AINDUSTRIES/vote-rllhc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: AINDUSTRIES:ca4855102399bab153ec70574d8221d44f8c4799
Branches Tags
AINDUSTRIES:main AINDUSTRIES:dev-auth
...
compare: AINDUSTRIES:main
Branches Tags
AINDUSTRIES:main AINDUSTRIES:dev-auth

42 Commits
ca48551023 ... main

Author SHA1 Message Date
AINDUSTRIES
e48dd25165 admin panel change into subsequent pages 2024-10-23 15:39:30 +02:00
AINDUSTRIES
344ebd6010 Results page back button + typo fix when only one vote. 2024-10-19 12:33:23 +02:00
AINDUSTRIES
3e5d185da1 Update static/js/admin.js 2024-10-08 13:31:34 +02:00
AINDUSTRIES
c68ce239f9 Admin panel sized textareas 2024-10-08 13:29:16 +02:00
AINDUSTRIES
b54e611f5f Admin panel sized textareas 2024-10-08 13:27:00 +02:00
AINDUSTRIES
3956dad0ec Changed from input to textarea with proper \n support for votes. 2024-10-05 17:42:07 +02:00
AINDUSTRIES
09b1f80582 Proper line breaks when seing votes 2024-10-05 17:12:51 +02:00
AINDUSTRIES
224457b8b6 Register scroll + fix of horizontal alignment 2024-10-05 17:05:29 +02:00
AINDUSTRIES
dcc01d2a99 Register scroll 2024-10-05 16:58:34 +02:00
AINDUSTRIES
bd57db2b8c Ability to show password when logging in or registering 2024-10-05 16:42:42 +02:00
AINDUSTRIES
74c3a611a4 Merge pull request 'Merge of dev-auth' (#1) from dev-auth into main 
Reviewed-on: #1
 2024-10-05 15:58:44 +02:00
AINDUSTRIES
cbaf52256d Remove unused import 2024-10-05 15:52:59 +02:00
AINDUSTRIES
8a7c321044 Fixed bug related to new Vote struct, id and submit date can be None 
(useful for posting new votes, ie without id and submit date)
 2024-10-05 15:09:51 +02:00
AINDUSTRIES
98dbcd11f1 Added submit date to votes 2024-10-05 15:08:41 +02:00
AINDUSTRIES
c07a304562 Votes div remains to have date displayed per vote 2024-10-04 22:49:51 +02:00
AINDUSTRIES
92c067c9ed small fixes (if player not exsits show ?) 2024-10-04 22:49:00 +02:00
AINDUSTRIES
164184e5e9 user can add player while voting 2024-10-04 21:00:53 +02:00
AINDUSTRIES
9c8e8beaa6 user can add player while voting 2024-10-04 21:00:43 +02:00
AINDUSTRIES
28b2411ceb user can add player 2024-10-04 17:28:20 +02:00
AINDUSTRIES
fb28221875 added check for token generation (look if exists) (better) 2024-10-04 17:17:46 +02:00
AINDUSTRIES
cd1632b533 added check for token generation (look if exists) 2024-10-04 17:15:59 +02:00
AINDUSTRIES
01c8248313 bug fix: ids can be wrong if players added/deleted 2024-10-04 17:05:39 +02:00
AINDUSTRIES
5a13cf9214 administration done (minimalistic) 2024-10-04 17:05:10 +02:00
AINDUSTRIES
894e102322 Custom Response Body, is authorised returning bool, ... 2024-10-02 19:36:50 +02:00
AINDUSTRIES
72fd45eb64 admin page (in progress) + better body (in progress) 2024-10-01 21:27:23 +02:00
AINDUSTRIES
4cb1ef1df9 admin page (in progress) 2024-09-28 23:28:14 +02:00
AINDUSTRIES
c66e854e03 main code + settings update 2024-09-28 23:27:55 +02:00
AINDUSTRIES
3924c87b93 register page 2024-09-28 23:27:44 +02:00
AINDUSTRIES
a8a913189e unauthorised page 2024-09-28 23:27:33 +02:00
AINDUSTRIES
de0ef9dd69 logout page 2024-09-28 23:27:21 +02:00
AINDUSTRIES
13265e1ef3 small login css fix 2024-09-28 23:27:10 +02:00
AINDUSTRIES
febd1d33f1 login link 2024-09-28 23:26:15 +02:00
AINDUSTRIES
4101e824a2 permissions mustn't be null 2024-09-28 23:25:47 +02:00
AINDUSTRIES
66486c3cea register progress 2024-09-28 00:07:20 +02:00
AINDUSTRIES
10aa258576 backend update (login modified and new logout) 2024-09-28 00:07:01 +02:00
AINDUSTRIES
19fe28be49 login page 2024-09-28 00:06:32 +02:00
AINDUSTRIES
0a87f67824 Check password 2024-09-27 18:22:51 +02:00
AINDUSTRIES
bcf3000bcc token cookie, register 2024-09-25 23:13:15 +02:00
AINDUSTRIES
8b09406339 login 2024-09-24 22:19:55 +02:00
AINDUSTRIES
70d4e9ca20 preparing for auth 2024-09-22 23:10:11 +02:00
AINDUSTRIES
ce539a1b96 Merge remote-tracking branch 'origin/main' 2024-09-22 23:09:56 +02:00
AINDUSTRIES
7b86d14de5 preparing for auth 2024-09-22 23:09:45 +02:00
29 changed files with 1476 additions and 126 deletions
Expand all files Collapse all files

2
Cargo.toml
View File

@@ -21,6 +21,8 @@ futures = "0.3.30"
chrono = { version = "0.4.38", features = ["alloc"]}
futures-util = "0.3.30"
h2 = "0.4.6"
argon2 = "0.5.3"
rand = "0.8.1"
[target.'cfg(unix)'.dependencies]
daemonize = "0.5.0"

9
migrations/20240921193253_create_auth_table.sql Normal file
View File

@@ -0,0 +1,9 @@
CREATE TABLE IF NOT EXISTS users
(
id INTEGER PRIMARY KEY NOT NULL,
username TEXT NOT NULL,
saltyhash text NOT NULL,
permissions INTEGER DEFAULT 0 NOT NULL,
token TEXT NOT NULL,
UNIQUE(id, username)
)

16
routes.json
View File

@@ -1,6 +1,14 @@
{
"/": "static/html/index.html",
"/results": "static/html/results.html",
"/archives": "static/html/archives.html",
"/favicon.ico": "static/img/favicon.ico"
"/": {"file": "static/html/index.html", "permission": 0},
"/results": {"file": "static/html/results.html", "permission": 1},
"/archives": {"file": "static/html/archives.html", "permission": 2},
"/favicon.ico": {"file": "static/img/favicon.ico", "permission": 0},
"/login": {"file": "static/html/login.html", "permission": 0},
"/register": {"file": "static/html/register.html", "permission": 0},
"/logout": {"file": "static/html/logout.html", "permission": 0},
"/unauthorised": {"file": "static/html/unauthorised.html", "permission": 0},
"/admin" : {"file": "static/html/admin.html", "permission": 3},
"/admin/votes" : {"file": "static/html/admin_votes.html", "permission": 3},
"/admin/players" : {"file": "static/html/admin_players.html", "permission": 3},
"/admin/users" : {"file": "static/html/admin_users.html", "permission": 3}
}

