wmantly/mp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #25 from Newtbot/CLEANUP-RBAC

Browse Source 
RBAC ADDED AND LOG FILTERING
This commit is contained in:
BIG2EYEZ 2024-01-17 15:00:11 +08:00 committed by GitHub
commit daa4b79765
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 242 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Sean/modules/mysql.js
View File

@ -21,17 +21,18 @@ connection.connect((err) => {
}); });
*/ */
/*
const connection = mysql.createConnection({ const connection = mysql.createConnection({
host: process.env.host, host: process.env.host,
user: process.env.DB_USER, user: process.env.DB_USER,
password: process.env.DB_PASS, password: process.env.DB_PASS,
database: "database", database: "adminusers",
timezone: "Z", // Set the timezone to UTC
ssl: { ssl: {
ca: fs.readFileSync(path.resolve(__dirname, '../../cert/DigiCertGlobalRootCA.crt.pem')), ca: fs.readFileSync(path.resolve(__dirname, '../../cert/DigiCertGlobalRootCA.crt.pem')),
} }
}); });
*/ /*
const connection = mysql.createConnection({ const connection = mysql.createConnection({
host: process.env.host, host: process.env.host,
user: process.env.DB_USER, user: process.env.DB_USER,
@ -39,9 +40,9 @@ const connection = mysql.createConnection({
database: "adminusers", database: "adminusers",
timezone: "Z", // Set the timezone to UTC timezone: "Z", // Set the timezone to UTC
}); });
*/
module.exports = { connection };
module.exports = { connection, };

