sagi/seepur
sagi/seepur
1
0
Fork 1
Code Issues 2 Pull requests Releases Wiki Activity

Adding Delete user button and basic functionality

Browse source
This commit is contained in:
Aran Zaiger 2020-05-23 22:02:04 +03:00
parent 4d934fbcdf
commit 3bfa60db28
11 changed files with 336 additions and 295 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
app/Controllers/Http/AdminApiController.js
View file

@ -6,35 +6,50 @@ const IceServer = use('App/Models/IceServer');
const EmailUtils = use('App/Utils/EmailUtils'); const EmailUtils = use('App/Utils/EmailUtils');
class AdminApiController { class AdminApiController {
async getUsers({response}) { async getUsers({ response }) {
const users = await User.all(); const users = await User.all();
// console.log(typeof users); // console.log(typeof users);
// return users.rows.map(u => { // return users.rows.map(u => {
// return u.publicJSON(); // return u.publicJSON();
// }); // });
return users; return users;
} }
async addStunServer({request, response}) {}
async addTurnServer({request, response}) {} async deleteUser({ request, response }) {
console.log('in delete user')
async testEmailSettings({auth, response}) { const { id } = request.params
try {
if (EmailUtils.sendTestEmail(auth.user)) { const user = await User.find(id)
return { let userLinks = await user.links().fetch();
code: 0, data: {} const links = userLinks.rows
}
} const promises = [...links.map(l => (l.delete())), user.delete()];
return { return await Promise.all(promises);
code: 500, message: 'Something went wrong' }
} async addStunServer({ request, response }) {}
async addTurnServer({ request, response }) {}
} catch (e) {
response.code(500); async testEmailSettings({ auth, response }) {
return { try {
code: 500, message: e.message if (EmailUtils.sendTestEmail(auth.user)) {
} return {
code: 0,
data: {}
}
}
return {
code: 500,
message: 'Something went wrong'
}
} catch (e) {
response.code(500);
return {
code: 500,
message: e.message
}
}
} }
}
} }
module.exports = AdminApiController module.exports = AdminApiController

76
app/Models/User.js
View file

@ -7,54 +7,54 @@ const Hash = use('Hash')
const Model = use('Model') const Model = use('Model')
class User extends Model { class User extends Model {
static boot() { static boot() {
super super
.boot() .boot()
/** /**
* A hook to hash the user password before saving * A hook to hash the user password before saving
* it to the database. * it to the database.
*/ */
this.addHook('beforeSave', async (userInstance) => { this.addHook('beforeSave', async(userInstance) => {
if (userInstance.dirty.password) { if (userInstance.dirty.password) {
userInstance.password = await Hash.make(userInstance.password) userInstance.password = await Hash.make(userInstance.password)
} }
}) })
}
publicJSON() {
const u = this.toJSON();
return {
avatar: `https://api.adorable.io/avatars/285/${u.email}.png`, id: u.id,
name: u.name, isAdmin: u.is_admin
} }
}
static get hidden() { // publicJSON() {
return ['password'] // const u = this.toJSON();
} // return {
// avatar: `https://api.adorable.io/avatars/285/${u.email}.png`, id: u.id,
// name: u.name, isAdmin: u.is_admin
// }
// }
static get dates() { static get hidden() {
return super.dates.concat(['last_logged_in']) return ['password']
} }
/** static get dates() {
* A relationship on tokens is required for auth to return super.dates.concat(['last_logged_in'])
* work. Since features like `refreshTokens` or }
* `rememberToken` will be saved inside the
* tokens table.
*
* @method tokens
*
* @return {Object}
*/
tokens() {
return this.hasMany('App/Models/Token')
}
links() { /**
return this.hasMany('App/Models/Link') * A relationship on tokens is required for auth to
} * work. Since features like `refreshTokens` or
* `rememberToken` will be saved inside the
* tokens table.
*
* @method tokens
*
* @return {Object}
*/
tokens() {
return this.hasMany('App/Models/Token')
}
links() {
return this.hasMany('App/Models/Link')
}
} }
module.exports = User module.exports = User

