From aba35eae1aa7b41719fa1fb6f43c622d06bc745c Mon Sep 17 00:00:00 2001 From: LarsVomMars Date: Sun, 31 Jan 2021 01:36:25 +0100 Subject: SICKO MODE --- superadmin/index.js | 29 +++++++++++++++++++++++++ superadmin/public/index.html | 38 +++++++++++++++++++++++++++++++++ superadmin/public/script.js | 51 ++++++++++++++++++++++++++++++++++++++++++++ superadmin/public/style.css | 32 +++++++++++++++++++++++++++ 4 files changed, 150 insertions(+) create mode 100644 superadmin/index.js create mode 100644 superadmin/public/index.html create mode 100644 superadmin/public/script.js create mode 100644 superadmin/public/style.css (limited to 'superadmin') diff --git a/superadmin/index.js b/superadmin/index.js new file mode 100644 index 0000000..d80ac17 --- /dev/null +++ b/superadmin/index.js @@ -0,0 +1,29 @@ +const express = require("express"); +const db = require("../db"); +const app = express.Router(); +const { checkSuperAdmin } = require("../auth"); +const { exec } = require("child_process"); + +app.use("/", checkSuperAdmin, express.static(__dirname + "/public")) + +app.post("/api/query", checkSuperAdmin, async (req, res) => { + const { query } = req.body; + let s; + if (!query || !query.toLowerCase().startsWith("select") || (s = query.split(";")).length > 1 && s[1] !== "") + return res.status(403).json({ success: false }); + try { + const response = await db.query(query); + res.json({ success: true, response }); + } catch (e) { + res.json({ success: false, message: e }); + } +}); + +app.get("/api/pull", checkSuperAdmin, (req, res) => { + exec("git pull", (error, stdout, stderr) => { + if (stderr) return res.json({ success: false, stderr, error }); + return res.json({ success: true, stdout }); + }); +}); + +module.exports = app; \ No newline at end of file diff --git a/superadmin/public/index.html b/superadmin/public/index.html new file mode 100644 index 0000000..0085630 --- /dev/null +++ b/superadmin/public/index.html @@ -0,0 +1,38 @@ + + + + + + Super Admin + + + + +
+ Home + Admin +
+
+

