From 72f5731adeebf8d76c5c2dcc266f600ba57812d8 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Sat, 10 Oct 2020 17:05:27 +0200
Subject: Added basic admin interface

---
 auth/index.js | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'auth')

diff --git a/auth/index.js b/auth/index.js
index 1ea6290..40062cc 100644
--- a/auth/index.js
+++ b/auth/index.js
@@ -4,14 +4,24 @@ const db = require("../db");
 
 const app = express.Router();
 
-// TODO: Change passwords
-// TODO: Login (+ Frontend, cookie, etc)
-
 function checkUser(req, res, next) {
     if (req.session.loggedIn) next();
     else res.redirect("/auth");
 }
 
+function checkAdmin(req, res, next) {
+    if (!req.session.loggedIn) res.redirect("/auth");
+
+    try {
+        db.query("SELECT is_admin FROM users WHERE id = ?", [req.session.uid]).then((ret) => {
+            if (ret[0].is_admin == 1) next();
+            else res.redirect("/");
+        });
+    } catch (e) {
+        res.redirect("/");
+    }
+}
+
 app.use(
     "/",
     (req, res, next) => {
@@ -81,4 +91,4 @@ app.get("/api/list", checkUser, async (req, res) => {
 
 app.get("/api/status", (req, res) => res.json({ loggedIn: req.session.loggedIn }));
 
-module.exports = { auth: app, checkUser };
+module.exports = { auth: app, checkUser, checkAdmin };
-- 
cgit v1.2.3


From f0e24fe07d8eac3e8d893238c13e1b5a9ebecd1c Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Sat, 10 Oct 2020 17:52:45 +0200
Subject: CSS

---
 auth/public/style.css      | 4 ++--
 mottovote/public/style.css | 2 +-
 overview/public/style.css  | 4 ++--
 poll/public/style.css      | 4 ++--
 quotes/public/style.css    | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'auth')

diff --git a/auth/public/style.css b/auth/public/style.css
index 4bbdc55..413ace1 100644
--- a/auth/public/style.css
+++ b/auth/public/style.css
@@ -14,7 +14,7 @@ div {
 
 form {
     position: absolute;
-    width: 30%;
+    width: 40%;
     left: 50%;
     top: 50%;
     -webkit-transform: translate(-50%, -50%);
@@ -29,7 +29,7 @@ button {
     width: 100%;
 }
 
-@media only screen and (max-width: 600px) {
+@media only screen and (max-width: 700px) {
     form {
         width: calc(100% - 50px);
     }
diff --git a/mottovote/public/style.css b/mottovote/public/style.css
index 1982e0a..90bf0f6 100644
--- a/mottovote/public/style.css
+++ b/mottovote/public/style.css
@@ -52,7 +52,7 @@ select {
     width: 100%;
 }
 
-@media only screen and (max-width: 600px) {
+@media only screen and (max-width: 700px) {
     main {
         width: calc(100% - 50px);
     }
diff --git a/overview/public/style.css b/overview/public/style.css
index 77853bf..16cd26f 100644
--- a/overview/public/style.css
+++ b/overview/public/style.css
@@ -12,7 +12,7 @@ body {
     position: absolute;
     max-height: 80%;
     overflow: auto;
-    width: 30%;
+    width: 40%;
     left: 50%;
     top: 50%;
     -webkit-transform: translate(-50%, -50%);
@@ -26,7 +26,7 @@ div {
     background: white;
 }
 
-@media only screen and (max-width: 600px) {
+@media only screen and (max-width: 700px) {
     .card {
         width: calc(100% - 50px);
     }
diff --git a/poll/public/style.css b/poll/public/style.css
index 9861f9d..80f9294 100644
--- a/poll/public/style.css
+++ b/poll/public/style.css
@@ -14,7 +14,7 @@ div {
 
 main {
     position: absolute;
-    width: 30%;
+    width: 40%;
     left: 50%;
     top: 50%;
     -webkit-transform: translate(-50%, -50%);
@@ -30,7 +30,7 @@ select {
     width: 100%;
 }
 
-@media only screen and (max-width: 600px) {
+@media only screen and (max-width: 700px) {
     main {
         width: calc(100% - 50px);
     }
diff --git a/quotes/public/style.css b/quotes/public/style.css
index a4e85ea..ae0642b 100644
--- a/quotes/public/style.css
+++ b/quotes/public/style.css
@@ -16,7 +16,7 @@ main {
     position: absolute;
     max-height: 80%;
     overflow-y: auto;
-    width: 30%;
+    width: 40%;
     left: 50%;
     top: 50%;
     -webkit-transform: translate(-50%, -50%);
@@ -54,7 +54,7 @@ select {
     width: 100%;
 }
 