240
config/shield.js
View file

@ -1,140 +1,140 @@
'use strict' 'use strict'
module.exports = { module.exports = {
/*
|--------------------------------------------------------------------------
| Content Security Policy
|--------------------------------------------------------------------------
|
| Content security policy filters out the origins not allowed to execute
| and load resources like scripts, styles and fonts. There are wide
| variety of options to choose from.
*/
csp: {
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Directives | Content Security Policy
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| All directives are defined in camelCase and here is the list of | Content security policy filters out the origins not allowed to execute
| available directives and their possible values. | and load resources like scripts, styles and fonts. There are wide
| | variety of options to choose from.
| https://content-security-policy.com
|
| @example
| directives: {
| defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
| }
|
*/ */
directives: {}, csp: {
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Report only | Directives
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Setting `reportOnly=true` will not block the scripts from running and | All directives are defined in camelCase and here is the list of
| instead report them to a URL. | available directives and their possible values.
| |
*/ | https://content-security-policy.com
reportOnly: false, |
/* | @example
|-------------------------------------------------------------------------- | directives: {
| Set all headers | defaultSrc: ['self', '@nonce', 'cdnjs.cloudflare.com']
|-------------------------------------------------------------------------- | }
| |
| Headers staring with `X` have been depreciated, since all major browsers */
| supports the standard CSP header. So its better to disable deperciated directives: {},
| headers, unless you want them to be set. /*
| |--------------------------------------------------------------------------
*/ | Report only
setAllHeaders: false, |--------------------------------------------------------------------------
|
| Setting `reportOnly=true` will not block the scripts from running and
| instead report them to a URL.
|
*/
reportOnly: false,
/*
|--------------------------------------------------------------------------
| Set all headers
|--------------------------------------------------------------------------
|
| Headers staring with `X` have been depreciated, since all major browsers
| supports the standard CSP header. So its better to disable deperciated
| headers, unless you want them to be set.
|
*/
setAllHeaders: false,
/*
|--------------------------------------------------------------------------
| Disable on android
|--------------------------------------------------------------------------
|
| Certain versions of android are buggy with CSP policy. So you can set
| this value to true, to disable it for Android versions with buggy
| behavior.
|
| Here is an issue reported on a different package, but helpful to read
| if you want to know the behavior.
https://github.com/helmetjs/helmet/pull/82
|
*/
disableAndroid: true
},
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Disable on android | X-XSS-Protection
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Certain versions of android are buggy with CSP policy. So you can set | X-XSS Protection saves applications from XSS attacks. It is adopted
| this value to true, to disable it for Android versions with buggy | by IE and later followed by some other browsers.
| behavior.
| |
| Here is an issue reported on a different package, but helpful to read | Learn more at
| if you want to know the behavior. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
https://github.com/helmetjs/helmet/pull/82
| |
*/ */
disableAndroid: true xss: { enabled: true, enableOnOldIE: false },
},
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| X-XSS-Protection | Iframe Options
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| X-XSS Protection saves applications from XSS attacks. It is adopted | xframe defines whether or not your website can be embedded inside an
| by IE and later followed by some other browsers. | iframe. Choose from one of the following options.
| | @available options
| Learn more at | DENY, SAMEORIGIN, ALLOW-FROM http://example.com
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection |
| | Learn more at
*/ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
xss: {enabled: true, enableOnOldIE: false}, */
xframe: 'DENY',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Iframe Options | No Sniff
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| xframe defines whether or not your website can be embedded inside an | Browsers have a habit of sniffing content-type of a response. Which means
| iframe. Choose from one of the following options. | files with .txt extension containing Javascript code will be executed as
| @available options | Javascript. You can disable this behavior by setting nosniff to false.
| DENY, SAMEORIGIN, ALLOW-FROM http://example.com |
| | Learn more at
| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
*/ */
xframe: 'DENY', nosniff: true,
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| No Sniff | No Open
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| Browsers have a habit of sniffing content-type of a response. Which means | IE users can execute webpages in the context of your website, which is
| files with .txt extension containing Javascript code will be executed as | a serious security risk. Below option will manage this for you.
| Javascript. You can disable this behavior by setting nosniff to false. |
| */
| Learn more at noopen: true,
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
*/
nosniff: true,
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| No Open | CSRF Protection
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| IE users can execute webpages in the context of your website, which is | CSRF Protection adds another layer of security by making sure, actionable
| a serious security risk. Below option will manage this for you. | routes does have a valid token to execute an action.
| |
*/ */
noopen: true, csrf: {
enable: true,
/* methods: ['POST', 'PUT', 'DELETE'],
|-------------------------------------------------------------------------- filterUris: [/api\/v1\/client\/\w+/, /api\/v1\/admin\/\w+/], // All Client API routes
| CSRF Protection cookieOptions: { httpOnly: false, sameSite: true, path: '/', maxAge: 7200 }
|-------------------------------------------------------------------------- }
| }
| CSRF Protection adds another layer of security by making sure, actionable
| routes does have a valid token to execute an action.
|
*/
csrf: {
enable: true,
methods: ['POST', 'PUT', 'DELETE'],
filterUris: [/api\/v1\/client\/\w+/], // All Client API routes
cookieOptions: {httpOnly: false, sameSite: true, path: '/', maxAge: 7200}
}
}

