1.0.1 Auth fix!

Seeroy · Jan 24, 2023 · 25920ce · 25920ce
1 parent 29c2efc
commit 25920ce
Show file tree

Hide file tree

Showing 10 changed files with 58 additions and 38 deletions.
diff --git a/app.js b/app.js
@@ -135,7 +135,7 @@ global.currentFileWritingsText = [];
 global.ftpserver;
 
 // Kubek version
-global.version = "v2.0";
+global.version = "v2.0.1";
 
 app.use(fileUpload());
 app.use(cookieParser());

diff --git a/my_modules/auth_manager.js b/my_modules/auth_manager.js
@@ -56,7 +56,7 @@ exports.addNewUser = (password, login, permissions, mail) => {
     if (cfg.auth == false) {
       success = "Auth is disabled";
     } else {
-      if(Object.keys(users).length >= 6){
+      if (Object.keys(users).length >= 6) {
         success = "Users count is limited to 5 users";
       } else {
         if (mail == null || typeof mail == "undefined" || mail.match(EMAIL_REGEX)) {
@@ -206,16 +206,31 @@ exports.editUser = (login, permissions, mail) => {
   return success;
 }
 
-exports.getUserPermissions = (hash, login) => {
-  auth = this.authorize(hash, login);
-  if (auth == true) {
-    if (typeof usersConfig[login] !== "undefined" && typeof usersConfig[login].permissions !== "undefined") {
-      return usersConfig[login].permissions;
+exports.getUserPermissions = (req) => {
+  cfggg = config.readConfig();
+  if (cfggg.auth == true) {
+    hash = req.cookies["kbk__hash"];
+    login = req.cookies["kbk__login"];
+
+    auth = this.authorize(hash, login);
+    if (auth == true && typeof login !== "undefined" && typeof hash !== "undefined" && login.length > 0 && hash.length > 0) {
+      if (typeof usersConfig[login] !== "undefined" && typeof usersConfig[login].permissions !== "undefined") {
+        return usersConfig[login].permissions;
+      } else {
+        return false;
+      }
     } else {
       return false;
     }
   } else {
-    return false;
+    arr = [
+      "console",
+      "plugins",
+      "filemanager",
+      "server_settings",
+      "kubek_settings"
+    ];
+    return arr;
   }
 }
 

diff --git a/my_modules/statistics.js b/my_modules/statistics.js
@@ -7,14 +7,14 @@ var config = require('./config');
 
 exports.supportUID = () => {
   cp_unq = os.cpus();
-  uniqueid_unq = os.version + "850_" + cp_unq[0].model + cp_unq[1].speed + Math.round(os.totalmem() / 1024 / 1024);
+  uniqueid_unq = os.version + "850_" + cp_unq[0].model + cp_unq[0].speed + Math.round(os.totalmem() / 1024 / 1024);
   uniqueid_unq = MD5(uniqueid_unq).toString();
   return uniqueid_unq;
 }
 
 exports.collectStats = (cfg, version, cb) => {
   cp_unq = os.cpus();
-  uniqueid_unq = os.version + "850_" + cp_unq[0].model + cp_unq[1].speed + Math.round(os.totalmem() / 1024 / 1024);
+  uniqueid_unq = os.version + "850_" + cp_unq[0].model + cp_unq[0].speed + Math.round(os.totalmem() / 1024 / 1024);
   uniqueid_unq = MD5(uniqueid_unq).toString();
 
   cfgs = config.readServersJSON();

diff --git a/routers/auth.js b/routers/auth.js
@@ -54,18 +54,23 @@ router.get('/login', function (req, res) {
 });
 
 router.get('/permissions', function (req, res) {
-  login = req.cookies['kbk__login'];
-  hash = req.cookies['kbk__hash'];
-  if (typeof login !== "undefined" && typeof hash !== "undefined" && login.length > 0 && hash.length > 0) {
-    perms = auth_manager.getUserPermissions(hash, login);
+  cfg = config.readConfig();
+  if (cfg['auth'] == true) {
+    perms = auth_manager.getUserPermissions(req);
     res.send(perms);
   } else {
-    res.send(false);
+    res.send([
+      "console",
+      "plugins",
+      "filemanager",
+      "server_settings",
+      "kubek_settings"
+    ]);
   }
 });
 
 router.get('/listUsers', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     users = config.readUsersConfig();
     res.send(users);
@@ -75,7 +80,7 @@ router.get('/listUsers', function (req, res) {
 });
 
 router.get('/getUserInfo', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     users = config.readUsersConfig();
     username = req.query.username;
@@ -91,7 +96,7 @@ router.get('/getUserInfo', function (req, res) {
 });
 
 router.get('/newUser', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     result = false;
     login = req.query.login;
@@ -126,7 +131,7 @@ router.get('/logout', function (req, res) {
 });
 
 router.get('/editUser', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     result = false;
     login = req.query.login;
@@ -145,7 +150,7 @@ router.get('/editUser', function (req, res) {
 });
 
 router.get('/changeAdminPass', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     result = false;
     oldPass = req.query.oldPass;
@@ -162,7 +167,7 @@ router.get('/changeAdminPass', function (req, res) {
 });
 
