fix(webui): require administrator permissions to change server config
This commit is contained in:
parent
6e27eea7bb
commit
d8956faed2
@ -1,8 +1,14 @@
|
||||
import { RequestHandler } from "express";
|
||||
import { config } from "@/src/services/configService";
|
||||
import { getAccountForRequest, isAdministrator } from "@/src/services/loginService";
|
||||
|
||||
const getConfigDataController: RequestHandler = (_req, res) => {
|
||||
const getConfigDataController: RequestHandler = async (req, res) => {
|
||||
const account = await getAccountForRequest(req);
|
||||
if (isAdministrator(account)) {
|
||||
res.json(config);
|
||||
} else {
|
||||
res.status(401).end();
|
||||
}
|
||||
};
|
||||
|
||||
export { getConfigDataController };
|
||||
|
||||
@ -1,9 +1,15 @@
|
||||
import { RequestHandler } from "express";
|
||||
import { updateConfig } from "@/src/services/configService";
|
||||
import { getAccountForRequest, isAdministrator } from "@/src/services/loginService";
|
||||
|
||||
const updateConfigDataController: RequestHandler = async (req, res) => {
|
||||
const account = await getAccountForRequest(req);
|
||||
if (isAdministrator(account)) {
|
||||
await updateConfig(String(req.body));
|
||||
res.end();
|
||||
} else {
|
||||
res.status(401).end();
|
||||
}
|
||||
};
|
||||
|
||||
export { updateConfigDataController };
|
||||
|
||||
@ -198,7 +198,11 @@
|
||||
<div class="col-lg-4">
|
||||
<div class="card mb-4">
|
||||
<h5 class="card-header">Server</h5>
|
||||
<form class="card-body" onsubmit="doChangeSettings();return false;">
|
||||
<div class="card-body">
|
||||
<div id="server-settings-no-perms" class="d-none">
|
||||
<p>You must be an administrator to use this feature. To become an administrator, add <code>"<span class="displayname"></span>"</code> to <code>administratorNames</code> in the config.json.</p>
|
||||
</div>
|
||||
<form id="server-settings" class="d-none" onsubmit="doChangeSettings();return false;">
|
||||
<div class="form-check">
|
||||
<input class="form-check-input" type="checkbox" id="skipStoryModeChoice" />
|
||||
<label class="form-check-label" for="skipStoryModeChoice">Skip Story Mode Choice</label>
|
||||
@ -269,6 +273,7 @@
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-4">
|
||||
<div class="card mb-4">
|
||||
<h5 class="card-header">Account</h5>
|
||||
|
||||
@ -792,7 +792,7 @@ const uiConfigs = [
|
||||
];
|
||||
|
||||
function doChangeSettings() {
|
||||
fetch("/custom/config")
|
||||
fetch("/custom/config?" + window.authz)
|
||||
.then(response => response.json())
|
||||
.then(json => {
|
||||
for (const i of uiConfigs) {
|
||||
@ -810,7 +810,7 @@ function doChangeSettings() {
|
||||
}
|
||||
}
|
||||
$.post({
|
||||
url: "/custom/config",
|
||||
url: "/custom/config?" + window.authz,
|
||||
contentType: "text/plain",
|
||||
data: JSON.stringify(json, null, 2)
|
||||
});
|
||||
@ -820,9 +820,14 @@ function doChangeSettings() {
|
||||
// Cheats route
|
||||
|
||||
single.getRoute("/webui/cheats").on("beforeload", function () {
|
||||
fetch("/custom/config")
|
||||
.then(response => response.json())
|
||||
.then(json =>
|
||||
let interval;
|
||||
interval = setInterval(() => {
|
||||
if (window.authz) {
|
||||
clearInterval(interval);
|
||||
fetch("/custom/config?" + window.authz).then(res => {
|
||||
if (res.status == 200) {
|
||||
$("#server-settings").removeClass("d-none");
|
||||
res.json().then(json =>
|
||||
Object.entries(json).forEach(entry => {
|
||||
const [key, value] = entry;
|
||||
var x = document.getElementById(`${key}`);
|
||||
@ -837,6 +842,12 @@ single.getRoute("/webui/cheats").on("beforeload", function () {
|
||||
}
|
||||
})
|
||||
);
|
||||
} else {
|
||||
$("#server-settings-no-perms").removeClass("d-none");
|
||||
}
|
||||
});
|
||||
}
|
||||
}, 10);
|
||||
|
||||
fetch("http://localhost:61558/ping", { mode: "no-cors" })
|
||||
.then(() => {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user