From faaaa8d572a781fbf60645d5ea7fd0374721d316 Mon Sep 17 00:00:00 2001 From: tycrek Date: Sat, 24 Dec 2022 21:04:50 -0700 Subject: [PATCH 1/4] fix: this shouldn't be an entire `User`, that makes no sense --- src/auth.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/auth.ts b/src/auth.ts index 0afac37b..7b7d1d79 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -94,9 +94,7 @@ const migrate = (authFileName = 'auth.json'): Promise => new Promise(asyn /** * This is a WIP */ -export const createNewUser = (username: string, password: string, admin: boolean, meta?: { [key: string]: User }): Promise => new Promise(async (resolve, reject) => { - - // todo: finish this +export const createNewUser = (username: string, password: string, admin: boolean, meta?: { [key: string]: any }): Promise => new Promise(async (resolve, reject) => { // Create a new user object const newUser: User = { From 4663ce40c971fc6bbc3fd3f06eb561e39e959b5a Mon Sep 17 00:00:00 2001 From: tycrek Date: Sat, 24 Dec 2022 21:05:32 -0700 Subject: [PATCH 2/4] feat: add creating users via API --- src/auth.ts | 4 +++- src/routers/api.ts | 20 +++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/auth.ts b/src/auth.ts index 7b7d1d79..384fabe3 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -113,7 +113,9 @@ export const createNewUser = (username: string, password: string, admin: boolean const authPath = path('auth.json'); const authData = fs.readJsonSync(authPath) as Users; authData.users.push(newUser); - fs.writeJson(authPath, authData, { spaces: '\t' }); + fs.writeJson(authPath, authData, { spaces: '\t' }) + .then(() => resolve(newUser)) + .catch(reject); }); export const setUserPassword = (unid: string, password: string): Promise => new Promise(async (resolve, reject) => { diff --git a/src/routers/api.ts b/src/routers/api.ts index a7a0675a..b15bb9dd 100644 --- a/src/routers/api.ts +++ b/src/routers/api.ts @@ -5,7 +5,8 @@ */ import { Router, Request, Response, NextFunction } from 'express'; -import { findFromToken, setUserPassword, users } from '../auth'; +import { findFromToken, setUserPassword, users, createNewUser } from '../auth'; +import { log } from '../utils'; import { data } from '../data'; import { User } from '../types/auth'; @@ -56,6 +57,23 @@ function buildUserRouter() { .catch(() => res.sendStatus(500)); }); + // Create a new user + // Admin only + userRouter.post('/new', adminAuthMiddleware, (req: Request, res: Response) => { + const username: string | undefined = req.body.username; + const password: string | undefined = req.body.password; + const admin = req.body.admin ?? false; + const meta: any = req.body.meta ?? {}; + + // Block if username or password is empty, or if username is already taken + if (username == null || username.length === 0 || password == null || password.length == 0 || users.find(user => user.username === username)) + return res.sendStatus(400); + + createNewUser(username, password, admin, meta) + .then((user) => res.send(user)) + .catch((err) => (log.error(err), res.sendStatus(500))); + }); + // Get a user (must be last as it's a catch-all) // Admin only userRouter.get('/:id', adminAuthMiddleware, (req: Request, res: Response) => From f441844ced0de218058866d876c0f73a62867e11 Mon Sep 17 00:00:00 2001 From: tycrek Date: Sat, 24 Dec 2022 21:08:03 -0700 Subject: [PATCH 3/4] docs: detail adding new users via API --- .github/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/README.md b/.github/README.md index ead4e41a..09d44b60 100644 --- a/.github/README.md +++ b/.github/README.md @@ -382,8 +382,10 @@ Other things to note: | **`GET /user/all`** | Returns a list of all users | Yes | | **`GET /user/self`** | Returns the current user | No | | **`GET /user/token/:token`** | Returns the user with the given token | No | -| **`POST /user/reset`** | Resets the current user's **password** (token resets coming soon) | No | +| **`POST /user/reset`** | Resets the current user's **password** (token resets coming soon). Request body must be a JSON object including `username` and `password`. | No | | **`GET /user/:id`** | Returns the user with the given ID | Yes | +| **`POST /user/new`** | Creates a new user. Request body must be a JSON object including `username` and `password`. You may optionally include `admin` (boolean) or `meta` (object). Returns 400 if fails. | Yes | + ## Custom frontends - OUTDATED From 371e5fc5fa0f5a4e91fb79355c4db8e2583f9b08 Mon Sep 17 00:00:00 2001 From: tycrek Date: Sat, 24 Dec 2022 21:10:48 -0700 Subject: [PATCH 4/4] feat: remove adding users via CLI temporarily --- .github/README.md | 7 +------ package.json | 1 - 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/README.md b/.github/README.md index 09d44b60..791652e9 100644 --- a/.github/README.md +++ b/.github/README.md @@ -199,10 +199,6 @@ For HTTPS support, you must configure a reverse proxy. I recommend Caddy but any [Caddy]: https://caddyserver.com/ [my tutorial]: https://old.jmoore.dev/tutorials/2021/03/caddy-express-reverse-proxy/ -## Generating new tokens - -If you need to generate a new token at any time, run `npm run new-token `. This will **automatically** load the new token so there is no need to restart ass. Username field is optional; if left blank, a random username will be created. - ## Cloudflare users In your Cloudflare DNS dashboard, set your domain/subdomain to **DNS Only** if you experience issues with **Proxied**. @@ -355,7 +351,7 @@ S3 servers are generally very fast & have very good uptime, though this will dep The user system was overhauled in v0.14.0 to allow more features and flexibility. New fields on users include `admin`, `passhash`, `unid`, and `meta` (these will be documented more once the system is finalized). -ass will automatically convert your old `auth.json` to the new format. **Always backup your `auth.json` and `data.json` before updating**. By default, the original user (named `ass`) will be marked as an admin. Adding new users via `npm run new-token ` should work as expected, though you'll need to re-launch ass to load the new file. +ass will automatically convert your old `auth.json` to the new format. **Always backup your `auth.json` and `data.json` before updating**. By default, the original user (named `ass`) will be marked as an admin. Adding new users via `npm run new-token ` is currently not supported. Please see the API below for how to add a new user via the API. **Things still borked:** @@ -447,7 +443,6 @@ ass has a number of pre-made npm scripts for you to use. **All** of these script | `setup` | Starts the easy setup process. Should be run after any updates that introduce new config options. | | `metrics` | Runs the metrics script. This is a simple script that outputs basic resource statistics. | | `purge` | Purges all uploads & data associated with them. This does **not** delete any users, however. | -| `new-token` | Generates a new API token. Accepts one parameter for specifying a username, like `npm run new-token `. ass automatically detects the new token & reloads it, so there's no need to restart the server. | | `engine-check` | Ensures your environment meets the minimum Node & npm version requirements. | [`FORCE_COLOR`]: https://nodejs.org/dist/latest-v16.x/docs/api/cli.html#cli_force_color_1_2_3 diff --git a/package.json b/package.json index ddfdca47..8c6ecd70 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,6 @@ "start": "node dist/ass.js", "setup": "node dist/setup.js", "metrics": "node dist/metrics.js", - "new-token": "node dist/generators/token.js", "engine-check": "node dist/checkEngine.js", "prestart": "npm run engine-check", "presetup": "npm run engine-check",