1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-11-30 05:19:57 +00:00

MWS authentication (#8596)

* mws authentication

* add more tests and permission checkers

* add logic to ensure that only authenticated users' requests are handled

* add custom login page

* Implement user authentication as well as session handling

* work on user operations authorization

* add middleware to route handlers for bags & tiddlers routes

* add feature that only returns the tiddlers and bags which the user has permission to access on index page

* refactor auth routes & added user management page

* fix Ci Test failure issue

* fix users list page, add manage roles page

* add commands and scripts to create new user & assign roles and permissions

* resolved ci-test failure

* add ACL permissions to bags & tiddlers on creation

* fix comments and access control list bug

* fix indentation issues

* working on user profile edit

* remove list users command & added support for database in server options

* implement user profile update and password change feature

* update plugin readme

* implement command which triggers protected mode on the server

* revert server-wide auth flag. Implement selective authorization

* ACL management feature

* Complete Access control list implementation

* Added support to manage users' assigned role by admin

* fix comments

* fix comment
This commit is contained in:
webplusai 2024-10-30 18:59:44 +01:00 committed by GitHub
parent 5d6ddaee7e
commit 6a7612ddf8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
64 changed files with 3966 additions and 307 deletions

View File

@ -159,6 +159,8 @@ ListBullet/Caption: bulleted list
ListBullet/Hint: Apply bulleted list formatting to lines containing selection ListBullet/Hint: Apply bulleted list formatting to lines containing selection
ListNumber/Caption: numbered list ListNumber/Caption: numbered list
ListNumber/Hint: Apply numbered list formatting to lines containing selection ListNumber/Hint: Apply numbered list formatting to lines containing selection
ManageACL/Caption: manage access control
ManageACL/Hint: Manage access control configuration for this wiki
MonoBlock/Caption: monospaced block MonoBlock/Caption: monospaced block
MonoBlock/Hint: Apply monospaced block formatting to lines containing selection MonoBlock/Hint: Apply monospaced block formatting to lines containing selection
MonoLine/Caption: monospaced MonoLine/Caption: monospaced

View File

@ -44,7 +44,8 @@ NavigatorWidget.prototype.render = function(parent,nextSibling) {
{type: "tm-fold-tiddler", handler: "handleFoldTiddlerEvent"}, {type: "tm-fold-tiddler", handler: "handleFoldTiddlerEvent"},
{type: "tm-fold-other-tiddlers", handler: "handleFoldOtherTiddlersEvent"}, {type: "tm-fold-other-tiddlers", handler: "handleFoldOtherTiddlersEvent"},
{type: "tm-fold-all-tiddlers", handler: "handleFoldAllTiddlersEvent"}, {type: "tm-fold-all-tiddlers", handler: "handleFoldAllTiddlersEvent"},
{type: "tm-unfold-all-tiddlers", handler: "handleUnfoldAllTiddlersEvent"} {type: "tm-unfold-all-tiddlers", handler: "handleUnfoldAllTiddlersEvent"},
{type: "tm-manage-acl", handler: "handleManageACLTiddlersEvent"}
]); ]);
this.parentDomNode = parent; this.parentDomNode = parent;
this.computeAttributes(); this.computeAttributes();
@ -635,6 +636,14 @@ NavigatorWidget.prototype.handleUnfoldAllTiddlersEvent = function(event) {
}); });
}; };
NavigatorWidget.prototype.handleManageACLTiddlersEvent = function() {
var pathname = window.location.pathname;
var paths = pathname.split("/");
var recipeName = paths[paths.length - 1];
var bagName = document.querySelector("h1.tc-site-title").innerHTML;
window.location.href = "/admin/acl/"+recipeName+"/"+bagName
};
exports.navigator = NavigatorWidget; exports.navigator = NavigatorWidget;
})(); })();

View File

@ -0,0 +1,15 @@
title: $:/core/ui/Buttons/manage-acl
tags: $:/tags/PageControls
caption: {{$:/core/images/globe}} {{$:/language/Buttons/ManageACL/Caption}}
description: {{$:/language/Buttons/ManageACL/Hint}}
\whitespace trim
<$button tooltip={{$:/language/Buttons/ManageACL/Hint}} aria-label={{$:/language/Buttons/ManageACL/Caption}} class=<<tv-config-toolbar-class>>>
<$action-managetiddler tiddler=<<currentTiddler>>/>
{{$:/core/images/globe}}
<%if [<tv-config-toolbar-text>match[yes]] %>
<span class="tc-btn-text">
<$text text={{$:/language/Buttons/ManageACL/Caption}}/>
</span>
<%endif%>
</$button>

View File

@ -1,2 +1,2 @@
title: $:/tags/PageControls title: $:/tags/PageControls
list: [[$:/core/ui/Buttons/home]] [[$:/core/ui/Buttons/close-all]] [[$:/core/ui/Buttons/fold-all]] [[$:/core/ui/Buttons/unfold-all]] [[$:/core/ui/Buttons/permaview]] [[$:/core/ui/Buttons/new-tiddler]] [[$:/core/ui/Buttons/new-journal]] [[$:/core/ui/Buttons/new-image]] [[$:/core/ui/Buttons/import]] [[$:/core/ui/Buttons/export-page]] [[$:/core/ui/Buttons/control-panel]] [[$:/core/ui/Buttons/advanced-search]] [[$:/core/ui/Buttons/manager]] [[$:/core/ui/Buttons/tag-manager]] [[$:/core/ui/Buttons/language]] [[$:/core/ui/Buttons/palette]] [[$:/core/ui/Buttons/theme]] [[$:/core/ui/Buttons/layout]] [[$:/core/ui/Buttons/storyview]] [[$:/core/ui/Buttons/encryption]] [[$:/core/ui/Buttons/timestamp]] [[$:/core/ui/Buttons/full-screen]] [[$:/core/ui/Buttons/print]] [[$:/core/ui/Buttons/save-wiki]] [[$:/core/ui/Buttons/refresh]] [[$:/core/ui/Buttons/network-activity]] [[$:/core/ui/Buttons/more-page-actions]] list: [[$:/core/ui/Buttons/home]] [[$:/core/ui/Buttons/close-all]] [[$:/core/ui/Buttons/fold-all]] [[$:/core/ui/Buttons/unfold-all]] [[$:/core/ui/Buttons/permaview]] [[$:/core/ui/Buttons/new-tiddler]] [[$:/core/ui/Buttons/new-journal]] [[$:/core/ui/Buttons/new-image]] [[$:/core/ui/Buttons/import]] [[$:/core/ui/Buttons/export-page]] [[$:/core/ui/Buttons/control-panel]] [[$:/core/ui/Buttons/advanced-search]] [[$:/core/ui/Buttons/manager]] [[$:/core/ui/Buttons/tag-manager]] [[$:/core/ui/Buttons/language]] [[$:/core/ui/Buttons/palette]] [[$:/core/ui/Buttons/theme]] [[$:/core/ui/Buttons/layout]] [[$:/core/ui/Buttons/storyview]] [[$:/core/ui/Buttons/encryption]] [[$:/core/ui/Buttons/manage-acl]] [[$:/core/ui/Buttons/timestamp]] [[$:/core/ui/Buttons/full-screen]] [[$:/core/ui/Buttons/print]] [[$:/core/ui/Buttons/save-wiki]] [[$:/core/ui/Buttons/refresh]] [[$:/core/ui/Buttons/network-activity]] [[$:/core/ui/Buttons/more-page-actions]]

View File

@ -11,6 +11,15 @@
"tiddlywiki/snowwhite" "tiddlywiki/snowwhite"
], ],
"build": { "build": {
"mws-add-user": [
"--mws-add-permission", "READ", "Allows user to create tiddlers",
"--mws-add-permission", "WRITE", "Gives the user the permission to edit and delete tiddlers",
"--mws-add-role", "ADMIN", "System Administrator",
"--mws-assign-role-permission", "ADMIN", "READ",
"--mws-assign-role-permission", "ADMIN", "WRITE",
"--mws-add-user", "user", "pass123",
"--mws-assign-user-role", "user", "ADMIN"
],
"load-mws-demo-data": [ "load-mws-demo-data": [
"--mws-load-wiki-folder","./editions/tw5.com","docs", "TiddlyWiki Documentation from https://tiddlywiki.com","docs","TiddlyWiki Documentation from https://tiddlywiki.com", "--mws-load-wiki-folder","./editions/tw5.com","docs", "TiddlyWiki Documentation from https://tiddlywiki.com","docs","TiddlyWiki Documentation from https://tiddlywiki.com",
"--mws-load-wiki-folder","./editions/dev","dev","TiddlyWiki Developer Documentation from https://tiddlywiki.com/dev","dev-docs", "TiddlyWiki Developer Documentation from https://tiddlywiki.com/dev", "--mws-load-wiki-folder","./editions/dev","dev","TiddlyWiki Developer Documentation from https://tiddlywiki.com/dev","dev-docs", "TiddlyWiki Developer Documentation from https://tiddlywiki.com/dev",
@ -25,7 +34,14 @@
"--mws-save-tiddler-text","bag-alpha","$:/SiteTitle","bag-alpha", "--mws-save-tiddler-text","bag-alpha","$:/SiteTitle","bag-alpha",
"--mws-save-tiddler-text","bag-alpha","😀😃😄😁😆🥹😅😂","bag-alpha", "--mws-save-tiddler-text","bag-alpha","😀😃😄😁😆🥹😅😂","bag-alpha",
"--mws-save-tiddler-text","bag-beta","$:/SiteTitle","bag-beta", "--mws-save-tiddler-text","bag-beta","$:/SiteTitle","bag-beta",
"--mws-save-tiddler-text","bag-gamma","$:/SiteTitle","bag-gamma" "--mws-save-tiddler-text","bag-gamma","$:/SiteTitle","bag-gamma",
"--mws-add-permission", "READ", "Allows user to create tiddlers",
"--mws-add-permission", "WRITE", "Gives the user the permission to edit and delete tiddlers",
"--mws-add-role", "ADMIN", "System Administrator",
"--mws-add-role", "USER", "Basic User",
"--mws-assign-role-permission", "ADMIN", "READ",
"--mws-assign-role-permission", "ADMIN", "WRITE",
"--mws-assign-role-permission", "USER", "READ"
] ]
} }
} }

26
package-lock.json generated
View File

@ -9,10 +9,10 @@
"version": "5.3.6-prerelease", "version": "5.3.6-prerelease",
"license": "BSD", "license": "BSD",
"dependencies": { "dependencies": {
"@playwright/test": "^1.46.1", "@playwright/test": "^1.47.2",
"better-sqlite3": "^9.4.3", "better-sqlite3": "^9.4.3",
"node-sqlite3-wasm": "^0.8.10", "node-sqlite3-wasm": "^0.8.10",
"playwright": "^1.46.1" "playwright": "^1.47.2"
}, },
"bin": { "bin": {
"tiddlywiki": "tiddlywiki.js" "tiddlywiki": "tiddlywiki.js"
@ -177,11 +177,11 @@
"dev": true "dev": true
}, },
"node_modules/@playwright/test": { "node_modules/@playwright/test": {
"version": "1.46.1", "version": "1.47.2",
"resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.46.1.tgz", "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.47.2.tgz",
"integrity": "sha512-Fq6SwLujA/DOIvNC2EL/SojJnkKf/rAwJ//APpJJHRyMi1PdKrY3Az+4XNQ51N4RTbItbIByQ0jgd1tayq1aeA==", "integrity": "sha512-jTXRsoSPONAs8Za9QEQdyjFn+0ZQFjCiIztAIF6bi1HqhBzG9Ma7g1WotyiGqFSBRZjIEqMdT8RUlbk1QVhzCQ==",
"dependencies": { "dependencies": {
"playwright": "1.46.1" "playwright": "1.47.2"
}, },
"bin": { "bin": {
"playwright": "cli.js" "playwright": "cli.js"
@ -1205,11 +1205,11 @@
} }
}, },
"node_modules/playwright": { "node_modules/playwright": {
"version": "1.46.1", "version": "1.47.2",
"resolved": "https://registry.npmjs.org/playwright/-/playwright-1.46.1.tgz", "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.47.2.tgz",
"integrity": "sha512-oPcr1yqoXLCkgKtD5eNUPLiN40rYEM39odNpIb6VE6S7/15gJmA1NzVv6zJYusV0e7tzvkU/utBFNa/Kpxmwng==", "integrity": "sha512-nx1cLMmQWqmA3UsnjaaokyoUpdVaaDhJhMoxX2qj3McpjnsqFHs516QAKYhqHAgOP+oCFTEOCOAaD1RgD/RQfA==",
"dependencies": { "dependencies": {
"playwright-core": "1.46.1" "playwright-core": "1.47.2"
}, },
"bin": { "bin": {
"playwright": "cli.js" "playwright": "cli.js"
@ -1222,9 +1222,9 @@
} }
}, },
"node_modules/playwright-core": { "node_modules/playwright-core": {
"version": "1.46.1", "version": "1.47.2",
"resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.46.1.tgz", "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.47.2.tgz",
"integrity": "sha512-h9LqIQaAv+CYvWzsZ+h3RsrqCStkBHlgo6/TJlFst3cOTlLghBQlJwPOZKQJTKNaD3QIB7aAVQ+gfWbN3NXB7A==", "integrity": "sha512-3JvMfF+9LJfe16l7AbSmU555PaTl2tPyQsVInqm3id16pdDfvZ8TTZ/pyzmkbDrZTQefyzU7AIHlZqQnxpqHVQ==",
"bin": { "bin": {
"playwright-core": "cli.js" "playwright-core": "cli.js"
}, },

View File

@ -35,14 +35,15 @@
"start": "node ./tiddlywiki.js ./editions/multiwikiserver --mws-load-plugin-bags --build load-mws-demo-data --mws-listen", "start": "node ./tiddlywiki.js ./editions/multiwikiserver --mws-load-plugin-bags --build load-mws-demo-data --mws-listen",
"build:test-edition": "node ./tiddlywiki.js ./editions/test --verbose --version --build index", "build:test-edition": "node ./tiddlywiki.js ./editions/test --verbose --version --build index",
"test:multiwikiserver-edition": "node ./tiddlywiki.js ./editions/multiwikiserver/ --build load-mws-demo-data --mws-listen --mws-test-server http://127.0.0.1:8080/ --quit", "test:multiwikiserver-edition": "node ./tiddlywiki.js ./editions/multiwikiserver/ --build load-mws-demo-data --mws-listen --mws-test-server http://127.0.0.1:8080/ --quit",
"mws-add-user": "node ./tiddlywiki.js ./editions/multiwikiserver --build load-mws-demo-data --mws-listen --build mws-add-user --quit",
"test": "npm run build:test-edition && npm run test:multiwikiserver-edition", "test": "npm run build:test-edition && npm run test:multiwikiserver-edition",
"lint:fix": "eslint . --fix", "lint:fix": "eslint . --fix",
"lint": "eslint ." "lint": "eslint ."
}, },
"dependencies": { "dependencies": {
"@playwright/test": "^1.46.1", "@playwright/test": "^1.47.2",
"better-sqlite3": "^9.4.3", "better-sqlite3": "^9.4.3",
"node-sqlite3-wasm": "^0.8.10", "node-sqlite3-wasm": "^0.8.10",
"playwright": "^1.46.1" "playwright": "^1.47.2"
} }
} }

View File

@ -0,0 +1,65 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiclient/managetiddleraction.js
type: application/javascript
module-type: widget
A widget to manage tiddler actions.
\*/
(function(){
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
var Widget = require("$:/core/modules/widgets/widget.js").widget;
var ManageTiddlerAction = function(parseTreeNode,options) {
this.initialise(parseTreeNode,options);
};
/*
Inherit from the base widget class
*/
ManageTiddlerAction.prototype = new Widget();
/*
Render this widget into the DOM
*/
ManageTiddlerAction.prototype.render = function(parent,nextSibling) {
this.computeAttributes();
this.execute();
};
/*
Compute the internal state of the widget
*/
ManageTiddlerAction.prototype.execute = function() {
this.tiddler = this.getAttribute("tiddler");
};
/*
Invoke the action associated with this widget
*/
ManageTiddlerAction.prototype.invokeAction = function(triggeringWidget,event) {
var pathname = window.location.pathname;
var paths = pathname.split("/");
var recipeName = paths[paths.length - 1];
var bagName = document.querySelector("h1.tc-site-title").innerHTML;
window.location.href = "/admin/acl/"+recipeName+"/"+bagName;
};
/*
Refresh the widget by ensuring our attributes are up to date
*/
ManageTiddlerAction.prototype.refresh = function(changedTiddlers) {
var changedAttributes = this.computeAttributes();
if(changedAttributes.tiddler) {
this.refreshSelf();
return true;
}
return this.refreshChildren(changedTiddlers);
};
exports["action-managetiddler"] = ManageTiddlerAction;
})();

View File

@ -0,0 +1,43 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js
type: application/javascript
module-type: library
Handles authentication related operations
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
var crypto = require("crypto");
function Authenticator(database) {
if(!(this instanceof Authenticator)) {
return new Authenticator(database);
}
this.sqlTiddlerDatabase = database;
}
Authenticator.prototype.verifyPassword = function(inputPassword, storedHash) {
var hashedInput = this.hashPassword(inputPassword);
return hashedInput === storedHash;
};
Authenticator.prototype.hashPassword = function(password) {
return crypto.createHash("sha256").update(password).digest("hex");
};
Authenticator.prototype.createSession = function(userId) {
var sessionId = crypto.randomBytes(16).toString("hex");
// Store the session in your database or in-memory store
this.sqlTiddlerDatabase.createOrUpdateUserSession(userId, sessionId);
return sessionId;
};
exports.Authenticator = Authenticator;
})();