153
package.json
View file

@ -1,77 +1,78 @@
{ {
"name": "Seepur", "name": "Seepur",
"version": "0.0.1", "version": "0.0.1",
"adonis-version": "4.1.0", "adonis-version": "4.1.0",
"description": "A shared story time experience", "description": "A shared story time experience",
"main": "server.js", "main": "server.js",
"scripts": { "scripts": {
"build:css": "npx node-sass --omit-source-map-url resources/sass/main.scss public/style.css", "build:css": "npx node-sass --omit-source-map-url resources/sass/main.scss public/style.css",
"build:applications": "npx webpack --mode production", "build:applications": "npx webpack --mode production",
"watch:css": "npm run build:css -- --watch", "watch:css": "npm run build:css -- --watch",
"watch:applications": "npx webpack --watch", "watch:applications": "npx webpack --watch",
"migrate": "npx adonis migration:run -f", "migrate": "npx adonis migration:run -f",
"build": "npm run migrate && npm run build:css && npm run build:applications", "build": "npm run migrate && npm run build:css && npm run build:applications",
"start": "npm run migrate && node server.js", "start": "npm run migrate && node server.js",
"clean": "bash clean-hot-update.sh", "start:dev": "npx adonis serve --dev",
"test": "node ace test" "clean": "bash clean-hot-update.sh",
}, "test": "node ace test"
"keywords": [ },
"seepur" "keywords": [
], "seepur"
"author": "", ],
"license": "UNLICENSED", "author": "",
"private": true, "license": "UNLICENSED",
"dependencies": { "private": true,
"@adonisjs/ace": "^5.0.8", "dependencies": {
"@adonisjs/auth": "^3.0.7", "@adonisjs/ace": "^5.0.8",
"@adonisjs/bodyparser": "^2.0.5", "@adonisjs/auth": "^3.0.7",
"@adonisjs/cli": "^4.0.12", "@adonisjs/bodyparser": "^2.0.5",
"@adonisjs/cors": "^1.0.7", "@adonisjs/cli": "^4.0.12",
"@adonisjs/drive": "^1.0.4", "@adonisjs/cors": "^1.0.7",
"@adonisjs/fold": "^4.0.9", "@adonisjs/drive": "^1.0.4",
"@adonisjs/framework": "^5.0.9", "@adonisjs/fold": "^4.0.9",
"@adonisjs/ignitor": "^2.0.8", "@adonisjs/framework": "^5.0.9",
"@adonisjs/lucid": "^6.1.3", "@adonisjs/ignitor": "^2.0.8",
"@adonisjs/mail": "^3.0.10", "@adonisjs/lucid": "^6.1.3",