2
settings.json
View File

@@ -1,4 +1,4 @@
{
"database_url": "sqlite:vote.db",
"bind_address": "127.0.0.1:8080"
"bind_address": "127.0.0.1:8000"
}

784
src/main.rs
View File

@@ -1,28 +1,65 @@
use bytes::Buf;
use bytes::Bytes;
use chrono::{DateTime, Utc};
use futures;
use argon2::{
password_hash::{rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
Argon2,
};
use bytes::{Buf, Bytes};
use chrono::{DateTime, Days, NaiveTime, Utc};
#[cfg(target_os = "linux")]
use daemonize::Daemonize;
use http_body_util::{BodyExt, Full};
use hyper::body::Incoming;
use hyper::server::conn::http1;
use hyper::service::service_fn;
use hyper::{Error, Method, Request, Response, StatusCode};
use hyper::{
body::{Body as HyperBody, Frame, Incoming},
header::{COOKIE, SET_COOKIE},
server::conn::http1,
service::service_fn,
Error, Method, Request, Response, StatusCode,
};
use hyper_util::rt::{TokioIo, TokioTimer};
use serde::{Deserialize, Serialize};
use rand::distributions::{Alphanumeric, DistString};
use serde::{de::DeserializeOwned, Deserialize, Serialize};
use serde_json::{from_reader, Value};
use sqlx::sqlite::SqlitePool;
use std::collections::HashMap;
use std::convert::Infallible;
use std::env;
use std::fs::File;
use std::io::Read;
use std::net::SocketAddr;
use std::pin::Pin;
use std::str::FromStr;
use std::sync::{Arc, Mutex};
use std::task::{Context, Poll};
use std::time::SystemTime;
use tokio::net::TcpListener;
#[cfg(target_os = "linux")]
use daemonize::Daemonize;
enum Body {
Full(Full<Bytes>),
Empty,
}
impl Body {
fn new<T>(data: T) -> Self
where
Bytes: From<T>,
{
Body::Full(Full::new(Bytes::from(data)))
}
}
impl HyperBody for Body {
type Data = Bytes;
type Error = Infallible;
fn poll_frame(
self: Pin<&mut Self>,
cx: &mut Context<'_>,
) -> Poll<Option<Result<Frame<Self::Data>, Self::Error>>> {
match &mut *self.get_mut() {
Self::Full(incoming) => Pin::new(incoming).poll_frame(cx),
Self::Empty => Poll::Ready(None),
}
}
}
#[derive(Serialize, Deserialize)]
struct Player {
id: i64,
@@ -31,6 +68,8 @@ struct Player {
#[derive(Serialize, Deserialize, Debug)]
struct Vote {
id: Option<i64>,
submit_date: Option<String>,
plus_player_id: i64,
plus_nickname: String,
plus_reason: String,
@@ -39,42 +78,89 @@ struct Vote {
minus_reason: String,
}
#[derive(Serialize, Deserialize)]
struct User {
username: String,
saltyhash: String,
permissions: i64,
token: String,
}
#[derive(Serialize, Deserialize)]
struct Login {
username: String,
password: String,
}
#[derive(Serialize, Deserialize)]
struct Settings {
database_url: String,
bind_address: String,
}
async fn service(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Response<Full<Bytes>>, Error> {
match req.method() {
&Method::GET => { get(req, db).await }
&Method::POST => { post(req, db).await }
_ => { Ok(Response::builder().status(StatusCode::IM_A_TEAPOT).body(Full::new(Bytes::new())).unwrap()) }
async fn service(
req: Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
match *req.method() {
Method::GET => get(req, db).await,
Method::POST => post(req, db).await,
_ => Ok(Response::builder()
.status(StatusCode::IM_A_TEAPOT)
.body(Body::Empty)
.unwrap()),
}
}
async fn get(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Response<Full<Bytes>>, Error> {
async fn get(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Response<Body>, Error> {
let path = req.uri().path();
if path.starts_with("/static/") {
if path.starts_with("/static") {
get_file(path).await
} else if path.starts_with("/data/") {
} else if path.starts_with("/data") {
get_data(path, &req, db).await
} else if path.starts_with("/admin") {
get_admin(&req, path, db).await
} else {
get_page(path).await
get_page(&req, path, db).await
}
}
async fn get_page(path: &str) -> Result<Response<Full<Bytes>>, Error> {
let mut routes = env::current_dir().expect("Could not get app directory (Required to get routes)");
async fn get_page(
req: &Request<Incoming>,
path: &str,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let mut routes =
env::current_dir().expect("Could not get app directory (Required to get routes)");
routes.push("routes.json");
let file = File::open(routes).expect("Could not open routes file.");
let map: Value = from_reader(file).expect("Could not parse routes, please verify syntax.");
match &map[path] {
Value::String(s) => get_file(&s).await,
_ => not_found().await
match map.get(path) {
Some(Value::Object(s)) => {
let authorised = is_authorised(
req,
db,
s.get("permission").unwrap().as_u64().unwrap() as u8,
)
.await;
if authorised {
get_file(s.get("file").unwrap().as_str().unwrap()).await
} else {
get_file(
map.get("/unauthorised")
.unwrap()
.get("file")
.unwrap()
.as_str()
.unwrap(),
)
.await
}
}
_ => not_found().await,
}
}
async fn get_file(mut path: &str) -> Result<Response<Full<Bytes>>, Error> {
async fn get_file(mut path: &str) -> Result<Response<Body>, Error> {
let mut file_path = env::current_dir().expect("Could not get app directory.");
if path.starts_with(r"/") {
path = path.strip_prefix(r"/").unwrap();
@@ -89,58 +175,79 @@ async fn get_file(mut path: &str) -> Result<Response<Full<Bytes>>, Error> {
"js" => "text/javascript",
"html" => "text/html",
"css" => "text/css",
_ => ""
_ => "",
};
Ok(Response::builder().header("content-type", content_type).body(Full::new(Bytes::from(buf))).unwrap())
Ok(Response::builder()
.header("content-type", content_type)
.body(Body::new(buf))
.unwrap())
}
Err(_) => not_found().await
Err(_) => not_found().await,
}
}
async fn get_data(path: &str, req: &Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Response<Full<Bytes>>, Error> {
async fn get_data(
path: &str,
req: &Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let pool = db.clone().lock().unwrap().clone();
match path {
"/data/players" => {
let items = sqlx::query!(r#"SELECT * FROM players"#).fetch_all(&pool).await.unwrap();
let players: Vec<Player> = items.iter().map(|x| Player { id: x.id, name: x.name.clone() }).collect();
Ok(Response::new(Full::new(Bytes::from(serde_json::to_string(&players).unwrap()))))
let items = sqlx::query!(r#"SELECT * FROM players"#)
.fetch_all(&pool)
.await
.unwrap();
let players: Vec<Player> = items
.iter()
.map(|x| Player {
id: x.id,
name: x.name.clone(),
})
.collect();
Ok(Response::new(Body::new(
serde_json::to_string(&players).unwrap(),
)))
}
"/data/votes" => {
let votes = get_votes(req, db).await;
Ok(Response::new(Full::new(Bytes::from(serde_json::to_string(&votes).unwrap()))))
Ok(Response::new(Body::new(
serde_json::to_string(&votes).unwrap(),
)))
}
"/data/results" => {
let votes = get_votes(req, db).await;
let ids: Vec<(i64, i64)> = votes.iter().map(|x| (x.plus_player_id, x.minus_player_id)).collect();
let ids: Vec<(i64, i64)> = votes
.iter()
.map(|x| (x.plus_player_id, x.minus_player_id))
.collect();
let mut plus_results: HashMap<i64, i64> = HashMap::new();
let mut minus_results: HashMap<i64, i64> = HashMap::new();
let _ = ids.iter().for_each(|x| {
ids.iter().for_each(|x| {
let plus_id = x.0;
if !plus_results.contains_key(&plus_id) {
plus_results.insert(plus_id, 0);
}
plus_results.entry(plus_id).or_insert(0);
*plus_results.get_mut(&plus_id).unwrap() += 1;
let minus_id = x.1;
if !minus_results.contains_key(&minus_id) {
minus_results.insert(minus_id, 0);
}
minus_results.entry(minus_id).or_insert(0);
*minus_results.get_mut(&minus_id).unwrap() += 1;
});
let mut plus_results: Vec<(i64, i64)> = plus_results.into_iter().collect();
let mut minus_results: Vec<(i64, i64)> = minus_results.into_iter().collect();
plus_results.sort_by(|a, b| { b.1.cmp(&a.1) });
minus_results.sort_by(|a, b| { b.1.cmp(&a.1) });
plus_results.sort_by(|a, b| b.1.cmp(&a.1));
minus_results.sort_by(|a, b| b.1.cmp(&a.1));
let sorted_results = vec![plus_results, minus_results];
Ok(Response::new(Full::new(Bytes::from(serde_json::to_string(&sorted_results).unwrap()))))
Ok(Response::new(Body::new(
serde_json::to_string(&sorted_results).unwrap(),
)))
}
_ => not_found().await
_ => not_found().await,
}
}
@@ -150,41 +257,99 @@ async fn get_votes(req: &Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Vec<V