62
Sean/server.js
View File

@ -288,7 +288,7 @@ app.use(setCSRFToken);
} else { } else {
console.log(`Session destroyed.`); console.log(`Session destroyed.`);
res.clearCookie('sessionToken');
// Log the logout activity using a separate async function // Log the logout activity using a separate async function
await logLogoutActivity(username, true, "User logged out. Session destroyed."); await logLogoutActivity(username, true, "User logged out. Session destroyed.");
} }
@ -321,9 +321,9 @@ app.get("/inusers", isAuthenticated, (req, res) => {
res.status(500).send("Internal Server Error"); res.status(500).send("Internal Server Error");
return; return;
} }
const currentUsername = req.session.username;
// Render the inusers page with JSON data // Render the inusers page with JSON data
res.render("inusers", { allUsers ,csrfToken: req.session.csrfToken }); res.render("inusers", { allUsers ,csrfToken: req.session.csrfToken, currentUsername:currentUsername });
}); });
}); });
function isStrongPassword(password) { function isStrongPassword(password) {
@ -407,7 +407,7 @@ app.post(
// Extract user input // Extract user input
const { name, username, email, password, jobTitle } = req.body; const { name, username, email, password, jobTitle } = req.body;
console.log(submittedCSRFToken);
// Extract the username of the user creating a new user // Extract the username of the user creating a new user
const creatorUsername = req.session.username; // Adjust this based on how you store the creator's username in your session const creatorUsername = req.session.username; // Adjust this based on how you store the creator's username in your session
@ -449,15 +449,18 @@ app.post(
message: "Email is already in use. Please choose another email." message: "Email is already in use. Please choose another email."
}); });
} }
bcrypt.genSalt(10, (saltError, salt) => {
if (saltError) {
console.error("Error generating salt:", saltError);
return res.status(500).json({ error: "Internal Server Error" });
}
// Hash the password before storing it in the database bcrypt.hash(req.body.password, salt, (hashError, hashedPassword) => {
bcrypt.hash(password, 10, (hashError, hashedPassword) => {
if (hashError) { if (hashError) {
console.error("Error hashing password:", hashError); console.error("Error hashing password:", hashError);
return res.status(500).json({ error: "Internal Server Error" }); return res.status(500).json({ error: "Internal Server Error" });
} }
// Start a transaction
connection.beginTransaction((transactionErr) => { connection.beginTransaction((transactionErr) => {
if (transactionErr) { if (transactionErr) {
console.error("Error starting transaction:", transactionErr); console.error("Error starting transaction:", transactionErr);
@ -493,16 +496,14 @@ app.post(
connection.commit((commitErr) => { connection.commit((commitErr) => {
if (commitErr) { if (commitErr) {
console.error("Error committing transaction:", commitErr); console.error("Error committing transaction:", commitErr);
// Log unsuccessful user creation due to an error
logUserCreationActivity(creatorUsername, false, "internal error");
return res.status(500).json({ error: "Internal Server Error" }); return res.status(500).json({ error: "Internal Server Error" });
} }
// Log successful user creation res.status(200).json({ message: "User created successfully" });
logUserCreationActivity(creatorUsername, true, "user created successfully"); logUserCreationActivity(creatorUsername, true, "user created successfully");
// Redirect to "/inusers"
res.redirect('/inusers'); });
}); });
}); });
}); });
@ -511,9 +512,7 @@ app.post(
}); });
} catch (error) { } catch (error) {
console.error("Error creating user:", error); console.error("Error creating user:", error);
// Log unsuccessful user creation due to an error return res.status(500).json({ error: "Internal Server Error" });
logUserCreationActivity(req.session.username, false, "internal error"); // Adjust this based on how you store the creator's username in your session
res.status(500).json({ error: "Internal Server Error" });
} }
} }
); );
@ -655,7 +654,24 @@ app.post("/reset-password/:token", async (req, res) => {
} }
// Hash the new password // Hash the new password
const hashedPassword = await bcrypt.hash(sanitizedPassword, 10); const hashedPassword = await new Promise((resolve, reject) => {
bcrypt.genSalt(10, (saltError, salt) => {
if (saltError) {
console.error("Error generating salt:", saltError);
reject("Internal Server Error");
}
// Use the generated salt to hash the password
bcrypt.hash(sanitizedPassword, salt, (hashError, hashed) => {
if (hashError) {
console.error("Error hashing password:", hashError);
reject("Internal Server Error");
}
resolve(hashed);
});
});
});
// Update user's password and clear reset token // Update user's password and clear reset token
const updateQuery = const updateQuery =
@ -701,7 +717,6 @@ app.get("/reset-password/:token", (req, res) => {
}); });
}); });
app.post("/reset-password", async (req, res) => { app.post("/reset-password", async (req, res) => {
const { username, password, confirmPassword, csrf_token } = req.body; const { username, password, confirmPassword, csrf_token } = req.body;
const creatorUsername = req.session.username; const creatorUsername = req.session.username;
const submittedCSRFToken = req.body.csrf_token; const submittedCSRFToken = req.body.csrf_token;
@ -728,8 +743,12 @@ app.post("/reset-password", async (req, res) => {
}); });
} }
// Hash the new password // Generate a random salt
const hashedPassword = await bcrypt.hash(sanitizedPassword, 10); const saltRounds = 10; // You can adjust the number of rounds based on your security requirements
const salt = await bcrypt.genSalt(saltRounds);
// Hash the new password with the generated salt
const hashedPassword = await bcrypt.hash(sanitizedPassword, salt);
// Check if the user exists in the database before updating the password // Check if the user exists in the database before updating the password
const userExists = await checkIfUserExists(sanitizedUsername); const userExists = await checkIfUserExists(sanitizedUsername);
@ -739,8 +758,8 @@ app.post("/reset-password", async (req, res) => {
} }
// Update user's password based on the username // Update user's password based on the username
const updateQuery = "UPDATE users SET password = ? WHERE username = ?"; const updateQuery = "UPDATE users SET password = ?, salt = ? WHERE username = ?";
connection.query(updateQuery, [hashedPassword, sanitizedUsername], async (updateErr, updateResults) => { connection.query(updateQuery, [hashedPassword, salt, sanitizedUsername], async (updateErr, updateResults) => {
if (updateErr) { if (updateErr) {
console.error("Error updating password:", updateErr); console.error("Error updating password:", updateErr);
return res.status(500).json({ error: "Error updating password" }); return res.status(500).json({ error: "Error updating password" });
@ -768,6 +787,7 @@ app.post("/reset-password", async (req, res) => {
}); });
}); });
async function checkIfUserExists(username) { async function checkIfUserExists(username) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const query = "SELECT * FROM users WHERE username = ?"; const query = "SELECT * FROM users WHERE username = ?";

