ric/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-03-03 16:05:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

API: ensure user is active in checkLogin helper

Browse source
This commit is contained in:
M1CK431 2023-08-12 22:15:50 +02:00
parent 51f94d6cf5
commit 9521b8e122
10 changed files with 72 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
server/server.js
View file

@ -494,7 +494,7 @@ let needSetup = false;
return;
}
checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);
let user = await R.findOne("user", " id = ? AND active = 1 ", [
@ -544,7 +544,7 @@ let needSetup = false;
return;
}
checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);
await R.exec("UPDATE `user` SET twofa_status = 1 WHERE id = ? ", [
@ -577,7 +577,7 @@ let needSetup = false;
return;
}
checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);
await TwoFA.disable2FA(socket.userID);
@ -601,7 +601,7 @@ let needSetup = false;
socket.on("verifyToken", async (token, currentPassword, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await doubleCheckPassword(socket.userID, currentPassword);
let user = await R.findOne("user", " id = ? AND active = 1 ", [
@ -634,7 +634,7 @@ let needSetup = false;
socket.on("twoFAStatus", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let user = await R.findOne("user", " id = ? AND active = 1 ", [
socket.userID,
@ -696,7 +696,7 @@ let needSetup = false;
socket.on("getUsers", async callback => {
try {
checkLogin(socket);
await checkLogin(socket);
const users = await sendUserList(socket);
@ -714,7 +714,7 @@ let needSetup = false;
socket.on("getUser", async (userID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const user = await getUser(userID);
@ -732,7 +732,7 @@ let needSetup = false;
socket.on("saveUser", async (user, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await saveUser(socket, user);
await sendUserList(socket);
@ -752,7 +752,7 @@ let needSetup = false;
// Add a new monitor
socket.on("add", async (monitor, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let bean = R.dispense("monitor");
let notificationIDList = monitor.notificationIDList;
@ -809,7 +809,7 @@ let needSetup = false;
socket.on("editMonitor", async (monitor, callback) => {
try {
let removeGroupChildren = false;
checkLogin(socket);
await checkLogin(socket);
let bean = await R.findOne("monitor", " id = ? ", [ monitor.id ]);
@ -952,7 +952,7 @@ let needSetup = false;
socket.on("getMonitorList", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await server.sendMonitorList(socket);
callback({
ok: true,
@ -968,7 +968,7 @@ let needSetup = false;
socket.on("getMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.info("monitor", `Get Monitor: ${monitorID} User ID: ${socket.userID}`);
@ -992,7 +992,7 @@ let needSetup = false;
socket.on("getMonitorBeats", async (monitorID, period, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.info("monitor", `Get Monitor Beats: ${monitorID} User ID: ${socket.userID}`);
@ -1028,7 +1028,7 @@ let needSetup = false;
// Start or Resume the monitor
socket.on("resumeMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await startMonitor(socket.userID, monitorID);
await server.sendUpdateMonitorIntoList(socket, monitorID);
@ -1048,7 +1048,7 @@ let needSetup = false;
socket.on("pauseMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await pauseMonitor(socket.userID, monitorID);
await server.sendUpdateMonitorIntoList(socket, monitorID);
@ -1068,7 +1068,7 @@ let needSetup = false;
socket.on("deleteMonitor", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.info("manage", `Delete Monitor: ${monitorID} User ID: ${socket.userID}`);
@ -1105,7 +1105,7 @@ let needSetup = false;
socket.on("getTags", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const list = await R.findAll("tag");
@ -1124,7 +1124,7 @@ let needSetup = false;
socket.on("addTag", async (tag, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let bean = R.dispense("tag");
bean.name = tag.name;
@ -1146,7 +1146,7 @@ let needSetup = false;
socket.on("editTag", async (tag, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let bean = await R.findOne("tag", " id = ? ", [ tag.id ]);
if (bean == null) {
@ -1178,7 +1178,7 @@ let needSetup = false;
socket.on("deleteTag", async (tagID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await R.exec("DELETE FROM tag WHERE id = ? ", [ tagID ]);
@ -1198,7 +1198,7 @@ let needSetup = false;
socket.on("addMonitorTag", async (tagID, monitorID, value, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await R.exec("INSERT INTO monitor_tag (tag_id, monitor_id, value) VALUES (?, ?, ?)", [
tagID,
@ -1222,7 +1222,7 @@ let needSetup = false;
socket.on("editMonitorTag", async (tagID, monitorID, value, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await R.exec("UPDATE monitor_tag SET value = ? WHERE tag_id = ? AND monitor_id = ?", [
value,
@ -1246,7 +1246,7 @@ let needSetup = false;
socket.on("deleteMonitorTag", async (tagID, monitorID, value, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await R.exec("DELETE FROM monitor_tag WHERE tag_id = ? AND monitor_id = ? AND value = ?", [
tagID,
@ -1336,7 +1336,7 @@ let needSetup = false;
socket.on("changePassword", async (userID, password, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
if (!password.newPassword) {
throw new Error("Invalid new password");
@ -1368,7 +1368,7 @@ let needSetup = false;
socket.on("getSettings", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const data = await getSettings("general");
if (!data.serverTimezone) {
@ -1390,7 +1390,7 @@ let needSetup = false;
socket.on("setSettings", async (data, currentPassword, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
// If currently is disabled auth, don't need to check
// Disabled Auth + Want to Disable Auth => No Check
@ -1454,7 +1454,7 @@ let needSetup = false;
// Add or Edit
socket.on("addNotification", async (notification, notificationID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let notificationBean = await Notification.save(notification, notificationID, socket.userID);
await sendNotificationList(socket);
@ -1476,7 +1476,7 @@ let needSetup = false;
socket.on("deleteNotification", async (notificationID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await Notification.delete(notificationID, socket.userID);
await sendNotificationList(socket);
@ -1497,7 +1497,7 @@ let needSetup = false;
socket.on("testNotification", async (notification, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let msg = await Notification.send(notification, notification.name + " Testing");
@ -1518,7 +1518,7 @@ let needSetup = false;
socket.on("checkApprise", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
callback(Notification.checkApprise());
} catch (e) {
callback(false);
@ -1527,7 +1527,7 @@ let needSetup = false;
socket.on("clearEvents", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.info("manage", `Clear Events Monitor: ${monitorID} User ID: ${socket.userID}`);
@ -1551,7 +1551,7 @@ let needSetup = false;
socket.on("clearHeartbeats", async (monitorID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.info("manage", `Clear Heartbeats Monitor: ${monitorID} User ID: ${socket.userID}`);
@ -1575,7 +1575,7 @@ let needSetup = false;
socket.on("clearStatistics", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.info("manage", `Clear Statistics User ID: ${socket.userID}`);

