From a1b6917831dbea458873e69fa3a6351a5665f12a Mon Sep 17 00:00:00 2001
From: linkability <146661751+linkability@users.noreply.github.com>
Date: Fri, 6 Oct 2023 22:34:40 +0100
Subject: [PATCH] add admin password and elevate route
---
src/server/routes/api/v1/admin.ts | 82 +++++++++++++++++++++++++++++--
1 file changed, 79 insertions(+), 3 deletions(-)
diff --git a/src/server/routes/api/v1/admin.ts b/src/server/routes/api/v1/admin.ts
index 8c8168d..bf07ae5 100644
--- a/src/server/routes/api/v1/admin.ts
+++ b/src/server/routes/api/v1/admin.ts
@@ -1,8 +1,84 @@
-import { Router } from "express";
-import Files from "../../../lib/files";
+// Modules
-let router = Router()
+import { writeFile } from 'fs'
+import { Router } from "express";
+import bodyParser from "body-parser";
+
+// Libs
+
+import Files, { id_check_regex } from "../../../lib/files";
+import * as Accounts from '../../../lib/accounts'
+import * as Authentication from '../../../lib/auth'
+import { assertAPI, getAccount, noAPIAccess, requiresAccount, requiresAdmin, requiresPermissions } from "../../../lib/middleware";
+import ServeError from "../../../lib/errors";
+import { sendMail } from '../../../lib/mail';
+
+const Configuration = require(`${process.cwd()}/config.json`)
+
+const parser = bodyParser.json({
+ type: [ "type/plain", "application/json" ]
+})
+
+const router = Router()
+
+router.use(getAccount, requiresAccount, requiresAdmin, parser)
module.exports = function(files: Files) {
+ router.patch(
+ "/account/:username/password",
+ (req, res) => {
+ const Account = res.locals.acc
+
+ const targetUsername = req.params.username
+ const password = req.body.password
+
+ if (typeof password !== "string") {
+ ServeError(res, 404, "")
+ return
+ }
+
+ const targetAccount = Accounts.getFromUsername(targetUsername)
+
+ if (!targetAccount) {
+ ServeError(res, 404, "")
+ return
+ }
+
+ Accounts.password.set( targetAccount.id, password )
+
+ Authentication.AuthTokens.filter(e => e.account == targetAccount?.id).forEach((accountToken) => {
+ Authentication.invalidate(accountToken.token)
+ })
+
+ if (targetAccount.email) {
+ sendMail(targetAccount.email, `Your login details have been updated`, `Hello there! This email is to notify you of a password change that an administrator, ${Account.username}, has initiated. You have been logged out of your devices. Thank you for using monofile.`).then(() => {
+ res.send("OK")
+ }).catch((err) => {})
+ }
+
+ res.send()
+ }
+ )
+
+ router.patch(
+ "/account/:username/elevate",
+ (req, res) => {
+ const targetUsername = req.params.username
+ const targetAccount = Accounts.getFromUsername(targetUsername)
+
+ if (!targetAccount) {
+ ServeError(res, 404, "")
+ return
+ }
+
+ targetAccount.admin = true
+ Accounts.save()
+
+ res.send()
+ }
+ )
+
+
+
return router
}
\ No newline at end of file