add basic admin panel

2025-12-16 08:54:47 +01:00 · 2024-07-14 15:24:37 -04:00
parent 01f86a7d24
commit 367cd64b8e
11 changed files with 485 additions and 20 deletions
--- a/nksrv/AdminApiController.cs
+++ b/nksrv/AdminApiController.cs
@@ -0,0 +1,90 @@
+using EmbedIO;
+using EmbedIO.Routing;
+using EmbedIO.WebApi;
+using nksrv.Utils;
+using System;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace nksrv
+{
+    public class AdminApiController : WebApiController
+    {
+        public static Dictionary<string, User> AdminAuthTokens = new();
+        private static MD5 md5 = MD5.Create();
+        [Route(HttpVerbs.Any, "/login")]
+        public async Task Login()
+        {
+            var c = await HttpContext.GetRequestFormDataAsync();
+            var username = c["username"];
+            var password = c["password"];
+
+            if (HttpContext.Request.HttpMethod != "POST")
+            {
+                await HttpContext.SendStringAsync(File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "/www/admin/index.html").Replace("<errormsg/>", ""), "text/html", Encoding.Unicode);
+                return;
+            }
+
+            User? user = null;
+            bool nullusernames = false;
+            if (username != null && password != null)
+            {
+                var passwordHash = Convert.ToHexString(md5.ComputeHash(Encoding.ASCII.GetBytes(password))).ToLower();
+                foreach (var item in JsonDb.Instance.Users)
+                {
+                    if (item.Username == username)
+                    {
+                        if (item.Password.ToLower() == passwordHash)
+                        {
+                            user = item;
+                        }
+                    }
+                }
+            }
+            else
+            {
+                nullusernames = true;
+            }
+
+            if (user == null)
+            {
+                if (nullusernames == false)
+                {
+                    await HttpContext.SendStringAsync((string)File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "/www/admin/index.html").Replace("<errormsg/>", "Incorrect username or password"), "text/html", Encoding.Unicode);
+                    return;
+                }
+                else
+                {
+                    await HttpContext.SendStringAsync((string)File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "/www/admin/index.html").Replace("<errormsg/>", "Please enter a username or password"), "text/html", Encoding.Unicode);
+                    return;
+                }
+            }
+            else
+            {
+                if (user.IsAdmin)
+                {
+                    Response.Headers.Add("Set-Cookie", "token=" + CreateAuthToken(user) + ";path=/");
+                    HttpContext.Redirect("/admin/", 301);
+                }
+                else
+                {
+                    await HttpContext.SendStringAsync((string)File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "/www/admin/index.html").Replace("<errormsg/>", "User does not have admin panel access."), "text/html", Encoding.Unicode);
+                }
+            }
+        }
+
+        private static string CreateAuthToken(User user)
+        {
+            var tok = RandomString(128);
+            AdminAuthTokens.Add(tok, user);
+            return tok;
+        }
+
+        public static string RandomString(int length)
+        {
+            const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+            return new string(Enumerable.Repeat(chars, length)
+                .Select(s => s[new Random().Next(s.Length)]).ToArray());
+        }
+    }
+}