View File

@ -0,0 +1,19 @@
title: $:/plugins/tiddlywiki/multiwikiserver/auth/form/login
tags: $:/tags/ServerRoute
route-method: GET
route-path: /login
<$transclude tiddler="$:/plugins/tiddlywiki/multiwikiserver/auth/form/login/styles"/>
<html>
<head>
<$transclude tiddler="$:/plugins/tiddlywiki/multiwikiserver/auth/form/login/head"/>
</head>
<body>
<div class="login-container">
<$transclude tiddler="$:/plugins/tiddlywiki/multiwikiserver/auth/form/login/header" mode="block"/>
<$transclude tiddler="$:/plugins/tiddlywiki/multiwikiserver/auth/form/login/form" mode="block"/>
<$transclude tiddler="$:/plugins/tiddlywiki/multiwikiserver/auth/form/login/error-message" mode="block"/>
</div>
</body>
</html>

View File

@ -0,0 +1,7 @@
title: $:/plugins/tiddlywiki/multiwikiserver/auth/form/login/error-message
<$list filter="[[$:/temp/mws/login/error]!is[missing]]" variable="errorTiddler">
<div class="tc-error-message">
{{$:/temp/mws/login/error}}
</div>
</$list>

View File

@ -0,0 +1,8 @@
title: $:/plugins/tiddlywiki/multiwikiserver/auth/form/login/form
<form class="login-form" method="POST" action="/login">
<input type="hidden" name="returnUrl" value=<<returnUrl>>/>
<input type="text" name="username" placeholder="Username"/>
<input type="password" name="password" placeholder="Password"/>
<input type="submit" value="Log In"/>
</form>

View File

@ -0,0 +1,3 @@
title: $:/plugins/tiddlywiki/multiwikiserver/auth/form/login/head
<title>TiddlyWiki Login</title>

View File

@ -0,0 +1,3 @@
title: $:/plugins/tiddlywiki/multiwikiserver/auth/form/login/header
<h1>TiddlyWiki Login</h1>

View File

@ -0,0 +1,48 @@
title: $:/plugins/tiddlywiki/multiwikiserver/auth/form/login/styles
<style>
body {
font-family: Arial, sans-serif;
background-color: #f0f0f0;
margin: 0;
padding: 0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
}
.login-container {
max-width: 300px;
padding: 20px;
background-color: #ffffff;
border-radius: 5px;
box-shadow: 0 2px 10px rgba(0,0,0,0.1);
}
.login-container h1 {
text-align: center;
color: #333;
margin-bottom: 20px;
}
.login-form input {
width: 100%;
padding: 10px;
margin: 10px 0;
border: 1px solid #ddd;
border-radius: 4px;
box-sizing: border-box;
}
.login-form input[type="submit"] {
background-color: #4CAF50;
color: white;
cursor: pointer;
border: none;
}
.login-form input[type="submit"]:hover {
background-color: #45a049;
}
.tc-error-message {
color: #ff0000;
text-align: center;
margin-top: 10px;
}
</style>

View File

@ -33,3 +33,99 @@ To run the tests:
``` ```
./bin/test.sh ./bin/test.sh
``` ```
# Authentication & Authorization
## Overview
Our application has transitioned from a conventional username/password authentication system to a more robust Authentication and Authorization implementation. This new system supports multiple user accounts, roles, permissions, and a comprehensive access control list.
## Key Features
1. Multiple User Accounts
2. Role-based Access Control
3. Granular Permissions
4. Access Control List (ACL)
## Running the App
By default, the Multiwiki Server starts up without the need for authentication. An admin user is created by default with the username `user` and password `pass123`.
This user has the `ADMIN` role which grants full access to all recipes. This user is automatically assigned the `READ` and `WRITE` permissions.
You can create additional users and roles through the admin interface.
Access control is enforced at the recipe level. A user can read or write to a recipe if they have the `READ` or `WRITE` permission for that recipe.
Roles can be assigned to users and can have the `READ` and `WRITE` permissions assigned to them.
Guest users have no permissions and can only access recipes that do not have an ACL assigned to them.
To start the app, run the following command:
```bash
npm run start
```
## Setting Up the Admin User
To initialize the system with an admin user, use the following command:
```bash
npm run mws-add-user
```
This command performs the following actions:
- Creates a default admin user with the credentials:
- Username: `user`
- Password: `pass123`
- Establishes `READ` and `WRITE` permissions
- Creates an `ADMIN` role
- Assigns `READ` and `WRITE` permissions to the `ADMIN` role
- Assigns the `ADMIN` role to the newly created user
## User Management
Users can be managed through the application interface or via command-line tools. Each user account consists of:
- Unique username
- Securely hashed password
- Assigned role(s)
## Roles and Permissions
### Roles
Roles are used to group sets of permissions. The default setup includes an `ADMIN` role, but additional roles can be created as needed (e.g., `USER`, `MANAGER`).
### Permissions
Permissions define specific actions that can be performed. The default permissions are:
- `READ`: Allows viewing of resources
- `WRITE`: Allows creation, modification, and deletion of resources
Additional permissions can be created to suit specific application needs.
## Access Control List (ACL)
The ACL maintains a mapping between roles, permissions, and entities (such as recipes or bags). This allows for fine-grained control over who can perform what actions on which resources.
## Authentication Flow
1. User provides credentials (username and password)
2. System verifies credentials against stored user data
3. If valid, a session is created for the user
## Authorization Flow
1. User attempts to perform an action on a resource
2. System checks the user's role
3. System verifies if the role has the required permission for the action
4. System checks the ACL to ensure the role has permission for the specific entity
5. If all checks pass, the action is allowed; otherwise, it's denied
## Extending the System
To add new roles, permissions, or modify the ACL:
1. Use the provided administrative interface or CLI tools
2. Update the ACL structure in the application's configuration
3. Implement new permission checks in the relevant parts of the application
By following this documentation, you can effectively manage and utilize the new Authentication and Authorization system in your application.

View File

@ -0,0 +1,49 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/commands/mws-add-permission.js
type: application/javascript
module-type: command
Command to create a permission
\*/
(function(){
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.info = {
name: "mws-add-permission",
synchronous: false
};
var Command = function(params,commander,callback) {
this.params = params;
this.commander = commander;
this.callback = callback;
};
Command.prototype.execute = function() {
var self = this;
if(this.params.length < 2) {
return "Usage: --mws-add-permission <permission_name> <description>";
}
if(!$tw.mws || !$tw.mws.store || !$tw.mws.store.sqlTiddlerDatabase) {
return "Error: MultiWikiServer or SQL database not initialized.";
}
var permission_name = this.params[0];
var description = this.params[1];
$tw.mws.store.sqlTiddlerDatabase.createPermission(permission_name, description);
console.log(permission_name+" Permission Created Successfully!")
self.callback();
return null;
};
exports.Command = Command;
})();

View File

@ -0,0 +1,49 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/commands/mws-add-role.js
type: application/javascript
module-type: command
Command to create a role
\*/
(function(){
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.info = {
name: "mws-add-role",
synchronous: false
};
var Command = function(params,commander,callback) {
this.params = params;
this.commander = commander;
this.callback = callback;
};
Command.prototype.execute = function() {
var self = this;
if(this.params.length < 2) {
return "Usage: --mws-add-role <role_name> <description>";
}
if(!$tw.mws || !$tw.mws.store || !$tw.mws.store.sqlTiddlerDatabase) {
return "Error: MultiWikiServer or SQL database not initialized.";
}
var role_name = this.params[0];
var description = this.params[1];
$tw.mws.store.sqlTiddlerDatabase.createRole(role_name, description);
console.log(role_name+" Role Created Successfully!")
self.callback(null, "Role Created Successfully!");
return null;
};
exports.Command = Command;
})();

View File

@ -0,0 +1,58 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/commands/mws-add-user.js
type: application/javascript
module-type: command
Command to create users and grant permission
\*/
(function(){
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
if($tw.node) {
var crypto = require("crypto");
}
exports.info = {
name: "mws-add-user",
synchronous: false
};
var Command = function(params,commander,callback) {
this.params = params;
this.commander = commander;
this.callback = callback;
};
Command.prototype.execute = function() {
var self = this;
if(this.params.length < 2) {
return "Usage: --mws-add-user <username> <password> [email]";
}
if(!$tw.mws || !$tw.mws.store || !$tw.mws.store.sqlTiddlerDatabase) {
return "Error: MultiWikiServer or SQL database not initialized.";
}
var username = this.params[0];
var password = this.params[1];
var email = this.params[2] || username + "@example.com";
var hashedPassword = crypto.createHash("sha256").update(password).digest("hex");
var user = $tw.mws.store.sqlTiddlerDatabase.getUserByUsername(username);
if(user) {
self.callback("WARNING: An account with the username (" + username + ") already exists");
} else {
$tw.mws.store.sqlTiddlerDatabase.createUser(username, email, hashedPassword);
console.log("User Account Created Successfully!")
self.callback();
}
return null;
};
exports.Command = Command;
})();

View File

@ -0,0 +1,62 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/commands/mws-assign-role-permission.js
type: application/javascript
module-type: command
Command to assign permission to a role
\*/
(function(){
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.info = {
name: "mws-assign-role-permission",
synchronous: false
};
var Command = function(params,commander,callback) {
this.params = params;
this.commander = commander;
this.callback = callback;
};
Command.prototype.execute = function() {
var self = this;
if(this.params.length < 2) {
return "Usage: --mws-assign-role-permission <role_name> <permission_name>";
}
if(!$tw.mws || !$tw.mws.store || !$tw.mws.store.sqlTiddlerDatabase) {
return "Error: MultiWikiServer or SQL database not initialized.";
}
var role_name = this.params[0];
var permission_name = this.params[1];
var role = $tw.mws.store.sqlTiddlerDatabase.getRoleByName(role_name);
var permission = $tw.mws.store.sqlTiddlerDatabase.getPermissionByName(permission_name);
if(!role) {
return "Error: Unable to find Role: "+role_name;
}
if(!permission) {
return "Error: Unable to find Permission: "+permission_name;
}
var permission = $tw.mws.store.sqlTiddlerDatabase.getPermissionByName(permission_name);
$tw.mws.store.sqlTiddlerDatabase.addPermissionToRole(role.role_id, permission.permission_id);
console.log(permission_name+" permission assigned to "+role_name+" role successfully!")
self.callback();
return null;
};
exports.Command = Command;
})();

View File

@ -0,0 +1,59 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/commands/mws-assign-user-role.js
type: application/javascript
module-type: command
Command to assign a role to a user
\*/
(function(){
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.info = {
name: "mws-assign-user-role",
synchronous: false
};
var Command = function(params,commander,callback) {
this.params = params;
this.commander = commander;
this.callback = callback;
};
Command.prototype.execute = function() {
var self = this;
if(this.params.length < 2) {
return "Usage: --mws-assign-user-role <username> <role_name>";
}
if(!$tw.mws || !$tw.mws.store || !$tw.mws.store.sqlTiddlerDatabase) {
return "Error: MultiWikiServer or SQL database not initialized.";
}
var username = this.params[0];
var role_name = this.params[1];
var role = $tw.mws.store.sqlTiddlerDatabase.getRoleByName(role_name);
var user = $tw.mws.store.sqlTiddlerDatabase.getUserByUsername(username);
if(!role) {
return "Error: Unable to find Role: "+role_name;
}
if(!user) {
return "Error: Unable to find user with the username "+username;
}
$tw.mws.store.sqlTiddlerDatabase.addRoleToUser(user.user_id, role.role_id);
console.log(role_name+" role has been assigned to user with username "+username)
self.callback();
return null;
};
exports.Command = Command;
})();

View File

@ -50,11 +50,18 @@ TestRunner.prototype.runTests = function(callback) {
const self = this; const self = this;
let currentTestSpec = 0; let currentTestSpec = 0;
let hasFailed = false; let hasFailed = false;
let sessionId;
function runNextTest() { function runNextTest() {
if(currentTestSpec < testSpecs.length) { if(currentTestSpec < testSpecs.length) {
const testSpec = testSpecs[currentTestSpec]; const testSpec = testSpecs[currentTestSpec];
if(!!sessionId) {
testSpec.headers['Cookie'] = `session=${sessionId}; HttpOnly; Path=/`;
}
currentTestSpec += 1; currentTestSpec += 1;
self.runTest(testSpec,function(err) { self.runTest(testSpec,function(err, data) {
if(data?.sessionId) {
sessionId = data?.sessionId;
}
if(err) { if(err) {
hasFailed = true; hasFailed = true;
console.log(`Failed "${testSpec.description}" with "${err}"`) console.log(`Failed "${testSpec.description}" with "${err}"`)
@ -96,7 +103,7 @@ TestRunner.prototype.runTest = function(testSpec,callback) {
response.on("end", () => { response.on("end", () => {
const jsonData = $tw.utils.parseJSONSafe(buffer,function() {return undefined;}); const jsonData = $tw.utils.parseJSONSafe(buffer,function() {return undefined;});
const testResult = testSpec.expectedResult(jsonData,buffer,response.headers); const testResult = testSpec.expectedResult(jsonData,buffer,response.headers);
callback(testResult ? null : "Test failed"); callback(testResult ? null : "Test failed", jsonData);
}); });
}); });
request.on("error", (e) => { request.on("error", (e) => {
@ -112,6 +119,20 @@ TestRunner.prototype.runTest = function(testSpec,callback) {
}; };
const testSpecs = [ const testSpecs = [
{
description: "Login Test User",
method: "POST",
path: "/login",
headers: {
"Accept": 'application/json',
"Content-Type": 'application/x-www-form-urlencoded',
"User-Agent": 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36'
},
data: "username=user&password=pass123",
expectedResult: (jsonData,data,headers) => {
return !!jsonData.sessionId;
}
},
{ {
description: "Check index page", description: "Check index page",
method: "GET", method: "GET",

View File

@ -19,7 +19,8 @@ if($tw.node) {
path = require("path"), path = require("path"),
querystring = require("querystring"), querystring = require("querystring"),
crypto = require("crypto"), crypto = require("crypto"),
zlib = require("zlib"); zlib = require("zlib"),
aclMiddleware = require('$:/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js').middleware;
} }
/* /*
@ -34,6 +35,7 @@ function Server(options) {
this.authenticators = options.authenticators || []; this.authenticators = options.authenticators || [];
this.wiki = options.wiki; this.wiki = options.wiki;
this.boot = options.boot || $tw.boot; this.boot = options.boot || $tw.boot;
this.sqlTiddlerDatabase = options.sqlTiddlerDatabase || $tw.mws.store.sqlTiddlerDatabase;
// Initialise the variables // Initialise the variables
this.variables = $tw.utils.extend({},this.defaultVariables); this.variables = $tw.utils.extend({},this.defaultVariables);
if(options.variables) { if(options.variables) {
@ -157,9 +159,10 @@ function sendResponse(request,response,statusCode,headers,data,encoding) {
data = zlib.gzipSync(data); data = zlib.gzipSync(data);
} }
} }
if(!response.headersSent) {
response.writeHead(statusCode,headers); response.writeHead(statusCode,headers);
response.end(data,encoding); response.end(data,encoding);
}
} }
function redirect(request,response,statusCode,location) { function redirect(request,response,statusCode,location) {
@ -350,6 +353,13 @@ Server.prototype.methodMappings = {
"DELETE": "writers" "DELETE": "writers"
}; };
Server.prototype.methodACLPermMappings = {
"GET": "READ",
"PUT": "WRITE",
"POST": "WRITE",
"DELETE": "WRITE"
}
/* /*
Check whether a given user is authorized for the specified authorizationType ("readers" or "writers"). Pass null or undefined as the username to check for anonymous access Check whether a given user is authorized for the specified authorizationType ("readers" or "writers"). Pass null or undefined as the username to check for anonymous access
*/ */
@ -358,9 +368,57 @@ Server.prototype.isAuthorized = function(authorizationType,username) {
return principals.indexOf("(anon)") !== -1 || (username && (principals.indexOf("(authenticated)") !== -1 || principals.indexOf(username) !== -1)); return principals.indexOf("(anon)") !== -1 || (username && (principals.indexOf("(authenticated)") !== -1 || principals.indexOf(username) !== -1));
} }
Server.prototype.parseCookieString = function(cookieString) {
const cookies = {};
if (typeof cookieString !== 'string') return cookies;
cookieString.split(';').forEach(cookie => {
const parts = cookie.split('=');
if (parts.length >= 2) {
const key = parts[0].trim();
const value = parts.slice(1).join('=').trim();
cookies[key] = decodeURIComponent(value);
}
});
return cookies;
}
Server.prototype.authenticateUser = function(request, response) {
const {session: session_id} = this.parseCookieString(request.headers.cookie)
if (!session_id) {
return false;
}
// get user info
const user = this.sqlTiddlerDatabase.findUserBySessionId(session_id);
if (!user) {
return false
}
delete user.password;
const userRole = this.sqlTiddlerDatabase.getUserRoles(user.user_id);
user['isAdmin'] = userRole?.role_name?.toLowerCase() === 'admin'
return user
};
Server.prototype.requestAuthentication = function(response) {
if(!response.headersSent) {
response.writeHead(401, {
'WWW-Authenticate': 'Basic realm="Secure Area"'
});
response.end('Authentication required.');
}
};
Server.prototype.requestHandler = function(request,response,options) { Server.prototype.requestHandler = function(request,response,options) {
options = options || {}; options = options || {};
const queryString = require("querystring"); const queryString = require("querystring");
// Authenticate the user
const authenticatedUser = this.authenticateUser(request, response);
const authenticatedUsername = authenticatedUser?.username;
// Compose the state object // Compose the state object
var self = this; var self = this;
var state = {}; var state = {};
@ -374,43 +432,52 @@ Server.prototype.requestHandler = function(request,response,options) {
state.redirect = redirect.bind(self,request,response); state.redirect = redirect.bind(self,request,response);
state.streamMultipartData = streamMultipartData.bind(self,request); state.streamMultipartData = streamMultipartData.bind(self,request);
state.makeTiddlerEtag = makeTiddlerEtag.bind(self); state.makeTiddlerEtag = makeTiddlerEtag.bind(self);
state.authenticatedUser = authenticatedUser;
state.authenticatedUsername = authenticatedUsername;
// Get the principals authorized to access this resource // Get the principals authorized to access this resource
state.authorizationType = options.authorizationType || this.methodMappings[request.method] || "readers"; state.authorizationType = options.authorizationType || this.methodMappings[request.method] || "readers";
// Check whether anonymous access is granted // Check whether anonymous access is granted
state.allowAnon = this.isAuthorized(state.authorizationType,null); state.allowAnon = false; //this.isAuthorized(state.authorizationType,null);
// Authenticate with the first active authenticator
if(this.authenticators.length > 0) {
if(!this.authenticators[0].authenticateRequest(request,response,state)) {
// Bail if we failed (the authenticator will have sent the response)
return;
}
}
// Authorize with the authenticated username // Authorize with the authenticated username
if(!this.isAuthorized(state.authorizationType,state.authenticatedUsername)) { if(!this.isAuthorized(state.authorizationType,state.authenticatedUsername) && !response.headersSent) {
response.writeHead(401,"'" + state.authenticatedUsername + "' is not authorized to access '" + this.servername + "'"); response.writeHead(403,"'" + state.authenticatedUsername + "' is not authorized to access '" + this.servername + "'");
response.end(); response.end();
return; return;
} }
// Find the route that matches this path // Find the route that matches this path
var route = self.findMatchingRoute(request,state); var route = self.findMatchingRoute(request,state);
// If the route is configured to use ACL middleware, check that the user has permission
if(route?.useACL) {
const permissionName = this.methodACLPermMappings[route.method];
aclMiddleware(request,response,state,route.entityName,permissionName)
}
// Optionally output debug info // Optionally output debug info
if(self.get("debug-level") !== "none") { if(self.get("debug-level") !== "none") {
console.log("Request path:",JSON.stringify(state.urlInfo)); console.log("Request path:",JSON.stringify(state.urlInfo));
console.log("Request headers:",JSON.stringify(request.headers)); console.log("Request headers:",JSON.stringify(request.headers));
console.log("authenticatedUsername:",state.authenticatedUsername); console.log("authenticatedUsername:",state.authenticatedUsername);
} }
// Return a 404 if we didn't find a route // Return a 404 if we didn't find a route
if(!route) { if(!route && !response.headersSent) {
response.writeHead(404); response.writeHead(404);
response.end(); response.end();
return; return;
} }
// If this is a write, check for the CSRF header unless globally disabled, or disabled for this route // If this is a write, check for the CSRF header unless globally disabled, or disabled for this route
if(!this.csrfDisable && !route.csrfDisable && state.authorizationType === "writers" && request.headers["x-requested-with"] !== "TiddlyWiki") { if(!this.csrfDisable && !route.csrfDisable && state.authorizationType === "writers" && request.headers["x-requested-with"] !== "TiddlyWiki" && !response.headersSent) {
response.writeHead(403,"'X-Requested-With' header required to login to '" + this.servername + "'"); response.writeHead(403,"'X-Requested-With' header required to login to '" + this.servername + "'");
response.end(); response.end();
return; return;
} }
if (response.headersSent) return;
// Receive the request body if necessary and hand off to the route handler // Receive the request body if necessary and hand off to the route handler
if(route.bodyFormat === "stream" || request.method === "GET" || request.method === "HEAD") { if(route.bodyFormat === "stream" || request.method === "GET" || request.method === "HEAD") {
// Let the route handle the request stream itself // Let the route handle the request stream itself