"@adonisjs/redis": "^2.0.7", "@adonisjs/mail": "^3.0.10",
"@adonisjs/session": "^1.0.27", "@adonisjs/redis": "^2.0.7",
"@adonisjs/shield": "^1.0.8", "@adonisjs/session": "^1.0.27",
"@adonisjs/validator": "^5.0.6", "@adonisjs/shield": "^1.0.8",
"@adonisjs/websocket": "^1.0.12", "@adonisjs/validator": "^5.0.6",
"@adonisjs/websocket-client": "^1.0.9", "@adonisjs/websocket": "^1.0.12",
"adonis-vue-websocket": "^2.0.2", "@adonisjs/websocket-client": "^1.0.9",
"animate.css": "^4.1.0", "adonis-vue-websocket": "^2.0.2",
"bulma": "^0.8.0", "animate.css": "^4.1.0",
"fork-awesome": "^1.1.7", "bulma": "^0.8.0",
"moment": "^2.24.0", "fork-awesome": "^1.1.7",
"regenerator-runtime": "^0.13.5", "moment": "^2.24.0",
"rematrix": "^0.7.0", "regenerator-runtime": "^0.13.5",
"sqlite3": "^4.1.1", "rematrix": "^0.7.0",
"typescript": "^3.7.5", "sqlite3": "^4.1.1",
"uuid": "^8.0.0", "typescript": "^3.7.5",
"vue": "^2.6.11", "uuid": "^8.0.0",
"vue-croppa": "^1.3.8", "vue": "^2.6.11",
"vue-router": "^3.1.5", "vue-croppa": "^1.3.8",
"vuex": "^3.1.2" "vue-router": "^3.1.5",
}, "vuex": "^3.1.2"
"devDependencies": { },
"@babel/core": "^7.8.3", "devDependencies": {
"@babel/plugin-transform-regenerator": "^7.8.7", "@babel/core": "^7.8.3",
"@babel/plugin-transform-runtime": "^7.9.0", "@babel/plugin-transform-regenerator": "^7.8.7",
"@types/node": "^14.0.1", "@babel/plugin-transform-runtime": "^7.9.0",
"babel-loader": "^8.0.6", "@types/node": "^14.0.1",
"babel-preset-env": "^1.7.0", "babel-loader": "^8.0.6",
"babel-preset-stage-2": "^6.24.1", "babel-preset-env": "^1.7.0",
"css-loader": "^3.4.2", "babel-preset-stage-2": "^6.24.1",
"node-sass": "^4.13.0", "css-loader": "^3.4.2",
"ts-loader": "^7.0.4", "node-sass": "^4.13.0",
"vue-loader": "^15.8.3", "ts-loader": "^7.0.4",
"vue-style-loader": "^4.1.2", "vue-loader": "^15.8.3",
"vue-template-compiler": "^2.6.11", "vue-style-loader": "^4.1.2",
"webpack": "^4.41.5", "vue-template-compiler": "^2.6.11",
"webpack-cli": "^3.3.10" "webpack": "^4.41.5",
}, "webpack-cli": "^3.3.10"
"autoload": { },
"App": "./app" "autoload": {
} "App": "./app"
} }
}

