mmainguy/immersive2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated security

Browse Source
This commit is contained in:
Michael Mainguy 2024-06-11 12:17:28 -05:00
parent a334f13e6f
commit dec0041c21
3 changed files with 49 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/integration/functions/checkDb.ts
View File

@ -1,7 +1,7 @@
import axios from "axios"; import axios from "axios";
import log from "loglevel"; import log from "loglevel";
export async function checkDb(localName: string, remoteDbName: string) { export async function checkDb(localName: string, remoteDbName: string, password: string) {
const logger = log.getLogger('checkDb'); const logger = log.getLogger('checkDb');
const dbs = await axios.get(import.meta.env.VITE_SYNCDB_ENDPOINT + 'list'); const dbs = await axios.get(import.meta.env.VITE_SYNCDB_ENDPOINT + 'list');
logger.debug(dbs.data); logger.debug(dbs.data);
@ -11,7 +11,7 @@ export async function checkDb(localName: string, remoteDbName: string) {
{ {
"_id": "org.couchdb.user:" + localName, "_id": "org.couchdb.user:" + localName,
"name": localName, "name": localName,
"password": localName, "password": password,
"roles": ["readers"], "roles": ["readers"],
"type": "user" "type": "user"
} }

32
src/integration/pouchdbPersistenceManager.ts
View File

@ -285,9 +285,9 @@ export class PouchdbPersistenceManager {
const userHex = ascii_to_hex(localName); const userHex = ascii_to_hex(localName);
const remoteDbName = 'userdb-' + userHex; const remoteDbName = 'userdb-' + userHex;
const remoteUserName = localName; const remoteUserName = localName;
const password = localName; const password = this._encKey || localName;
if (await checkDb(localName, remoteDbName) == false) { if (await checkDb(localName, remoteDbName, password) == false) {
return; return;
} }
@ -301,15 +301,27 @@ export class PouchdbPersistenceManager {
} }
if (target.data && target.data.userCtx) { if (target.data && target.data.userCtx) {
if (!target.data.userCtx.name || target.data.userCtx.name != remoteUserName) { if (!target.data.userCtx.name || target.data.userCtx.name != remoteUserName) {
const buildTarget = await axios.post(userEndpoint, try {
{username: remoteUserName, password: password}); const buildTarget = await axios.post(userEndpoint,
if (buildTarget.status != 200) { {username: remoteUserName, password: password});
this._logger.info(buildTarget.statusText); if (buildTarget.status != 200) {
return; this._logger.error(buildTarget.statusText);
} else { return;
this.user = buildTarget.data.userCtx; } else {
this._logger.debug(this.user); this.user = buildTarget.data.userCtx;
this._logger.debug(this.user);
}
} catch (err) {
if (err.response && err.response.status == 401) {
this._logger.warn(err);
const promptPassword = new CustomEvent('promptpassword', {detail: 'Please enter password'});
document.dispatchEvent(promptPassword);
}
// } else {
this._logger.error(err);
} }
} }
} }

26
src/react/webApp.tsx
View File

@ -1,6 +1,7 @@
import {useEffect, useState} from "react"; import {useEffect, useState} from "react";
import {uploadImage} from "./functions/uploadImage"; import {uploadImage} from "./functions/uploadImage";
import {viewOnly} from "../util/functions/getPath"; import {viewOnly} from "../util/functions/getPath";
import axios from "axios";
function MainMenu({onClick}) { function MainMenu({onClick}) {
if (viewOnly()) { if (viewOnly()) {
@ -58,10 +59,31 @@ function CreateMenu({display, toggleCreateMenu}) {
const onCreateClick = (evt) => { const onCreateClick = (evt) => {
evt.preventDefault(); evt.preventDefault();
const name = (document.querySelector('#createName') as HTMLInputElement).value; const name = (document.querySelector('#createName') as HTMLInputElement).value;
const password = (document.querySelector('#createPassword') as HTMLInputElement).value;
const password2 = (document.querySelector('#createPassword2') as HTMLInputElement).value;
if (password !== password2) {
window.alert('Passwords do not match');
return;
}
const id = window.crypto.randomUUID().replace(/-/g, '_'); const id = window.crypto.randomUUID().replace(/-/g, '_');
localStorage.setItem(id, name); localStorage.setItem(id, name);
if (name && name.length > 4) { if (name && name.length > 4) {
document.location.href = '/db/' + id; axios.post(import.meta.env.VITE_CREATE_ENDPOINT,
{
"_id": "org.couchdb.user:" + id,
"name": id,
"password": password,
"roles": ["readers"],
"type": "user"
}
).then(response => {
console.log(response);
document.location.href = '/db/' + id;
}).catch(error => {
console.error(error);
});
} else { } else {
window.alert('Name must be longer than 4 characters'); window.alert('Name must be longer than 4 characters');
} }
@ -70,6 +92,8 @@ function CreateMenu({display, toggleCreateMenu}) {
<div className="overlay" id="create" style={{'display': display}}> <div className="overlay" id="create" style={{'display': display}}>
<div> <div>
<div><input id="createName" placeholder="Enter a name for your diagram" type="text"/></div> <div><input id="createName" placeholder="Enter a name for your diagram" type="text"/></div>
<div><input id="createPassword" placeholder="(Optional) Password" type="password"/></div>
<div><input id="createPassword2" placeholder="(Optional) Password" type="password"/></div>
<div><a href="#" id="createActionLink" onClick={onCreateClick}>Create</a></div> <div><a href="#" id="createActionLink" onClick={onCreateClick}>Create</a></div>
<div><a className="cancel" onClick={toggleCreateMenu} href="#" id="cancelCreateLink">Cancel</a></div> <div><a className="cancel" onClick={toggleCreateMenu} href="#" id="cancelCreateLink">Cancel</a></div>
</div> </div>