View File

@ -0,0 +1,60 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/change-password.js
type: application/javascript
module-type: mws-route
POST /change-user-password
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
var authenticator = require("$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js").Authenticator;
exports.method = "POST";
exports.path = /^\/change-user-password\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function (request, response, state) {
if(!state.authenticatedUser) {
response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
response.end("Unauthorized");
return;
}
var auth = authenticator(state.server.sqlTiddlerDatabase);
var userId = state.authenticatedUser.user_id;
var newPassword = state.data.newPassword;
var confirmPassword = state.data.confirmPassword;
if(newPassword !== confirmPassword) {
response.setHeader("Set-Cookie", "flashMessage=New passwords do not match; Path=/; HttpOnly; Max-Age=5");
response.writeHead(302, { "Location": "/admin/users/" + userId });
response.end();
return;
}
var userData = state.server.sqlTiddlerDatabase.getUser(userId);
if(!userData) {
response.setHeader("Set-Cookie", "flashMessage=User not found; Path=/; HttpOnly; Max-Age=5");
response.writeHead(302, { "Location": "/admin/users/" + userId });
response.end();
return;
}
var newHash = auth.hashPassword(newPassword);
var result = state.server.sqlTiddlerDatabase.updateUserPassword(userId, newHash);
response.setHeader("Set-Cookie", `flashMessage=${result.message}; Path=/; HttpOnly; Max-Age=5`);
response.writeHead(302, { "Location": "/admin/users/" + userId });
response.end();
};
}());

View File

@ -0,0 +1,41 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/delete-acl.js
type: application/javascript
module-type: mws-route
POST /admin/delete-acl
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
var aclMiddleware = require("$:/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js").middleware;
exports.method = "POST";
exports.path = /^\/admin\/delete-acl\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function (request, response, state) {
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var recipe_name = state.data.recipe_name;
var bag_name = state.data.bag_name;
var acl_id = state.data.acl_id;
var entity_type = state.data.entity_type;
aclMiddleware(request, response, state, entity_type, "WRITE");
sqlTiddlerDatabase.deleteACL(acl_id);
response.writeHead(302, { "Location": "/admin/acl/" + recipe_name + "/" + bag_name });
response.end();
};
}());

View File

@ -12,25 +12,32 @@ DELETE /bags/:bag_name/tiddler/:title
/*global $tw: false */ /*global $tw: false */
"use strict"; "use strict";
var aclMiddleware = require("$:/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js").middleware;
exports.method = "DELETE"; exports.method = "DELETE";
exports.path = /^\/bags\/([^\/]+)\/tiddlers\/(.+)$/; exports.path = /^\/bags\/([^\/]+)\/tiddlers\/(.+)$/;
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
aclMiddleware(request, response, state, "bag", "WRITE");
// Get the parameters // Get the parameters
var bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
title = $tw.utils.decodeURIComponentSafe(state.params[1]); title = $tw.utils.decodeURIComponentSafe(state.params[1]);
if(bag_name) { if(bag_name) {
var result = $tw.mws.store.deleteTiddler(title,bag_name); if(!response.headersSent) {
response.writeHead(204, "OK", { var result = $tw.mws.store.deleteTiddler(title,bag_name);
"X-Revision-Number": result.tiddler_id.toString(), response.writeHead(204, "OK", {
Etag: state.makeTiddlerEtag(result), "X-Revision-Number": result.tiddler_id.toString(),
"Content-Type": "text/plain" Etag: state.makeTiddlerEtag(result),
}); "Content-Type": "text/plain"
response.end(); });
response.end();
}
} else { } else {
response.writeHead(404); if(!response.headersSent) {
response.end(); response.writeHead(404);
response.end();
}
} }
}; };

View File

@ -0,0 +1,57 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/delete-role.js
type: application/javascript
module-type: mws-route
POST /admin/delete-role
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "POST";
exports.path = /^\/admin\/delete-role\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function (request, response, state) {
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var role_id = state.data.role_id;
if(!state.authenticatedUser || !state.authenticatedUser.isAdmin) {
response.writeHead(403, "Forbidden");
response.end();
return;
}
// Check if the role exists
var role = sqlTiddlerDatabase.getRoleById(role_id);
if(!role) {
response.writeHead(404, "Not Found");
response.end("Role not found");
return;
}
// Check if the role is in use
var isRoleInUse = sqlTiddlerDatabase.isRoleInUse(role_id);
if(isRoleInUse) {
response.writeHead(400, "Bad Request");
response.end("Cannot delete role as it is still in use");
return;
}
// Delete the role
sqlTiddlerDatabase.deleteRole(role_id);
// Redirect back to the roles management page
response.writeHead(302, { "Location": "/admin/roles" });
response.end();
};
}());

View File

@ -0,0 +1,97 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/get-acl.js
type: application/javascript
module-type: mws-route
GET /admin/acl
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "GET";
exports.path = /^\/admin\/acl\/(.+)$/;
exports.handler = function (request, response, state) {
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var params = state.params[0].split("/")
var recipeName = params[0];
var bagName = params[params.length - 1];
var recipes = sqlTiddlerDatabase.listRecipes()
var bags = sqlTiddlerDatabase.listBags()
var recipe = recipes.find((entry) => entry.recipe_name === recipeName && entry.bag_names.includes(bagName))
var bag = bags.find((entry) => entry.bag_name === bagName);
if (!recipe || !bag) {
response.writeHead(500, "Unable to handle request", { "Content-Type": "text/html" });
response.end();
return;
}
var recipeAclRecords = sqlTiddlerDatabase.getEntityAclRecords(recipe.recipe_name);
var bagAclRecords = sqlTiddlerDatabase.getEntityAclRecords(bag.bag_name);
var roles = state.server.sqlTiddlerDatabase.listRoles();
var permissions = state.server.sqlTiddlerDatabase.listPermissions();
// This ensures that the user attempting to view the ACL management page has permission to do so
if(!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE'))){
response.writeHead(403, "Forbidden");
response.end();
return
}
// Enhance ACL records with role and permission details
recipeAclRecords = recipeAclRecords.map(record => {
var role = roles.find(role => role.role_id === record.role_id);
var permission = permissions.find(perm => perm.permission_id === record.permission_id);
return ({
...record,
role,
permission,
role_name: role.role_name,
role_description: role.description,
permission_name: permission.permission_name,
permission_description: permission.description
})
});
bagAclRecords = bagAclRecords.map(record => {
var role = roles.find(role => role.role_id === record.role_id);
var permission = permissions.find(perm => perm.permission_id === record.permission_id);
return ({
...record,
role,
permission,
role_name: role.role_name,
role_description: role.description,
permission_name: permission.permission_name,
permission_description: permission.description
})
});
response.writeHead(200, "OK", { "Content-Type": "text/html" });
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain", "$:/plugins/tiddlywiki/multiwikiserver/templates/page", {
variables: {
"page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/manage-acl",
"roles-list": JSON.stringify(roles),
"permissions-list": JSON.stringify(permissions),
"bag": JSON.stringify(bag),
"recipe": JSON.stringify(recipe),
"recipe-acl-records": JSON.stringify(recipeAclRecords),
"bag-acl-records": JSON.stringify(bagAclRecords),
"username": state.authenticatedUser ? state.authenticatedUser.username : "Guest",
"user-is-admin": state.authenticatedUser && state.authenticatedUser.isAdmin ? "yes" : "no"
}
});
response.write(html);
response.end();
};
}());

View File

@ -12,17 +12,20 @@ GET /bags/:bag_name/tiddler/:title/blob
/*global $tw: false */ /*global $tw: false */
"use strict"; "use strict";
var aclMiddleware = require("$:/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js").middleware;
exports.method = "GET"; exports.method = "GET";
exports.path = /^\/bags\/([^\/]+)\/tiddlers\/([^\/]+)\/blob$/; exports.path = /^\/bags\/([^\/]+)\/tiddlers\/([^\/]+)\/blob$/;
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
aclMiddleware(request, response, state, "bag", "READ");
// Get the parameters // Get the parameters
const bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]), const bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
title = $tw.utils.decodeURIComponentSafe(state.params[1]); title = $tw.utils.decodeURIComponentSafe(state.params[1]);
if(bag_name) { if(bag_name) {
const result = $tw.mws.store.getBagTiddlerStream(title,bag_name); const result = $tw.mws.store.getBagTiddlerStream(title,bag_name);
if(result) { if(result && !response.headersSent) {
response.writeHead(200, "OK",{ response.writeHead(200, "OK",{
Etag: state.makeTiddlerEtag(result), Etag: state.makeTiddlerEtag(result),
"Content-Type": result.type, "Content-Type": result.type,
@ -31,8 +34,10 @@ exports.handler = function(request,response,state) {
return; return;
} }
} }
response.writeHead(404); if (!response.headersSent) {
response.end(); response.writeHead(404);
response.end();
}
}; };
}()); }());

View File

@ -16,11 +16,14 @@ fallback=<url> // Optional redirect if the tiddler is not found
/*global $tw: false */ /*global $tw: false */
"use strict"; "use strict";
var aclMiddleware = require("$:/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js").middleware;
exports.method = "GET"; exports.method = "GET";
exports.path = /^\/bags\/([^\/]+)\/tiddlers\/(.+)$/; exports.path = /^\/bags\/([^\/]+)\/tiddlers\/(.+)$/;
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
aclMiddleware(request, response, state, "bag", "READ");
// Get the parameters // Get the parameters
const bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]), const bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
title = $tw.utils.decodeURIComponentSafe(state.params[1]), title = $tw.utils.decodeURIComponentSafe(state.params[1]),
@ -37,29 +40,37 @@ exports.handler = function(request,response,state) {
// This is not a JSON API request, we should return the raw tiddler content // This is not a JSON API request, we should return the raw tiddler content
const result = $tw.mws.store.getBagTiddlerStream(title,bag_name); const result = $tw.mws.store.getBagTiddlerStream(title,bag_name);
if(result) { if(result) {
response.writeHead(200, "OK",{ if(!response.headersSent){
Etag: state.makeTiddlerEtag(result), response.writeHead(200, "OK",{
"Content-Type": result.type Etag: state.makeTiddlerEtag(result),
}); "Content-Type": result.type
});
}
result.stream.pipe(response); result.stream.pipe(response);
return; return;
} else { } else {
response.writeHead(404); if(!response.headersSent){
response.end(); response.writeHead(404);
response.end();
}
return; return;
} }
} }
} else { } else {
// Redirect to fallback URL if tiddler not found // Redirect to fallback URL if tiddler not found
if(state.queryParameters.fallback) { if(state.queryParameters.fallback) {
response.writeHead(302, "OK",{ if (!response.headersSent){
"Location": state.queryParameters.fallback response.writeHead(302, "OK",{
}); "Location": state.queryParameters.fallback
response.end(); });
response.end();
}
return; return;
} else { } else {
response.writeHead(404); if(!response.headersSent){
response.end(); response.writeHead(404);
response.end();
}
return; return;
} }
} }

View File

@ -7,7 +7,7 @@ GET /bags/:bag_name/
GET /bags/:bag_name GET /bags/:bag_name
\*/ \*/
(function() { (function () {
/*jslint node: true, browser: true */ /*jslint node: true, browser: true */
/*global $tw: false */ /*global $tw: false */
@ -17,38 +17,46 @@ exports.method = "GET";
exports.path = /^\/bags\/([^\/]+)(\/?)$/; exports.path = /^\/bags\/([^\/]+)(\/?)$/;
exports.handler = function(request,response,state) { exports.useACL = true;
exports.entityName = "bag"
exports.handler = function (request, response, state) {
// Redirect if there is no trailing slash. We do this so that the relative URL specified in the upload form works correctly // Redirect if there is no trailing slash. We do this so that the relative URL specified in the upload form works correctly
if(state.params[1] !== "/") { if (state.params[1] !== "/") {
state.redirect(301,state.urlInfo.path + "/"); state.redirect(301, state.urlInfo.path + "/");
return; return;
} }
// Get the parameters // Get the parameters
var bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
bagTiddlers = bag_name && $tw.mws.store.getBagTiddlers(bag_name); bagTiddlers = bag_name && $tw.mws.store.getBagTiddlers(bag_name);
if(bag_name && bagTiddlers) { if (bag_name && bagTiddlers) {
// If application/json is requested then this is an API request, and gets the response in JSON // If application/json is requested then this is an API request, and gets the response in JSON
if(request.headers.accept && request.headers.accept.indexOf("application/json") !== -1) { if (request.headers.accept && request.headers.accept.indexOf("application/json") !== -1) {
state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify(bagTiddlers),"utf8"); state.sendResponse(200, { "Content-Type": "application/json" }, JSON.stringify(bagTiddlers), "utf8");
} else { } else {
// This is not a JSON API request, we should return the raw tiddler content if (!response.headersSent) {
response.writeHead(200, "OK",{ // This is not a JSON API request, we should return the raw tiddler content
"Content-Type": "text/html" response.writeHead(200, "OK", {
}); "Content-Type": "text/html"
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{ });
variables: { var html = $tw.mws.store.adminWiki.renderTiddler("text/plain", "$:/plugins/tiddlywiki/multiwikiserver/templates/page", {
"page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/get-bag", variables: {
"bag-name": bag_name, "page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/get-bag",
"bag-titles": JSON.stringify(bagTiddlers.map(bagTiddler => bagTiddler.title)), "bag-name": bag_name,
"bag-tiddlers": JSON.stringify(bagTiddlers) "bag-titles": JSON.stringify(bagTiddlers.map(bagTiddler => bagTiddler.title)),
} "bag-tiddlers": JSON.stringify(bagTiddlers)
}); }
response.write(html); });
response.end(); response.write(html);
response.end();
}
} }
} else { } else {
response.writeHead(404); if (!response.headersSent) {
response.end(); response.writeHead(404);
response.end();
}
} }
}; };

View File

@ -19,7 +19,9 @@ exports.path = /^\/$/;
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
// Get the bag and recipe information // Get the bag and recipe information
var bagList = $tw.mws.store.listBags(), var bagList = $tw.mws.store.listBags(),
recipeList = $tw.mws.store.listRecipes(); recipeList = $tw.mws.store.listRecipes(),
sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
// If application/json is requested then this is an API request, and gets the response in JSON // If application/json is requested then this is an API request, and gets the response in JSON
if(request.headers.accept && request.headers.accept.indexOf("application/json") !== -1) { if(request.headers.accept && request.headers.accept.indexOf("application/json") !== -1) {
state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify(recipes),"utf8"); state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify(recipes),"utf8");
@ -28,13 +30,19 @@ exports.handler = function(request,response,state) {
response.writeHead(200, "OK",{ response.writeHead(200, "OK",{
"Content-Type": "text/html" "Content-Type": "text/html"
}); });
// filter bags and recipies by user's read access from ACL
var allowedRecipes = recipeList.filter(recipe => sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ'));
var allowedBags = bagList.filter(bag => sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ'));
// Render the html // Render the html
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{ var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{
variables: { variables: {
"show-system": state.queryParameters.show_system || "off", "show-system": state.queryParameters.show_system || "off",
"page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/get-index", "page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/get-index",
"bag-list": JSON.stringify(bagList), "bag-list": JSON.stringify(allowedBags),
"recipe-list": JSON.stringify(recipeList) "recipe-list": JSON.stringify(allowedRecipes),
"username": state.authenticatedUser ? state.authenticatedUser.username : "Guest",
"user-is-admin": state.authenticatedUser && state.authenticatedUser.isAdmin ? "yes" : "no"
} }
}); });
response.write(html); response.write(html);

