURL = `http://${setupData[0].domain}/auth/discord/callback`; -console.log(`Callback URL: ${callbackURL}`); +async function initializePassport() { + const setupData = await loadSetupData(); -passport.use(new DiscordStrategy({ - clientID: setupData[0].discord.clientID, - clientSecret: setupData[0].discord.clientSecret, - callbackURL: callbackURL -}, (accessToken, refreshToken, profile, done) => { - console.log('Discord profile received:', profile); + if (!setupData || !setupData[0]) { + console.error('Setup data is not loaded or has an incorrect structure.'); + return; + } - fs.readFile(path.join(__dirname, '../data', 'user.json'), 'utf8', (err, data) => { - if (err) { - console.error('Error reading user.json:', err); - return done(err); - } + const discordConfig = setupData[0].discord; + if (!discordConfig || !discordConfig.clientID || !discordConfig.clientSecret) { + console.error('Discord configuration is missing clientID or clientSecret.'); + return; + } - let users; + const callbackURL = `http://${setupData[0].domain}/auth/discord/callback`; + + passport.use(new DiscordStrategy({ + clientID: discordConfig.clientID, + clientSecret: discordConfig.clientSecret, + callbackURL: callbackURL, + scope: ['identify', 'email'] + }, async (accessToken, refreshToken, profile, done) => { try { - users = JSON.parse(data); - } catch (parseErr) { - console.error('Failed to parse user.json:', parseErr); - return done(parseErr); - } + const userFilePath = path.join(__dirname, '../data', 'user.json'); + const data = await fs.readFile(userFilePath, 'utf8'); + let users = JSON.parse(data); - let existingUser = users.find(user => user.id === profile.id); + let existingUser = users.find(user => user.id === profile.id); - if (existingUser) { - console.log('Existing user found:', existingUser); - return done(null, existingUser); - } - - const newUser = { - id: profile.id, - name: profile.username, - role: "user" - }; - - users.push(newUser); - - fs.writeFile(path.join(__dirname, '../data', 'user.json'), JSON.stringify(users, null, 2), 'utf8', (err) => { - if (err) { - console.error('Error writing to user.json:', err); - return done(err); + if (existingUser) { + return done(null, existingUser); } - console.log('New user created:', newUser); + + const newUser = { + id: profile.id, + name: profile.username, + role: "user" + }; + + users.push(newUser); + + await fs.writeFile(userFilePath, JSON.stringify(users, null, 2), 'utf8'); done(null, newUser); - }); - }); -})); -passport.serializeUser((user, done) => { - console.log('Serializing user:', user); - done(null, user.id); -}); - -passport.deserializeUser((id, done) => { - fs.readFile(path.join(__dirname, '../data', 'user.json'), 'utf8', (err, data) => { - if (err) { - return done(err); + } catch (err) { + console.error('Error handling user data:', err); + done(err); } + })); - let users; + passport.serializeUser((user, done) => { + console.log('Serializing user:', user); + done(null, user.id); + }); + + passport.deserializeUser(async (id, done) => { try { - users = JSON.parse(data); - } catch (parseErr) { - console.error('Failed to parse user data:', parseErr); - return done(parseErr); + const userFilePath = path.join(__dirname, '../data', 'user.json'); + const data = await fs.readFile(userFilePath, 'utf8'); + const users = JSON.parse(data); + + const user = users.find(user => user.id === id); + + if (!user) { + return done(null, false, { message: 'User not found.' }); + } + + done(null, user); + } catch (err) { + console.error('Error deserializing user:', err); + done(err); } - - const user = users.find(user => user.id === id); - - if (!user) { - return done(null, false, { message: 'User not found.' }); - } - - console.log('Deserializing user:', user); - done(null, user); }); -}); +} + +initializePassport(); module.exports = passport; diff --git a/package.json b/package.json index e0907a7..35fd156 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cdn-app/insider-myaxrin-labs-dinawo", - "version": "1.0.0-beta.14", + "version": "1.0.0-beta.15", "description": "", "main": "server.js", "scripts": { diff --git a/routes/Auth/Discord.js b/routes/Auth/Discord.js index 25b9bce..870f343 100644 --- a/routes/Auth/Discord.js +++ b/routes/Auth/Discord.js @@ -7,6 +7,10 @@ const { getUserData, getSetupData } = require('../../Middlewares/watcherMiddlewa let setupData; let user; +// Ensure Passport is initialized before using it +router.use(passport.initialize()); +router.use(passport.session()); + Promise.all([ getSetupData(), getUserData() @@ -15,7 +19,7 @@ Promise.all([ user = userData; if (setupData[0].discord !