7
Sean/views/inusers.ejs
View File

@ -10,6 +10,7 @@
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/css/bootstrap.min.css"> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/css/bootstrap.min.css">
<link rel="stylesheet" href="/style.css"> <link rel="stylesheet" href="/style.css">
<link rel="stylesheet" href="/user-creation.css"> <link rel="stylesheet" href="/user-creation.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css">
@ -92,7 +93,7 @@
<span class="details">Job Title</span> <span class="details">Job Title</span>
<select name="jobTitle" id="jobTitle"> <select name="jobTitle" id="jobTitle">
<option value="admin">Admin</option> <option value="admin">Admin</option>
<option value="dataAnalyst">Data Analyst</option> <option value="user">User</option>
</select> </select>
</div> </div>
</div> </div>
@ -147,9 +148,12 @@
<div id="logsContainer" style="display: none;"> <div id="logsContainer" style="display: none;">
<!-- Content for logs will be added here --> <!-- Content for logs will be added here -->
</div> </div>
<script> <script>
const allUsers = <%- JSON.stringify(allUsers) %>; const allUsers = <%- JSON.stringify(allUsers) %>;
const currentUsername = '<%= currentUsername %>';
</script> </script>
@ -159,6 +163,7 @@
<script src="https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/exceljs/4.2.1/exceljs.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/exceljs/4.2.1/exceljs.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.js"></script>
<script src="inusers.js"></script> <script src="inusers.js"></script>
</div> </div>