View File

@ -0,0 +1,39 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/get-login.js
type: application/javascript
module-type: mws-route
GET /login
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "GET";
exports.path = /^\/login$/;
exports.handler = function(request,response,state) {
// Check if the user already has a valid session
var authenticatedUser = state.server.authenticateUser(request, response);
if(authenticatedUser) {
// User is already logged in, redirect to home page
response.writeHead(302, { "Location": "/" });
response.end();
return;
}
var loginTiddler = $tw.mws.store.adminWiki.getTiddler("$:/plugins/tiddlywiki/multiwikiserver/auth/form/login");
if(loginTiddler) {
var text = $tw.mws.store.adminWiki.renderTiddler("text/html", loginTiddler.fields.title);
response.writeHead(200, { "Content-Type": "text/html" });
response.end(text);
} else {
response.writeHead(404);
response.end("Login page not found");
}
};
}());

View File

@ -20,6 +20,10 @@ exports.method = "GET";
exports.path = /^\/recipes\/([^\/]+)\/tiddlers\/(.+)$/; exports.path = /^\/recipes\/([^\/]+)\/tiddlers\/(.+)$/;
exports.useACL = true;
exports.entityName = "recipe"
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
// Get the parameters // Get the parameters
var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
@ -38,27 +42,32 @@ exports.handler = function(request,response,state) {
} else { } else {
// This is not a JSON API request, we should return the raw tiddler content // This is not a JSON API request, we should return the raw tiddler content
var type = tiddlerInfo.tiddler.type || "text/plain"; var type = tiddlerInfo.tiddler.type || "text/plain";
response.writeHead(200, "OK",{ if(!response.headersSent) {
response.writeHead(200, "OK",{
Etag: state.makeTiddlerEtag(tiddlerInfo), Etag: state.makeTiddlerEtag(tiddlerInfo),
"Content-Type": type "Content-Type": type
}); });
response.write(tiddlerInfo.tiddler.text || "",($tw.config.contentTypeInfo[type] ||{encoding: "utf8"}).encoding); response.write(tiddlerInfo.tiddler.text || "",($tw.config.contentTypeInfo[type] ||{encoding: "utf8"}).encoding);
response.end();; response.end();
}
return; return;
} }
} else { } else {
// Redirect to fallback URL if tiddler not found if(!response.headersSent) {
if(state.queryParameters.fallback) { // Redirect to fallback URL if tiddler not found
response.writeHead(302, "OK",{ if(state.queryParameters.fallback) {
"Location": state.queryParameters.fallback response.writeHead(302, "OK",{
}); "Location": state.queryParameters.fallback
response.end(); });
return; response.end();
} else { return;
response.writeHead(404); } else {
response.end(); response.writeHead(404);
return; response.end();
return;
}
} }
return;
} }
}; };

View File

@ -17,22 +17,24 @@ exports.method = "GET";
exports.path = /^\/recipes\/([^\/]+)\/tiddlers.json$/; exports.path = /^\/recipes\/([^\/]+)\/tiddlers.json$/;
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
// Get the parameters if(!response.headersSent) {
var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]); // Get the parameters
if(recipe_name) { var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]);
// Get the tiddlers in the recipe, optionally since the specified last known tiddler_id if(recipe_name) {
var recipeTiddlers = $tw.mws.store.getRecipeTiddlers(recipe_name,{ // Get the tiddlers in the recipe, optionally since the specified last known tiddler_id
include_deleted: state.queryParameters.include_deleted === "true", var recipeTiddlers = $tw.mws.store.getRecipeTiddlers(recipe_name,{
last_known_tiddler_id: state.queryParameters.last_known_tiddler_id include_deleted: state.queryParameters.include_deleted === "true",
}); last_known_tiddler_id: state.queryParameters.last_known_tiddler_id
if(recipeTiddlers) { });
state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify(recipeTiddlers),"utf8"); if(recipeTiddlers) {
return; state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify(recipeTiddlers),"utf8");
return;
}
} }
// Fail if something went wrong
response.writeHead(404);
response.end();
} }
// Fail if something went wrong
response.writeHead(404);
response.end();
}; };

View File

@ -0,0 +1,54 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/get-users.js
type: application/javascript
module-type: mws-route
GET /admin/users
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "GET";
exports.path = /^\/admin\/users$/;
exports.handler = function(request,response,state) {
var userList = state.server.sqlTiddlerDatabase.listUsers();
// Ensure userList is an array
if (!Array.isArray(userList)) {
userList = [];
console.error("userList is not an array");
}
// Convert dates to strings and ensure all necessary fields are present
userList = userList.map(user => ({
user_id: user.user_id || '',
username: user.username || '',
email: user.email || '',
created_at: user.created_at ? new Date(user.created_at).toISOString() : '',
last_login: user.last_login ? new Date(user.last_login).toISOString() : ''
}));
response.writeHead(200, "OK", {
"Content-Type": "text/html"
});
// Render the html
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{
variables: {
"page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/get-users",
"user-list": JSON.stringify(userList),
"username": state.authenticatedUser ? state.authenticatedUser.username : "Guest",
"user-is-admin": state.authenticatedUser && state.authenticatedUser.isAdmin ? "yes" : "no"
}
});
response.write(html);
response.end();
};
}());

View File

@ -16,6 +16,10 @@ exports.method = "GET";
exports.path = /^\/wiki\/([^\/]+)$/; exports.path = /^\/wiki\/([^\/]+)$/;
exports.useACL = true;
exports.entityName = "recipe"
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
// Get the recipe name from the parameters // Get the recipe name from the parameters
var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]),

View File

@ -0,0 +1,36 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/manage-roles.js
type: application/javascript
module-type: mws-route
GET /admin/manage-roles
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "GET";
exports.path = /^\/admin\/roles\/?$/;
exports.handler = function(request, response, state) {
var roles = state.server.sqlTiddlerDatabase.listRoles();
response.writeHead(200, "OK", {"Content-Type": "text/html"});
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain", "$:/plugins/tiddlywiki/multiwikiserver/templates/page", {
variables: {
"page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/manage-roles",
"roles-list": JSON.stringify(roles),
"username": state.authenticatedUser ? state.authenticatedUser.username : "Guest",
"user-is-admin": state.authenticatedUser && state.authenticatedUser.isAdmin ? "yes" : "no"
}
});
response.write(html);
response.end();
};
}());

View File

@ -0,0 +1,68 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/manage-user.js
type: application/javascript
module-type: mws-route
GET /admin/users/:user_id
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "GET";
exports.path = /^\/admin\/users\/([^\/]+)\/?$/;
exports.handler = function(request,response,state) {
var user_id = $tw.utils.decodeURIComponentSafe(state.params[0]);
var userData = state.server.sqlTiddlerDatabase.getUser(user_id);
if(!userData) {
response.writeHead(404, "Not Found", {"Content-Type": "text/html"});
var errorHtml = $tw.mws.store.adminWiki.renderTiddler("text/plain", "$:/plugins/tiddlywiki/multiwikiserver/templates/error", {
variables: {
"error-message": "User not found"
}
});
response.write(errorHtml);
response.end();
return;
}
// Convert dates to strings and ensure all necessary fields are present
const user = {
user_id: userData.user_id || '',
username: userData.username || '',
email: userData.email || '',
created_at: userData.created_at ? new Date(userData.created_at).toISOString() : '',
last_login: userData.last_login ? new Date(userData.last_login).toISOString() : ''
};
// Get all roles which the user has been assigned
var userRole = state.server.sqlTiddlerDatabase.getUserRoles(user_id);
var allRoles = state.server.sqlTiddlerDatabase.listRoles();
response.writeHead(200, "OK", {
"Content-Type": "text/html"
});
// Render the html
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain", "$:/plugins/tiddlywiki/multiwikiserver/templates/page", {
variables: {
"page-content": "$:/plugins/tiddlywiki/multiwikiserver/templates/manage-user",
"user": JSON.stringify(user),
"user-role": JSON.stringify(userRole),
"all-roles": JSON.stringify(allRoles),
"is-current-user-profile": state.authenticatedUser && state.authenticatedUser.user_id === $tw.utils.parseInt(user_id, 10) ? "yes" : "no",
"username": state.authenticatedUser ? state.authenticatedUser.username : "Guest",
"user-is-admin": state.authenticatedUser && state.authenticatedUser.isAdmin ? "yes" : "no"
}
});
response.write(html);
response.end();
};
}());

View File

@ -0,0 +1,64 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-acl.js
type: application/javascript
module-type: mws-route
POST /admin/post-acl
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "POST";
exports.path = /^\/admin\/post-acl\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function (request, response, state) {
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var entity_type = state.data.entity_type;
var recipe_name = state.data.recipe_name;
var bag_name = state.data.bag_name;
var role_id = state.data.role_id;
var permission_id = state.data.permission_id;
var isRecipe = entity_type === "recipe"
var entityAclRecords = sqlTiddlerDatabase.getACLByName(entity_type, isRecipe ? recipe_name : bag_name, true);
var aclExists = entityAclRecords.some((record) => (
record.role_id == role_id && record.permission_id == permission_id
))
// This ensures that the user attempting to modify the ACL has permission to do so
// if(!state.authenticatedUser || (entityAclRecords.length > 0 && !sqlTiddlerDatabase[isRecipe ? 'hasRecipePermission' : 'hasBagPermission'](state.authenticatedUser.user_id, isRecipe ? recipe_name : bag_name, 'WRITE'))){
// response.writeHead(403, "Forbidden");
// response.end();
// return
// }
if (aclExists) {
// do nothing, return the user back to the form
response.writeHead(302, { "Location": "/admin/acl/" + recipe_name + "/" + bag_name });
response.end();
return
}
sqlTiddlerDatabase.createACL(
isRecipe ? recipe_name : bag_name,
entity_type,
role_id,
permission_id
)
response.writeHead(302, { "Location": "/admin/acl/" + recipe_name + "/" + bag_name });
response.end();
};
}());

View File

@ -20,6 +20,10 @@ exports.bodyFormat = "stream";
exports.csrfDisable = true; exports.csrfDisable = true;
exports.useACL = true;
exports.entityName = "bag"
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
const path = require("path"), const path = require("path"),
fs = require("fs"), fs = require("fs"),
@ -39,29 +43,31 @@ exports.handler = function(request,response,state) {
"imported-tiddlers": results "imported-tiddlers": results
})); }));
} else { } else {
response.writeHead(200, "OK",{ if(!response.headersSent) {
"Content-Type": "text/html" response.writeHead(200, "OK",{
}); "Content-Type": "text/html"
response.write(` });
<!doctype html> response.write(`
<head> <!doctype html>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <head>
</head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<body> </head>
`); <body>
// Render the html `);
var html = $tw.mws.store.adminWiki.renderTiddler("text/html","$:/plugins/tiddlywiki/multiwikiserver/templates/post-bag-tiddlers",{ // Render the html
variables: { var html = $tw.mws.store.adminWiki.renderTiddler("text/html","$:/plugins/tiddlywiki/multiwikiserver/templates/post-bag-tiddlers",{
"bag-name": bag_name, variables: {
"imported-titles": JSON.stringify(results) "bag-name": bag_name,
} "imported-titles": JSON.stringify(results)
}); }
response.write(html); });
response.write(` response.write(html);
</body> response.write(`
</html> </body>
`); </html>
response.end(); `);
response.end();
}
} }
} }
}); });

View File

@ -25,6 +25,10 @@ exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true; exports.csrfDisable = true;
exports.useACL = true;
exports.entityName = "bag"
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
if(state.data.bag_name) { if(state.data.bag_name) {
const result = $tw.mws.store.createBag(state.data.bag_name,state.data.description); const result = $tw.mws.store.createBag(state.data.bag_name,state.data.description);

View File

@ -0,0 +1,67 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-login.js
type: application/javascript
module-type: mws-route
POST /login
Parameters:
username
password
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
var authenticator = require('$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js').Authenticator;
exports.method = "POST";
exports.path = /^\/login$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function(request,response,state) {
var auth = authenticator(state.server.sqlTiddlerDatabase);
var username = state.data.username;
var password = state.data.password;
var user = state.server.sqlTiddlerDatabase.getUserByUsername(username);
var isPasswordValid = auth.verifyPassword(password, user ? user.password : null)
if(user && isPasswordValid) {
var sessionId = auth.createSession(user.user_id);
var returnUrl = state.server.parseCookieString(request.headers.cookie).returnUrl
response.setHeader('Set-Cookie', `session=${sessionId}; HttpOnly; Path=/`);
if(request.headers.accept && request.headers.accept.indexOf("application/json") !== -1) {
state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify({
"sessionId": sessionId
}));
} else {
response.writeHead(302, {
'Location': returnUrl || '/'
});
}
} else {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/login/error",
text: "Invalid username or password"
}));
if(request.headers.accept && request.headers.accept.indexOf("application/json") !== -1) {
state.sendResponse(200,{"Content-Type": "application/json"},JSON.stringify({
"message": "Invalid username or password"
}));
} else {
response.writeHead(302, {
'Location': '/login'
});
}
}
response.end();
};
}());

View File

@ -0,0 +1,37 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-logout.js
type: application/javascript
module-type: mws-route
POST /logout
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "POST";
exports.path = /^\/logout$/;
exports.csrfDisable = true;
exports.handler = function(request,response,state) {
// if(state.authenticatedUser) {
state.server.sqlTiddlerDatabase.deleteSession(state.authenticatedUser.sessionId);
// }
var cookies = request.headers.cookie ? request.headers.cookie.split(";") : [];
for(var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim().split("=")[0];
response.setHeader("Set-Cookie", cookie + "=; HttpOnly; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict");
}
// response.setHeader("Set-Cookie", "session=; HttpOnly; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT");
// response.setHeader("Set-Cookie", "returnUrl=; HttpOnly; Path=/");
response.writeHead(302, { "Location": "/login" });
response.end();
};
}());

View File

@ -26,6 +26,10 @@ exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true; exports.csrfDisable = true;
exports.useACL = true;
exports.entityName = "recipe"
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
if(state.data.recipe_name && state.data.bag_names) { if(state.data.recipe_name && state.data.bag_names) {
const result = $tw.mws.store.createRecipe(state.data.recipe_name,$tw.utils.parseStringArray(state.data.bag_names),state.data.description); const result = $tw.mws.store.createRecipe(state.data.recipe_name,$tw.utils.parseStringArray(state.data.bag_names),state.data.description);

View File

@ -0,0 +1,36 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-role.js
type: application/javascript
module-type: mws-route
POST /admin/post-role
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "POST";
exports.path = /^\/admin\/post-role\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function (request, response, state) {
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var role_name = state.data.role_name;
var role_description = state.data.role_description;
// Add your authentication check here if needed
sqlTiddlerDatabase.createRole(role_name, role_description);
response.writeHead(302, { "Location": "/admin/roles" });
response.end();
};
}());

View File

@ -0,0 +1,63 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-user.js
type: application/javascript
module-type: mws-route
POST /admin/post-user
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "POST";
exports.path = /^\/admin\/post-user\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function(request, response, state) {
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var username = state.data.username;
var email = state.data.email;
var password = state.data.password;
var confirmPassword = state.data.confirmPassword;
if(!state.authenticatedUser) {
response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
response.end("Unauthorized");
return;
}
if(!username || !email || !password || !confirmPassword) {
response.writeHead(400, {"Content-Type": "application/json"});
response.end(JSON.stringify({error: "All fields are required"}));
return;
}
if(password !== confirmPassword) {
response.writeHead(400, {"Content-Type": "application/json"});
response.end(JSON.stringify({error: "Passwords do not match"}));
return;
}
// Check if user already exists
var existingUser = sqlTiddlerDatabase.getUser(username);
if(existingUser) {
response.writeHead(400, {"Content-Type": "application/json"});
response.end(JSON.stringify({error: "Username already exists"}));
return;
}
// Create new user
var userId = sqlTiddlerDatabase.createUser(username, email, password);
response.writeHead(302, {"Location": "/admin/users/"+userId});
response.end();
};
}());

View File

@ -16,12 +16,16 @@ exports.method = "PUT";
exports.path = /^\/bags\/(.+)$/; exports.path = /^\/bags\/(.+)$/;
exports.useACL = true;
exports.entityName = "bag"
exports.handler = function(request,response,state) { exports.handler = function(request,response,state) {
// Get the parameters // Get the parameters
var bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var bag_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
data = $tw.utils.parseJSONSafe(state.data); data = $tw.utils.parseJSONSafe(state.data);
if(bag_name && data) { if(bag_name && data) {
const result = $tw.mws.store.createBag(bag_name,data.description); var result = $tw.mws.store.createBag(bag_name,data.description);
if(!result) { if(!result) {
state.sendResponse(204,{ state.sendResponse(204,{
"Content-Type": "text/plain" "Content-Type": "text/plain"
@ -34,8 +38,10 @@ exports.handler = function(request,response,state) {
"utf8"); "utf8");
} }
} else { } else {
response.writeHead(404); if(!response.headersSent) {
response.end(); response.writeHead(404);
response.end();
}
} }
}; };