== undefined) { - const DiscordStrategy = require('../../models/Passport-Discord'); + require('../../models/Passport-Discord'); // Ensure the strategy is registered } router.get("/auth/discord", (req, res) => { @@ -33,31 +37,34 @@ Promise.all([ res.redirect('/auth/login'); } }); -}); -router.use(passport.initialize()); -router.use(passport.session()); - -passport.deserializeUser((user, done) => { - done(null, user); -}); - -router.get('/callback', passport.authenticate('discord', { - failureRedirect: '/auth/login' -}), (req, res, next) => { - checkUserExistsDiscord(req, res, () => { - if (req.userExists) { - return res.redirect('/dpanel/dashboard'); - } else { - createUser(req.user, (createErr) => { - if (createErr) { - return next(createErr); + router.get('/callback', async (req, res, next) => { + try { + passport.authenticate('discord', { session: true }, (err, user, info) => { + if (err) { + console.error('Authentication error:', err); + return next(err); } - return res.redirect('/dpanel/dashboard'); - }); + if (!user) { + console.error('No user found:', info); + return res.redirect('/auth/login'); + } + req.logIn(user, (err) => { + if (err) { + console.error('Login error:', err); + return next(err); + } + console.log('Authenticated user:', user); + res.redirect('/dpanel/dashboard'); + }); + })(req, res, next); + } catch (error) { + console.error('Error handling callback:', error); + next(error); } }); + }); - + module.exports = router; diff --git a/routes/Dpanel/API/BackgroundCustom.js b/routes/Dpanel/API/BackgroundCustom.js index 99d1f77..36c116d 100644 --- a/routes/Dpanel/API/BackgroundCustom.js +++ b/routes/Dpanel/API/BackgroundCustom.js @@ -2,165 +2,45 @@ const express = require('express'); const fs = require('fs'); const path = require('path'); const router = express.Router(); -const fileUpload = require('express-fileupload'); -const authMiddleware = require('../../../Middlewares/authMiddleware'); -const { loggers } = require('winston'); -const ncp = require('ncp').ncp; -let configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8') -let config = JSON.parse(configFile)[0]; -const bodyParser = require('body-parser'); -const crypto = require('crypto'); -const os = require('os'); -const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware'); -let setupData = getSetupData(); -let userData = getUserData(); -router.use(bodyParser.json()); +router.use(express.json()); -/** - * @swagger - * /dashboard/getfilefolder/{folderName}?token={token}: - * post: - * security: - * - bearerAuth: [] - * tags: - * - Folder - * summary: Get files and folders in a specific folder - * description: This route allows you to get the files and folders in a specific folder. It requires a valid JWT token in the Authorization header. - * parameters: - * - in: path - * name: folderName - * required: true - * schema: - * type: string - * description: The name of the folder - * - in: header - * name: Authorization - * required: true - * schema: - * type: string - * description: The JWT token of your account to have access - * responses: - * 200: - * description: Success - * content: - * application/json: - * schema: - * type: object - * properties: - * files: - * type: array - * items: - * type: object - * properties: - * name: - * type: string - * type: - * type: string - * 401: - * description: Unauthorized - * content: - * application/json: - * schema: - * type: object - * properties: - * message: - * type: string - * 404: - * description: The specified folder does not exist - * content: - * application/json: - * schema: - * type: object - * properties: - * error: - * type: string - * 500: - * description: Internal server error - * content: - * application/json: - * schema: - * type: object - * properties: - * error: - * type: string - */ +router.post('/wallpaper', (req, res) => { + const userId = req.body.userId; + const wallpaperUrl = req.body.wallpaperUrl; - -function authenticateToken(req, res, next) { - let token = null; - const authHeader = req.headers['authorization']; - - if (authHeader) { - token = authHeader.split(' ')[1]; - } else if (req.query.token) { - token = req.query.token; + if (!wallpaperUrl) { + return res.status(400).send('No wallpaper URL provided.'); } - - if (token == null) { - if (req.user) { - return next(); - } else { - return res.status(401).json({ message: 'Unauthorized' }); - } - } - - fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { - if (err) { - console.error('Error reading user.json:', err); - return res.status(401).json({ message: 'Unauthorized' }); - } - - const users = JSON.parse(data); - - const user = users.find(u => u.token === token); - - if (user) { - req.user = user; - req.userData = user; - next(); - } else { - return res.status(401).json({ message: 'Unauthorized' }); - } - }); - } -router.get('/wallpaper', authenticateToken, (req, res) => { - fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { - if (err) { - return res.status(500).send('Error reading the file'); - } - const users = JSON.parse(data); - const user = users.find(u => u.token === req.userData.token); - - res.json({ wallpaper: user.wallpaper || null }); - }); + updateUserWallpaper(userId, wallpaperUrl, res); }); -router.post('/wallpaper', authenticateToken, (req, res) => { - const newWallpaper = req.body.wallpaper; +const updateUserWallpaper = (userId, wallpaperUrl, res) => { + const userFilePath = path.join(__dirname, '../../../data', 'user.json'); - fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + fs.readFile(userFilePath, 'utf8', (err, data) => { if (err) { return res.status(500).send('Error reading the file'); } let users = JSON.parse(data); - const userIndex = users.findIndex(u => u.token === req.userData.token); + + const userIndex = users.findIndex(u => u.id === userId); if (userIndex !== -1) { - users[userIndex].wallpaper = newWallpaper; + users[userIndex].wallpaper = wallpaperUrl; - fs.writeFile(path.join(__dirname, '../../../data', 'user.json'), JSON.stringify(users, null, 2), (err) => { + fs.writeFile(userFilePath, JSON.stringify(users, null, 2), err => { if (err) { return res.status(500).send('Error writing to the file'); } - res.send('Wallpaper updated'); + res.json({ wallpaper: wallpaperUrl }); }); } else { - res.status(401).send('Unauthorized'); + res.status(404).send('User not found'); } }); -}); +}; -module.exports = router; \ No newline at end of file +module.exports = router; diff --git a/routes/routes.js b/routes/routes.js index 999b6c3..a1580b6 100644 --- a/routes/routes.js +++ b/routes/routes.js @@ -24,6 +24,9 @@ const UpdateSetupAdminRoute = require('./Dpanel/API/Update-Setup-Admin.js'); const DeleteFolderRoute = require('./Dpanel/API/DeleteFolfder.js'); const DeleteFileFolderRoute = require('./Dpanel/API/DeleteFileFolder.js'); const GetMetaDataFileRoute = require('./Dpanel/API/GetMetaDataFile.js'); +const BackgroundCustom = require('./Dpanel/API/BackgroundCustom.js'); +const ProfilUser = require('./Dpanel/Dashboard/ProfilUser.js'); +const PofilPictureRoute = require('./Dpanel/API/ProfilPicture.js'); const loginRoute = require('./Auth/Login.js'); const logoutRoute = require('./Auth/Logout.js'); @@ -50,12 +53,13 @@ router.use('/dpanel/dashboard/admin/users', AdminUsersDpanelRoute); router.use('/dpanel/dashboard/admin/settingsetup', AdminSettingSetupDpanelRoute) router.use('/dpanel/dashboard/admin/stats-logs', AdminStatsLogsDpanelRoute);; router.use('/dpanel/dashboard/admin/Privacy-Security', AdminPrivacySecurityDpanelRoute); +router.use('/dpanel/dashboard/profil', ProfilUser); router.use('/api/dpanel/dashboard/newfolder',discordWebhookSuspisiousAlertMiddleware, logApiRequest, NewFolderRoute); router.use('/api/dpanel/dashboard/rename',discordWebhookSuspisiousAlertMiddleware, logApiRequest, RenameFileRoute); router.use('/api/dpanel/dashboard/delete',discordWebhookSuspisiousAlertMiddleware, logApiRequest, DeleteFileRoute); router.use('/api/dpanel/dashboard/movefile',discordWebhookSuspisiousAlertMiddleware, logApiRequest, MoveFileRoute); -router.use('/api/dpanel/upload', UploadRoute); +router.use('/api/dpanel/upload',discordWebhookSuspisiousAlertMiddleware, logApiRequest, UploadRoute); router.use('/api/dpanel/dashboard/admin/update-role',discordWebhookSuspisiousAlertMiddleware, logApiRequest, UpdateRoleAdminRoute); router.use('/api/dpanel/dashboard/admin/update-setup',discordWebhookSuspisiousAlertMiddleware, logApiRequest, UpdateSetupAdminRoute); router.use('/api/dpanel/dashboard/deletefolder',discordWebhookSuspisiousAlertMiddleware, logApiRequest, DeleteFolderRoute); @@ -65,6 +69,8 @@ router.use('/api/dpanel/dashboard/backgroundcustom',discordWebhookSuspisiousAler router.use('/api/dpanel/generate-token',discordWebhookSuspisiousAlertMiddleware, logApiRequest, GenerateTokenRoute); router.use('/api/dpanel/dashboard/getfile', getFileDashboardRoute, logApiRequest); router.use('/api/dpanel/dashboard/getfilefolder', getFileFolderRoute, logApiRequest); +router.use('/api/dpanel/dashboard/backgroundcustom', BackgroundCustom, logApiRequest); +router.use('/api/dpanel/dashboard/profilpicture', PofilPictureRoute, logApiRequest); router.use('/auth/login', loginRoute); router.use('/auth/logout', logoutRoute); diff --git a/views/AuthLogin.ejs b/views/AuthLogin.ejs index 57bf683..20ef749 100644 --- a/views/AuthLogin.ejs +++ b/views/AuthLogin.ejs @@ -126,6 +126,9 @@ +

Connexion

<% if (currentUrl === '/auth/activedirectory' || (setupData[0] && setupData[0].hasOwnProperty('ldap'))) { %> diff --git a/views/dashboard.ejs b/views/dashboard.ejs index ab93e68..bc7f197 100644 --- a/views/dashboard.ejs +++ b/views/dashboard.ejs @@ -21,6 +21,20 @@ + + +
+
@@ -164,43 +187,52 @@ @@ -234,7 +266,7 @@ @@ -247,4 +279,4 @@
- + \ No newline at end of file diff --git a/views/folder.ejs b/views/folder.ejs index 2656947..ad4d223 100644 --- a/views/folder.ejs +++ b/views/folder.ejs @@ -18,6 +18,20 @@ + + +
+