admin panel work

2025-12-15 00:14:48 +01:00 · 2024-11-03 14:10:43 -05:00
parent 419a7d0a6a
commit 1d11cee520
13 changed files with 330 additions and 23 deletions
--- a/EpinelPS/Controllers/AccountController.cs
+++ b/EpinelPS/Controllers/AccountController.cs
@@ -83,7 +83,15 @@ namespace EpinelPS.Controllers
                }
            }

-            var user = new User() { ID = uid, Password = req.password, RegisterTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds(), Username = req.account, PlayerName = "Player_" + Rng.RandomString(8) };
+            var user = new User()
+            {
+                ID = uid,
+                Password = req.password,
+                RegisterTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
+                Username = req.account,
+                PlayerName = "Player_" + Rng.RandomString(8),
+                IsAdmin = JsonDb.Instance.Users.Count == 0
+            };

            JsonDb.Instance.Users.Add(user);

--- a/EpinelPS/Controllers/AdminPanel/AdminController.cs
+++ b/EpinelPS/Controllers/AdminPanel/AdminController.cs
@@ -14,9 +14,9 @@ namespace EpinelPS.Controllers
            _logger = logger;
        }

-        private bool CheckAuth()
+        public static bool CheckAuth(HttpContext context)
        {
-            string? token = HttpContext.Request.Cookies["token"];
+            string? token = context.Request.Cookies["token"];
            if (token == null) return false;


@@ -26,45 +26,40 @@ namespace EpinelPS.Controllers
            }
            return false;
        }
+
        [Route("dashboard")]
        public IActionResult Dashboard()
        {
-            if (!CheckAuth()) return Redirect("/admin/");
+            if (!CheckAuth(HttpContext)) return Redirect("/admin/");

            return View();
        }
        [Route("Events")]
        public IActionResult Events()
        {
-            if (!CheckAuth()) return Redirect("/admin/");
+            if (!CheckAuth(HttpContext)) return Redirect("/admin/");

            return View();
        }
        [Route("Configuration")]
        public IActionResult Configuration()
        {
-            if (!CheckAuth()) return Redirect("/admin/");
+            if (!CheckAuth(HttpContext)) return Redirect("/admin/");

            return View();
        }
-        [Route("Users")]
-        public IActionResult Users()
-        {
-            if (!CheckAuth()) return Redirect("/admin/");

-            return View();
-        }
        [Route("Mail")]
        public IActionResult Mail()
        {
-            if (!CheckAuth()) return Redirect("/admin/");
+            if (!CheckAuth(HttpContext)) return Redirect("/admin/");

            return View();
        }
        [Route("Database")]
        public IActionResult Database()
        {
-            if (!CheckAuth()) return Redirect("/admin/");
+            if (!CheckAuth(HttpContext)) return Redirect("/admin/");

            return View();
        }
--- a/EpinelPS/Controllers/AdminPanel/UsersController.cs
+++ b/EpinelPS/Controllers/AdminPanel/UsersController.cs
@@ -0,0 +1,102 @@
+using EpinelPS.Database;
+using EpinelPS.Models;
+using Microsoft.AspNetCore.Mvc;
+using System.Diagnostics;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace EpinelPS.Controllers
+{
+    [Route("admin/Users")]
+    public class UsersController : Controller
+    {
+        private readonly ILogger<AdminController> _logger;
+        private static MD5 sha = MD5.Create();
+
+        public UsersController(ILogger<AdminController> logger)
+        {
+            _logger = logger;
+        }
+
+        public IActionResult Index()
+        {
+            if (!AdminController.CheckAuth(HttpContext)) return Redirect("/admin/");
+
+            return View(JsonDb.Instance.Users);
+        }
+
+        [Route("Modify/{id}")]
+        public IActionResult Modify(ulong id)
+        {
+            if (!AdminController.CheckAuth(HttpContext)) return Redirect("/admin/");
+
+            if (id == null)
+            {
+                return NotFound();
+            }
+
+            var user = JsonDb.Instance.Users.Where(x => x.ID == id).FirstOrDefault();
+            if (user == null)
+            {
+                return NotFound();
+            }
+
+            return View(user);
+        }
+
+        [Route("SetPassword/{id}")]
+        public IActionResult SetPassword(ulong id)
+        {
+            if (!AdminController.CheckAuth(HttpContext)) return Redirect("/admin/");
+
+            if (id == null)
+            {
+                return NotFound();
+            }
+
+            var user = JsonDb.Instance.Users.Where(x => x.ID == id).FirstOrDefault();
+            if (user == null)
+            {
+                return NotFound();
+            }
+
+            user.Password = ""; // do not return the password
+
+            return View(user);
+        }
+
+
+        // To protect from overposting attacks, please enable the specific properties you want to bind to, for 
+        // more details see http://go.microsoft.com/fwlink/?LinkId=317598.
+        [Route("SetPassword")]
+        [HttpPost, ActionName("SetPassword")]
+        [ValidateAntiForgeryToken]
+        public async Task<IActionResult> SetPasswordConfirm(ulong? id)
+        {
+            if (!AdminController.CheckAuth(HttpContext)) return Redirect("/admin/");
+
+            if (id == null)
+            {
+                return NotFound();
+            }
+
+            string? newPw = Request.Form["PasswordHash"];
+            if (string.IsNullOrEmpty(newPw))
+            {
+                return BadRequest();
+            }
+            
+            // TODO: use bcrypt
+
+            var userToUpdate = JsonDb.Instance.Users.Where(s => s.ID == id).FirstOrDefault();
+            if (userToUpdate == null)
+            {
+                return NotFound();
+            }
+
+            userToUpdate.Password = Convert.ToHexString(sha.ComputeHash(Encoding.ASCII.GetBytes(newPw))).ToLower(); ;
+
+            return View(userToUpdate);
+        }
+    }
+}