View File

@ -6,7 +6,7 @@ module-type: mws-route
PUT /recipes/:recipe_name/tiddlers/:title PUT /recipes/:recipe_name/tiddlers/:title
\*/ \*/
(function() { (function () {
/*jslint node: true, browser: true */ /*jslint node: true, browser: true */
/*global $tw: false */ /*global $tw: false */
@ -16,30 +16,37 @@ exports.method = "PUT";
exports.path = /^\/recipes\/([^\/]+)\/tiddlers\/(.+)$/; exports.path = /^\/recipes\/([^\/]+)\/tiddlers\/(.+)$/;
exports.handler = function(request,response,state) { exports.useACL = true;
exports.entityName = "recipe"
exports.handler = function (request, response, state) {
// Get the parameters // Get the parameters
var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
title = $tw.utils.decodeURIComponentSafe(state.params[1]), title = $tw.utils.decodeURIComponentSafe(state.params[1]),
fields = $tw.utils.parseJSONSafe(state.data); fields = $tw.utils.parseJSONSafe(state.data);
if(recipe_name && title === fields.title) { if(recipe_name && title === fields.title) {
var result = $tw.mws.store.saveRecipeTiddler(fields,recipe_name); var result = $tw.mws.store.saveRecipeTiddler(fields, recipe_name);
if(result) { if(!response.headersSent) {
response.writeHead(204, "OK",{ if(result) {
"X-Revision-Number": result.tiddler_id.toString(), response.writeHead(204, "OK", {
"X-Bag-Name": result.bag_name, "X-Revision-Number": result.tiddler_id.toString(),
Etag: state.makeTiddlerEtag(result), "X-Bag-Name": result.bag_name,
"Content-Type": "text/plain" Etag: state.makeTiddlerEtag(result),
}); "Content-Type": "text/plain"
} else { });
response.writeHead(400); } else {
response.writeHead(400);
}
response.end();
} }
response.end();
return; return;
} }
// Fail if something went wrong // Fail if something went wrong
response.writeHead(404); if(!response.headersSent) {
response.end(); response.writeHead(404);
response.end();
}
}; };
}()); }());

View File

@ -6,7 +6,7 @@ module-type: mws-route
PUT /recipes/:recipe_name PUT /recipes/:recipe_name
\*/ \*/
(function() { (function () {
/*jslint node: true, browser: true */ /*jslint node: true, browser: true */
/*global $tw: false */ /*global $tw: false */
@ -16,26 +16,32 @@ exports.method = "PUT";
exports.path = /^\/recipes\/(.+)$/; exports.path = /^\/recipes\/(.+)$/;
exports.handler = function(request,response,state) { exports.useACL = true;
exports.entityName = "recipe"
exports.handler = function (request, response, state) {
// Get the parameters // Get the parameters
var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]), var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
data = $tw.utils.parseJSONSafe(state.data); data = $tw.utils.parseJSONSafe(state.data);
if(recipe_name && data) { if(recipe_name && data) {
const result = $tw.mws.store.createRecipe(recipe_name,data.bag_names,data.description); var result = $tw.mws.store.createRecipe(recipe_name, data.bag_names, data.description);
if(!result) { if(!result) {
state.sendResponse(204,{ state.sendResponse(204, {
"Content-Type": "text/plain" "Content-Type": "text/plain"
}); });
} else { } else {
state.sendResponse(400,{ state.sendResponse(400, {
"Content-Type": "text/plain" "Content-Type": "text/plain"
}, },
result.message, result.message,
"utf8"); "utf8");
} }
} else { } else {
response.writeHead(404); if(!response.headersSent) {
response.end(); response.writeHead(404);
response.end();
}
} }
}; };

View File

@ -0,0 +1,47 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/update-profile.js
type: application/javascript
module-type: mws-route
POST /update-user-profile
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
exports.method = "POST";
exports.path = /^\/update-user-profile\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
exports.handler = function (request,response,state) {
if(!state.authenticatedUser) {
response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
response.end("Unauthorized");
return;
}
var userId = state.authenticatedUser.user_id;
var username = state.data.username;
var email = state.data.email;
var roleId = state.data.role;
var result = state.server.sqlTiddlerDatabase.updateUser(userId, username, email, roleId);
if(result.success) {
response.setHeader("Set-Cookie", "flashMessage="+result.message+"; Path=/; HttpOnly; Max-Age=5");
response.writeHead(302, { "Location": "/admin/users/" + userId });
} else {
response.setHeader("Set-Cookie", "flashMessage="+result.message+"; Path=/; HttpOnly; Max-Age=5");
response.writeHead(302, { "Location": "/admin/users/" + userId });
}
response.end();
};
}());

View File

@ -0,0 +1,79 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/modules/routes/helpers/acl-middleware.js
type: application/javascript
module-type: library
Middleware to handle ACL permissions
\*/
(function () {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
/*
ACL Middleware factory function
*/
function redirectToLogin(response, returnUrl) {
if(!response.headersSent) {
var validReturnUrlRegex = /^\/(?!.*\.(ico|png|jpg|jpeg|gif|svg|css|js|woff|woff2|ttf|eot|json)$).*$/;
var sanitizedReturnUrl = '/'; // Default to home page
if(validReturnUrlRegex.test(returnUrl)) {
sanitizedReturnUrl = returnUrl;
response.setHeader('Set-Cookie', `returnUrl=${encodeURIComponent(sanitizedReturnUrl)}; HttpOnly; Secure; SameSite=Strict; Path=/`);
} else{
console.log(`Invalid return URL detected: ${returnUrl}. Redirecting to home page.`);
}
const loginUrl = '/login';
response.writeHead(302, {
'Location': loginUrl
});
response.end();
}
};
exports.middleware = function (request, response, state, entityType, permissionName) {
var server = state.server,
sqlTiddlerDatabase = server.sqlTiddlerDatabase,
entityName = state.data ? (state.data[entityType+"_name"] || state.params[0]) : state.params[0];
// First, replace '%3A' with ':' to handle TiddlyWiki's system tiddlers
var partiallyDecoded = entityName.replace(/%3A/g, ":");
// Then use decodeURIComponent for the rest
var decodedEntityName = decodeURIComponent(partiallyDecoded);
var aclRecord = sqlTiddlerDatabase.getACLByName(entityType, decodedEntityName);
// Get permission record
const permission = sqlTiddlerDatabase.getPermissionByName(permissionName);
// ACL Middleware will only apply if the entity has a middleware record
if(aclRecord && aclRecord?.permission_id === permission?.permission_id) {
// If not authenticated and anonymous access is not allowed, request authentication
if(!state.authenticatedUsername && !state.allowAnon) {
if(state.urlInfo.pathname !== '/login') {
redirectToLogin(response, request.url);
return;
}
}
// Check if user is authenticated
if(!state.authenticatedUser && !response.headersSent) {
response.writeHead(401, "Unauthorized");
response.end();
return;
}
// Check ACL permission
var hasPermission = request.method === "POST" || sqlTiddlerDatabase.checkACLPermission(state.authenticatedUser.user_id, entityType, decodedEntityName, permissionName)
if(!hasPermission) {
if(!response.headersSent) {
response.writeHead(403, "Forbidden");
response.end();
}
return;
}
}
};
})();