 router.get('/deleteUser', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     result = false;
     login = req.query.login;
@@ -178,7 +183,7 @@ router.get('/deleteUser', function (req, res) {
 });
 
 router.get('/regenUserHash', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     result = false;
     login = req.query.login;

diff --git a/routers/fmapi.js b/routers/fmapi.js
@@ -17,7 +17,7 @@ router.use(function (req, res, next) {
     res.send("Cannot be accessed from the internet");
   } else {
     authsucc = auth_manager.authorize(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
-    perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+    perms = auth_manager.getUserPermissions(req);
     if (authsucc == true && perms.includes(ACCESS_PERMISSION)) {
       next();
     } else {

diff --git a/routers/forgeInstaller.js b/routers/forgeInstaller.js
@@ -21,7 +21,7 @@ router.use(function (req, res, next) {
     res.send("Cannot be accessed from the internet");
   } else {
     authsucc = auth_manager.authorize(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
-    perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+    perms = auth_manager.getUserPermissions(req);
     if (authsucc == true && perms.includes(ACCESS_PERMISSION)) {
       next();
     } else {

diff --git a/routers/kubek.js b/routers/kubek.js
@@ -92,7 +92,7 @@ router.get('/translate', function (req, res) {
 });
 
 router.get('/setFTPDStatus', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     ftpd.stopFTPD();
     setTimeout(function () {
@@ -131,7 +131,7 @@ router.get('/support-uid', function (req, res) {
 });
 
 router.get('/config', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     res.send(config.readConfig());
   } else {
@@ -146,7 +146,7 @@ router.get('/usage', function (req, res) {
 });
 
 router.get('/saveConfig', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     if (req.query.data != null && typeof req.query.data !== "undefined") {
       fs.writeFileSync("./config.json", req.query.data);

diff --git a/routers/plugins.js b/routers/plugins.js
@@ -17,7 +17,7 @@ router.use(function (req, res, next) {
     res.send("Cannot be accessed from the internet");
   } else {
     authsucc = auth_manager.authorize(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
-    perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+    perms = auth_manager.getUserPermissions(req);
     if (perms.includes(ACCESS_PERMISSION)) {
       next();
     } else {

diff --git a/routers/server.js b/routers/server.js
@@ -88,7 +88,7 @@ router.get('/statuses', function (req, res) {
 });
 
 router.get('/getStartScript', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     if (typeof (configjson[req.query.server]) !== 'undefined') {
       res.send(serverController.getStartScript(req.query.server));
@@ -101,7 +101,7 @@ router.get('/getStartScript', function (req, res) {
 });
 
 router.get('/saveStartScript', (req, res) => {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     if (typeof (configjson[req.query.server]) !== 'undefined') {
       res.send(serverController.saveStartScript(req.query.server, req.query.script, req.query.resonerr));
@@ -114,7 +114,7 @@ router.get('/saveStartScript', (req, res) => {
 });
 
 router.get('/getServerPropertiesFile', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     if (typeof (configjson[req.query.server]) !== 'undefined') {
       res.set('Content-Type', 'application/json');
@@ -128,7 +128,7 @@ router.get('/getServerPropertiesFile', function (req, res) {
 });
 
 router.get('/saveServerPropertiesFile', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     if (typeof (configjson[req.query.server]) !== 'undefined') {
       res.send(serverController.saveServerProperties(req.query.server, req.query.doc));
@@ -141,7 +141,7 @@ router.get('/saveServerPropertiesFile', function (req, res) {
 });
 
 router.get('/log', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION_2)) {
     if (typeof (configjson[req.query.server]) !== 'undefined') {
       spl = servers_logs[req.query.server].split(/\r?\n/).slice(-100);
@@ -155,7 +155,7 @@ router.get('/log', function (req, res) {
 });
 
 router.get('/delete', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     if (typeof (configjson[req.query.server]) !== 'undefined') {
       delete configjson[req.query.server];

diff --git a/routers/upload.js b/routers/upload.js
@@ -28,7 +28,7 @@ router.use(function (req, res, next) {
 });
 
 router.post('/icon', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION)) {
     let sampleFile;
     let uploadPath;
@@ -83,7 +83,7 @@ router.post('/core', function (req, res) {
 });
 
 router.post('/plugin', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION_2)) {
     if (!fs.existsSync("./servers/" + req.query["server"] + "/plugins")) {
       fs.mkdirSync("./servers/" + req.query["server"] + "/plugins");
@@ -114,7 +114,7 @@ router.post('/plugin', function (req, res) {
 });
 
 router.post('/mod', function (req, res) {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION_2)) {
     if (!fs.existsSync("./servers/" + req.query["server"] + "/mods")) {
       fs.mkdirSync("./servers/" + req.query["server"] + "/mods");
@@ -145,7 +145,7 @@ router.post('/mod', function (req, res) {
 });
 
 router.post('/file', (request, response) => {
-  perms = auth_manager.getUserPermissions(req.cookies["kbk__hash"], req.cookies["kbk__login"]);
+  perms = auth_manager.getUserPermissions(req);
   if (perms.includes(ACCESS_PERMISSION_3)) {
     let sampleFile;
     let uploadPath;