Added basic setup page

author: Marvin Borner 2019-04-10 17:48:14 +0200
committer: Marvin Borner 2019-04-10 17:48:14 +0200
commit: cf0c64c6445f618cd8cf523d37e455ba669c5d69 (patch)
tree: e4259d622f8265123d2556edfb6f7266917b4a53
parent: a177d54b4bde907ca5b155a5fb1541402e494218 (diff)
3 files changed, 88 insertions, 16 deletions
diff --git a/src/main/kotlin/App.kt b/src/main/kotlin/App.kt
index cf44bd2..31fdae7 100644
--- a/src/main/kotlin/App.kt
+++ b/src/main/kotlin/App.kt
@@ -13,6 +13,7 @@ import io.javalin.security.SecurityUtil.roles
 import java.io.*
 import java.nio.charset.*
 import java.nio.file.*
+import java.util.*
 import java.util.logging.*
 
 const val fileHome = "files"
@@ -38,15 +39,7 @@ fun main() {
          * Main page
          * TODO: Create landing page
          */
-        get("/", { ctx ->
-            //if (/* check if logged in*/) {
-            ctx.render("index.rocker.html")
-            // } else if (databaseController.isInitialUse()){
-            // TODO: Render setup template
-            // } else {
-            // TODO: Render login template
-            //}
-        }, roles(Roles.GUEST))
+        get("/", { ctx -> ctx.render("index.rocker.html") }, roles(Roles.GUEST))
 
         /**
          * Renders the login page
@@ -63,6 +56,22 @@ fun main() {
         post("/login", { ctx -> login(ctx) }, roles(Roles.GUEST)) // TODO: brute-force protection
 
         /**
+         * Renders the setup page (only on initial use)
+         */
+        get("/setup", { ctx ->
+            if (databaseController.isSetup()) ctx.redirect("/")
+            else ctx.render(
+                "setup.rocker.html",
+                model("message", "")
+            )
+        }, roles(Roles.GUEST))
+
+        /**
+         * Endpoint for setup (only on initial use)
+         */
+        post("/setup", { ctx -> setup(ctx) }, roles(Roles.GUEST))
+
+        /**
          * Sends a json object of filenames in [fileHome]s
          * TODO: Fix possible security issue with "../"
          */
@@ -175,6 +184,9 @@ private fun isHumanReadable(filePath: String): Boolean {
     return d > 0.95
 }
 
+/**
+ * Checks and verifies users credentials and logs the user in
+ */
 fun login(ctx: Context) {
     val username = ctx.formParam("username").toString()
     val password = ctx.formParam("password").toString()
@@ -187,6 +199,24 @@ fun login(ctx: Context) {
         ctx.render("login.rocker.html", model("message", "Login failed!"))
 }
 
+/**
+ * Sets up the general settings and admin credentials
+ */
+fun setup(ctx: Context) {
+    try {
+        val username = ctx.formParam("username").toString()
+        val password = ctx.formParam("password").toString()
+        val verifyPassword = ctx.formParam("verifyPassword").toString()
+        if (password == verifyPassword) {
+            if (databaseController.createUser(username, password, "ADMIN")) {
+                databaseController.toggleSetup()
+                ctx.render("setup.rocker.html", model("message", "Setup succeeded!"))
+            } else ctx.status(400).render("setup.rocker.html", model("message", "User already exists!"))
+        } else ctx.status(400).render("setup.rocker.html", model("message", "Passwords do not match!"))
+    } catch (_: Exception) {
+        ctx.status(400).render("setup.rocker.html", model("message", "An error occurred!"))
+    }
+}
 
 /**
  * Declares the roles in which a user can be in
diff --git a/src/main/kotlin/DatabaseController.kt b/src/main/kotlin/DatabaseController.kt
index 1ecb8bb..8b6e457 100644
--- a/src/main/kotlin/DatabaseController.kt
+++ b/src/main/kotlin/DatabaseController.kt
@@ -53,6 +53,7 @@ class DatabaseController(dbFileLocation: String = "main.db") {
     object General : Table() {
         val id = integer("id").autoIncrement().primaryKey()
         val initialUse = integer("initialUse").default(1).primaryKey()
+        val isSetup = integer("isSetup").default(0).primaryKey()
     }
 
     init {
@@ -68,8 +69,8 @@ class DatabaseController(dbFileLocation: String = "main.db") {
     /**
      * Creates the user in the database using username, password and the role
      */
-    fun createUser(usernameString: String, passwordString: String, roleString: String) {
-        transaction {
+    fun createUser(usernameString: String, passwordString: String, roleString: String): Boolean {
+        return transaction {
             try {
                 val usersId = UserData.insert {
                     it[username] = usernameString
@@ -81,8 +82,10 @@ class DatabaseController(dbFileLocation: String = "main.db") {
                     roles[userId] = usersId!!
                     roles[roleId] = RolesData.select { RolesData.role eq roleString }.map { it[RolesData.id] }[0]
                 }
+                true
             } catch (_: org.jetbrains.exposed.exceptions.ExposedSQLException) {
                 log.warning("User already exists!")
+                false
             }
         }
     }
@@ -163,9 +166,25 @@ class DatabaseController(dbFileLocation: String = "main.db") {
     /**
      * Checks whether the site has been set up
      */
-    fun isInitialUse(): Boolean {
-        val initialUseRow = transaction { General.selectAll().map { it[General.initialUse] } }[0]
-        return initialUseRow == 1
+    fun isSetup(): Boolean {
+        return transaction {
+            try {
+                General.selectAll().map { it[General.isSetup] }[0] == 1
+            } catch (_: Exception) {
+                false
+            }
+        }
+    }
+
+    /**
+     * Toggles the setup state
+     */
+    fun toggleSetup() {
+        transaction {
+            General.update({ General.initialUse eq 0 }) {
+                it[General.isSetup] = 1
+            }
+        }
     }
 
     /**
@@ -185,8 +204,6 @@ class DatabaseController(dbFileLocation: String = "main.db") {
                     it[role] = "GUEST"
                 }
 
-                databaseController.createUser("melvin", "supersecure", "ADMIN")
-
                 UserRoles.insert {
                     it[userId] = 1
                     it[roleId] = 1
diff --git a/src/main/resources/views/setup.rocker.html b/src/main/resources/views/setup.rocker.html
new file mode 100644
index 0000000..f9c8357
--- /dev/null
+++ b/src/main/resources/views/setup.rocker.html
@@ -0,0 +1,25 @@
+@args (String message)
+
+@layout.template("Setup", RockerContent.NONE, RockerContent.NONE) -> {
+<form action="/setup" method="post">
+    <div>
+        <label for="username">Username:</label>
+        <input id="username" name="username" required type="text"/>
+    </div>
+    <div>
+        <label for="password">Password:</label>
+        <input id="password" name="password" required type="password"/>
+    </div>
+    <div>
+        <label for="verifyPassword">Verify password:</label>
+        <input id="verifyPassword" name="verifyPassword" required type="password"/>
+    </div>
+    <div>
+        <button type="submit">Setup</button>
+    </div>
+</form>
+
+@if (message.length() > 0) {
+<small>@message</small>
+}
+}
author	Marvin Borner	2019-04-10 17:48:14 +0200
committer	Marvin Borner	2019-04-10 17:48:14 +0200
commit	cf0c64c6445f618cd8cf523d37e455ba669c5d69 (patch)
tree	e4259d622f8265123d2556edfb6f7266917b4a53
parent	a177d54b4bde907ca5b155a5fb1541402e494218 (diff)