2023-07-20 12:44:22 (UTC-03:00)
Marcel Rodrigues <marcelgmr@gmail.com>
remove DB config now we only have one user: admin the admin password is always set upon server init
diff --git a/cogit/cfg.lua b/cogit/cfg.lua deleted file mode 100644 index 6c4587a..0000000 --- a/cogit/cfg.lua +++ /dev/null @@ -1,51 +0,0 @@ -local lud = require "ludweb" - -local hash = require "cogit.hash" - -local schema = [[ -CREATE TABLE IF NOT EXISTS User ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - nick TEXT NOT NULL UNIQUE, - name TEXT NOT NULL, - salt TEXT, - hash TEXT, - is_admin INTEGER -); -]] - -local CFG = {} -CFG.__index = CFG - -function CFG:add_defaults() - local pass = hash.get_pass("admin password: ") - local salt = hash.get_salt() - local hash = hash.hash_pass(pass, salt) - self.db:execute([[ - INSERT INTO User(id, nick, name, salt, hash, is_admin) VALUES - (1, "admin", "Admin", ?, ?, 1); - ]], lud.crypt.b64_enc(salt), lud.crypt.b64_enc(hash)) - return 1 -end - -function CFG:init() - self.db:execute_many(schema) - local admin = self:get_user("admin") - if admin == nil then - self:add_defaults() - end -end - -function CFG:get_user(nick) - return self.db:execute("SELECT * FROM User WHERE nick = ?;", nick)[1] -end - -function CFG:close() self.db:close() end - -local function new_cfg(path) - local self = setmetatable({}, CFG) - self.db = lud.sqlite.open(path) - self:init() - return self -end - -return {new_cfg=new_cfg} diff --git a/cogit/cogit.lua b/cogit/cogit.lua index 445756d..2dcfe6f 100644 --- a/cogit/cogit.lua +++ b/cogit/cogit.lua @@ -1,7 +1,6 @@ local git = require "cogit.git" local scan = require "cogit.scan" local hash = require "cogit.hash" -local cfg = require "cogit.cfg" local lud = require "ludweb" @@ -47,20 +46,8 @@ local function diff_cb(line_type, line) return line .. "\n" end -local function allowed(user, gname) - if gname == "public" then - return true - elseif user == nil then - return false - end - if user.is_admin then return true end - -- groups are not yet implemented in DB - --~ for _, ok in ipairs(user.groups) do - --~ if gname == ok then - --~ return true - --~ end - --~ end - return false +local function allowed(is_admin, gname) + return gname == "public" or is_admin end local LOG_ERROR, LOG_WARN, LOG_INFO, LOG_DEBUG = 0, 1, 2, 3 @@ -80,6 +67,11 @@ function Cogit:finish() self.initialized = false end +function Cogit:set_password(salt, hash) + self.salt = salt + self.hash = hash +end + function Cogit:run() self:init() self:log(LOG_INFO, "server running on port "..self.port) @@ -98,37 +90,33 @@ function Cogit:log(level, msg) end end -function Cogit:get_user(cookies) - local session_id = cookies["sid"] +function Cogit:is_admin(cookies) + local session_id = cookies.sid if session_id == nil then - return nil - end - local uname = self.sessions[session_id] - if uname == nil then - return nil + return false end - return self.cfg:get_user(uname) + return self.sessions[session_id] end function Cogit:routes() return { {"GET", "/?", function (req) - local user = self:get_user(req.cookies) + local is_admin = self:is_admin(req.cookies) local gnames = {} self:scan() for gname in pairs(self.groups) do - if allowed(user, gname) then + if allowed(is_admin, gname) then table.insert(gnames, gname) end end - local env = {title=self.title, user=user, gnames=gnames} + local env = {title=self.title, is_admin=is_admin, gnames=gnames} return lud.template.render_file("view/home.html", env) end}, {"GET", "/login", function (req) - local user = self:get_user(req.cookies) - if user ~= nil then -- already logged in + local is_admin = self:is_admin(req.cookies) + if is_admin then -- already logged in return "/", 303 else return lud.template.render_file("view/login.html", {title=self.title}) @@ -136,27 +124,18 @@ function Cogit:routes() end}, {"POST", "/login", function (req) - local uname = req.form.username local pass = req.form.password - local