Added role and user feature

author: Marvin Borner 2019-04-04 22:16:58 +0200
committer: Marvin Borner 2019-04-04 22:16:58 +0200
commit: 40191331c2fe5f14abcb319669808273c5125e8d (patch)
tree: 61bb70e14edd78f4a254bbd48c5bc8d81ba58f13
parent: 939834914e32464f66f0bfa30473263d96941715 (diff)
5 files changed, 67 insertions, 28 deletions
diff --git a/src/main/kotlin/App.kt b/src/main/kotlin/App.kt
index 327dec4..0c586e0 100644
--- a/src/main/kotlin/App.kt
+++ b/src/main/kotlin/App.kt
@@ -3,17 +3,23 @@ package space.anity
 import com.fizzed.rocker.*
 import com.fizzed.rocker.runtime.*
 import io.javalin.*
+import io.javalin.apibuilder.ApiBuilder.*
 import io.javalin.core.util.*
 import io.javalin.rendering.*
 import io.javalin.rendering.template.TemplateUtil.model
+import io.javalin.security.*
+import io.javalin.security.SecurityUtil.roles
 import java.io.*
 import java.nio.file.*
 
 const val fileHome = "files"
-val db = DatabaseController()
+val databaseController = DatabaseController()
 
 fun main() {
-    val app = Javalin.create().enableStaticFiles("../resources/").start(7000)
+    val app = Javalin.create()
+        .enableStaticFiles("../resources/")
+        .accessManager { handler, ctx, permittedRoles -> setupRoles(handler, ctx, permittedRoles) }
+        .start(7000)
 
     // Set up templating
     RockerRuntime.getInstance().isReloading = true
@@ -21,22 +27,37 @@ fun main() {
         FileRenderer { filepath, model -> Rocker.template(filepath).bind(model).render().toString() }, ".rocker.html"
     )
 
-    /**
-     * Sends a json object of filenames in [fileHome]s
-     * TODO: Fix possible security issue with "../"
-     */
-    app.get("/files/*") { ctx -> crawlFiles(ctx) }
 
-    /**
-     * Redirects upload to corresponding html file
-     */
-    app.get("/upload") { ctx -> ctx.redirect("/views/upload.html") }
+    // db test
+    databaseController.createUser("melvin", "supersecure", "ADMIN")
 
-    /**
-     * Receives and saves multipart media data
-     * TODO: Fix possible security issue with "../"
-     */
-    app.post("/upload") { ctx -> upload(ctx) }
+    app.routes {
+        /**
+         * Sends a json object of filenames in [fileHome]s
+         * TODO: Fix possible security issue with "../"
+         */
+        get("/files/*", { ctx -> crawlFiles(ctx) }, roles(Roles.ADMIN))
+
+        /**
+         * Redirects upload to corresponding html file
+         */
+        get("/upload", { ctx -> ctx.redirect("/views/upload.html") }, roles(Roles.USER))
+
+        /**
+         * Receives and saves multipart media data
+         * TODO: Fix possible security issue with "../"
+         */
+        post("/upload", { ctx -> upload(ctx) }, roles(Roles.ADMIN))
+    }
+}
+
+fun setupRoles(handler: Handler, ctx: Context, permittedRoles: Set<Role>) {
+    val userRole = databaseController.getUser("melvin")[0].second
+    when {
+        permittedRoles.contains(userRole) -> handler.handle(ctx)
+        ctx.host()!!.contains("localhost") -> handler.handle(ctx)
+        else -> ctx.status(401).json("This site isn't available for you.")
+    }
 }
 
 /**
@@ -80,3 +101,7 @@ fun upload(ctx: Context) {
             throw BadRequestResponse("Error: Please enter a filename.")
     }
 }
+
+enum class Roles : Role {
+    ADMIN, USER, GUEST
+}
diff --git a/src/main/kotlin/DatabaseController.kt b/src/main/kotlin/DatabaseController.kt
index d118b97..64acc6c 100644
--- a/src/main/kotlin/DatabaseController.kt
+++ b/src/main/kotlin/DatabaseController.kt
@@ -23,6 +23,7 @@ class DatabaseController(dbFileLocation: String = "main.db") {
         // val id = integer("id").autoIncrement().primaryKey()
         val username = varchar("username", 24).primaryKey()  // remove .primaryKey(), if id column is used
         val password = varchar("password", 64)
+        val role = varchar("role", 64).default("USER")
     }
 