let date = match headers.get("Date-to-fetch") {
Some(date) => {
let date = date.to_str().unwrap();
let parsed_date = date.parse::<i64>();
if parsed_date.is_err() {
None
if let Ok(parsed_date) = date.parse::<i64>() {
DateTime::from_timestamp_millis(parsed_date)
} else {
DateTime::from_timestamp_millis(parsed_date.unwrap())
None
}
}
None => Some(DateTime::from(SystemTime::now()))
None => Some(DateTime::from(SystemTime::now())),
};
if date.is_none() {
return Vec::new();
}
let items = futures::executor::block_on(async move {
let formatted_date = format!("{}", date.unwrap().format("%d/%m/%Y"));
sqlx::query!(r#"SELECT * FROM votes WHERE submit_date = ?1 ORDER BY id"#, formatted_date).fetch_all(&pool).await.unwrap()
});
items.iter().map(|x| Vote {
plus_player_id: x.plus_player_id,
plus_nickname: x.plus_nickname.clone(),
plus_reason: x.plus_reason.clone(),
minus_player_id: x.minus_player_id,
minus_nickname: x.minus_nickname.clone(),
minus_reason: x.minus_reason.clone(),
}).collect()
sqlx::query_as!(
Vote,
r#"SELECT * FROM votes WHERE submit_date = ?1 ORDER BY id"#,
formatted_date
)
.fetch_all(&pool)
.await
.unwrap()
}
async fn post(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Response<Full<Bytes>>, Error> {
let path = req.uri().path();
if path != "/post" {
return Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Full::new(Bytes::from("Bad Request (Bad Route)"))).unwrap());
async fn get_admin(
req: &Request<Incoming>,
path: &str,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let authorised = is_authorised(req, db.clone(), 3).await;
if !authorised {
return get_page(req, "/unauthorised", db).await;
}
let body = req.into_body().collect().await?;
let data: Result<Vote, serde_json::Error> = from_reader(body.aggregate().reader());
if data.is_err() {
return Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Full::new(Bytes::from("Bad Request (Bad Data)"))).unwrap());
if path.starts_with("/admin/data") {
let path = path.strip_prefix("/admin/data").unwrap();
match path {
"/users" => {
let pool = db.clone().lock().unwrap().clone();
let users = sqlx::query!(r#"SELECT id, username, permissions FROM users"#)
.fetch_all(&pool)
.await
.unwrap();
let users: Vec<(i64, String, i64)> = users
.iter()
.map(|x| (x.id, x.username.clone(), x.permissions))
.collect();
let stringed = serde_json::to_string(&users).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap())
}
"/players" => {
let pool = db.clone().lock().unwrap().clone();
let players = sqlx::query_as!(Player, r#"SELECT id, name FROM players"#)
.fetch_all(&pool)
.await
.unwrap();
let stringed = serde_json::to_string(&players).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap())
}
"/votes" => {
let pool = db.clone().lock().unwrap().clone();
let votes = sqlx::query_as!(Vote, r#"SELECT * FROM votes"#)
.fetch_all(&pool)
.await
.unwrap();
let stringed = serde_json::to_string(&votes).unwrap_or("".to_string());
Ok(Response::builder().body(Body::new(stringed)).unwrap())
}
_ => not_found().await,
}}
else if path.starts_with("/admin") {get_page(req, path, db).await}
else {not_found().await}
}
async fn post(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Response<Body>, Error> {
let path = req.uri().path();
if path.starts_with("/admin") {
return post_admin(req, db).await;
}
match path {
"/vote" => post_vote(req, db).await,
"/login" => login(req, db).await,
"/register" => register(req, db).await,
"/logout" => logout().await,
"/player" => post_player(req, db).await,
_ => not_found().await,
}
}
async fn post_vote(
req: Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let data = req_json::<Vote>(req).await;
if data.is_none() {
return bad_request().await;
}
let vote = data.unwrap();
let timestamp: DateTime<Utc> = DateTime::from(SystemTime::now());
@@ -201,25 +366,456 @@ async fn post(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Resp
vote.minus_reason,
formatted).execute(&mut *conn).await;
if result.is_err() {
return Ok(Response::builder().status(StatusCode::INTERNAL_SERVER_ERROR).body(Full::new(Bytes::from("Internet Error"))).unwrap());
return Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::Empty)
.unwrap());
}
Ok(Response::builder().body(Full::new(Bytes::new())).unwrap())
let date: DateTime<Utc> = DateTime::from(SystemTime::now());
let date = date.checked_add_days(Days::new(1)).unwrap();
let date = date
.with_time(NaiveTime::from_hms_opt(0, 0, 0).unwrap())
.unwrap();
Ok(Response::builder()
.header(
SET_COOKIE,
format!(
"hasvoted=true; Expires={}; Secure; SameSite=Strict",
date.to_rfc2822()
),
)
.body(Body::Empty)
.unwrap())
}
async fn not_found() -> Result<Response<Full<Bytes>>, Error> {
async fn post_player(
req: Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let data = req_json::<Value>(req).await;
if data.is_none() {
return bad_request().await;
}
let data = data.unwrap();
let name = data.get("name").unwrap().as_str().unwrap();
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
if let Ok(Some(player)) = sqlx::query!(r#"SELECT * FROM players WHERE name = ?1"#, name)
.fetch_optional(&pool)
.await
{
let player = Player {
id: player.id,
name: player.name,
};
return Ok(Response::builder()
.body(Body::new(serde_json::to_string(&player).unwrap()))
.unwrap());
}
let r = sqlx::query!(
r#"INSERT INTO players (name) VALUES (?1) RETURNING id"#,
name
)
.fetch_one(&mut *conn)
.await;
if r.is_err() {
return Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::Empty)
.unwrap());
}
let player = Player {
id: r.unwrap().id,
name: name.to_string(),
};
Ok(Response::builder()
.body(Body::new(serde_json::to_string(&player).unwrap()))
.unwrap())
}
async fn post_admin(
req: Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let authorised = is_authorised(&req, db.clone(), 3).await;
if !authorised {
return get_page(&req, "/unauthorised", db).await;
}
let path = req.uri().path();
match path {
"/admin/edit/user" => match req_json::<Value>(req).await {
Some(Value::Object(user)) => {
let username = user.get("username");
let permissions = user.get("permissions");
let id = user.get("id");
if username.is_none() || permissions.is_none() || id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let username = username.unwrap().as_str().unwrap();
let permissions = permissions.unwrap();
let id = id.unwrap();
let _ = sqlx::query!(
r#"UPDATE users SET username = ?1, permissions = ?2 WHERE id = ?3"#,
username,
permissions,
id
)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/delete/user" => match req_json::<Value>(req).await {
Some(Value::Object(user)) => {
let id = user.get("id");
if id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM users WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/edit/player" => match req_json::<Player>(req).await {
Some(player) => {
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let _ = sqlx::query!(
r#"UPDATE players SET name = ?1 WHERE id = ?2"#,
player.name,
player.id
)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/new/player" => match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let name = player.get("name");
if name.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let name = name.unwrap().as_str().unwrap();
let _ = sqlx::query!(r#"INSERT INTO players (name) VALUES (?1)"#, name)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/delete/player" => match req_json::<Value>(req).await {
Some(Value::Object(player)) => {
let id = player.get("id");
if id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM players WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/edit/vote" => match req_json::<Vote>(req).await {
Some(vote) => {
if vote.id.is_none() || vote.submit_date.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let _ = sqlx::query!(
r#"UPDATE votes
SET submit_date = ?1,
plus_player_id = ?2,
plus_nickname = ?3,
plus_reason = ?4,
minus_player_id = ?5,
minus_nickname = ?6,
minus_reason = ?7
WHERE id = ?8"#,
vote.submit_date,
vote.plus_player_id,
vote.plus_nickname,
vote.plus_reason,