user = self.cfg:get_user(uname) local salt, h - if user == nil then - -- hash something as if we're trying to login anyway - salt = hash.get_salt() - h = hash.hash_pass(pass, salt) - self:log(LOG_INFO, "invalid username") + salt = lud.crypt.b64_dec(self.salt) + h = hash.hash_pass(pass, salt) + if h == lud.crypt.b64_dec(self.hash) then + local session_id = lud.crypt.b64_enc(lud.crypt.uuid4()) + self.sessions[session_id] = true + self:log(LOG_INFO, "logged in") + local cookie = {key="sid", val=session_id, path="/", age=self.session_age} + return "/", 303, "See Other", {cookie} else - salt = lud.crypt.b64_dec(user.salt) - h = hash.hash_pass(pass, salt) - if h == lud.crypt.b64_dec(user.hash) then - local session_id = lud.crypt.b64_enc(lud.crypt.uuid4()) - self.sessions[session_id] = uname - self:log(LOG_INFO, "logged in as "..uname) - local cookie = {key="sid", val=session_id, path="/", age=self.session_age} - return "/", 303, "See Other", {cookie} - else - self:log(LOG_INFO, "invalid password") - end + self:log(LOG_WARN, "invalid password") end return "/login", 303 end}, @@ -164,58 +143,58 @@ function Cogit:routes() function (req) local session_id = req.cookies["sid"] if session_id ~= nil then - self:log(LOG_INFO, "logged out as "..self.sessions[session_id]) + self:log(LOG_INFO, "logged out") self.sessions[session_id] = nil end return "/", 303 end}, {"GET", "/group/([%w_-]+)", function (req, gname) - local user = self:get_user(req.cookies) - if not allowed(user, gname) then + local is_admin = self:is_admin(req.cookies) + if not allowed(is_admin, gname) then return "/login", 303 end local rnames = {} for rname in pairs(self.groups[gname]) do table.insert(rnames, rname) end - local env = {title=self.title, user=user, gname=gname, rnames=rnames} + local env = {title=self.title, is_admin=is_admin, gname=gname, rnames=rnames} return lud.template.render_file("view/group.html", env) end}, {"GET", "/group/([%w_-]+)/repo/([%w_-]+)", function (req, gname, rname) - local user = self:get_user(req.cookies) - if not allowed(user, gname) then + local is_admin = self:is_admin(req.cookies) + if not allowed(is_admin, gname) then return "/login", 303 end local repo = self.groups[gname][rname] local bnames = repo:branches() local tnames = repo:tags() local env = { - title=self.title, user=user, repo=repo, gname=gname, + title=self.title, is_admin=is_admin, repo=repo, gname=gname, rname=rname, bnames=bnames, tnames=tnames, } return lud.template.render_file("view/repo.html", env) end}, {"GET", "/group/([%w_-]+)/repo/([%w_-]+)/history/([%w_-]+)", function (req, gname, rname, first) - local user = self:get_user(req.cookies) - if not allowed(user, gname) then + local is_admin = self:is_admin(req.cookies) + if not allowed(is_admin, gname) then return "/login", 303 end local repo = self.groups[gname][rname] local commit = repo:commit(first) local prev = repo:find_prev(commit:id(), self.limit) local env = { - title=self.title, user=user, gname=gname, rname=rname, bname=bname, - commit=commit, limit=self.limit, prev=prev, first=first, + title=self.title, is_admin=is_admin, gname=gname, rname=rname, + bname=bname, commit=commit, limit=self.limit, prev=prev, first=first, } return lud.template.render_file("view/history.html", env) end}, {"GET", "/group/([%w_-]+)/repo/([%w_-]+)/commit/([%w_-]+)", function (req, gname, rname, cid) - local user = self:get_user(req.cookies) - if not allowed(user, gname) then + local is_admin = self:is_admin(req.cookies) + if not allowed(is_admin, gname) then return "/login", 303 end local repo = self.groups[gname][rname] @@ -225,15 +204,15 @@ function Cogit:routes() local time_str = time_fmt(sig) local diff = repo:diff(commit, diff_cb) local env = { - title=self.title, user=user, gname=gname, rname=rname, bname=bname, + title=self.title, is_admin=is_admin, gname=gname, rname=rname, bname=bname, commit=commit, time_str=time_str, sig=sig, cid=cid, prev=prev, diff=diff, } return lud.template.render_file("view/commit.html", env) end}, {"GET", "/group/([%w_-]+)/repo/([%w_-]+)/commit/([%w_-]+)/tree/(.