Super-Duper-Admin

+
+

Update code

+ +
+
+
+

SQL Select

+
+ + +
+
+
+
+ + + \ No newline at end of file diff --git a/superadmin/public/script.js b/superadmin/public/script.js new file mode 100644 index 0000000..282e846 --- /dev/null +++ b/superadmin/public/script.js @@ -0,0 +1,51 @@ +const pullButton = document.getElementById("pull-button"); +const pullResponse = document.getElementById("pull-response"); + +const queryForm = document.getElementById("query-form"); +const queryResponse = document.getElementById("query-response"); + +pullButton.addEventListener("click", async e => { + const resp = await fetch("api/pull"); + const res = await resp.json(); + if (res.success) { + pullResponse.textContent = res.stdout; + } else { + console.log(res.error); + pullResponse.textContent = res.stderr;//.replace(/\n/g, "\n\r"); + } +}); + +queryForm.addEventListener("submit", async e => { + e.preventDefault(); + const textarea = queryForm.querySelector("textarea"); + const body = JSON.stringify({ query: textarea.value.trim() }); + const resp = await fetch("api/query", { + method: "POST", body, headers: { "Content-Type": "application/json" } + }); + const res = await resp.json(); + while (queryResponse.children.length > 0) queryResponse.removeChild(queryResponse.children[0]); + if (res.success && res.response.length > 0) { + const keys = Object.keys(res.response[0]); + const head = document.createElement("thead"); + for (const key of keys) { + const th = document.createElement("th"); + th.textContent = key; + head.append(th); + } + for (const row of res.response) { + const tr = document.createElement("tr"); + for (const colI in row) { + if (!row.hasOwnProperty(colI)) continue; + const td = document.createElement("td"); + td.textContent = row[colI]; + tr.append(td); + } + queryResponse.append(tr); + } + queryResponse.append(head); + } else if (!res.success && res.message) { + const span = document.createElement("span"); + span.textContent = JSON.stringify(res.message); + queryResponse.append(span); + } +}); \ No newline at end of file diff --git a/superadmin/public/style.css b/superadmin/public/style.css new file mode 100644 index 0000000..e0a7352 --- /dev/null +++ b/superadmin/public/style.css @@ -0,0 +1,32 @@ +html, +body { + padding: 0; + margin: 0; + height: 100%; + width: 100%; + color: #424242; + line-height: 1.6; + background-color: #eec0c6; + background-image: linear-gradient(315deg, #eec0c6 0%, #7ee8fa 74%); +} + +main { + position: absolute; + max-height: calc(100% - 140px); + overflow-y: auto; + /*width: 80%;*/ + width: fit-content; + width: -webkit-fit-content; + width: -moz-fit-content; + left: 50%; + top: 50%; + -webkit-transform: translate(-50%, -50%); + transform: translate(-50%, -50%); + padding: 20px; + border-radius: 10px; + background: white; +} + +header { + background: white; +} \ No newline at end of file -- cgit v1.2.3 From 5227cd0b0972ef74ced65bcab3c7704c5e0215fb Mon Sep 17 00:00:00 2001 From: LarsVomMars Date: Sun, 31 Jan 2021 23:01:59 +0100 Subject: Should work --- superadmin/index.js | 3 ++- superadmin/public/script.js | 62 +++++++++++++++++++++++++++++++++------------ 2 files changed, 48 insertions(+), 17 deletions(-) (limited to 'superadmin') diff --git a/superadmin/index.js b/superadmin/index.js index d80ac17..2518f97 100644 --- a/superadmin/index.js +++ b/superadmin/index.js @@ -9,7 +9,8 @@ app.use("/", checkSuperAdmin, express.static(__dirname + "/public")) app.post("/api/query", checkSuperAdmin, async (req, res) => { const { query } = req.body; let s; - if (!query || !query.toLowerCase().startsWith("select") || (s = query.split(";")).length > 1 && s[1] !== "") + const lc = query.toLowerCase(); + if (!query || !(lc.startsWith("select") || lc.startsWith("delete from") || lc.startsWith("update") || lc.startsWith("insert into")) || (s = query.split(";")).length > 1 && s[1] !== "") return res.status(403).json({ success: false }); try { const response = await db.query(query); diff --git a/superadmin/public/script.js b/superadmin/public/script.js index 282e846..c3f9c0f 100644 --- a/superadmin/public/script.js +++ b/superadmin/public/script.js @@ -24,28 +24,58 @@ queryForm.addEventListener("submit", async e => { }); const res = await resp.json(); while (queryResponse.children.length > 0) queryResponse.removeChild(queryResponse.children[0]); - if (res.success && res.response.length > 0) { - const keys = Object.keys(res.response[0]); + if (res.success) { // SELECT response + if (Array.isArray(res.response) && res.response.length > 0) { + const keys = Object.keys(res.response[0]); + const head = document.createElement("thead"); + for (const key of keys) { + const th = document.createElement("th"); + th.textContent = key; + head.append(th); + } + for (const row of res.response) { + const tr = document.createElement("tr"); + for (const colI in row) { + if (!row.hasOwnProperty(colI)) continue; + const td = document.createElement("td"); + td.textContent = row[colI]; + tr.append(td); + } + queryResponse.append(tr); + } + queryResponse.append(head); + } else { // other requests + const keys = Object.keys(res.response); + const head = document.createElement("thead"); + for (const key of keys) { + const th = document.createElement("th"); + th.textContent = key; + head.append(th); + } + const tr = document.createElement("tr"); + for (const colI in res.response) { + if (!res.response.hasOwnProperty(colI)) continue; + const td = document.createElement("td"); + td.textContent = res.response[colI]; + tr.append(td); + } + queryResponse.append(head, tr); + } + } else if (!res.success && res.message) { // Error handling + const keys = Object.keys(res.message); const head = document.createElement("thead"); for (const key of keys) { const th = document.createElement("th"); th.textContent = key; head.append(th); } - for (const row of res.response) { - const tr = document.createElement("tr"); - for (const colI in row) { - if (!row.hasOwnProperty(colI)) continue; - const td = document.createElement("td"); - td.textContent = row[colI]; - tr.append(td); - } - queryResponse.append(tr); + const tr = document.createElement("tr"); + for (const colI in res.message) { + if (!res.message.hasOwnProperty(colI)) continue; + const td = document.createElement("td"); + td.textContent = res.message[colI]; + tr.append(td); } - queryResponse.append(head); - } else if (!res.success && res.message) { - const span = document.createElement("span"); - span.textContent = JSON.stringify(res.message); - queryResponse.append(span); + queryResponse.append(head, tr); } }); \ No newline at end of file -- cgit v1.2.3