vote.minus_player_id,
vote.minus_nickname,
vote.minus_reason,
vote.id
)
.execute(&pool)
.await;
ok().await
}
_ => bad_request().await,
},
"/admin/delete/vote" => match req_json::<Value>(req).await {
Some(Value::Object(vote)) => {
let id = vote.get("id");
if id.is_none() {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let id = id.unwrap().as_i64().unwrap();
let _ = sqlx::query!(r#"DELETE FROM votes WHERE id = ?1"#, id)
.execute(&mut *conn)
.await;
ok().await
}
_ => bad_request().await,
},
_ => bad_request().await,
}
}
async fn login(
req: Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
let body = req.into_body().collect().await;
let data: Result<Login, serde_json::Error> = from_reader(body?.aggregate().reader());
if data.is_err() {
return bad_request().await;
}
let data = data.unwrap();
if !check_username(&data.username) {
return bad_request().await;
}
let pool = db.clone().lock().unwrap().clone();
let result = sqlx::query!(r#"SELECT * FROM users WHERE username=?1"#, data.username)
.fetch_optional(&pool)
.await;
match result {
Ok(Some(user)) => {
let argon = Argon2::default();
let hash = PasswordHash::new(&user.saltyhash).unwrap();
match argon.verify_password(data.password.as_bytes(), &hash) {
Ok(()) => {
let date: DateTime<Utc> = DateTime::from(SystemTime::now());
let date = date.checked_add_days(Days::new(7)).unwrap();
Ok(Response::builder()
.header(
SET_COOKIE,
format!(
"token={}; Expires={}; Secure; HttpOnly; SameSite=Strict",
user.token,
date.to_rfc2822()
),
)
.header(
SET_COOKIE,
format!(
"logged=true; Expires={}; Secure; SameSite=Strict",
date.to_rfc2822()
),
)
.body(Body::Empty)
.unwrap())
}
Err(_) => bad_request().await,
}
}
Ok(None) => bad_request().await,
Err(_) => Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::Empty)
.unwrap()),
}
}
async fn register(
req: Request<Incoming>,
db: Arc<Mutex<SqlitePool>>,
) -> Result<Response<Body>, Error> {
match req_json::<Login>(req).await {
None => Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap()),
Some(login) => {
if !check_username(&login.username) {
return Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap());
}
if !check_password(&login.password) {
return Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap());
}
let pool = db.clone().lock().unwrap().clone();
let mut conn = pool.acquire().await.unwrap();
let exists = sqlx::query!(r#"SELECT id FROM users WHERE username=?1"#, login.username)
.fetch_optional(&mut *conn)
.await;
if exists.unwrap().is_some() {
return Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap());
}
let argon2 = Argon2::default();
let hash = argon2
.hash_password(login.password.as_bytes(), &SaltString::generate(&mut OsRng))
.unwrap()
.to_string();
let mut token = Alphanumeric.sample_string(&mut OsRng, 256);
while let Ok(Some(_)) = sqlx::query!(r#"SELECT id FROM users WHERE token=?1"#, token)
.fetch_optional(&mut *conn)
.await
{
token = Alphanumeric.sample_string(&mut OsRng, 256);
}
let result = sqlx::query!(r#"INSERT INTO users ( username, saltyhash, permissions, token) VALUES ( ?1, ?2, ?3, ?4 )"#, login.username, hash, 0, token).execute(&mut *conn).await;
match result {
Ok(_) => Ok(Response::builder().body(Body::Empty).unwrap()),
Err(_) => Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.body(Body::Empty)
.unwrap()),
}
}
}
}
async fn logout() -> Result<Response<Body>, Error> {
let date: DateTime<Utc> = DateTime::from(SystemTime::now());
Ok(Response::builder()
.header(
SET_COOKIE,
format!(
"token=''; Expires={}; Secure; HttpOnly; SameSite=Strict",
date.to_rfc2822()
),
)
.header(
SET_COOKIE,
format!(
"logged=false; Expires={}; Secure; HttpOnly; SameSite=Strict",
date.to_rfc2822()
),
)
.body(Body::Empty)
.unwrap())
}
async fn is_authorised(req: &Request<Incoming>, db: Arc<Mutex<SqlitePool>>, level: u8) -> bool {
let cookies = req.headers().get(COOKIE);
let token = match cookies {
Some(cookies) => cookies
.to_str()
.unwrap_or("")
.split("; ")
.find(|x| x.starts_with("token="))
.unwrap_or("")
.strip_prefix("token=")
.unwrap_or(""),
None => "",
};
let pool = db.clone().lock().unwrap().clone();
let user = sqlx::query!(r#"SELECT permissions FROM users WHERE token=?1"#, token)
.fetch_optional(&pool)
.await;
match user {
Ok(Some(user)) => {
let perm = user.permissions as u8;
perm >= level
}
_ => matches!(level, 0),
}
}
fn check_username(username: &str) -> bool {
if username.len() > 21 {
return false;
}
for x in username.chars() {
if !x.is_ascii_alphanumeric() {
return false;
}
}
true
}
fn check_password(password: &str) -> bool {
// one symbol, 10 chars min, one capital letter, one number
if password.len() < 10 {
return false;
}
let mut up = false;
let mut num = false;
let mut sym = false;
for c in password.chars() {
if c.is_uppercase() {
up = true;
}
if c.is_numeric() {
num = true;
}
if !c.is_alphanumeric() {
sym = true;
}
}
up && num && sym
}
async fn not_found() -> Result<Response<Body>, Error> {
let mut file_path = env::current_dir().expect("Could not get app directory.");
file_path.push("static/html/404.html");
let mut file = File::open(file_path).unwrap();
let mut buf = Vec::new();
file.read_to_end(&mut buf).unwrap();
Ok(Response::builder().status(StatusCode::NOT_FOUND).body(Full::new(Bytes::from(buf))).unwrap())
Ok(Response::builder()
.status(StatusCode::NOT_FOUND)
.body(Body::new(buf))
.unwrap())
}
async fn bad_request() -> Result<Response<Body>, Error> {
Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Body::Empty)
.unwrap())
}
async fn ok() -> Result<Response<Body>, Error> {
Ok(Response::builder().body(Body::Empty).unwrap())
}
async fn req_json<T>(req: Request<Incoming>) -> Option<T>
where
T: DeserializeOwned,
{
let body = req.into_body().collect().await.unwrap();
match from_reader(body.aggregate().reader()) {
Ok(val) => Some(val),
Err(_) => None,
}
}
fn get_settings() -> Settings {
let mut settings_path = env::current_dir().expect("Could not get app directory. (Required to read settings)");
let mut settings_path =
env::current_dir().expect("Could not get app directory. (Required to read settings)");
settings_path.push("settings.json");
let settings_file = File::open(settings_path).expect("Could not open settings file, does it exists?");
let settings: Settings = from_reader(settings_file).expect("Could not parse settings, please check syntax.");
let settings_file =
File::open(settings_path).expect("Could not open settings file, does it exists?");
let settings: Settings =
from_reader(settings_file).expect("Could not parse settings, please check syntax.");
settings
}
@@ -248,26 +844,32 @@ fn main() {
#[tokio::main]
async fn run() {
let settings = get_settings();
let db_pool = Arc::new(Mutex::new(SqlitePool::connect(&settings.database_url).await.expect("Could not connect to database. Make sure the url is correct.")));
let bind_address: SocketAddr = SocketAddr::from_str(&settings.bind_address).expect("Could not parse bind address.");
let listener = TcpListener::bind(bind_address).await.expect("Could not bind to address.");
let db_pool = Arc::new(Mutex::new(
SqlitePool::connect(&settings.database_url)
.await
.expect("Could not connect to database. Make sure the url is correct."),
));
let bind_address: SocketAddr =
SocketAddr::from_str(&settings.bind_address).expect("Could not parse bind address.");
let listener = TcpListener::bind(bind_address)
.await
.expect("Could not bind to address.");
loop {
let (stream, _) = listener.accept().await.expect("Could not accept incoming stream.");
let (stream, _) = listener
.accept()
.await
.expect("Could not accept incoming stream.");
let io = TokioIo::new(stream);
let db = db_pool.clone();
let service = service_fn(
move |req| {
service(req, db.clone())
}
);
tokio::task::spawn(
async move {
let service = service_fn(move |req| service(req, db.clone()));
tokio::task::spawn(async move {
if let Err(err) = http1::Builder::new()
.timer(TokioTimer::new())
.serve_connection(io, service).await {
.serve_connection(io, service)
.await
{
println!("Failed to serve connection: {:?}", err);
}
}
);
});
}
}