10
server/socket-handlers/api-key-socket-handler.js
View file

@ -17,7 +17,7 @@ module.exports.apiKeySocketHandler = (socket) => {
// Add a new api key
socket.on("addAPIKey", async (key, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let clearKey = nanoid(40);
let hashedKey = passwordHash.generate(clearKey);
@ -54,7 +54,7 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("getAPIKeyList", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await sendAPIKeyList(socket);
callback({
ok: true,
@ -70,7 +70,7 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("deleteAPIKey", async (keyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("apikeys", `Deleted API Key: ${keyID} User ID: ${socket.userID}`);
@ -96,7 +96,7 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("disableAPIKey", async (keyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("apikeys", `Disabled Key: ${keyID} User ID: ${socket.userID}`);
@ -124,7 +124,7 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("enableAPIKey", async (keyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("apikeys", `Enabled Key: ${keyID} User ID: ${socket.userID}`);

10
server/socket-handlers/cloudflared-socket-handler.js
View file

@ -36,7 +36,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {
socket.on(prefix + "join", async () => {
try {
checkLogin(socket);
await checkLogin(socket);
socket.join("cloudflared");
io.to(socket.userID).emit(prefix + "installed", cloudflared.checkInstalled());
io.to(socket.userID).emit(prefix + "running", cloudflared.running);
@ -46,14 +46,14 @@ module.exports.cloudflaredSocketHandler = (socket) => {
socket.on(prefix + "leave", async () => {
try {
checkLogin(socket);
await checkLogin(socket);
socket.leave("cloudflared");
} catch (error) { }
});
socket.on(prefix + "start", async (token) => {
try {
checkLogin(socket);
await checkLogin(socket);
if (token && typeof token === "string") {
await setSetting("cloudflaredTunnelToken", token);
cloudflared.token = token;
@ -66,7 +66,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {
socket.on(prefix + "stop", async (currentPassword, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const disabledAuth = await setting("disableAuth");
if (!disabledAuth) {
await doubleCheckPassword(socket, currentPassword);
@ -82,7 +82,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {
socket.on(prefix + "removeToken", async () => {
try {
checkLogin(socket);
await checkLogin(socket);
await setSetting("cloudflaredTunnelToken", "");
} catch (error) { }
});

4
server/socket-handlers/database-socket-handler.js
View file

@ -11,7 +11,7 @@ module.exports.databaseSocketHandler = (socket) => {
// Post or edit incident
socket.on("getDatabaseSize", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
callback({
ok: true,
size: Database.getSize(),
@ -26,7 +26,7 @@ module.exports.databaseSocketHandler = (socket) => {
socket.on("shrinkDatabase", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await Database.shrink();
callback({
ok: true,

6
server/socket-handlers/docker-socket-handler.js
View file

@ -11,7 +11,7 @@ const { log } = require("../../src/util");
module.exports.dockerSocketHandler = (socket) => {
socket.on("addDockerHost", async (dockerHost, dockerHostID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let dockerHostBean = await DockerHost.save(dockerHost, dockerHostID, socket.userID);
await sendDockerHostList(socket);
@ -33,7 +33,7 @@ module.exports.dockerSocketHandler = (socket) => {
socket.on("deleteDockerHost", async (dockerHostID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await DockerHost.delete(dockerHostID, socket.userID);
await sendDockerHostList(socket);
@ -54,7 +54,7 @@ module.exports.dockerSocketHandler = (socket) => {
socket.on("testDockerHost", async (dockerHost, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let amount = await DockerHost.testDockerHost(dockerHost);
let msg;