-@media only screen and (max-width: 600px) {
+@media only screen and (max-width: 700px) {
     main {
         width: calc(100% - 50px);
     }
-- 
cgit v1.2.3


From 16ebbb932c0b780c11d3e574bc24a515eb095f5f Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Sat, 10 Oct 2020 18:37:26 +0200
Subject: Fixed navbar if not logged in

---
 auth/index.js              | 10 +++++++++-
 auth/public/index.html     |  1 -
 overview/public/index.html |  7 +++++--
 overview/public/script.js  | 22 ++++++++++++++++++++++
 4 files changed, 36 insertions(+), 4 deletions(-)
 create mode 100644 overview/public/script.js

(limited to 'auth')

diff --git a/auth/index.js b/auth/index.js
index 40062cc..e40ea43 100644
--- a/auth/index.js
+++ b/auth/index.js
@@ -89,6 +89,14 @@ app.get("/api/list", checkUser, async (req, res) => {
     res.json(users);
 });
 
-app.get("/api/status", (req, res) => res.json({ loggedIn: req.session.loggedIn }));
+app.get("/api/status", (req, res) => {
+	if (req.session.loggedIn) {
+        db.query("SELECT is_admin FROM users WHERE id = ?", [req.session.uid]).then((ret) => {
+	    res.json({ loggedIn: req.session.loggedIn, admin: ret[0].is_admin ? true : false });
+        });
+	} else {
+	res.json({ loggedIn: false, admin: false });
+	}
+});
 
 module.exports = { auth: app, checkUser, checkAdmin };
diff --git a/auth/public/index.html b/auth/public/index.html
index b56db07..8273238 100644
--- a/auth/public/index.html
+++ b/auth/public/index.html
@@ -16,7 +16,6 @@
     <body>
         <div class="pure-menu pure-menu-horizontal">
             <a href="/" class="pure-menu-item pure-menu-link">Home</a>
-            <a href="/auth/api/logout" class="pure-menu-item pure-menu-link">Logout</a>
         </div>
 
         <form class="pure-form pure-form-stacked" action="api/login" method="post">
diff --git a/overview/public/index.html b/overview/public/index.html
index c97b83f..f9bc2d8 100644
--- a/overview/public/index.html
+++ b/overview/public/index.html
@@ -15,8 +15,9 @@
     </head>
     <body>
         <div class="pure-menu pure-menu-horizontal">
-            <a href="/auth/change.html" class="pure-menu-item pure-menu-link">Passwort ändern</a>
-            <a href="/auth/api/logout" class="pure-menu-item pure-menu-link">Logout</a>
+            <a href="" class="pure-menu-item pure-menu-link"></a>
+            <a href="" class="pure-menu-item pure-menu-link"></a>
+            <a href="" class="pure-menu-item pure-menu-link"></a>
         </div>
         <div class="card">
             <h2>Hallo, liebe RBS-Schüler*innen!</h2>
@@ -45,5 +46,7 @@
                 <li><a href="https://github.com/marvinborner/Abizeugs/">Öffentlicher Source-Code</a></li>
             </ul>
         </div>
+
+	<script src="script.js"></script>
     </body>
 </html>
diff --git a/overview/public/script.js b/overview/public/script.js
new file mode 100644
index 0000000..be058b7
--- /dev/null
+++ b/overview/public/script.js
@@ -0,0 +1,22 @@
+fetch("/auth/api/status").then(response => response.json()).then(response => {
+	console.log(response);
+	const first = document.querySelectorAll("a")[0];
+	const second = document.querySelectorAll("a")[1];
+	const third = document.querySelectorAll("a")[2];
+
+	if (!response.admin)
+		third.style.display = "none";
+
+	if (response.loggedIn) {
+		first.href = "/auth/change.html";
+		first.innerText = "Passwort ändern";
+		second.href = "/auth/api/logout";
+		second.innerText = "Logout";
+		if (response.admin) {
+		third.href = "/admin";
+		third.innerText = "Administration";
+		}
+	} else {
+		document.querySelectorAll("div.pure-menu")[0].style.display = "none";
+	}
+});
-- 
cgit v1.2.3