8
static/css/index.css
View File

@@ -119,3 +119,11 @@ body {
border: none;
border-radius: 5px;
}
.login {
position: fixed;
right: 0;
top: 0;
color: white;
padding: 10px;
}

96
static/css/login.css Normal file
View File

@@ -0,0 +1,96 @@
body {
background-color: #11111b;
padding:0;
margin:0;
}
.footer {
margin: 0;
position: fixed;
bottom: 0;
width: 100%;
max-height: 50px;
display: flex;
background-color: #b4befe;
justify-content: center;
}
.footer > a {
padding: 10px;
margin: 5px;
background-color: #94e2d5;
border-radius: 5px;
color: #1e1e2e;
font-family: "Segoe UI";
font-size: 14px;
}
.app {
overflow-y: scroll;
overflow-x: hidden;
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, calc(-50% - 60px));
background-color: #181926;
border-radius: 12px;
width: calc(100dvw - 40px);
max-width: 500px;
max-height: calc(100dvh - 100px);
height: fit-content;
padding: 10px;
margin-top: 35px;
}
.app > h1 {
margin-top: 5px;
color: yellow;
}
.app > h3 {
color: red;
}
.sub {
display: grid;
width: fit-content;
margin: auto;
}
.sub > input {
margin-bottom: 5px;
max-width: 300px;
width: 80dvw;
color: black;
}
.sub > label {
color: white;
}
.sub > button {
justify-self: right;
font-size: 14px;
margin: 4px 0 0 0;
padding: 5px;
background-color: cornflowerblue;
color: white;
border: none;
border-radius: 5px;
}
.app > p {
text-align: center;
color: white;
}
.app > a {
display: flow;
text-align: center;
color: white;
}
.inline {
width: fit-content;
color: white;
}

23
static/css/logout.css Normal file
View File

@@ -0,0 +1,23 @@
body {
background-color: #11111b;
padding:0;
margin:0;
}
h2 {
color: yellow;
}
p {
color: white;
}
a {
color: white;
}
.app {
width: fit-content;
margin: auto;
text-align: center;
}

7
static/css/register.css Normal file
View File

@@ -0,0 +1,7 @@
.error {
color: red;
}
.ok {
color: green;
}

14
static/css/results.css
View File

@@ -26,9 +26,8 @@ body {
}
.app {
margin: auto;
margin-bottom: 60px;
height: calc(100dvh + 60px);
margin: auto auto 60px;
height: calc(100% + 60px);
width: 100%;
max-width: 500px;
}
@@ -36,6 +35,7 @@ body {
.app > p {
color: white;
line-break: strict;
white-space: pre-line;
}
.app > h1 {
@@ -76,3 +76,11 @@ body {
grid-column-start: 2;
grid-column-end: 3;
}
.login {
position: fixed;
right: 0;
top: 0;
color: white;
padding: 10px;
}

16
static/css/unauthorised.css Normal file
View File

@@ -0,0 +1,16 @@
body {
background-color: #11111b;
text-align: center;
}
h1 {
color: red;
}
h3 {
color: yellow;
}
p, a {
color: white;
}

27
static/html/admin.html Normal file
View File

@@ -0,0 +1,27 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<title>Administration</title>
<style>
a {
margin: 2px;
padding: 10px;
border: 1px solid black;
width: min-content;
}
</style>
</head>
<body>
<h1>Admin Panel</h1>
<div style="display:flex; flex-flow: column;">
<a href="admin/votes">Votes</a>
<a href="admin/players">Players</a>
<a href="admin/users">Users</a>
</div>
</body>
</html>

19
static/html/admin_players.html Normal file
View File

@@ -0,0 +1,19 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<script src="static/js/admin_players.js" defer="defer"></script>
<title>Admin - Players</title>
</head>
<body>
<div>
<h1>Players</h1>
<p>id, name</p>
<div id="players"></div>
</div>
</body>
</html>

19
static/html/admin_users.html Normal file
View File

@@ -0,0 +1,19 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<script src="static/js/admin_users.js" defer="defer"></script>
<title>Admin - Users</title>
</head>
<body>
<div>
<h1>Users</h1>
<p>id, username, permission</p>
<div id="users"></div>
</div>
</body>
</html>