View File

@ -25,6 +25,16 @@ function SqlTiddlerDatabase(options) {
databasePath: options.databasePath, databasePath: options.databasePath,
engine: options.engine engine: options.engine
}); });
this.entityTypeToTableMap = {
bag: {
table: "bags",
column: "bag_name"
},
recipe: {
table: "recipes",
column: "recipe_name"
}
};
} }
SqlTiddlerDatabase.prototype.close = function() { SqlTiddlerDatabase.prototype.close = function() {
@ -38,6 +48,83 @@ SqlTiddlerDatabase.prototype.transaction = function(fn) {
SqlTiddlerDatabase.prototype.createTables = function() { SqlTiddlerDatabase.prototype.createTables = function() {
this.engine.runStatements([` this.engine.runStatements([`
-- Users table
CREATE TABLE IF NOT EXISTS users (
user_id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
email TEXT UNIQUE NOT NULL,
password TEXT NOT NULL,
created_at TEXT DEFAULT (datetime('now')),
last_login TEXT
)
`,`
-- User Session table
CREATE TABLE IF NOT EXISTS sessions (
user_id INTEGER NOT NULL,
session_id TEXT NOT NULL,
created_at TEXT NOT NULL,
last_accessed TEXT NOT NULL,
PRIMARY KEY (user_id),
FOREIGN KEY (user_id) REFERENCES users(user_id)
)
`,`
-- Groups table
CREATE TABLE IF NOT EXISTS groups (
group_id INTEGER PRIMARY KEY AUTOINCREMENT,
group_name TEXT UNIQUE NOT NULL,
description TEXT
)
`,`
-- Roles table
CREATE TABLE IF NOT EXISTS roles (
role_id INTEGER PRIMARY KEY AUTOINCREMENT,
role_name TEXT UNIQUE NOT NULL,
description TEXT
)
`,`
-- Permissions table
CREATE TABLE IF NOT EXISTS permissions (
permission_id INTEGER PRIMARY KEY AUTOINCREMENT,
permission_name TEXT UNIQUE NOT NULL,
description TEXT
)
`,`
-- User-Group association table
CREATE TABLE IF NOT EXISTS user_groups (
user_id INTEGER,
group_id INTEGER,
PRIMARY KEY (user_id, group_id),
FOREIGN KEY (user_id) REFERENCES users(user_id),
FOREIGN KEY (group_id) REFERENCES groups(group_id)
)
`,`
-- User-Role association table
CREATE TABLE IF NOT EXISTS user_roles (
user_id INTEGER,
role_id INTEGER,
PRIMARY KEY (user_id, role_id),
FOREIGN KEY (user_id) REFERENCES users(user_id),
FOREIGN KEY (role_id) REFERENCES roles(role_id)
)
`,`
-- Group-Role association table
CREATE TABLE IF NOT EXISTS group_roles (
group_id INTEGER,
role_id INTEGER,
PRIMARY KEY (group_id, role_id),
FOREIGN KEY (group_id) REFERENCES groups(group_id),
FOREIGN KEY (role_id) REFERENCES roles(role_id)
)
`,`
-- Role-Permission association table
CREATE TABLE IF NOT EXISTS role_permissions (
role_id INTEGER,
permission_id INTEGER,
PRIMARY KEY (role_id, permission_id),
FOREIGN KEY (role_id) REFERENCES roles(role_id),
FOREIGN KEY (permission_id) REFERENCES permissions(permission_id)
)
`,`
-- Bags have names and access control settings -- Bags have names and access control settings
CREATE TABLE IF NOT EXISTS bags ( CREATE TABLE IF NOT EXISTS bags (
bag_id INTEGER PRIMARY KEY AUTOINCREMENT, bag_id INTEGER PRIMARY KEY AUTOINCREMENT,
@ -82,6 +169,26 @@ SqlTiddlerDatabase.prototype.createTables = function() {
FOREIGN KEY (tiddler_id) REFERENCES tiddlers(tiddler_id) ON UPDATE CASCADE ON DELETE CASCADE, FOREIGN KEY (tiddler_id) REFERENCES tiddlers(tiddler_id) ON UPDATE CASCADE ON DELETE CASCADE,
UNIQUE (tiddler_id, field_name) UNIQUE (tiddler_id, field_name)
) )
`,`
-- ACL table (using bag/recipe ids directly)
CREATE TABLE IF NOT EXISTS acl (
acl_id INTEGER PRIMARY KEY AUTOINCREMENT,
entity_name TEXT NOT NULL,
entity_type TEXT NOT NULL CHECK (entity_type IN ('bag', 'recipe')),
role_id INTEGER,
permission_id INTEGER,
FOREIGN KEY (role_id) REFERENCES roles(role_id),
FOREIGN KEY (permission_id) REFERENCES permissions(permission_id)
)
`,`
-- Indexes for performance (we can add more as needed based on query patterns)
CREATE INDEX IF NOT EXISTS idx_tiddlers_bag_id ON tiddlers(bag_id)
`,`
CREATE INDEX IF NOT EXISTS idx_fields_tiddler_id ON fields(tiddler_id)
`,`
CREATE INDEX IF NOT EXISTS idx_recipe_bags_recipe_id ON recipe_bags(recipe_id)
`,`
CREATE INDEX IF NOT EXISTS idx_acl_entity_id ON acl(entity_name)
`]); `]);
}; };
@ -101,7 +208,7 @@ Returns the bag_id of the bag
SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscontrol) { SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscontrol) {
accesscontrol = accesscontrol || ""; accesscontrol = accesscontrol || "";
// Run the queries // Run the queries
this.engine.runStatement(` var bag = this.engine.runStatement(`
INSERT OR IGNORE INTO bags (bag_name, accesscontrol, description) INSERT OR IGNORE INTO bags (bag_name, accesscontrol, description)
VALUES ($bag_name, '', '') VALUES ($bag_name, '', '')
`,{ `,{
@ -117,6 +224,14 @@ SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscon
$accesscontrol: accesscontrol, $accesscontrol: accesscontrol,
$description: description $description: description
}); });
const admin = this.getRoleByName("ADMIN");
if(admin) {
const readPermission = this.getPermissionByName("READ");
const writePermission = this.getPermissionByName("WRITE");
// this.createACL(bag_name, "bag", admin.role_id, readPermission.permission_id);
// this.createACL(bag_name, "bag", admin.role_id, writePermission.permission_id);
}
return updateBags.lastInsertRowid; return updateBags.lastInsertRowid;
}; };
@ -180,6 +295,16 @@ SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,descr
$recipe_name: recipe_name, $recipe_name: recipe_name,
$bag_names: JSON.stringify(bag_names) $bag_names: JSON.stringify(bag_names)
}); });
// update the permissions on ACL records
const admin = this.getRoleByName("ADMIN");
if(admin) {
const readPermission = this.getPermissionByName("READ");
const writePermission = this.getPermissionByName("WRITE");
// this.createACL(recipe_name, "recipe", admin.role_id, readPermission.permission_id);
// this.createACL(recipe_name, "recipe", admin.role_id, writePermission.permission_id);
}
return updateRecipes.lastInsertRowid; return updateRecipes.lastInsertRowid;
}; };
@ -374,6 +499,102 @@ SqlTiddlerDatabase.prototype.getRecipeTiddler = function(title,recipe_name) {
}; };
}; };
/*
Checks if a user has permission to access a recipe
*/
SqlTiddlerDatabase.prototype.hasRecipePermission = function(userId, recipeName, permissionName) {
return this.checkACLPermission(userId, "recipe", recipeName, permissionName)
};
/*
Checks if a user has permission to access a bag
*/
SqlTiddlerDatabase.prototype.hasBagPermission = function(userId, bagName, permissionName) {
return this.checkACLPermission(userId, "bag", bagName, permissionName)
};
SqlTiddlerDatabase.prototype.getACLByName = function(entityType, entityName, fetchAll) {
const entityInfo = this.entityTypeToTableMap[entityType];
if (!entityInfo) {
throw new Error("Invalid entity type: " + entityType);
}
// First, check if there's an ACL record for the entity and get the permission_id
var checkACLExistsQuery = `
SELECT *
FROM acl
WHERE entity_type = $entity_type
AND entity_name = $entity_name
`;
if (!fetchAll) {
checkACLExistsQuery += ' LIMIT 1'
}
const aclRecord = this.engine[fetchAll ? 'runStatementGetAll' : 'runStatementGet'](checkACLExistsQuery, {
$entity_type: entityType,
$entity_name: entityName
});
return aclRecord;
}
SqlTiddlerDatabase.prototype.checkACLPermission = function(userId, entityType, entityName) {
// if the entityName starts with "$:/", we'll assume its a system bag/recipe, then grant the user permission
if(entityName.startsWith("$:/")) {
return true;
}
const aclRecord = this.getACLByName(entityType, entityName);
// If no ACL record exists, return true for hasPermission
if (!aclRecord) {
return true;
}
// If ACL record exists, check for user permission using the retrieved permission_id
const checkPermissionQuery = `
SELECT 1
FROM users u
JOIN user_roles ur ON u.user_id = ur.user_id
JOIN roles r ON ur.role_id = r.role_id
JOIN acl a ON r.role_id = a.role_id
WHERE u.user_id = $user_id
AND a.entity_type = $entity_type
AND a.entity_name = $entity_name
AND a.permission_id = $permission_id
LIMIT 1
`;
const result = this.engine.runStatementGet(checkPermissionQuery, {
$user_id: userId,
$entity_type: entityType,
$entity_name: entityName,
$permission_id: aclRecord.permission_id
});
const hasPermission = result !== undefined;
return hasPermission;
};
/**
* Returns the ACL records for an entity (bag or recipe)
*/
SqlTiddlerDatabase.prototype.getEntityAclRecords = function(entityName) {
const checkACLExistsQuery = `
SELECT *
FROM acl
WHERE entity_name = $entity_name
`;
const aclRecords = this.engine.runStatementGetAll(checkACLExistsQuery, {
$entity_name: entityName
});
return aclRecords
}
/* /*
Get the titles of the tiddlers in a bag. Returns an empty array for bags that do not exist Get the titles of the tiddlers in a bag. Returns an empty array for bags that do not exist
*/ */
@ -575,6 +796,576 @@ SqlTiddlerDatabase.prototype.getRecipeTiddlerAttachmentBlob = function(title,rec
return row ? row.attachment_blob : null; return row ? row.attachment_blob : null;
}; };
// User CRUD operations
SqlTiddlerDatabase.prototype.createUser = function(username, email, password) {
const result = this.engine.runStatement(`
INSERT INTO users (username, email, password)
VALUES ($username, $email, $password)
`, {
$username: username,
$email: email,
$password: password
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getUser = function(userId) {
return this.engine.runStatementGet(`
SELECT * FROM users WHERE user_id = $userId
`, {
$userId: userId
});
};
SqlTiddlerDatabase.prototype.getUserByUsername = function(username) {
return this.engine.runStatementGet(`
SELECT * FROM users WHERE username = $username
`, {
$username: username
});
};
SqlTiddlerDatabase.prototype.updateUser = function (userId, username, email, roleId) {
const existingUser = this.engine.runStatement(`
SELECT user_id FROM users
WHERE email = $email AND user_id != $userId
`, {
$email: email,
$userId: userId
});
if (existingUser.length > 0) {
return {
success: false,
message: "Email address already in use by another user."
};
}
try {
this.engine.transaction(() => {
// Update user information
this.engine.runStatement(`
UPDATE users
SET username = $username, email = $email
WHERE user_id = $userId
`, {
$userId: userId,
$username: username,
$email: email
});
if (roleId) {
// Remove all existing roles for the user
this.engine.runStatement(`
DELETE FROM user_roles
WHERE user_id = $userId
`, {
$userId: userId
});
// Add the new role
this.engine.runStatement(`
INSERT INTO user_roles (user_id, role_id)
VALUES ($userId, $roleId)
`, {
$userId: userId,
$roleId: roleId
});
}
});
return {
success: true,
message: "User profile and role updated successfully."
};
} catch (error) {
return {
success: false,
message: "Failed to update user profile: " + error.message
};
}
};
SqlTiddlerDatabase.prototype.updateUserPassword = function (userId, newHash) {
try {
this.engine.runStatement(`
UPDATE users
SET password = $newHash
WHERE user_id = $userId
`, {
$userId: userId,
$newHash: newHash,
});
return {
success: true,
message: "Password updated successfully."
};
} catch (error) {
return {
success: false,
message: "Failed to update password: " + error.message
};
}
};
SqlTiddlerDatabase.prototype.deleteUser = function(userId) {
this.engine.runStatement(`
DELETE FROM users WHERE user_id = $userId
`, {
$userId: userId
});
};
SqlTiddlerDatabase.prototype.listUsers = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM users ORDER BY username
`);
};
SqlTiddlerDatabase.prototype.createOrUpdateUserSession = function(userId, sessionId) {
const currentTimestamp = new Date().toISOString();
// First, try to update an existing session
const updateResult = this.engine.runStatement(`
UPDATE sessions
SET session_id = $sessionId, last_accessed = $timestamp
WHERE user_id = $userId
`, {
$userId: userId,
$sessionId: sessionId,
$timestamp: currentTimestamp
});
// If no existing session was updated, create a new one
if (updateResult.changes === 0) {
this.engine.runStatement(`
INSERT INTO sessions (user_id, session_id, created_at, last_accessed)
VALUES ($userId, $sessionId, $timestamp, $timestamp)
`, {
$userId: userId,
$sessionId: sessionId,
$timestamp: currentTimestamp
});
}
return sessionId;
};
SqlTiddlerDatabase.prototype.findUserBySessionId = function(sessionId) {
// First, get the user_id from the sessions table
const sessionResult = this.engine.runStatementGet(`
SELECT user_id, last_accessed
FROM sessions
WHERE session_id = $sessionId
`, {
$sessionId: sessionId
});
if (!sessionResult) {
return null; // Session not found
}
const lastAccessed = new Date(sessionResult.last_accessed);
const expirationTime = 24 * 60 * 60 * 1000; // 24 hours in milliseconds
if (new Date() - lastAccessed > expirationTime) {
// Session has expired
this.deleteSession(sessionId);
return null;
}
// Update the last_accessed timestamp
const currentTimestamp = new Date().toISOString();
this.engine.runStatement(`
UPDATE sessions
SET last_accessed = $timestamp
WHERE session_id = $sessionId
`, {
$sessionId: sessionId,
$timestamp: currentTimestamp
});
const userResult = this.engine.runStatementGet(`
SELECT *
FROM users
WHERE user_id = $userId
`, {
$userId: sessionResult.user_id
});
if (!userResult) {
return null;
}
return userResult;
};
SqlTiddlerDatabase.prototype.deleteSession = function(sessionId) {
this.engine.runStatement(`
DELETE FROM sessions
WHERE session_id = $sessionId
`, {
$sessionId: sessionId
});
};
// Group CRUD operations
SqlTiddlerDatabase.prototype.createGroup = function(groupName, description) {
const result = this.engine.runStatement(`
INSERT INTO groups (group_name, description)
VALUES ($groupName, $description)
`, {
$groupName: groupName,
$description: description
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getGroup = function(groupId) {
return this.engine.runStatementGet(`
SELECT * FROM groups WHERE group_id = $groupId
`, {
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.updateGroup = function(groupId, groupName, description) {
this.engine.runStatement(`
UPDATE groups
SET group_name = $groupName, description = $description
WHERE group_id = $groupId
`, {
$groupId: groupId,
$groupName: groupName,
$description: description
});
};
SqlTiddlerDatabase.prototype.deleteGroup = function(groupId) {
this.engine.runStatement(`
DELETE FROM groups WHERE group_id = $groupId
`, {
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.listGroups = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM groups ORDER BY group_name
`);
};
// Role CRUD operations
SqlTiddlerDatabase.prototype.createRole = function(roleName, description) {
const result = this.engine.runStatement(`
INSERT OR IGNORE INTO roles (role_name, description)
VALUES ($roleName, $description)
`, {
$roleName: roleName,
$description: description
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getRole = function(roleId) {
return this.engine.runStatementGet(`
SELECT * FROM roles WHERE role_id = $roleId
`, {
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.getRoleByName = function(roleName) {
return this.engine.runStatementGet(`
SELECT * FROM roles WHERE role_name = $roleName
`, {
$roleName: roleName
});
}
SqlTiddlerDatabase.prototype.updateRole = function(roleId, roleName, description) {
this.engine.runStatement(`
UPDATE roles
SET role_name = $roleName, description = $description
WHERE role_id = $roleId
`, {
$roleId: roleId,
$roleName: roleName,
$description: description
});
};
SqlTiddlerDatabase.prototype.deleteRole = function(roleId) {
this.engine.runStatement(`
DELETE FROM roles WHERE role_id = $roleId
`, {
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.listRoles = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM roles ORDER BY role_name
`);
};
// Permission CRUD operations
SqlTiddlerDatabase.prototype.createPermission = function(permissionName, description) {
const result = this.engine.runStatement(`
INSERT OR IGNORE INTO permissions (permission_name, description)
VALUES ($permissionName, $description)
`, {
$permissionName: permissionName,
$description: description
});
return result.lastInsertRowid;
};
SqlTiddlerDatabase.prototype.getPermission = function(permissionId) {
return this.engine.runStatementGet(`
SELECT * FROM permissions WHERE permission_id = $permissionId
`, {
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.getPermissionByName = function(permissionName) {
return this.engine.runStatementGet(`
SELECT * FROM permissions WHERE permission_name = $permissionName
`, {
$permissionName: permissionName
});
};
SqlTiddlerDatabase.prototype.updatePermission = function(permissionId, permissionName, description) {
this.engine.runStatement(`
UPDATE permissions
SET permission_name = $permissionName, description = $description
WHERE permission_id = $permissionId
`, {
$permissionId: permissionId,
$permissionName: permissionName,
$description: description
});
};
SqlTiddlerDatabase.prototype.deletePermission = function(permissionId) {
this.engine.runStatement(`
DELETE FROM permissions WHERE permission_id = $permissionId
`, {
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.listPermissions = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM permissions ORDER BY permission_name
`);
};
// ACL CRUD operations
SqlTiddlerDatabase.prototype.createACL = function(entityName, entityType, roleId, permissionId) {
if(!entityName.startsWith("$:/")) {
const result = this.engine.runStatement(`
INSERT OR IGNORE INTO acl (entity_name, entity_type, role_id, permission_id)
VALUES ($entityName, $entityType, $roleId, $permissionId)
`,
{
$entityName: entityName,
$entityType: entityType,
$roleId: roleId,
$permissionId: permissionId
});
return result.lastInsertRowid;
}
};
SqlTiddlerDatabase.prototype.getACL = function(aclId) {
return this.engine.runStatementGet(`
SELECT * FROM acl WHERE acl_id = $aclId
`, {
$aclId: aclId
});
};
SqlTiddlerDatabase.prototype.updateACL = function(aclId, entityId, entityType, roleId, permissionId) {
this.engine.runStatement(`
UPDATE acl
SET entity_name = $entityId, entity_type = $entityType,
role_id = $roleId, permission_id = $permissionId
WHERE acl_id = $aclId
`, {
$aclId: aclId,
$entityId: entityId,
$entityType: entityType,
$roleId: roleId,
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.deleteACL = function(aclId) {
this.engine.runStatement(`
DELETE FROM acl WHERE acl_id = $aclId
`, {
$aclId: aclId
});
};
SqlTiddlerDatabase.prototype.listACLs = function() {
return this.engine.runStatementGetAll(`
SELECT * FROM acl ORDER BY entity_type, entity_name
`);
};
// Association management functions
SqlTiddlerDatabase.prototype.addUserToGroup = function(userId, groupId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO user_groups (user_id, group_id)
VALUES ($userId, $groupId)
`, {
$userId: userId,
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.isUserInGroup = function(userId, groupId) {
const result = this.engine.runStatementGet(`
SELECT 1 FROM user_groups
WHERE user_id = $userId AND group_id = $groupId
`, {
$userId: userId,
$groupId: groupId
});
return result !== undefined;
};
SqlTiddlerDatabase.prototype.removeUserFromGroup = function(userId, groupId) {
this.engine.runStatement(`
DELETE FROM user_groups
WHERE user_id = $userId AND group_id = $groupId
`, {
$userId: userId,
$groupId: groupId
});
};
SqlTiddlerDatabase.prototype.addRoleToUser = function(userId, roleId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO user_roles (user_id, role_id)
VALUES ($userId, $roleId)
`, {
$userId: userId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.removeRoleFromUser = function(userId, roleId) {
this.engine.runStatement(`
DELETE FROM user_roles
WHERE user_id = $userId AND role_id = $roleId
`, {
$userId: userId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.addRoleToGroup = function(groupId, roleId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO group_roles (group_id, role_id)
VALUES ($groupId, $roleId)
`, {
$groupId: groupId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.removeRoleFromGroup = function(groupId, roleId) {
this.engine.runStatement(`
DELETE FROM group_roles
WHERE group_id = $groupId AND role_id = $roleId
`, {
$groupId: groupId,
$roleId: roleId
});
};
SqlTiddlerDatabase.prototype.addPermissionToRole = function(roleId, permissionId) {
this.engine.runStatement(`
INSERT OR IGNORE INTO role_permissions (role_id, permission_id)
VALUES ($roleId, $permissionId)
`, {
$roleId: roleId,
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.removePermissionFromRole = function(roleId, permissionId) {
this.engine.runStatement(`
DELETE FROM role_permissions
WHERE role_id = $roleId AND permission_id = $permissionId
`, {
$roleId: roleId,
$permissionId: permissionId
});
};
SqlTiddlerDatabase.prototype.getUserRoles = function(userId) {
const query = `
SELECT r.role_id, r.role_name
FROM user_roles ur
JOIN roles r ON ur.role_id = r.role_id
WHERE ur.user_id = $userId
LIMIT 1
`;
return this.engine.runStatementGet(query, { $userId: userId });
};
SqlTiddlerDatabase.prototype.isRoleInUse = function(roleId) {
// Check if the role is assigned to any users
const userRoleCheck = this.engine.runStatementGet(`
SELECT 1
FROM user_roles
WHERE role_id = $roleId
LIMIT 1
`, {
$roleId: roleId
});
if(userRoleCheck) {
return true;
}
// Check if the role is used in any ACLs
const aclRoleCheck = this.engine.runStatementGet(`
SELECT 1
FROM acl
WHERE role_id = $roleId
LIMIT 1
`, {
$roleId: roleId
});
if(aclRoleCheck) {
return true;
}
// If we've reached this point, the role is not in use
return false;
};
SqlTiddlerDatabase.prototype.getRoleById = function(roleId) {
const role = this.engine.runStatementGet(`
SELECT role_id, role_name, description
FROM roles
WHERE role_id = $roleId
`, {
$roleId: roleId
});
return role;
};
exports.SqlTiddlerDatabase = SqlTiddlerDatabase; exports.SqlTiddlerDatabase = SqlTiddlerDatabase;
})(); })();

View File

@ -104,6 +104,124 @@ function runSqlDatabaseTests(engine) {
expect(sqlTiddlerDatabase.saveRecipeTiddler({title: "More", text: "None"},"recipe-rho")).toEqual({tiddler_id: 7, bag_name: 'bag-beta'}); expect(sqlTiddlerDatabase.saveRecipeTiddler({title: "More", text: "None"},"recipe-rho")).toEqual({tiddler_id: 7, bag_name: 'bag-beta'});
expect(sqlTiddlerDatabase.getRecipeTiddler("More","recipe-rho").tiddler).toEqual({title: "More", text: "None"}); expect(sqlTiddlerDatabase.getRecipeTiddler("More","recipe-rho").tiddler).toEqual({title: "More", text: "None"});
}); });
it("should manage users correctly", function() {
console.log("should manage users correctly")
// Create users
const userId1 = sqlTiddlerDatabase.createUser("john_doe", "john@example.com", "pass123");
const userId2 = sqlTiddlerDatabase.createUser("jane_doe", "jane@example.com", "pass123");
// Retrieve users
const user1 = sqlTiddlerDatabase.getUser(userId1);
expect(user1.user_id).toBe(userId1);
expect(user1.username).toBe("john_doe");
expect(user1.email).toBe("john@example.com");
expect(user1.created_at).toMatch(/^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$/); // Match timestamp format
expect(user1.last_login).toBeNull();
// Update user
sqlTiddlerDatabase.updateUser(userId1, "john_updated", "john_updated@example.com");
expect(sqlTiddlerDatabase.getUser(userId1).username).toBe("john_updated");
expect(sqlTiddlerDatabase.getUser(userId1).email).toBe("john_updated@example.com");
// List users
const users = sqlTiddlerDatabase.listUsers();
expect(users.length).toBe(2);
expect(users[0].username).toBe("jane_doe");
expect(users[1].username).toBe("john_updated");
// Delete user
sqlTiddlerDatabase.deleteUser(userId2);
// expect(sqlTiddlerDatabase.getUser(userId2)).toBe(null || undefined);
});
it("should manage groups correctly", function() {
console.log("should manage groups correctly")
// Create groups
const groupId1 = sqlTiddlerDatabase.createGroup("Editors", "Can edit content");
const groupId2 = sqlTiddlerDatabase.createGroup("Viewers", "Can view content");
// Retrieve groups
expect(sqlTiddlerDatabase.getGroup(groupId1)).toEqual({
group_id: groupId1,
group_name: "Editors",
description: "Can edit content"
});
// Update group
sqlTiddlerDatabase.updateGroup(groupId1, "Super Editors", "Can edit all content");
expect(sqlTiddlerDatabase.getGroup(groupId1).group_name).toBe("Super Editors");
expect(sqlTiddlerDatabase.getGroup(groupId1).description).toBe("Can edit all content");
// List groups
const groups = sqlTiddlerDatabase.listGroups();
expect(groups.length).toBe(2);
expect(groups[0].group_name).toBe("Super Editors");
expect(groups[1].group_name).toBe("Viewers");
// Delete group
sqlTiddlerDatabase.deleteGroup(groupId2);
// expect(sqlTiddlerDatabase.getGroup(groupId2)).toBe(null || undefined);
});
it("should manage roles correctly", function() {
console.log("should manage roles correctly")
// Create roles
const roleId1 = sqlTiddlerDatabase.createRole("Admin" + Date.now(), "Full access");
const roleId2 = sqlTiddlerDatabase.createRole("Editor" + Date.now(), "Can edit content");
// Retrieve roles
expect(sqlTiddlerDatabase.getRole(roleId1)).toEqual({
role_id: roleId1,
role_name: jasmine.stringMatching(/^Admin\d+$/),
description: "Full access"
});
// Update role
sqlTiddlerDatabase.updateRole(roleId1, "Super Admin" + Date.now(), "God-like powers");
expect(sqlTiddlerDatabase.getRole(roleId1).role_name).toMatch(/^Super Admin\d+$/);
expect(sqlTiddlerDatabase.getRole(roleId1).description).toBe("God-like powers");
// List roles
const roles = sqlTiddlerDatabase.listRoles();
expect(roles.length).toBeGreaterThan(0);
// expect(roles[0].role_name).toMatch(/^Editor\d+$/);
// expect(roles[1].role_name).toMatch(/^Super Admin\d+$/);
// Delete role
sqlTiddlerDatabase.deleteRole(roleId2);
// expect(sqlTiddlerDatabase.getRole(roleId2)).toBeUndefined();
});
it("should manage permissions correctly", function() {
console.log("should manage permissions correctly")
// Create permissions
const permissionId1 = sqlTiddlerDatabase.createPermission("read_tiddlers" + Date.now(), "Can read tiddlers");
const permissionId2 = sqlTiddlerDatabase.createPermission("write_tiddlers" + Date.now(), "Can write tiddlers");
// Retrieve permissions
expect(sqlTiddlerDatabase.getPermission(permissionId1)).toEqual({
permission_id: permissionId1,
permission_name: jasmine.stringMatching(/^read_tiddlers\d+$/),
description: "Can read tiddlers"
});
// Update permission
sqlTiddlerDatabase.updatePermission(permissionId1, "read_all_tiddlers" + Date.now(), "Can read all tiddlers");
expect(sqlTiddlerDatabase.getPermission(permissionId1).permission_name).toMatch(/^read_all_tiddlers\d+$/);
expect(sqlTiddlerDatabase.getPermission(permissionId1).description).toBe("Can read all tiddlers");
// List permissions
const permissions = sqlTiddlerDatabase.listPermissions();
expect(permissions.length).toBeGreaterThan(0);
expect(permissions[0].permission_name).toMatch(/^read_all_tiddlers\d+$/);
expect(permissions[1].permission_name).toMatch(/^write_tiddlers\d+$/);
// Delete permission
sqlTiddlerDatabase.deletePermission(permissionId2);
// expect(sqlTiddlerDatabase.getPermission(permissionId2)).toBeUndefined();
});
} }
})(); })();