     /**
@@ -43,11 +44,25 @@ class DatabaseController(dbFileLocation: String = "main.db") {
         }
     }
 
-    fun createUser(uname :String, passwordHash :String) {
+    fun createUser(usernameString: String, passwordHash: String, roleString: String) {
         transaction {
-            UserData.insert {
-                it[username] = uname
-                it[password] = passwordHash
+            try {
+                UserData.insert {
+                    it[username] = usernameString
+                    it[password] = passwordHash
+                    it[role] = roleString
+                }
+            } catch (_: org.jetbrains.exposed.exceptions.ExposedSQLException) {
+                println("User already exists")
+            }
+
+        }
+    }
+
+    fun getUser(usernameString: String): List<Pair<String, Roles>> {
+        return transaction {
+            return@transaction UserData.select { UserData.username eq usernameString }.map {
+                it[UserData.username] to (if (it[UserData.role] == "ADMIN") Roles.ADMIN else Roles.USER)
             }
         }
     }
@@ -67,7 +82,5 @@ class DatabaseController(dbFileLocation: String = "main.db") {
 
     */
 
-
-
     // TODO add functions for database usage
 }
diff --git a/src/main/resources/compiled-views/rocker-compiler.conf b/src/main/resources/compiled-views/rocker-compiler.conf
index 5ef6980..bd02e79 100644
--- a/src/main/resources/compiled-views/rocker-compiler.conf
+++ b/src/main/resources/compiled-views/rocker-compiler.conf
@@ -1,10 +1,11 @@
-# DO NOT MODIFY THIS FILE - IT SHOULD BE UPDATED AUTOMATICALLY VIA ./gradlew compileRocker
-rocker.class.dir=/YOURPATH/src/main/resources/compiled-views
+#rocker.output.dir
+#Thu Apr 04 22:14:07 CEST 2019
+rocker.class.dir=/home/melvin/Coding/kloud/src/main/resources/compiled-views
 rocker.option.extendsClass=com.fizzed.rocker.runtime.DefaultRockerTemplate
 rocker.option.optimize=false
-rocker.output.dir=/YOURPATH/src/main/resources/generated-views
+rocker.output.dir=/home/melvin/Coding/kloud/src/main/resources/generated-views
 rocker.option.targetCharset=UTF-8
-rocker.template.dir=/YOURPATH/src/main/resources/views
+rocker.template.dir=/home/melvin/Coding/kloud/src/main/resources/views
 rocker.option.combineAdjacentPlain=true
 rocker.option.javaVersion=1.8
 rocker.option.extendsModelClass=com.fizzed.rocker.runtime.DefaultRockerModel
diff --git a/src/main/resources/generated-views/files.java b/src/main/resources/generated-views/files.java
index 935aca1..ee232d2 100644
--- a/src/main/resources/generated-views/files.java
+++ b/src/main/resources/generated-views/files.java
@@ -31,7 +31,7 @@ public class files extends com.fizzed.rocker.runtime.DefaultRockerModel {
     }
 
     static public long getModifiedAt() {
-        return 1554383637000L;
+        return 1554383637381L;
     }
 
     static public String[] getArgumentNames() {
diff --git a/src/main/resources/generated-views/fileview.java b/src/main/resources/generated-views/fileview.java
index 94785ca..14b1a70 100644
--- a/src/main/resources/generated-views/fileview.java
+++ b/src/main/resources/generated-views/fileview.java
@@ -28,7 +28,7 @@ public class fileview extends com.fizzed.rocker.runtime.DefaultRockerModel {
     }
 
     static public long getModifiedAt() {
-        return 1554384470000L;
+        return 1554408818000L;
     }
 
     static public String[] getArgumentNames() {
author	Marvin Borner	2019-04-04 22:16:58 +0200
committer	Marvin Borner	2019-04-04 22:16:58 +0200
commit	40191331c2fe5f14abcb319669808273c5125e8d (patch)
tree	61bb70e14edd78f4a254bbd48c5bc8d81ba58f13
parent	939834914e32464f66f0bfa30473263d96941715 (diff)