8
public/scripts/applications/admin/app.bundle.js
View file

File diff suppressed because one or more lines are too long

4
public/scripts/applications/home/app.bundle.js
View file

File diff suppressed because one or more lines are too long

2
public/scripts/components/navbar/app.bundle.js
View file

File diff suppressed because one or more lines are too long

2
public/scripts/views/register/app.bundle.js
View file

File diff suppressed because one or more lines are too long

24
resources/scripts/applications/admin/views/home.vue
View file

@ -3,6 +3,9 @@
<Modal title="CreateUser" :isActive="showCreateUser" @close="showCreateUser=false" acceptText="Create" @accept="createUser()"> <Modal title="CreateUser" :isActive="showCreateUser" @close="showCreateUser=false" acceptText="Create" @accept="createUser()">
test test
</Modal> </Modal>
<Modal title="DeleteUser" :isActive="showDeleteUser" @close="showDeleteUser=false; currentUser=null" acceptText="Delete" rejectText="Cancel" @accept="deleteUser(currentUser)">
Are you sure you want to delete {{user.name}}?
</Modal>
<nav class="level"> <nav class="level">
<div class="level-left"> <div class="level-left">
<div class="level-item"> <div class="level-item">
@ -35,6 +38,7 @@
<th>name</th> <th>name</th>
<th>email</th> <th>email</th>
<th>admin</th> <th>admin</th>
<th>edit</th>
</tr> </tr>
</thead> </thead>
<tr v-for="user in users" :key="user.id"> <tr v-for="user in users" :key="user.id">
@ -49,13 +53,15 @@
<td> <td>
<input class="checkbox" type="checkbox" :checked="user.is_admin" /> <input class="checkbox" type="checkbox" :checked="user.is_admin" />
</td> </td>
<td>
<button v-if="!user.is_admin" class="button" @click="onDeleteClicked(user)">Delete</button>
</td>
</tr> </tr>
</table> </table>
</div> </div>
</template> </template>
<script lang="ts"> <script lang="ts">
import ChildAvatar, { IChildAvatar } from "../components/child_avatar.vue";
import Services from "../../services/index"; import Services from "../../services/index";
import { mapGetters, mapActions } from "vuex"; import { mapGetters, mapActions } from "vuex";
import Modal from "../../shared/components/Modal/Modal.vue"; import Modal from "../../shared/components/Modal/Modal.vue";
@ -63,22 +69,28 @@ import Modal from "../../shared/components/Modal/Modal.vue";
export default { export default {
name: "Home", name: "Home",
components: { components: {
ChildAvatar,
Modal Modal
}, },
methods: { methods: {
createUser(){ createUser(){
alert('created'); alert('created');
}, },
async deleteUser(user){
console.log(user)
await Services.ApiService.deleteUser(user);
this.showDeleteUser=false;
await this.getUsers()
},
onDeleteClicked(user){
this.showDeleteUser = true;
this.currentUser = user;
},
...mapActions(["getUsers"]) ...mapActions(["getUsers"])
}, },
async created() { async created() {
this.loading = true; this.loading = true;
if (this.users === null) await this.getUsers(); if (this.users === null) await this.getUsers();
this.loading = false; this.loading = false;
// this.connections = await Services.ApiService.getConnections();
// this.users = await Services.ApiService.getAllUsers();
// console.dir(connections);
}, },
computed: { computed: {
// async users() { // async users() {
@ -89,6 +101,8 @@ export default {
return { return {
loading: true, loading: true,
showCreateUser: false, showCreateUser: false,
showDeleteUser: false,
currentUser: null,
}; };
} }
}; };

10
resources/scripts/applications/services/api.service.ts
View file

@ -1,5 +1,15 @@
export default class ApiService { export default class ApiService {
static async deleteUser(user: any) {
try{
return (await fetch(`/api/v1/admin/user/${user.id}`, {method: 'DELETE'})).json();
}
catch (e) {
console.error(`deleteUser ERROR: ${e.message}`);
return e;
}
}
static async getUser(userId?: number) { static async getUser(userId?: number) {
try { try {
return (await fetch('/api/v1/client/user/')).json(); return (await fetch('/api/v1/client/user/')).json();