View File

@ -14,151 +14,151 @@ if(typeof window === 'undefined' && typeof process !== 'undefined' && process.ve
var AttachmentStore = require('$:/plugins/tiddlywiki/multiwikiserver/store/attachments.js').AttachmentStore; var AttachmentStore = require('$:/plugins/tiddlywiki/multiwikiserver/store/attachments.js').AttachmentStore;
const {Buffer} = require('buffer'); const {Buffer} = require('buffer');
function generateFileWithSize(filePath, sizeInBytes) { function generateFileWithSize(filePath, sizeInBytes) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
var buffer = Buffer.alloc(sizeInBytes); var buffer = Buffer.alloc(sizeInBytes);
for(var i = 0; i < sizeInBytes; i++) { for(var i = 0; i < sizeInBytes; i++) {
buffer[i] = Math.floor(Math.random() * 256); buffer[i] = Math.floor(Math.random() * 256);
} }
fs.writeFile(filePath, buffer, (err) => { fs.writeFile(filePath, buffer, (err) => {
if(err) { if(err) {
console.error('Error writing file:', err); console.error('Error writing file:', err);
reject(err); reject(err);
} else { } else {
console.log('File '+filePath+' generated with size '+sizeInBytes+' bytes'); console.log('File '+filePath+' generated with size '+sizeInBytes+' bytes');
fs.readFile(filePath, (err, data) => { fs.readFile(filePath, (err, data) => {
if(err) { if(err) {
console.error('Error reading file:', err); console.error('Error reading file:', err);
reject(err); reject(err);
} else { } else {
resolve(data); resolve(data);
} }
}); });
} }
}); });
}); });
} }
(function() { (function() {
'use strict'; 'use strict';
if($tw.node) { if($tw.node) {
describe('AttachmentStore', function() { describe('AttachmentStore', function() {
var storePath = './editions/test/test-store'; var storePath = './editions/test/test-store';
var attachmentStore = new AttachmentStore({ storePath: storePath }); var attachmentStore = new AttachmentStore({ storePath: storePath });
var originalTimeout; var originalTimeout;
beforeAll(function() { beforeAll(function() {
const dirPath = path.dirname(`${storePath}/files`); const dirPath = path.dirname(`${storePath}/files`);
if(!fs.existsSync(dirPath)) { if(!fs.existsSync(dirPath)) {
fs.mkdirSync(dirPath, { recursive: true }); fs.mkdirSync(dirPath, { recursive: true });
} }
originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL; originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL;
jasmine.DEFAULT_TIMEOUT_INTERVAL = 50000; jasmine.DEFAULT_TIMEOUT_INTERVAL = 50000;
}); });
afterAll(function() { afterAll(function() {
jasmine.DEFAULT_TIMEOUT_INTERVAL = originalTimeout; jasmine.DEFAULT_TIMEOUT_INTERVAL = originalTimeout;
fs.readdirSync(storePath).forEach(function(file) { fs.readdirSync(storePath).forEach(function(file) {
var filePath = path.join(storePath, file); var filePath = path.join(storePath, file);
if(fs.lstatSync(filePath).isFile()) { if(fs.lstatSync(filePath).isFile()) {
fs.unlinkSync(filePath); fs.unlinkSync(filePath);
} else if(fs.lstatSync(filePath).isDirectory()) { } else if(fs.lstatSync(filePath).isDirectory()) {
fs.rmdirSync(filePath, { recursive: true }); fs.rmdirSync(filePath, { recursive: true });
} }
}); });
}); });
it('isValidAttachmentName', function() { it('isValidAttachmentName', function() {
expect(attachmentStore.isValidAttachmentName('abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890')).toBe(true); expect(attachmentStore.isValidAttachmentName('abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890')).toBe(true);
expect(attachmentStore.isValidAttachmentName('invalid-name')).toBe(false); expect(attachmentStore.isValidAttachmentName('invalid-name')).toBe(false);
}); });
it('saveAttachment', function() { it('saveAttachment', function() {
var options = { var options = {
text: 'Hello, World!', text: 'Hello, World!',
type: 'text/plain', type: 'text/plain',
reference: 'test-reference', reference: 'test-reference',
}; };
var contentHash = attachmentStore.saveAttachment(options); var contentHash = attachmentStore.saveAttachment(options);
assert.strictEqual(contentHash.length, 64); assert.strictEqual(contentHash.length, 64);
assert.strictEqual(fs.existsSync(path.resolve(storePath, 'files', contentHash)), true); assert.strictEqual(fs.existsSync(path.resolve(storePath, 'files', contentHash)), true);
}); });
it('adoptAttachment', function() { it('adoptAttachment', function() {
var incomingFilepath = path.resolve(storePath, 'incoming-file.txt'); var incomingFilepath = path.resolve(storePath, 'incoming-file.txt');
fs.writeFileSync(incomingFilepath, 'Hello, World!'); fs.writeFileSync(incomingFilepath, 'Hello, World!');
var type = 'text/plain'; var type = 'text/plain';
var hash = 'abcdef0123456789abcdef0123456789'; var hash = 'abcdef0123456789abcdef0123456789';
var _canonical_uri = 'test-canonical-uri'; var _canonical_uri = 'test-canonical-uri';
attachmentStore.adoptAttachment(incomingFilepath, type, hash, _canonical_uri); attachmentStore.adoptAttachment(incomingFilepath, type, hash, _canonical_uri);
expect(fs.existsSync(path.resolve(storePath, 'files', hash))).toBe(true); expect(fs.existsSync(path.resolve(storePath, 'files', hash))).toBe(true);
}); });
it('getAttachmentStream', function() { it('getAttachmentStream', function() {
var options = { var options = {
text: 'Hello, World!', text: 'Hello, World!',
type: 'text/plain', type: 'text/plain',
filename: 'data.txt', filename: 'data.txt',
}; };
var contentHash = attachmentStore.saveAttachment(options); var contentHash = attachmentStore.saveAttachment(options);
var stream = attachmentStore.getAttachmentStream(contentHash); var stream = attachmentStore.getAttachmentStream(contentHash);
expect(stream).not.toBeNull(); expect(stream).not.toBeNull();
expect(stream.type).toBe('text/plain'); expect(stream.type).toBe('text/plain');
}); });
it('getAttachmentFileSize', function() { it('getAttachmentFileSize', function() {
var options = { var options = {
text: 'Hello, World!', text: 'Hello, World!',
type: 'text/plain', type: 'text/plain',
reference: 'test-reference', reference: 'test-reference',
}; };
var contentHash = attachmentStore.saveAttachment(options); var contentHash = attachmentStore.saveAttachment(options);
var fileSize = attachmentStore.getAttachmentFileSize(contentHash); var fileSize = attachmentStore.getAttachmentFileSize(contentHash);
expect(fileSize).toBe(13); expect(fileSize).toBe(13);
}); });
it('getAttachmentMetadata', function() { it('getAttachmentMetadata', function() {
var options = { var options = {
text: 'Hello, World!', text: 'Hello, World!',
type: 'text/plain', type: 'text/plain',
filename: 'data.txt', filename: 'data.txt',
}; };
var contentHash = attachmentStore.saveAttachment(options); var contentHash = attachmentStore.saveAttachment(options);
var metadata = attachmentStore.getAttachmentMetadata(contentHash); var metadata = attachmentStore.getAttachmentMetadata(contentHash);
expect(metadata).not.toBeNull(); expect(metadata).not.toBeNull();
expect(metadata.type).toBe('text/plain'); expect(metadata.type).toBe('text/plain');
expect(metadata.filename).toBe('data.txt'); expect(metadata.filename).toBe('data.txt');
}); });
it('saveAttachment large file', async function() { it('saveAttachment large file', async function() {
var sizeInMB = 10 var sizeInMB = 10
const file = await generateFileWithSize('./editions/test/test-store/large-file.txt', 1024 * 1024 * sizeInMB) const file = await generateFileWithSize('./editions/test/test-store/large-file.txt', 1024 * 1024 * sizeInMB)
var options = { var options = {
text: file, text: file,
type: 'application/octet-stream', type: 'application/octet-stream',
reference: 'test-reference', reference: 'test-reference',
}; };
var contentHash = attachmentStore.saveAttachment(options); var contentHash = attachmentStore.saveAttachment(options);
assert.strictEqual(contentHash.length, 64); assert.strictEqual(contentHash.length, 64);
assert.strictEqual(fs.existsSync(path.resolve(storePath, 'files', contentHash)), true); assert.strictEqual(fs.existsSync(path.resolve(storePath, 'files', contentHash)), true);
}); });
it('saveAttachment multiple large files', async function() { it('saveAttachment multiple large files', async function() {
var sizeInMB = 10; var sizeInMB = 10;
var numFiles = 5; var numFiles = 5;
for (var i = 0; i < numFiles; i++) { for (var i = 0; i < numFiles; i++) {
const file = await generateFileWithSize(`./editions/test/test-store/large-file-${i}.txt`, 1024 * 1024 * sizeInMB); const file = await generateFileWithSize(`./editions/test/test-store/large-file-${i}.txt`, 1024 * 1024 * sizeInMB);
var options = { var options = {
text: file, text: file,
type: 'application/octet-stream', type: 'application/octet-stream',
reference: `test-reference-${i}`, reference: `test-reference-${i}`,
}; };
var contentHash = attachmentStore.saveAttachment(options); var contentHash = attachmentStore.saveAttachment(options);
assert.strictEqual(contentHash.length, 64); assert.strictEqual(contentHash.length, 64);
assert.strictEqual(fs.existsSync(path.resolve(storePath, 'files', contentHash)), true); assert.strictEqual(fs.existsSync(path.resolve(storePath, 'files', contentHash)), true);
} }
}); });
it('getAttachmentStream multiple large files', async function() { it('getAttachmentStream multiple large files', async function() {
var sizeInMB = 10; var sizeInMB = 10;

View File

@ -0,0 +1,19 @@
/*\
title: $:/plugins/tiddlywiki/multiwikiserver/scripts/admin-dropdown.js
type: application/javascript
\*/
(function () {
document.addEventListener("click", function (event) {
var dropdown = document.querySelector(".mws-admin-dropdown-content");
var dropbtn = document.querySelector(".mws-admin-dropbtn");
if(!event.target.matches(".mws-admin-dropbtn")) {
if(dropdown.style.display === "block") {
dropdown.style.display = "none";
}
} else {
dropdown.style.display = dropdown.style.display === "block" ? "none" : "block";
}
});
})();

View File

@ -0,0 +1,93 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/add-user-form
<h1>Add New User</h1>
<form method="POST" action="/admin/post-user">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" id="username" name="username" class="form-input" required>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" id="email" name="email" class="form-input" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" id="password" name="password" class="form-input" required>
</div>
<div class="form-group">
<label for="confirmPassword">Confirm Password:</label>
<input type="password" id="confirmPassword" name="confirmPassword" class="form-input" required>
</div>
<div class="form-actions">
<$button class="btn btn-primary">
Add User
<<add-user-actions>>
<$action-sendmessage $message="tm-close-tiddler"/>
</$button>
</div>
</form>
<style>
.add-user-form {
background-color: #f8f9fa;
border-radius: 8px;
padding: 20px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
.add-user-form h1 {
margin-top: 0;
margin-bottom: 20px;
color: #333;
font-size: 1.5em;
}
.form-group {
margin-bottom: 15px;
}
.form-group label {
display: block;
margin-bottom: 5px;
font-weight: bold;
color: #555;
}
.form-input {
width: 100%;
padding: 8px;
border: 1px solid #ddd;
border-radius: 4px;
font-size: 14px;
}
.form-actions {
margin-top: 20px;
display: flex;
gap: 1rem;
flex-direction: row;
justify-content: center;
align-items: center;
}
.btn {
width: 100%;
margin: auto;
padding: 10px 15px;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 14px;
transition: background-color 0.3s ease;
}
.btn-primary {
background-color: #007bff;
color: white;
}
.btn-primary:hover {
background-color: #0056b3;
}
</style>

View File

@ -21,7 +21,11 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
</$genesis> </$genesis>
\end \end
! Wikis Available Here <$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/mws-header">
<$set name="page-title" value="Wikis Available Here">
<$transclude/>
</$set>
</$tiddler>
<ul class="mws-vertical-list"> <ul class="mws-vertical-list">
<$list filter="[<recipe-list>jsonindexes[]] :sort[<currentTiddler>jsonget[recipe_name]]" variable="recipe-index"> <$list filter="[<recipe-list>jsonindexes[]] :sort[<currentTiddler>jsonget[recipe_name]]" variable="recipe-index">
@ -69,7 +73,6 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
</li> </li>
</$list> </$list>
</ul> </ul>
<form action="/recipes" method="post" class="mws-form"> <form action="/recipes" method="post" class="mws-form">
<div class="mws-form-heading"> <div class="mws-form-heading">
Create a new recipe or modify and existing one Create a new recipe or modify and existing one
@ -149,4 +152,78 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
<%endif%> <%endif%>
<label for="chkShowSystem">Show system bags</label> <label for="chkShowSystem">Show system bags</label>
<button type="submit">Update</button> <button type="submit">Update</button>
</form> </form>
<style>
.mws-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 10px;
background-color: #f0f0f0;
margin-bottom: 20px;
}
.mws-user-info {
display: flex;
align-items: center;
}
.mws-logout-form {
margin-left: 10px;
}
.mws-logout-button {
padding: 5px 10px;
background-color: #f44336;
color: white;
border: none;
cursor: pointer;
}
.mws-logout-button:hover {
background-color: #d32f2f;
}
.mws-admin-dropdown {
position: relative;
display: inline-block;
margin-left: 10px;
}
.mws-admin-dropbtn {
color: white;
padding: 5px;
font-size: 16px;
border: none;
cursor: pointer;
}
.mws-admin-dropbtn:hover, .mws-admin-dropbtn:focus {
cursor: pointer;
opacity: 0.8;
}
.mws-admin-dropdown-content {
display: none;
position: absolute;
background-color: #f1f1f1;
min-width: 160px;
box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2);
z-index: 1;
right: 0;
}
.mws-admin-dropdown-content a {
color: black;
padding: 12px 16px;
text-decoration: none;
display: block;
}
.mws-admin-dropdown-content a:hover {background-color: #ddd;}
.mws-admin-dropdown:hover .mws-admin-dropdown-content {display: block;}
.mws-admin-dropdown:hover {background-color: #2980B9;}
</style>

View File

@ -0,0 +1,124 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-users
\define edit-user-actions(user-id)
<$action-sendmessage $message="tm-modal" $param="$:/plugins/tiddlywiki/multiwikiserver/templates/edit-user-modal" user-id=<<user-id>>/>
\end
\define delete-user-actions(user-id)
<$action-sendmessage $message="tm-server-request"
method="DELETE"
url={{{ [[$:/admin/users/]addsuffix<user-id>] }}}
redirectAfterSuccess="/admin/users"/>
\end
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/mws-header">
<$set name="page-title" value="User Management">
<$transclude/>
</$set>
</$tiddler>
<div class="users-container">
<div class="users-list">
<$list filter="[<user-list>jsonindexes[]]" variable="user-index">
<$let currentUser={{{ [<user-list>jsonextract<user-index>] }}}>
<$set name="user-id" value={{{ [<currentUser>jsonget[user_id]] }}}>
<a href={{{ [[/admin/users/]addsuffix<user-id>] }}} class="user-item">
<div class="user-info">
<span class="user-name">
<$text text={{{ [<currentUser>jsonget[username]] }}}/>
</span>
<span class="user-email">
<$text text={{{ [<currentUser>jsonget[email]] }}}/>
</span>
</div>
<div class="user-details">
<span class="user-created">
Created: <$text text={{{ [<currentUser>jsonget[created_at]] }}}/>
</span>
<span class="user-last-login">
Last Login: <$text text={{{ [<currentUser>jsonget[last_login]] }}}/>
</span>
</div>
</a>
</$set>
</$let>
</$list>
</div>
<$list filter="[<user-is-admin>match[yes]]">
<div class="add-user-card">
<$transclude tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/add-user-form" mode="inline"/>
</div>
</$list>
</div>
<style>
.users-container {
margin: auto;
max-width: 1200px;
display: flex;
justify-content: space-between;
gap: 2rem;
}
.users-list {
flex: 1;
background: #fff;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
padding: 2rem;
}
.add-user-card {
width: 300px;
background: #fff;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
padding: 2rem;
}
.user-item {
display: block;
width: 100%;
text-align: left;
background: none;
border: none;
border-bottom: 1px solid #eee;
padding: 1rem 0;
cursor: pointer;
transition: background-color 0.3s ease;
text-decoration: none;
}
.user-item:hover {
background-color: #f5f5f5;
text-decoration: none;
}
.user-info {
display: flex;
justify-content: space-between;
align-items: center;
}
.user-name {
font-weight: bold;
}
.user-email {
color: #666;
}
.user-details {
font-size: 0.9em;
color: #888;
margin-top: 0.5rem;
}
.add-user-form {
display: none; /* Hide the original add user button */
}
.tc-btn-big-green {
background-color: #4CAF50;
color: white;
padding: 10px 20px;
border: none;
border-radius: 5px;
cursor: pointer;
font-size: 1em;
}
.tc-btn-big-green:hover {
background-color: #45a049;
}
</style>

