can edit admins

Author: Ratcoder

app/authorize.js

@@ -15,11 +15,11 @@ module.exports = function authorize(cookie, privateKey, accessLevel){
                 if(err || decoded.level < accessLevel){
                     passed = false;
                 }
-                resolve(passed);
+                resolve({passed, token: decoded});
             });
         }
         catch{
-            resolve(false);
+            resolve({passed: false});
         }
     });
 }

app/routes/changeAdmin.js

@@ -0,0 +1,32 @@
+const Database = require('../services/database');
+const bcrypt = require('bcrypt');
+const util = require('util');
+const saltRounds = 10;
+const hash = util.promisify(bcrypt.hash);
+
+module.exports = {
+    path: '/api/changeAdmin',
+    method: 'POST',
+    accessLevel: 1,
+    handler: async (request, responce) => {
+        const json = await JSON.parse(request.body);
+        let player = await Database.admins.get(json.name);
+        if(json.password){
+            if(request.token.level != 3 && request.token.name != json.name){
+                responce.status(403).text('Forbidden.')
+                return;
+            }
+            player.password = await hash(json.password, saltRounds);
+            responce.setHeader('Set-Cookie', [`jwt=; Secure; HttpOnly`])
+        }
+        if(json.level){
+            if(request.token.level != 3){
+                responce.status(403).text('Forbidden.')
+                return;
+            }
+            player.level = json.level;
+        }
+        await Database.admins.update(json.name, player);
+        responce.status(200).text('Admin changed.')
+    }
+}

app/server.js

@@ -78,11 +78,12 @@ function startAdminServer(){
                 if(routes[i].path == path && routes[i].method == request.method){
                     if(!routes[i].public){
                         authorize(request.headers.cookie, key, routes[i].accessLevel || 2).then(result => {
-                            if(result){
+                            if(result.passed){
                                 routes[i].handler(
                                     {
                                         headers: request.headers,
-                                        body: buffer
+                                        body: buffer,
+                                        token: result.token
                                     },
                                     new Responce(responce)
                                 );
@@ -140,38 +141,35 @@ startAdminServer();
 SSL.watch(server, startAdminServer);
 
 class Responce{
-    _status = 200;
+    _headers = {};
 
     constructor(responce){
         this.responce = responce;
     }
     status(status){
-        this._status = status;
+        this.setHeader(':status', status);
         return this;
     }
     json(json){
-        this.responce.stream.respond({
-            'content-type': 'application/json; charset=utf-8',
-            ':status': this._status
-        });
+        this.setHeader('content-type', 'application/json; charset=utf-8');
+        this.responce.stream.respond(this._headers);
         this.responce.stream.end(JSON.stringify(json));
     }
     text(text){
-        this.responce.stream.respond({
-            'content-type': 'text/plain; charset=utf-8',
-            ':status': this._status
-        });
+        this.setHeader('content-type', 'text/plain; charset=utf-8');
+        this.responce.stream.respond(this._headers);
         this.responce.stream.end(text);
     }
     eventstream(){
-        this.responce.stream.respond({
-            'content-type': 'text/event-stream',
-            'cache-controll': 'no-cache',
-            ':status': this._status
-        });
+        this.setHeader('content-type', 'text/event-stream');
+        this.setHeader('cache-controll', 'no-cache');
+        this.responce.stream.respond(this._headers);
         return this;
     }
     write(data){
         this.responce.stream.write(data);
     }
+    setHeader(header, value){
+        this._headers[header] = value;
+    }
 }

svelte/src/EnumInput.svelte

@@ -2,13 +2,14 @@
     export let name;
     export let value;
     export let options;
+    export let optionsDisplay;
 </script>
 
 <div>
     <label for={name}>{name}</label>
     <select bind:value={value} type="text" name={name} id={name}>
-        {#each options as option}
-            <option value={option}>{option}</option>
+        {#each options as option, i}
+            <option value={option}>{optionsDisplay[i] || option}</option>
         {/each}
     </select>
 </div>

svelte/src/TextInput.svelte

@@ -1,12 +1,17 @@
 <script>
     export let value;
     export let name;
+    export let password;
 </script>
 