228
Sean/views/inusers.js
View File

@ -59,81 +59,7 @@ $('#logsLink').on('click', function () {
fetchLogs(); fetchLogs();
}); });
function fetchLogs() {
// Make a fetch request to your server endpoint for logs
fetch('/api/getLogs')
.then(response => response.json())
.then(logs => {
// Process and display logs in the logs container
displayLogs(logs);
})
.catch(error => {
console.error('Error fetching logs:', error);
// Handle errors, e.g., display an alert
});
}
// Update the displayLogs function to generate a table
function displayLogs(logs) {
const logsContainer = $('#logsContainer');
// Clear previous logs
logsContainer.empty();
if (logs && logs.length > 0) {
// Create the table and header row
const table = $('<table>').addClass('logs-table');
const headerRow = '<tr><th>ID</th><th>Username</th><th>Activity</th><th>Timestamp</th></tr>';
table.append(headerRow);
// Add each log as a row in the table
logs.forEach(log => {
const row = `<tr><td>${log.id}</td><td>${log.username}</td><td>${log.activity}</td><td>${log.timestamp}</td></tr>`;
table.append(row);
});
// Append the table to the logsContainer
logsContainer.append(table);
// Add a download button at the top with the current date and time in the file name
const currentDate = new Date();
const formattedDate = currentDate.toISOString().split('T')[0];
const formattedTime = currentDate.toTimeString().split(' ')[0].replace(/:/g, '-');
const downloadButton = $('<button>').text('Download Log').on('click', function () {
downloadLogs(logs, `log_${formattedDate}_${formattedTime}.csv`);
});
// Prepend the download button to the logsContainer
logsContainer.prepend(downloadButton);
} else {
// Display a message if no logs are available
logsContainer.html('<p>No logs available.</p>');
}
}
function downloadLogs(logs, filename) {
if (logs && logs.length > 0) {
const csvContent = 'data:text/csv;charset=utf-8,';
const header = 'ID,Username,Activity,Timestamp\n';
const rows = logs.map(log => `${log.id},${log.username},${log.activity},"${log.timestamp}"`).join('\n');
const data = header + rows;
const encodedData = encodeURI(csvContent + data);
// Create a hidden anchor element to trigger the download
const link = document.createElement('a');
link.setAttribute('href', encodedData);
link.setAttribute('download', 'logs.csv');
document.body.appendChild(link);
// Trigger the download
link.click();
// Remove the link from the DOM
document.body.removeChild(link);
} else {
console.error('No logs available for download.');
}
}
}); });
function searchUser(username) { function searchUser(username) {
@ -321,7 +247,7 @@ function resetFormFields() {
}), }),
}) })
.then(response => { .then(response => {
if (response.status === 201) { if (response.ok) {
// Status 201 indicates successful creation // Status 201 indicates successful creation
return response.json(); return response.json();
} else { } else {
@ -436,6 +362,158 @@ $('#resetPasswordForm').on('submit', function (e) {
}); });
}); });
// Declare a variable to store fetched logs
let logs = [];
// Function to fetch logs from the server
function fetchLogs() {
// Make a fetch request to your server endpoint for logs
fetch('/api/getLogs')
.then(response => response.json())
.then(data => {
// Assign the logs to the variable
logs = data;
// Process and display logs in the logs container
displayLogs(logs);
})
.catch(error => {
console.error('Error fetching logs:', error);
// Handle errors, e.g., display an alert
});
}
// Update the displayLogs function to generate a table
function displayLogs(logs) {
const logsContainer = $('#logsContainer');
// Clear previous logs and date filter elements
logsContainer.empty();
if (logs && logs.length > 0) {
// Add date filter elements
logsContainer.append(`
<label for="datePicker">Filter by Date:</label>
<input type="text" id="datePicker">
<button onclick="applyDateFilter()">Apply Filter</button>
`);
// Create the table and header row
const table = $('<table>').addClass('logs-table');
const headerRow = '<tr><th>ID</th><th>Username</th><th>Activity</th><th>Timestamp</th></tr>';
table.append(headerRow);
// Add each log as a row in the table
logs.forEach(log => {
const row = `<tr><td>${log.id}</td><td>${log.username}</td><td>${log.activity}</td><td>${log.timestamp}</td></tr>`;
table.append(row);
});
// Append the table to the logsContainer
logsContainer.append(table);
// Add a download button at the top with the current date and time in the file name
const currentDate = new Date();
const formattedDate = currentDate.toLocaleDateString('en-US', {
month: 'short',
day: 'numeric',
year: 'numeric'
});
const formattedTime = currentDate.toTimeString().split(' ')[0].replace(/:/g, '-');
const downloadButton = $('<button>').text('Download Log').on('click', function () {
downloadLogs(logs, `log_${formattedDate}_${formattedTime}.csv`);
});
// Prepend the download button to the logsContainer
logsContainer.prepend(downloadButton);
} else {
// Display a message if no logs are available
logsContainer.html('<p>No logs available.</p>');
}
// Initialize Flatpickr for the date picker
flatpickr("#datePicker", {
dateFormat: "m/d/Y, h:i:S K", // Adjust the format to match your logs timestamp format
});
}
// Function to apply date filter
function applyDateFilter() {
const selectedDate = $("#datePicker").val();
const formattedSelectedDate = new Date(selectedDate).toLocaleDateString('en-US', {
month: 'short',
day: 'numeric',
year: 'numeric'
});
const filteredLogs = logs.filter(log => {
const formattedLogDate = new Date(log.timestamp).toLocaleDateString('en-US', {
month: 'short',
day: 'numeric',
year: 'numeric'
});
return formattedLogDate === formattedSelectedDate;
});
displayLogs(filteredLogs);
}
function downloadLogs(logs, filename) {
if (logs && logs.length > 0) {
const csvContent = 'data:text/csv;charset=utf-8,';
const header = 'ID,Username,Activity,Timestamp\n';
const rows = logs.map(log => `${log.id},${log.username},${log.activity},"${log.timestamp}"`).join('\n');
const data = header + rows;
const encodedData = encodeURI(csvContent + data);
// Create a hidden anchor element to trigger the download
const link = document.createElement('a');
link.setAttribute('href', encodedData);
link.setAttribute('download', 'logs.csv');
document.body.appendChild(link);
// Trigger the download
link.click();
// Remove the link from the DOM
document.body.removeChild(link);
} else {
console.error('No logs available for download.');
}
}
fetchLogs();
// Assuming EJS is properly configured to evaluate expressions
// Assuming allUsers is an array containing user information
const user = allUsers.find(user => user.username === currentUsername);
const userRole = user?.jobTitle;
console.log('All Users:', allUsers);
console.log('Current Username:', currentUsername);
// Log the user role to the console
console.log('User Role:', userRole);
// Function to enable/disable actions based on user role
function handleUserRoleAccess() {
// Disable user creation, deletion, and password reset for non-admin users
if (userRole !== 'admin') {
document.getElementById('addUserLink').style.display = 'none';
document.getElementById('deleteUserLink').style.display = 'none';
document.getElementById('resetPasswordLink').style.display = 'none';
}
// Allow admin users to view logs
if (userRole === 'admin') {
document.getElementById('logsLink').classList.remove('hidden');
}
}
// Call the function to handle user role access when the page loads
handleUserRoleAccess();