*)", function (req, gname, rname, cid, path) - local user = self:get_user(req.cookies) - if not allowed(user, gname) then + local is_admin = self:is_admin(req.cookies) + if not allowed(is_admin, gname) then return "/login", 303 end local repo = self.groups[gname][rname] @@ -251,7 +230,7 @@ function Cogit:routes() base = base .. "/" end local env = { - title=self.title, user=user, gname=gname, rname=rname, cid=cid, + title=self.title, is_admin=is_admin, gname=gname, rname=rname, cid=cid, path=path, base=base, parts=parts, node=node, } if node.type_ == "dir" then @@ -275,7 +254,6 @@ local function new_cogit(path, port, title, log_level) initialized=false, } self = setmetatable(self, Cogit) - self.cfg = cfg.new_cfg(self.path.."/conf.db") self:init() self:scan() self.app = lud.app.new_app(self:routes()) diff --git a/main.lua b/main.lua index 419a9e8..a759a95 100644 --- a/main.lua +++ b/main.lua @@ -1,3 +1,15 @@ +local lud = require "ludweb" + local cogit = require "cogit.cogit" +local hash = require "cogit.hash" + +local app = cogit.new_cogit(unpack(arg)) + +local pass = hash.get_pass("admin password: ") +local salt = hash.get_salt() +local hash = hash.hash_pass(pass, salt) +salt = lud.crypt.b64_enc(salt) +hash = lud.crypt.b64_enc(hash) +app:set_password(salt, hash) -cogit.new_cogit(unpack(arg)):run() +app:run() diff --git a/view/commit.html b/view/commit.html index e7c15e6..397d572 100644 --- a/view/commit.html +++ b/view/commit.html @@ -29,11 +29,11 @@ <a href="/group/{{$gname}}/repo/{{$rname}}/commit/{{$cid}}/tree/">tree</a> </div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br> diff --git a/view/dir.html b/view/dir.html index 3e4d71b..4a9b8fc 100644 --- a/view/dir.html +++ b/view/dir.html @@ -27,11 +27,11 @@ % end </div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br> diff --git a/view/file.html b/view/file.html index 7f8ffb3..7f8ad84 100644 --- a/view/file.html +++ b/view/file.html @@ -27,11 +27,11 @@ % end </div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br> diff --git a/view/group.html b/view/group.html index 24c68f0..0d60be7 100644 --- a/view/group.html +++ b/view/group.html @@ -15,11 +15,11 @@ {{$gname}} </div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br> diff --git a/view/history.html b/view/history.html index 6263fd1..1a55cb7 100644 --- a/view/history.html +++ b/view/history.html @@ -21,11 +21,11 @@ <a href="/group/{{$gname}}/repo/{{$rname}}/commit/{{$first}}/tree/">tree</a> </div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br> diff --git a/view/home.html b/view/home.html index 2698bb8..d1ee0ab 100644 --- a/view/home.html +++ b/view/home.html @@ -11,11 +11,11 @@ <body> <div id="nav-bar">home</div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br> diff --git a/view/login.html b/view/login.html index 417befd..e17ae9b 100644 --- a/view/login.html +++ b/view/login.html @@ -46,8 +46,7 @@ <h1 class="centered">Login</h1> <form action="/login" method="post"> <ul class="centered ul-form"> - <li><input type="text" class="flat-field" name="username" placeholder="User" autofocus></li> - <li><input type="password" class="flat-field" name="password" placeholder="Password"></li> + <li><input type="password" class="flat-field" name="password" placeholder="Password" autofocus></li> <li><input type="submit" class="flat-button" value="Login"></li> </ul> </form> diff --git a/view/repo.html b/view/repo.html index 6ec22be..a6475f5 100644 --- a/view/repo.html +++ b/view/repo.html @@ -17,11 +17,11 @@ {{$rname}} </div> <div id="auth-bar"> - % if $user == nil then - <a href="/login">login</a> - % else - <strong>{{$user.name}}</strong> + % if $is_admin then + <strong>Admin</strong> <a href="/logout">(logout)</a> + % else + <a href="/login">login</a> % end </div> <br>