diff --git a/src/controllers/custom/getConfigDataController.ts b/src/controllers/custom/getConfigDataController.ts index 9a8684ca..12208527 100644 --- a/src/controllers/custom/getConfigDataController.ts +++ b/src/controllers/custom/getConfigDataController.ts @@ -1,8 +1,14 @@ import { RequestHandler } from "express"; import { config } from "@/src/services/configService"; +import { getAccountForRequest, isAdministrator } from "@/src/services/loginService"; -const getConfigDataController: RequestHandler = (_req, res) => { - res.json(config); +const getConfigDataController: RequestHandler = async (req, res) => { + const account = await getAccountForRequest(req); + if (isAdministrator(account)) { + res.json(config); + } else { + res.status(401).end(); + } }; export { getConfigDataController }; diff --git a/src/controllers/custom/updateConfigDataController.ts b/src/controllers/custom/updateConfigDataController.ts index 3fdcc8e8..961cccb1 100644 --- a/src/controllers/custom/updateConfigDataController.ts +++ b/src/controllers/custom/updateConfigDataController.ts @@ -1,9 +1,15 @@ import { RequestHandler } from "express"; import { updateConfig } from "@/src/services/configService"; +import { getAccountForRequest, isAdministrator } from "@/src/services/loginService"; const updateConfigDataController: RequestHandler = async (req, res) => { - await updateConfig(String(req.body)); - res.end(); + const account = await getAccountForRequest(req); + if (isAdministrator(account)) { + await updateConfig(String(req.body)); + res.end(); + } else { + res.status(401).end(); + } }; export { updateConfigDataController }; diff --git a/static/webui/index.html b/static/webui/index.html index 2ab99f23..eb89f400 100644 --- a/static/webui/index.html +++ b/static/webui/index.html @@ -198,75 +198,80 @@
Server
-
-
- - +
+
+

You must be an administrator to use this feature. To become an administrator, add "" to administratorNames in the config.json.

-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
- - +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+ +
+
diff --git a/static/webui/script.js b/static/webui/script.js index 1be39ceb..56736c38 100644 --- a/static/webui/script.js +++ b/static/webui/script.js @@ -792,7 +792,7 @@ const uiConfigs = [ ]; function doChangeSettings() { - fetch("/custom/config") + fetch("/custom/config?" + window.authz) .then(response => response.json()) .then(json => { for (const i of uiConfigs) { @@ -810,7 +810,7 @@ function doChangeSettings() { } } $.post({ - url: "/custom/config", + url: "/custom/config?" + window.authz, contentType: "text/plain", data: JSON.stringify(json, null, 2) }); @@ -820,23 +820,34 @@ function doChangeSettings() { // Cheats route single.getRoute("/webui/cheats").on("beforeload", function () { - fetch("/custom/config") - .then(response => response.json()) - .then(json => - Object.entries(json).forEach(entry => { - const [key, value] = entry; - var x = document.getElementById(`${key}`); - if (x != null) { - if (x.type == "checkbox") { - if (value === true) { - x.setAttribute("checked", "checked"); - } - } else if (x.type == "number") { - x.setAttribute("value", `${value}`); - } + let interval; + interval = setInterval(() => { + if (window.authz) { + clearInterval(interval); + fetch("/custom/config?" + window.authz).then(res => { + if (res.status == 200) { + $("#server-settings").removeClass("d-none"); + res.json().then(json => + Object.entries(json).forEach(entry => { + const [key, value] = entry; + var x = document.getElementById(`${key}`); + if (x != null) { + if (x.type == "checkbox") { + if (value === true) { + x.setAttribute("checked", "checked"); + } + } else if (x.type == "number") { + x.setAttribute("value", `${value}`); + } + } + }) + ); + } else { + $("#server-settings-no-perms").removeClass("d-none"); } - }) - ); + }); + } + }, 10); fetch("http://localhost:61558/ping", { mode: "no-cors" }) .then(() => {