20
static/html/admin_votes.html Normal file
View File

@@ -0,0 +1,20 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<script src="static/js/admin_votes.js" defer="defer"></script>
<title>Admin - Votes</title>
</head>
<body>
<div>
<h1>Votes</h1>
<h3 id="votes_number"></h3>
<p>id, submit_date, plus_id, plus_nickname, plus_reason, minus_id, minus_nickname, minus_reason</p>
<div id="votes"></div>
</div>
</body>
</html>

3
static/html/index.html
View File

@@ -15,6 +15,8 @@
<h1 id="app_title">Vote +</h1>
<label for="player_id">Pour qui votes tu?</label>
<select id="player_id"></select>
<label id="other_label" for="other" hidden="hidden">Autre:</label>
<input id="other" hidden="hidden">
<label for="nickname">As-tu un surnom à lui donner?</label>
<input type="text" id="nickname">
<label for="reason">Pourquoi votes-tu pour lui?</label>
@@ -34,5 +36,6 @@
<a href="/results">Résultats</a>
<a href="/archives">Archives</a>
</div>
<a href="/login" class="login" id="login">Se connecter</a>
</body>
</html>

41
static/html/login.html Normal file
View File

@@ -0,0 +1,41 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<script src="static/js/login.js" defer="defer"></script>
<link rel="stylesheet" href="static/css/login.css">
<title>Login</title>
</head>
<body>
<div class="app">
<h1>Connection</h1>
<h3 id="message"></h3>
<div class="sub">
<label for="username">Nom d'utilisateur:</label>
<br>
<input id="username">
<br>
<label for="password">Mot de passe:</label>
<br>
<input id="password" type="password">
<br>
<div>
<label class="inline" for="showPassword">Montrer le mot de passe?</label>
<input id="showPassword" type="checkbox">
</div>
<button id="connect">Se connecter</button>
</div>
<p>Tu n'as pas de compte?</p>
<a href="/register">Créer un compte.</a>
</div>
<div id="footer" class="footer">
<a href="/">Voter</a>
<a href="/results">Résultats</a>
<a href="/archives">Archives</a>
</div>
</body>
</html>

20
static/html/logout.html Normal file
View File

@@ -0,0 +1,20 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<script src="static/js/logout.js" defer="defer"></script>
<link rel="stylesheet" href="static/css/logout.css">
<title>Déconnection</title>
</head>
<body>
<div class="app">
<h2>Tu es désormais déconnecté.<br>Tu seras redirigé dans pas longtemps.</h2>
<p>Pas encore redirigé?</p>
<a href="/">Click ici pour être redirigé.</a>
</div>
</body>
</html>

61
static/html/register.html Normal file
View File

@@ -0,0 +1,61 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<script src="static/js/register.js" defer="defer"></script>
<link rel="stylesheet" href="static/css/login.css">
<link rel="stylesheet" href="static/css/register.css">
<title>Register</title>
</head>
<body>
<div class="app">
<h1>Créer un nouveau compte</h1>
<h3 id="message"></h3>
<div class="sub">
<label for="username">Nom d'utilisateur:</label>
<br>
<input id="username">
<br>
<p class="error" id="usernameNotice">Le nom d'utilisateur doit ne pas contenir de caractères spéciaux.</p>
<label for="password">Mot de passe:</label>
<br>
<input id="password" type="password">
<br>
<div>
<label class="inline" for="showPassword">Montrer le mot de passe?</label>
<input id="showPassword" type="checkbox">
</div>
<p class="error" id="passwordNotice">Le mot de passe doit contenir plus de 8 caractères et doit contenir au minimum:
<br>
1 Majuscule
<br>
1 Symbole
<br>
1 Minuscule
<br>
1 Nombre
</p>
<label for="passwordConfirm">Confirmer le mot de passe:</label>
<br>
<input id="passwordConfirm" type="password">
<div>
<label class="inline" for="showConfirmPassword">Montrer le mot de passe?</label>
<input id="showConfirmPassword" type="checkbox">
</div>
<p class="error" id="passwordConfirmNotice">Les mots de passe doivent être les mêmes.</p>
<button id="register">Créer un compte.</button>
</div>
<p>Tu as déjà un compte?</p>
<a href="/login">Se connecter.</a>
</div>
<div id="footer" class="footer">
<a href="/">Voter</a>
<a href="/results">Résultats</a>
<a href="/archives">Archives</a>
</div>
</body>
</html>

1
static/html/results.html
View File

@@ -11,6 +11,7 @@
<script src="/static/js/results.js" defer="defer"></script>
</head>
<body>
<a href="/login" class="login" id="login">Se connecter</a>
<div id="app" class="app"></div>
<div id="footer" class="footer">
<a href="/">Voter</a>

22
static/html/unauthorised.html Normal file
View File

@@ -0,0 +1,22 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<base href="/" target="_top">
<link rel="stylesheet" href="static/css/unauthorised.css">
<title>Non autorisé</title>
</head>
<body>
<div class="app" id="app">
<h1>Tu n'es pas autorisé à accèder à cette page.</h1>
<h3>Merci de bien vouloir te connecter.</h3>
<a href="/login">Se connecter</a>
<p>Tu n'as pas de compte?</p>
<a href="/register">Créer un compte</a>
<h3>Si c'est une erreur, contacte un administrateur.</h3>
</div>
</body>
</html>

43
static/js/admin_players.js Normal file
View File

@@ -0,0 +1,43 @@
async function run() {let players = await fetch("/admin/data/players").then(r => r.json());
let playersDiv = document.getElementById("players");
for (let i = 0; i < players.length; i++) {
let item = document.createElement("div");
let id = document.createElement("p");
let name = document.createElement("input");
let edit = document.createElement("button");
let del = document.createElement("button");
edit.textContent = "Edit";
del.textContent = "Delete";
id.textContent = players[i]["id"];
name.value = players[i]["name"];
item.style.display = "flex";
item.append(id, name, edit, del);
playersDiv.appendChild(item);
edit.addEventListener("click", async () => {
await fetch("/admin/edit/player", { method: "POST", body: JSON.stringify({ "id": players[i]["id"], "name": name.value }) });
window.location.reload();
})
del.addEventListener("click", async () => {
if (confirm("Delete item?")) {
await fetch("/admin/delete/player", { method: "POST", body: JSON.stringify({ "id": players[i]["id"] }) });
window.location.reload();}
})
}
let newPlayer = document.createElement("button");
newPlayer.textContent = "Add Player";
newPlayer.addEventListener("click", () => {
let item = document.createElement("div");
let name = document.createElement("input");
let save = document.createElement("button");
save.textContent = "Save";
item.append(name, save);
playersDiv.appendChild(item);
save.addEventListener("click", async () => {
await fetch("/admin/new/player", { method: "POST", body: JSON.stringify({ "name": name.value }) })
window.location.reload();
})
})
playersDiv.parentNode.append(newPlayer);
}
let _ = run();

