updated security

2024-06-11 12:17:28 -05:00 · 2024-06-11 12:17:28 -05:00 · dec0041c21
commit dec0041c21
parent a334f13e6f
3 changed files with 49 additions and 13 deletions
--- a/src/integration/functions/checkDb.ts
+++ b/src/integration/functions/checkDb.ts
@ -1,7 +1,7 @@
 import axios from "axios";
 import log from "loglevel";

-export async function checkDb(localName: string, remoteDbName: string) {
+export async function checkDb(localName: string, remoteDbName: string, password: string) {
    const logger = log.getLogger('checkDb');
    const dbs = await axios.get(import.meta.env.VITE_SYNCDB_ENDPOINT + 'list');
    logger.debug(dbs.data);
@ -11,7 +11,7 @@ export async function checkDb(localName: string, remoteDbName: string) {
            {
                "_id": "org.couchdb.user:" + localName,
                "name": localName,
-                "password": localName,
+                "password": password,
                "roles": ["readers"],
                "type": "user"
            }
--- a/src/integration/pouchdbPersistenceManager.ts
+++ b/src/integration/pouchdbPersistenceManager.ts
@ -285,9 +285,9 @@ export class PouchdbPersistenceManager {
            const userHex = ascii_to_hex(localName);
            const remoteDbName = 'userdb-' + userHex;
            const remoteUserName = localName;
-            const password = localName;
+            const password = this._encKey || localName;

-            if (await checkDb(localName, remoteDbName) == false) {
+            if (await checkDb(localName, remoteDbName, password) == false) {
                return;
            }

@ -301,15 +301,27 @@ export class PouchdbPersistenceManager {
            }
            if (target.data && target.data.userCtx) {
                if (!target.data.userCtx.name || target.data.userCtx.name != remoteUserName) {
-                    const buildTarget = await axios.post(userEndpoint,
-                        {username: remoteUserName, password: password});
-                    if (buildTarget.status != 200) {
-                        this._logger.info(buildTarget.statusText);
-                        return;
-                    } else {
-                        this.user = buildTarget.data.userCtx;
-                        this._logger.debug(this.user);
+                    try {
+                        const buildTarget = await axios.post(userEndpoint,
+                            {username: remoteUserName, password: password});
+                        if (buildTarget.status != 200) {
+                            this._logger.error(buildTarget.statusText);
+                            return;
+                        } else {
+                            this.user = buildTarget.data.userCtx;
+                            this._logger.debug(this.user);
+                        }
+                    } catch (err) {
+                        if (err.response && err.response.status == 401) {
+                            this._logger.warn(err);
+                            const promptPassword = new CustomEvent('promptpassword', {detail: 'Please enter password'});
+                            document.dispatchEvent(promptPassword);
+                        }
+
+                        //                    } else {
+                        this._logger.error(err);
                    }
+
                }
            }

--- a/src/react/webApp.tsx
+++ b/src/react/webApp.tsx
@ -1,6 +1,7 @@
 import {useEffect, useState} from "react";
 import {uploadImage} from "./functions/uploadImage";
 import {viewOnly} from "../util/functions/getPath";
+import axios from "axios";

 function MainMenu({onClick}) {
    if (viewOnly()) {
@ -58,10 +59,31 @@ function CreateMenu({display, toggleCreateMenu}) {
    const onCreateClick = (evt) => {
        evt.preventDefault();
        const name = (document.querySelector('#createName') as HTMLInputElement).value;
+        const password = (document.querySelector('#createPassword') as HTMLInputElement).value;
+        const password2 = (document.querySelector('#createPassword2') as HTMLInputElement).value;
+        if (password !== password2) {
+            window.alert('Passwords do not match');
+            return;
+        }
        const id = window.crypto.randomUUID().replace(/-/g, '_');
        localStorage.setItem(id, name);
        if (name && name.length > 4) {
-            document.location.href = '/db/' + id;
+            axios.post(import.meta.env.VITE_CREATE_ENDPOINT,
+                {
+                    "_id": "org.couchdb.user:" + id,
+                    "name": id,
+                    "password": password,
+                    "roles": ["readers"],
+                    "type": "user"
+                }
+            ).then(response => {
+                console.log(response);
+                document.location.href = '/db/' + id;
+            }).catch(error => {
+                console.error(error);
+            });
+
+
        } else {
            window.alert('Name must be longer than 4 characters');
        }
@ -70,6 +92,8 @@ function CreateMenu({display, toggleCreateMenu}) {
        <div className="overlay" id="create" style={{'display': display}}>
            <div>
                <div><input id="createName" placeholder="Enter a name for your diagram" type="text"/></div>
+                <div><input id="createPassword" placeholder="(Optional) Password" type="password"/></div>
+                <div><input id="createPassword2" placeholder="(Optional) Password" type="password"/></div>
                <div><a href="#" id="createActionLink" onClick={onCreateClick}>Create</a></div>
                <div><a className="cancel" onClick={toggleCreateMenu} href="#" id="cancelCreateLink">Cancel</a></div>
            </div>