From dec0041c214aca8ac86ed7a84f60271d9127c2a3 Mon Sep 17 00:00:00 2001
From: Michael Mainguy <mike.mainguy@gmail.com>
Date: Tue, 11 Jun 2024 12:17:28 -0500
Subject: [PATCH] updated security

---
 src/integration/functions/checkDb.ts         |  4 +--
 src/integration/pouchdbPersistenceManager.ts | 32 ++++++++++++++------
 src/react/webApp.tsx                         | 26 +++++++++++++++-
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/src/integration/functions/checkDb.ts b/src/integration/functions/checkDb.ts
index 2ab5c32..1190722 100644
--- a/src/integration/functions/checkDb.ts
+++ b/src/integration/functions/checkDb.ts
@@ -1,7 +1,7 @@
 import axios from "axios";
 import log from "loglevel";
 
-export async function checkDb(localName: string, remoteDbName: string) {
+export async function checkDb(localName: string, remoteDbName: string, password: string) {
     const logger = log.getLogger('checkDb');
     const dbs = await axios.get(import.meta.env.VITE_SYNCDB_ENDPOINT + 'list');
     logger.debug(dbs.data);
@@ -11,7 +11,7 @@ export async function checkDb(localName: string, remoteDbName: string) {
             {
                 "_id": "org.couchdb.user:" + localName,
                 "name": localName,
-                "password": localName,
+                "password": password,
                 "roles": ["readers"],
                 "type": "user"
             }
diff --git a/src/integration/pouchdbPersistenceManager.ts b/src/integration/pouchdbPersistenceManager.ts
index ac198e6..f914e39 100644
--- a/src/integration/pouchdbPersistenceManager.ts
+++ b/src/integration/pouchdbPersistenceManager.ts
@@ -285,9 +285,9 @@ export class PouchdbPersistenceManager {
             const userHex = ascii_to_hex(localName);
             const remoteDbName = 'userdb-' + userHex;
             const remoteUserName = localName;
-            const password = localName;
+            const password = this._encKey || localName;
 
-            if (await checkDb(localName, remoteDbName) == false) {
+            if (await checkDb(localName, remoteDbName, password) == false) {
                 return;
             }
 
@@ -301,15 +301,27 @@ export class PouchdbPersistenceManager {
             }
             if (target.data && target.data.userCtx) {
                 if (!target.data.userCtx.name || target.data.userCtx.name != remoteUserName) {
-                    const buildTarget = await axios.post(userEndpoint,
-                        {username: remoteUserName, password: password});
-                    if (buildTarget.status != 200) {
-                        this._logger.info(buildTarget.statusText);
-                        return;
-                    } else {
-                        this.user = buildTarget.data.userCtx;
-                        this._logger.debug(this.user);
+                    try {
+                        const buildTarget = await axios.post(userEndpoint,
+                            {username: remoteUserName, password: password});
+                        if (buildTarget.status != 200) {
+                            this._logger.error(buildTarget.statusText);
+                            return;
+                        } else {
+                            this.user = buildTarget.data.userCtx;
+                            this._logger.debug(this.user);
+                        }
+                    } catch (err) {
+                        if (err.response && err.response.status == 401) {
+                            this._logger.warn(err);
+                            const promptPassword = new CustomEvent('promptpassword', {detail: 'Please enter password'});
+                            document.dispatchEvent(promptPassword);
+                        }
+
+                        //                    } else {
+                        this._logger.error(err);
                     }
+
                 }
             }
 
diff --git a/src/react/webApp.tsx b/src/react/webApp.tsx
index 714098a..374893c 100644
--- a/src/react/webApp.tsx
+++ b/src/react/webApp.tsx
@@ -1,6 +1,7 @@
 import {useEffect, useState} from "react";
 import {uploadImage} from "./functions/uploadImage";
 import {viewOnly} from "../util/functions/getPath";
+import axios from "axios";
 
 function MainMenu({onClick}) {
     if (viewOnly()) {
@@ -58,10 +59,31 @@ function CreateMenu({display, toggleCreateMenu}) {
     const onCreateClick = (evt) => {
         evt.preventDefault();
         const name = (document.querySelector('#createName') as HTMLInputElement).value;
+        const password = (document.querySelector('#createPassword') as HTMLInputElement).value;
+        const password2 = (document.querySelector('#createPassword2') as HTMLInputElement).value;
+        if (password !== password2) {
+            window.alert('Passwords do not match');
+            return;
+        }
         const id = window.crypto.randomUUID().replace(/-/g, '_');
         localStorage.setItem(id, name);
         if (name && name.length > 4) {
-            document.location.href = '/db/' + id;
+            axios.post(import.meta.env.VITE_CREATE_ENDPOINT,
+                {
+                    "_id": "org.couchdb.user:" + id,
+                    "name": id,
+                    "password": password,
+                    "roles": ["readers"],
+                    "type": "user"
+                }
+            ).then(response => {
+                console.log(response);
+                document.location.href = '/db/' + id;
+            }).catch(error => {
+                console.error(error);
+            });
+
+
         } else {
             window.alert('Name must be longer than 4 characters');
         }
@@ -70,6 +92,8 @@ function CreateMenu({display, toggleCreateMenu}) {
         <div className="overlay" id="create" style={{'display': display}}>
             <div>
                 <div><input id="createName" placeholder="Enter a name for your diagram" type="text"/></div>
+                <div><input id="createPassword" placeholder="(Optional) Password" type="password"/></div>
+                <div><input id="createPassword2" placeholder="(Optional) Password" type="password"/></div>
                 <div><a href="#" id="createActionLink" onClick={onCreateClick}>Create</a></div>
                 <div><a className="cancel" onClick={toggleCreateMenu} href="#" id="cancelCreateLink">Cancel</a></div>
             </div>