32
static/js/admin_users.js Normal file
View File

@@ -0,0 +1,32 @@
async function run() {
let users = await fetch("/admin/data/users").then(r => r.json());
let usersDiv = document.getElementById("users");
for (let i = 0; i < users.length; i++) {
let item = document.createElement("div");
let id = document.createElement("p");
let username = document.createElement("input");
let permissions = document.createElement("input");
let edit = document.createElement("button");
let del = document.createElement("button");
edit.textContent = "Edit";
del.textContent = "Delete";
id.textContent = users[i][0];
username.value = users[i][1];
permissions.value = users[i][2];
item.style.display = "flex";
item.append(id, username, permissions, edit, del);
usersDiv.appendChild(item);
edit.addEventListener("click", async () => {
await fetch("/admin/edit/user", { method: "POST", body: JSON.stringify({ "id": users[i][0], "username": username.value, "permissions": parseInt(permissions.value) }) });
window.location.reload();
})
del.addEventListener("click", async () => {
if (confirm("Delete item?")) {
await fetch("/admin/delete/user", { method: "POST", body: JSON.stringify({ "id": users[i][0] }) });
window.location.reload();}
})
}
}
let _ = run();

66
static/js/admin_votes.js Normal file
View File

@@ -0,0 +1,66 @@
async function run() {
let votes = await fetch("/admin/data/votes").then(r => r.json());
let today = document.getElementById("votes_number");
let count = await fetch("/data/votes").then(r => r.json());
today.textContent = `Aujourd'hui il y a ${count.length} votes`;
let votesDiv = document.getElementById("votes");
for (let i = 0; i < votes.length; i++) {
let vote = votes[i];
let item = document.createElement("div");
item.style.display = "flex";
let id = document.createElement("p");
id.textContent = vote["id"];
let submit_date = document.createElement("input");
submit_date.value = vote["submit_date"];
let plus_id = document.createElement("input");
plus_id.type = "number";
plus_id.value = vote["plus_player_id"];
let plus_nickname = document.createElement("input");
plus_nickname.value = vote["plus_nickname"];
let plus_reason = document.createElement("textarea");
plus_reason.value = vote["plus_reason"];
plus_reason.style.width = "500px";
plus_reason.style.height = "100px";
plus_reason.style.whiteSpace = "pre-line";
let minus_id = document.createElement("input");
minus_id.type = "number";
minus_id.value = vote["minus_player_id"];
let minus_nickname = document.createElement("input");
minus_nickname.value = vote["minus_nickname"];
let minus_reason = document.createElement("textarea");
minus_reason.value = vote["minus_reason"];
minus_reason.style.whiteSpace = "pre-line";
minus_reason.style.width = "500px";
minus_reason.style.height = "100px";
let edit = document.createElement("button");
edit.textContent = "Edit";
let del = document.createElement("button");
del.textContent = "Delete";
item.append(id, submit_date, plus_id, plus_nickname, plus_reason, minus_id, minus_nickname, minus_reason, edit, del);
votesDiv.append(item);
edit.addEventListener("click", async () => {
await fetch("/admin/edit/vote", {
method: "POST", body: JSON.stringify({
"id": votes[i]["id"],
"submit_date": submit_date.value,
"plus_player_id": parseInt(plus_id.value),
"plus_nickname": plus_nickname.value,
"plus_reason": plus_reason.value,
"minus_player_id": parseInt(minus_id.value),
"minus_nickname": minus_nickname.value,
"minus_reason": minus_reason.value
})
});
window.location.reload();
})
del.addEventListener("click", async () => {
if (confirm("Delete item?")) {
await fetch("/admin/delete/vote", { method: "POST", body: JSON.stringify({ "id": votes[i]["id"] }) });
window.location.reload();
}
})
}
}
let _ = run();

70
static/js/index.js
View File

@@ -1,4 +1,5 @@
let vote = {
submit_date: null,
plus_player_id: null,
plus_nickname: "",
plus_reason: "",
@@ -11,7 +12,7 @@ let current_page = 0;
async function main() {
if (read_cookie()) {
showMessage("Merci pour ton vote!", "Ton vote a bien été prit en compte.", false, "info");
showMessage("Merci pour ton vote!", "Ton vote a bien été pris en compte.", false, "info");
return;
}
let players = await fetch("/data/players").then(r => r.json());
@@ -24,10 +25,25 @@ async function main() {
option.textContent = x["name"];
select.append(option);
})
let other = document.createElement("option");
other.value = "other";
other.textContent = "Autre";
select.append(other);
select.value = null;
nickname.value = "";
reason.value = "";
select.addEventListener("change", () => {
if (select.value === "other") {
let other = document.getElementById("other");
other.hidden = false;
let otherLabel = document.getElementById("other_label");
otherLabel.hidden = false;
} else {
let other = document.getElementById("other");
other.hidden = true;
let otherLabel = document.getElementById("other_label");
otherLabel.hidden = true;
}
if (current_page) {
vote.minus_player_id = parseInt(select.value);
} else {
@@ -59,12 +75,28 @@ async function main() {
true, "warning");
return;
}
if (await fetch("/post", {
if (select.value === "other") {
let otherInput = document.getElementById("other");
if (otherInput.value === "") {
showMessage("Tu as sélectionné autre mais tu n'as pas donné de nom", "N'oublie pas de soit sélectioner une personne ou de mettre un nom dans ''Autre:''.", true, "warning");
return;
}
let otherInputLabel = document.getElementById("other_label");
let player = await fetch("/player", {method: "post", body: JSON.stringify({"name": otherInput.value})}).then(r => r.json());
let option = document.createElement("option");
option.value = player["id"];
option.textContent = player["name"];
select.insertBefore(option, other);
vote.minus_player_id = parseInt(player["id"]);
otherInput.value = "";
otherInput.hidden = true;
otherInputLabel.hidden = true;
}
if (await fetch("/vote", {
method: "post", body: JSON.stringify(vote)
})
.then(r => r.status) === 200) {
set_cookie();
showMessage("Merci pour ton vote!", "Ton vote a bien été prit en compte.", false, "info");
showMessage("Merci pour ton vote!", "Ton vote a bien été pris en compte.", false, "info");
}
console.log(vote);
} else {
@@ -76,6 +108,23 @@ async function main() {
}
rightButton.textContent = "À voté!";
title.textContent = "Vote -";
if (select.value === "other") {
let otherInput = document.getElementById("other");
if (otherInput.value === "") {
showMessage("Tu as sélectionné autre mais tu n'as pas donné de nom", "N'oublie pas de soit sélectioner une personne ou de mettre un nom dans ''Autre:''.", true, "warning");
return;
}
let otherInputLabel = document.getElementById("other_label");
let player = await fetch("/player", {method: "post", body: JSON.stringify({"name": otherInput.value})}).then(r => r.json());
let option = document.createElement("option");
option.value = player["id"];
option.textContent = player["name"];
select.insertBefore(option, other);
vote.plus_player_id = parseInt(player["id"]);
otherInput.value = "";
otherInput.hidden = true;
otherInputLabel.hidden = true;
}
current_page = 1;
leftButton.hidden = false;
select.value = vote.minus_player_id;
@@ -111,16 +160,13 @@ function showMessage(title, description, canBeDismissed, type) {
})
}
function set_cookie() {
let date = new Date(Date.now());
date.setDate(date.getDate() + 1);
date.setHours(0, 0,0);
console.log(date);
document.cookie = `hasvoted=true; expires=${date.toUTCString()}; path=/`;
}
function read_cookie() {
return document.cookie.includes("hasvoted=true");
}
let login = document.getElementById("login");
let logged = document.cookie.includes("logged=true");
login.textContent = logged ? "Se déconnecter" : "Se connecter";
login.href = logged ? "/logout" : "/login";
let _ = main();