 <div>
     <div class="wr">
         <label for={name}><slot></slot></label>
-        <input bind:value type="text" {name} id={name}>
+        {#if password}
+            <input bind:value type="password" {name} id={name}>
+        {:else}
+            <input bind:value type="text" {name} id={name}>
+        {/if}
     </div>
 </div>
 

svelte/src/pages/Settings.svelte

@@ -6,6 +6,7 @@
     import IntInput from '../IntInput.svelte';
     import BoolInput from '../BoolInput.svelte';
     import defaultSettings from '../../../app/defaultSettings.js';
+import IconButton from '../IconButton.svelte';
 
     const tabs = ['General', 'Game Settings', 'Backups', 'Player Permissions', 'Advanced', 'Admins'];
     let currentTab = 0;
@@ -88,6 +89,29 @@
         .then(json => {
             admins = json;
         });
+
+    let permissionLevel = 3;
+    let isEditingAdmin = false;
+    let editingAdmin = {};
+    function editAdmin(id){
+        isEditingAdmin = true;
+        editingAdmin.id = id;
+        editingAdmin.name = admins[id].name;
+        editingAdmin.level = admins[id].level;
+    }
+    function sendEditAdmin(){
+        let body = {
+            name: editingAdmin.name,
+            level: editingAdmin.level
+        };
+        if(editingAdmin.settingPassword && editingAdmin.password == editingAdmin.confirmPassword) {
+            body.password = editingAdmin.password;
+        }
+        fetch(`/api/changeAdmin`, {cache: 'no-cache', method: 'post', headers: {'Content-Type': 'text/json'}, body: JSON.stringify(body)})
+            .then(response => {
+                
+            });
+    }
 </script>
 
 <div class="main" in:fly="{{ x: 200, duration: 600 }}" out:fly="{{ x: -200, duration: 600 }}">
@@ -164,20 +188,45 @@
                 <BoolInput bind:value={settings.texturepackRequired} name="Texturepack Required"></BoolInput>
                 <BoolInput bind:value={settings.contentLogFileEnabled} name="Content Log File Enabled"></BoolInput>
             {:else if currentTab == 5}
-                {#each admins as admin}
-                    <div class='admin'>
-                        <p class='admin-name'>{admin.name}</p>
-                        <p class='admin-level'>
-                            {#if admins.level == 1}
-                                Player Manager
-                            {:else if admins.level == 2}
-                                Server Manager
-                            {:else if admin.level == 3}
-                                Owner
-                            {/if}
-                        </p>
+                {#if isEditingAdmin}
+                    <div>
+                        <p class='admin-name'>{editingAdmin.name}</p>
+                        {#if permissionLevel == 3}
+                            <EnumInput bind:value={editingAdmin.level} name="Role" options={[1, 2, 3]} optionsDisplay={['Player Manager', 'Server Manager', 'Owner']}></EnumInput>
+                        {/if}
+                        {#if editingAdmin.settingPassword}
+                            <TextInput name="password" bind:value={editingAdmin.password} password>Set Password</TextInput>
+                            <TextInput name="confirm password" bind:value={editingAdmin.confirmPassword} password>Confirm Password</TextInput>
+                        {:else}
+                            <Button on:click={() => {editingAdmin.settingPassword = true}}>Set New Password</Button>
+                        {/if}
+                        <Button>Delete Admin</Button>
+                        <div>
+                            <button on:click={sendEditAdmin} style="float: left; width:50%;">Confirm</button>
+                            <button on:click={()=>{isEditingAdmin = false}} style="float: right; width:50%;">Cancel</button>
+                        </div>
                     </div>
-                {/each}
+                {:else}
+                    {#each admins as admin, i}
+                        <div class='admin'>
+                            <div style="float: left; margin-right: 20px">
+                                <p class='admin-name'>{admin.name}</p>
+                                <p class='admin-level'>
+                                    {#if admin.level == 1}
+                                        Player Manager
+                                    {:else if admin.level == 2}
+                                        Server Manager
+                                    {:else if admin.level == 3}
+                                        Owner
+                                    {/if}
+                                </p>
+                            </div>
+                            {#if permissionLevel === 3}
+                                <IconButton style="float: right; margin-top: 10px;" src="/icons/edit.svg" on:click={() => {if(permissionLevel === 3) editAdmin(i)}}></IconButton>
+                            {/if}
+                        </div>
+                    {/each}
+                {/if}
             {/if}
             {#if unsavedChanged}
                 <Button on:click={saveSettings}>Save Settings</Button>