39
start/routes.js
View file

@ -28,13 +28,13 @@ Route.post('/login', 'AuthController.login').validator('Login');
// reset-password // reset-password
Route.post('/password/request/reset', 'AuthController.resetPasswordRequest') Route.post('/password/request/reset', 'AuthController.resetPasswordRequest')
.validator('ResetPasswordRequest') .validator('ResetPasswordRequest')
.as('resetPasswordRequest'); .as('resetPasswordRequest');
Route.get('/password/reset', 'AuthController.resetPasswordRequestIndex'); Route.get('/password/reset', 'AuthController.resetPasswordRequestIndex');
Route.get('/password/reset/:token', 'AuthController.resetPasswordIndex'); Route.get('/password/reset/:token', 'AuthController.resetPasswordIndex');
Route.post('/password/reset', 'AuthController.resetPassword') Route.post('/password/reset', 'AuthController.resetPassword')
.validator('ResetPassword') .validator('ResetPassword')
.as('resetPassword'); .as('resetPassword');
/* /*
/ Client API / Client API
@ -42,12 +42,12 @@ Route.post('/password/reset', 'AuthController.resetPassword')
Route Route
.group(() => { .group(() => {
Route.post('connections/create', 'ClientApiController.createConnection'); Route.post('connections/create', 'ClientApiController.createConnection');
Route.get('user', 'ClientApiController.getUser'); Route.get('user', 'ClientApiController.getUser');
Route.post('child', 'ClientApiController.createChild'); Route.post('child', 'ClientApiController.createChild');
Route.get('child/:id', 'ClientApiController.getChild'); Route.get('child/:id', 'ClientApiController.getChild');
Route.post('child/:id', 'ClientApiController.updateChild'); Route.post('child/:id', 'ClientApiController.updateChild');
Route.post('call/create', 'ClientApiController.createCall'); Route.post('call/create', 'ClientApiController.createCall');
}) })
.prefix('api/v1/client') .prefix('api/v1/client')
.middleware(['auth']); .middleware(['auth']);
@ -65,9 +65,9 @@ Route
*/ */
Route.get('/u/books/:bookId/thumbnail', 'BookApiController.getThumbnail') Route.get('/u/books/:bookId/thumbnail', 'BookApiController.getThumbnail')
.middleware(['auth', 'BookContext']) .middleware(['auth', 'BookContext'])
/* /*
/ Pubic CDN Images / Pubic CDN Images
*/ */
Route.get('/u/images/:fileName', 'CdnController.publicImages'); Route.get('/u/images/:fileName', 'CdnController.publicImages');
/* /*
@ -76,16 +76,17 @@ Route.get('/u/images/:fileName', 'CdnController.publicImages');
// API // API
Route Route
.group(() => { .group(() => {
Route.get('users', 'AdminApiController.getUsers'); Route.get('users', 'AdminApiController.getUsers');
Route.get( Route.delete('user/:id', 'AdminApiController.deleteUser');
'settings/email/test/result', 'AdminApiController.testEmailSettings'); Route.get(
'settings/email/test/result', 'AdminApiController.testEmailSettings');
}) })
.prefix('/api/v1/admin') .prefix('/api/v1/admin')
.middleware(['auth', 'adminAuth']); .middleware(['auth', 'adminAuth']);
Route Route
.group(() => { .group(() => {
// //
Route.get('/*', 'AdminController.index'); Route.get('/*', 'AdminController.index');
}) })
.prefix('admin') .prefix('admin')
.middleware(['auth', 'adminAuth']); .middleware(['auth', 'adminAuth']);
@ -104,4 +105,4 @@ Route
// // return auth.user; // // return auth.user;
// }) // })
// .middleware(['auth']); // .middleware(['auth']);
Route.get('/*', 'IndexController.index').as('home'); Route.get('/*', 'IndexController.index').as('home');