28
static/js/login.js Normal file
View File

@@ -0,0 +1,28 @@
async function login() {
let username = document.getElementById("username").value;
let password = document.getElementById("password").value;
let code = await fetch("/login",
{method: "POST", body: JSON.stringify({"username": username, "password": password})})
.then(r => {
if (r.status === 400) {
let message = document.getElementById("message");
message.textContent = "Mauvais mot de passe/nom d'utilisateur!";
} else {
window.location.href = "/"}
});
}
let button = document.getElementById("connect");
let showPassword = document.getElementById("showPassword");
showPassword.addEventListener("click", () => {
let password = document.getElementById("password");
if (showPassword.checked) {
password.type = "text";
} else {
password.type = "password";
}
})
button.addEventListener("click", () => {
let _ = login();
})

4
static/js/logout.js Normal file
View File

@@ -0,0 +1,4 @@
setTimeout(async () => {
await fetch("/logout", {method: "POST"});
window.location.href = "/";
}, 3000);

78
static/js/register.js Normal file
View File

@@ -0,0 +1,78 @@
async function register() {
let username = document.getElementById("username").value;
let password = document.getElementById("password").value;
let passwordConfirm = document.getElementById("passwordConfirm").value;
if (!check_username(username) || !check_password(password) || password !== passwordConfirm) {
return;
}
let status = await fetch("/register", {method: "POST", body: JSON.stringify({"username": username, "password": password})}).then(r => r.status)
if (status === 200) {
window.location.href = "/login";
} else if (status === 400) {
document.getElementById("message").textContent = "Cet utilisateur existe déjà!"
}
}
function check_username(username) {
return username.match(/^[0-9a-zA-Z]+$/);
}
function check_password(password) {
return password.match(/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!-/:-@[-`{-~]).{8,}$/)
}
let button = document.getElementById("register");
button.addEventListener("click", () => {
let _ = register();
})
let username = document.getElementById("username");
username.addEventListener("input", () => {
if (check_username(username.value)) {
document.getElementById("usernameNotice").className = "ok";
} else {
document.getElementById("usernameNotice").className = "error";
}
})
let password = document.getElementById("password");
password.addEventListener("input", () => {
if (check_password(password.value)) {
document.getElementById("passwordNotice").className = "ok";
} else {
document.getElementById("passwordNotice").className = "error";
}
})
let passwordConfirm = document.getElementById("passwordConfirm");
passwordConfirm.addEventListener("input", () => {
if (passwordConfirm.value === password.value) {
document.getElementById("passwordConfirmNotice").className = "ok";
} else {
document.getElementById("passwordConfirmNotice").className = "error";
}
})
let showPassword = document.getElementById("showPassword");
let showConfirmPassword = document.getElementById("showConfirmPassword");
showPassword.addEventListener("click", () => {
let password = document.getElementById("password");
if (showPassword.checked) {
password.type = "text";
} else {
password.type = "password";
}
})
showConfirmPassword.addEventListener("click", () => {
let password = document.getElementById("passwordConfirm");
if (showConfirmPassword.checked) {
password.type = "text";
} else {
password.type = "password";
}
})

61
static/js/results.js
View File

@@ -23,7 +23,12 @@ function show_plus(id, votes, players) {
const app = document.getElementById("app");
app.innerHTML = "";
let vote = votes[id];
let player = players[vote["plus_player_id"] - 1]["name"];
let player = "?";
for (let i = 0; i < players.length; i++) {
if (players[i].id === vote["plus_player_id"]) {
player = players[i]["name"];
}
}
let nickname = vote["plus_nickname"];
let reason = vote["plus_reason"];
let minus = document.createElement("button");
@@ -31,12 +36,17 @@ function show_plus(id, votes, players) {
minus.addEventListener("click", () => {show_minus(id, votes, players)})
minus.className = "right";
let prev = document.createElement("button");
prev.textContent = "Vote précédent";
prev.addEventListener("click", () => {show_plus(id-1, votes, players)});
prev.className = "left";
const p = document.createElement("h2");
if (nickname === "") {
p.innerHTML = `${player}`;
}
else {
p.innerHTML = `${nickname} (${player})`
p.innerHTML = `${nickname} (${player})`;
}
const r = document.createElement("p");
@@ -47,7 +57,10 @@ function show_plus(id, votes, players) {
const buttons = document.createElement("div");
buttons.className = "buttons";
buttons.append(minus)
if (id-1>=0) {
buttons.append(prev);
}
buttons.append(minus);
app.append(head, p, r, buttons);
}
@@ -58,7 +71,12 @@ function show_minus(id, votes, players) {
let vote = votes[id];
let nickname = vote["minus_nickname"];
let reason = vote["minus_reason"];
let player = players[vote["minus_player_id"] - 1]["name"];
let player = "?";
for (let i = 0; i < players.length; i++) {
if (players[i].id === vote["minus_player_id"]) {
player = players[i]["name"];
}
}
let next = document.createElement("button");
if (id === votes.length - 1) {
next.textContent = "Résultats";
@@ -74,12 +92,17 @@ function show_minus(id, votes, players) {
})
next.className = "right";
let prev = document.createElement("button");
prev.textContent = "Vote précédent";
prev.addEventListener("click", () => {show_plus(id-1, votes, players)});
prev.className = "left";
const p = document.createElement("h2");
if (nickname === "") {
p.innerHTML = `${player}`;
}
else {
p.innerHTML = `${nickname} (${player})`
p.innerHTML = `${nickname} (${player})`;
}
const r = document.createElement("p");
@@ -90,7 +113,10 @@ function show_minus(id, votes, players) {
const buttons = document.createElement("div");
buttons.className = "buttons";
buttons.append(next)
if (id-1>=0) {
buttons.append(prev);
}
buttons.append(next);
app.append(head, p, r, buttons);
}
@@ -112,7 +138,12 @@ async function show_results(players) {
let counter = 0;
for (let i = 0; i < plus.length; i++) {
let p = plus[i];
let player = players[p[0] - 1]["name"];
let player = "?";
for (let i = 0; i < players.length; i++) {
if (players[i].id === p[0]) {
player = players[i]["name"];
}
}
let score = p[1];
if (prev_score == null || score < prev_score) {
counter += 1;
@@ -122,7 +153,7 @@ async function show_results(players) {
app.append(place);
}
const result = document.createElement("h3");
result.textContent = `${player} avec ${p[1]} votes!`;
result.textContent = `${player} avec ${p[1]} vote${p[1] > 1? 's' : ''}!`;
app.append(result);
}
const sep = document.createElement("hr");
@@ -134,7 +165,12 @@ async function show_results(players) {
counter = 0;
for (let i = 0; i < minus.length; i++) {
let p = minus[i];
let player = players[p[0] - 1]["name"];
let player = "?";
for (let i = 0; i < players.length; i++) {
if (players[i].id === p[0]) {
player = players[i]["name"];
}
}
let score = p[1];
if (prev_score == null || score < prev_score) {
counter += 1;
@@ -144,9 +180,14 @@ async function show_results(players) {
app.append(place);
}
const result = document.createElement("h3");
result.textContent = `${player} avec ${score} votes!`;
result.textContent = `${player} avec ${score} vote${score > 1 ?'s': ''}!`;
app.append(result);
}
}
let login = document.getElementById("login");
let logged = document.cookie.includes("logged=true");
login.textContent = logged ? "Se déconnecter" : "Se connecter";
login.href = logged ? "/logout" : "/login";
let _ = run();