2
server/socket-handlers/general-socket-handler.js
View file

@ -38,7 +38,7 @@ function getGameList() {
module.exports.generalSocketHandler = (socket, server) => {
socket.on("initServerTimezone", async (timezone) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("generalSocketHandler", "Timezone: " + timezone);
await Settings.set("initServerTimezone", true);
await server.setTimezone(timezone);

22
server/socket-handlers/maintenance-socket-handler.js
View file

@ -15,7 +15,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
// Add a new maintenance
socket.on("addMaintenance", async (maintenance, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", maintenance);
@ -46,7 +46,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
// Edit a maintenance
socket.on("editMaintenance", async (maintenance, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let bean = server.getMaintenance(maintenance.id);
@ -74,7 +74,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
// Add a new monitor_maintenance
socket.on("addMonitorMaintenance", async (maintenanceID, monitors, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await R.exec("DELETE FROM monitor_maintenance WHERE maintenance_id = ?", [
maintenanceID
@ -109,7 +109,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
// Add a new monitor_maintenance
socket.on("addMaintenanceStatusPage", async (maintenanceID, statusPages, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await R.exec("DELETE FROM maintenance_status_page WHERE maintenance_id = ?", [
maintenanceID
@ -143,7 +143,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("getMaintenance", async (maintenanceID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", `Get Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
@ -164,7 +164,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("getMaintenanceList", async (callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await server.sendMaintenanceList(socket);
callback({
ok: true,
@ -180,7 +180,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("getMonitorMaintenance", async (maintenanceID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", `Get Monitors for Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
@ -204,7 +204,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("getMaintenanceStatusPage", async (maintenanceID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", `Get Status Pages for Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
@ -228,7 +228,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("deleteMaintenance", async (maintenanceID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", `Delete Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
@ -259,7 +259,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("pauseMaintenance", async (maintenanceID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", `Pause Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
@ -293,7 +293,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
socket.on("resumeMaintenance", async (maintenanceID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
log.debug("maintenance", `Resume Maintenance: ${maintenanceID} User ID: ${socket.userID}`);

4
server/socket-handlers/proxy-socket-handler.js
View file

@ -12,7 +12,7 @@ const server = UptimeKumaServer.getInstance();
module.exports.proxySocketHandler = (socket) => {
socket.on("addProxy", async (proxy, proxyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
const proxyBean = await Proxy.save(proxy, proxyID, socket.userID);
await sendProxyList(socket);
@ -39,7 +39,7 @@ module.exports.proxySocketHandler = (socket) => {
socket.on("deleteProxy", async (proxyID, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
await Proxy.delete(proxyID, socket.userID);
await sendProxyList(socket);

12
server/socket-handlers/status-page-socket-handler.js
View file

@ -18,7 +18,7 @@ module.exports.statusPageSocketHandler = (socket) => {
// Post or edit incident
socket.on("postIncident", async (slug, incident, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let statusPageID = await StatusPage.slugToID(slug);
@ -71,7 +71,7 @@ module.exports.statusPageSocketHandler = (socket) => {
socket.on("unpinIncident", async (slug, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let statusPageID = await StatusPage.slugToID(slug);
@ -92,7 +92,7 @@ module.exports.statusPageSocketHandler = (socket) => {
socket.on("getStatusPage", async (slug, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
let statusPage = await R.findOne("status_page", " slug = ? ", [
slug
@ -118,7 +118,7 @@ module.exports.statusPageSocketHandler = (socket) => {
// imgDataUrl Only Accept PNG!
socket.on("saveStatusPage", async (slug, config, imgDataUrl, publicGroupList, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
// Save Config
let statusPage = await R.findOne("status_page", " slug = ? ", [
@ -256,7 +256,7 @@ module.exports.statusPageSocketHandler = (socket) => {
// Add a new status page
socket.on("addStatusPage", async (title, slug, callback) => {
try {
checkLogin(socket);
await checkLogin(socket);
title = title?.trim();
slug = slug?.trim();
@ -304,7 +304,7 @@ module.exports.statusPageSocketHandler = (socket) => {
const server = UptimeKumaServer.getInstance();
try {
checkLogin(socket);
await checkLogin(socket);
let statusPageID = await StatusPage.slugToID(slug);

6
server/util-server.js
View file

@ -757,8 +757,10 @@ exports.allowAllOrigin = (res) => {
* @returns {void}
* @throws The user is not logged in
*/
exports.checkLogin = (socket) => {
if (!socket.userID) {
exports.checkLogin = async (socket) => {
const user = await R.findOne("user", " id = ? AND active = 1 ", [ socket.userID ]);
if (!user) {
throw new Error("You are not logged in.");
}
};