View File

@ -0,0 +1,267 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/manage-acl
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/mws-header">
<$set name="page-title" value="Manage ACL">
<$transclude />
</$set>
</$tiddler>
<div class="container">
<h2>Recipe ACL: <$text text={{{ [<recipe>jsonget[recipe_name]] }}}/></h2>
<div class="acl-section">
<div class="acl-form">
<h3>Add Recipe ACL Record</h3>
<form method="POST" action="/admin/post-acl">
<input type="hidden" name="entity_type" value="recipe" />
<input type="hidden" name="recipe_name" value={{{ [<recipe>jsonget[recipe_name]] }}}/>
<input type="hidden" name="bag_name" value={{{ [<bag>jsonget[bag_name]] }}}/>
<select name="role_id" class="tc-select">
<option value="">Select Role</option>
<$list filter="[<roles-list>jsonindexes[]]" variable="role-index">
<$let role={{{ [<roles-list>jsonextract<role-index>] }}}>
<option value={{{ [<role>jsonget[role_id]] }}}><$text text={{{ [<role>jsonget[role_name]] }}}/></option>
</$let>
</$list>
</select>
<select name="permission_id" class="tc-select">
<option value="">Select Permission</option>
<$list filter="[<permissions-list>jsonindexes[]]" variable="permission-index">
<$let permission={{{ [<permissions-list>jsonextract<permission-index>] }}}>
<option value={{{ [<permission>jsonget[permission_id]] }}}><$text text={{{ [<permission>jsonget[permission_name]] }}}/></option>
</$let>
</$list>
</select>
<button type="submit" class="tc-btn-invisible btn-add">
Add ACL Record
</button>
</form>
</div>
<div class="acl-table">
<table>
<thead>
<tr>
<th>Role</th>
<th>Permission</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<$list filter="[<recipe-acl-records>jsonindexes[]]" variable="acl-index">
<$let acl={{{ [<recipe-acl-records>jsonextract<acl-index>] }}}>
<tr>
<td>
<$text text={{{ [<acl>jsonget[role_name]] }}}/>
</td>
<td>
<$text text={{{ [<acl>jsonget[permission_name]] }}}/>
(<small><$text text={{{ [<acl>jsonget[permission_description]] }}}/></small>)
</td>
<td>
<form method="POST" action="/admin/delete-acl">
<input type="hidden" name="acl_id" value={{{ [<acl>jsonget[acl_id]] }}}/>
<input type="hidden" name="entity_type" value="recipe" />
<input type="hidden" name="recipe_name" value={{{ [<recipe>jsonget[recipe_name]] }}}/>
<input type="hidden" name="bag_name" value={{{ [<bag>jsonget[bag_name]] }}}/>
<button type="submit" class="btn btn-delete">Delete</button>
</form>
</td>
</tr>
</$let>
</$list>
</tbody>
</table>
</div>
</div>
</div>
<div class="container">
<h2>Bag ACL: <$text text={{{ [<bag>jsonget[bag_name]] }}}/></h2>
<div class="acl-section">
<div class="acl-form">
<h3>Add Bag ACL Record</h3>
<form method="POST" action="/admin/post-acl">
<input type="hidden" name="entity_type" value="bag" />
<input type="hidden" name="recipe_name" value={{{ [<recipe>jsonget[recipe_name]] }}}/>
<input type="hidden" name="bag_name" value={{{ [<bag>jsonget[bag_name]] }}}/>
<select name="role_id" class="tc-select">
<option value="">Select Role</option>
<$list filter="[<roles-list>jsonindexes[]]" variable="role-index">
<$let role={{{ [<roles-list>jsonextract<role-index>] }}}>
<option value={{{ [<role>jsonget[role_id]] }}}><$text text={{{ [<role>jsonget[role_name]] }}}/></option>
</$let>
</$list>
</select>
<select name="permission_id" class="tc-select">
<option value="">Select Permission</option>
<$list filter="[<permissions-list>jsonindexes[]]" variable="permission-index">
<$let permission={{{ [<permissions-list>jsonextract<permission-index>] }}}>
<option value={{{ [<permission>jsonget[permission_id]] }}}><$text text={{{ [<permission>jsonget[permission_name]] }}}/></option>
</$let>
</$list>
</select>
<button type="submit" class="tc-btn-invisible btn-add">
Add ACL Record
</button>
</form>
</div>
<div class="acl-table">
<table>
<thead>
<tr>
<th>Role</th>
<th>Permission</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<$list filter="[<bag-acl-records>jsonindexes[]]" variable="acl-index">
<$let acl={{{ [<bag-acl-records>jsonextract<acl-index>] }}}>
<tr>
<td>
<$text text={{{ [<acl>jsonget[role_name]] }}}/>
</td>
<td>
<$text text={{{ [<acl>jsonget[permission_name]] }}}/>
(<small><$text text={{{ [<acl>jsonget[permission_description]] }}}/></small>)
</td>
<td>
<form method="POST" action="/admin/delete-acl">
<input type="hidden" name="acl_id" value={{{ [<acl>jsonget[acl_id]] }}}/>
<input type="hidden" name="entity_type" value="bag" />
<input type="hidden" name="recipe_name" value={{{ [<recipe>jsonget[recipe_name]] }}}/>
<input type="hidden" name="bag_name" value={{{ [<bag>jsonget[bag_name]] }}}/>
<button type="submit" class="btn btn-delete">Delete</button>
</form>
</td>
</tr>
</$let>
</$list>
</tbody>
</table>
</div>
</div>
</div>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
max-width: 1200px;
margin: 0 auto;
padding: 20px;
background-color: #f4f4f4;
}
.container {
background-color: #fff;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
padding: 20px;
margin-bottom: 20px;
}
h3 {
margin: 0px;
margin-bottom: 10px;
}
h1,
h2 {
color: #2c3e50;
}
.acl-section {
display: flex;
flex-wrap: wrap;
gap: 20px;
}
.acl-form {
flex: 1;
min-width: 250px;
}
.acl-table {
flex: 2;
min-width: 300px;
}
table {
width: 100%;
border-collapse: separate;
border-spacing: 0;
margin-bottom: 20px;
}
th,
td {
padding: 12px;
text-align: left;
border-bottom: 1px solid #e0e0e0;
}
th {
background-color: #f8f9fa;
font-weight: bold;
}
.btn {
padding: 8px 12px;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 14px;
transition: background-color 0.3s;
}
.btn-delete {
background-color: #e74c3c;
color: white;
padding: 4px 10px;
margin-top: 2px;
margin-bottom: 2px;
}
.btn-delete:hover {
background-color: #c0392b;
}
.btn-add {
background-color: #3498db;
color: white;
}
.btn-add:hover {
background-color: #2980b9;
}
select,
.tc-btn-invisible {
padding: 8px;
margin-bottom: 10px;
border: 1px solid #ddd;
border-radius: 4px;
width: 100%;
}
.form-group {
margin-bottom: 15px;
}
@media (max-width: 768px) {
.acl-section {
flex-direction: column;
}
.acl-form,
.acl-table {
width: 100%;
}
}
</style>

View File

@ -0,0 +1,175 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/manage-roles
\define add-role-actions()
<$action-sendmessage $message="tm-server-request"
method="POST"
url="/admin/roles"
headers="Content-Type: application/json"
body={{{ [{"name": "$(newRoleName)$", "description": "$(newRoleDescription)$"}jsonify[]] }}}
redirectAfterSuccess="/admin/roles"/>
<$action-setfield $tiddler="$:/temp/newRoleName" text=""/>
<$action-setfield $tiddler="$:/temp/newRoleDescription" text=""/>
\end
\define edit-role-actions(role-id)
<$action-sendmessage $message="tm-server-request"
method="PUT"
url={{{ [[$:/admin/roles/]addsuffix<role-id>] }}}
headers="Content-Type: application/json"
body={{{ [{"name": "$(newRoleName)$", "description": "$(newRoleDescription)$"}jsonify[]] }}}
redirectAfterSuccess="/admin/roles"/>
\end
\define delete-role-actions(role-id)
<$action-sendmessage $message="tm-server-request"
method="DELETE"
url={{{ [[$:/admin/roles/]addsuffix<role-id>] }}}
redirectAfterSuccess="/admin/roles"/>
\end
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/mws-header">
<$set name="page-title" value="Manage Roles">
<$transclude/>
</$set>
</$tiddler>
<div class="roles-container">
<div class="roles-list">
<h2>Existing Roles</h2>
<$list filter="[<roles-list>jsonindexes[]]" variable="role-index">
<$let role={{{ [<roles-list>jsonextract<role-index>] }}}>
<div class="role-item">
<div class="role-info">
<span class="role-name">
<$text text={{{ [<role>jsonget[role_name]] }}}/>
</span>
<span class="role-description">
<$text text={{{ [<role>jsonget[description]] }}}/>
</span>
</div>
<div class="role-actions">
<$button class="tc-btn-invisible btn-edit">
Edit
<$action-sendmessage $message="tm-modal" $param="$:/plugins/tiddlywiki/multiwikiserver/templates/edit-role-modal" role-id={{{ [<role>jsonget[role_id]] }}}/>
</$button>
<form method="POST" action="/admin/delete-role">
<input type="hidden" name="role_id" value={{{ [<role>jsonget[role_id]] }}}/>
<button type="submit" class="tc-btn-invisible btn-delete">Delete</button>
</form>
</div>
</div>
</$let>
</$list>
</div>
<div class="add-role-card">
<h2>Add New Role</h2>
<form method="POST" action="/admin/post-role" class="add-role-form">
<input name="role_name" type="text" placeholder="Role Name" required/>
<input name="role_description" type="text" placeholder="Role Description" required/>
<button type="submit" class="tc-btn-invisible btn-add">Add Role</button>
</form>
</div>
</div>
<style>
.roles-container {
max-width: 1200px;
margin: 2rem auto;
display: flex;
gap: 2rem;
flex-wrap: wrap;
}
.roles-list {
flex: 1 1 60%;
min-width: 300px;
background: #fff;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
padding: 2rem;
}
.add-role-card {
flex: 1 1 30%;
min-width: 250px;
background: #fff;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
padding: 2rem;
align-self: flex-start;
}
.role-item {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem 0;
border-bottom: 1px solid #eee;
}
.role-info {
flex-grow: 1;
}
.role-name {
font-weight: bold;
display: block;
margin-bottom: 0.5rem;
}
.role-description {
color: #666;
font-size: 0.9em;
}
.role-actions {
display: flex;
gap: 0.5rem;
}
.role-actions button {
padding: 0.5rem 1rem;
background: none;
border: none;
cursor: pointer;
border-radius: 4px;
transition: background-color 0.3s;
}
.btn-edit {
color: #007bff;
}
.btn-delete {
color: #dc3545;
}
.btn-edit:hover, .btn-delete:hover {
background-color: #f8f9fa;
}
.add-role-form {
display: flex;
flex-direction: column;
gap: 1rem;
}
.add-role-form input {
padding: 0.5rem;
border: 1px solid #ccc;
border-radius: 4px;
}
.btn-add {
padding: 0.5rem 1rem;
background-color: #28a745;
color: white;
border: none;
cursor: pointer;
border-radius: 4px;
transition: background-color 0.3s;
}
.btn-add:hover {
background-color: #218838;
}
h2 {
margin-top: 0;
margin-bottom: 1rem;
color: #333;
}
@media (max-width: 768px) {
.roles-container {
flex-direction: column;
}
.roles-list, .add-role-card {
width: 100%;
}
}
</style>

View File

@ -0,0 +1,111 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/manage-user-account
<div class="user-profile-management">
<h2>Manage Account</h2>
<$set name="current-role-id" value={{{ [<user-role>jsonget[role_id]] }}}>
<form class="user-profile-form" action="/update-user-profile" method="POST">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" id="username" name="username" value={{{ [<user>jsonget[username]] }}} required />
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" id="email" name="email" value={{{ [<user>jsonget[email]] }}} required />
</div>
<% if [<user-is-admin>match[yes]] %>
<div class="form-group">
<label for="role">Role:</label>
<select id="role" name="role" required>
<$list filter="[<all-roles>jsonindexes[]]" variable="role-index">
<$set name="role-id" value={{{ [<all-roles>jsonextract<role-index>jsonget[role_id]] }}}>
<option value=<<role-id>>
<$list filter="[<current-role-id>match<role-id>]" variable="ignore">selected</$list>
<$text text={{{ [<all-roles>jsonextract<role-index>jsonget[role_name]] }}}/>
</option>
</$set>
</$list>
</select>
</div>
<% endif %>
<button type="submit" class="update-profile-btn">Update Profile</button>
</form>
</$set>
<hr />
<h2>Change Password</h2>
<form class="user-profile-form" action="/change-user-password" method="POST">
<div class="form-group">
<label for="new-password">New Password:</label>
<input type="password" id="new-password" name="newPassword" required />
</div>
<div class="form-group">
<label for="confirm-password">Confirm New Password:</label>
<input type="password" id="confirm-password" name="confirmPassword" required />
</div>
<button type="submit" class="update-password-btn">Change Password</button>
</form>
</div>
<style>
.user-profile-management {
padding: 20px;
}
.user-profile-management h2 {
font-size: 1.2rem;
color: #3498db;
margin-bottom: 1rem;
}
.user-profile-form {
margin-bottom: 20px;
}
.user-profile-form .form-group {
margin-bottom: 1rem;
}
.user-profile-form label {
display: block;
margin-bottom: 0.5rem;
font-weight: bold;
color: #555;
}
.user-profile-form input {
width: 100%;
padding: 0.5rem;
border: 1px solid #ccc;
border-radius: 4px;
}
.update-profile-btn,
.update-password-btn {
background: #3498db;
color: #fff;
border: none;
padding: 0.5rem 1rem;
border-radius: 4px;
cursor: pointer;
font-size: 1rem;
}
.update-password-btn {
background: #00796b;
}
.update-profile-btn:hover {
background: #2980b9;
}
.update-password-btn:hover {
background: #00695c;
}
.user-profile-form select {
width: 100%;
padding: 0.5rem;
border: 1px solid #ccc;
border-radius: 4px;
background-color: white;
}
</style>

View File

@ -0,0 +1,158 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/manage-user
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/mws-header">
<$set name="page-title" value="User Profile">
<$transclude/>
</$set>
</$tiddler>
<div class="main-wrapper">
<div class="user-profile-container">
<div class="user-profile-header">
<div class="user-profile-avatar">
<$text text={{{ [<user>jsonget[username]substr[0,1]uppercase[]] }}}/>
</div>
<h1 class="user-profile-name"><$text text={{{ [<user>jsonget[username]] }}}/></h1>
<p class="user-profile-email"><$text text={{{ [<user>jsonget[email]] }}}/></p>
</div>
<div class="user-profile-details">
<div class="user-profile-item">
<span class="user-profile-label">User ID:</span>
<span class="user-profile-value"><$text text={{{ [<user>jsonget[user_id]] }}}/></span>
</div>
<div class="user-profile-item">
<span class="user-profile-label">Created At:</span>
<span class="user-profile-value"><$text text={{{ [<user>jsonget[created_at]split[T]first[]] }}}/></span>
</div>
<div class="user-profile-item">
<span class="user-profile-label">Last Login:</span>
<span class="user-profile-value"><$text text={{{ [<user>jsonget[last_login]split[T]first[]] }}}/></span>
</div>
<div class="user-profile-roles">
<h2>User Role</h2>
<ul>
<li>
<$text text={{{ [<user-role>jsonget[role_name]] }}}/>
</li>
</ul>
</div>
</div>
</div>
<% if [<user-is-admin>match[yes]] %>
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/manage-user-account">
<$transclude/>
</$tiddler>
<% elseif [<is-current-user-profile>match[yes]] %>
<$tiddler tiddler="$:/plugins/tiddlywiki/multiwikiserver/templates/manage-user-account">
<$transclude/>
</$tiddler>
<% endif %>
<$let flash-message={{{ [[$:/state/mws/flash-message]get[text]] }}}>
<$reveal type="nomatch" state="$:/state/mws/flash-message" text="">
<div class="flash-message">
<$text text=<<flash-message>>/>
</div>
<$action-setfield $tiddler="$:/state/mws/flash-message" text=""/>
</$reveal>
</$let>
</div>
<style>
.main-wrapper {
display: flex;
flex-direction: row;
gap: 5px;
max-width: 80vw;
margin: auto;
}
.user-profile-container {
flex: 1;
margin: 2rem auto;
background: #fff;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
overflow: hidden;
max-width: 600px;
}
.user-profile-header {
background: #3498db;
color: #fff;
padding: 2rem;
text-align: center;
}
.user-profile-avatar {
width: 120px;
height: 120px;
border-radius: 50%;
margin: 0 auto 1rem;
background: #fff;
display: flex;
align-items: center;
justify-content: center;
font-size: 3rem;
}
.user-profile-avatar * {
color: #3498db;
}
.user-profile-name {
font-size: 1.5rem;
margin: 0;
}
.user-profile-email {
font-size: 1rem;
opacity: 0.8;
margin: 0.5rem 0 0;
}
.user-profile-details {
padding: 2rem;
}
.user-profile-item {
margin-bottom: 1rem;
}
.user-profile-label {
font-weight: bold;
color: #555;
}
.user-profile-value {
color: #333;
}
.user-profile-roles {
margin-top: 2rem;
}
.user-profile-roles h2 {
font-size: 1.2rem;
color: #3498db;
margin-bottom: 1rem;
}
.user-profile-roles ul {
list-style-type: none;
padding: 0;
margin: 0;
}
.user-profile-roles li {
background: #f1f1f1;
padding: 0.5rem 1rem;
border-radius: 20px;
display: inline-block;
margin-right: 0.5rem;
margin-bottom: 0.5rem;
font-size: 0.9rem;
}
</style>

View File

@ -0,0 +1,94 @@
title: $:/plugins/tiddlywiki/multiwikiserver/templates/mws-header
<div class="mws-header">
<h1><$text text=<<page-title>>/></h1>
<div class="mws-user-info">
<span>Hello, <$text text=<<username>>/></span>
<$list filter="[<user-is-admin>match[yes]]">
<div class="mws-admin-dropdown">
<button class="mws-admin-dropbtn">⚙️</button>
<div class="mws-admin-dropdown-content">
<a href="/admin/users">Manage Users</a>
<a href="/admin/roles">Manage Roles</a>
</div>
</div>
</$list>
<form action="/logout" method="post" class="mws-logout-form">
<input type="submit" value="Logout" class="mws-logout-button"/>
</form>
</div>
</div>
<style>
.mws-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 10px;
background-color: #f0f0f0;
margin-bottom: 20px;
}
.mws-user-info {
display: flex;
align-items: center;
}
.mws-logout-form {
margin-left: 10px;
}
.mws-logout-button {
padding: 5px 10px;
background-color: #f44336;
color: white;
border: none;
cursor: pointer;
}
.mws-logout-button:hover {
background-color: #d32f2f;
}
.mws-admin-dropdown {
position: relative;
display: inline-block;
margin-left: 10px;
}
.mws-admin-dropbtn {
color: white;
padding: 5px;
font-size: 16px;
border: none;
cursor: pointer;
}
.mws-admin-dropbtn:hover, .mws-admin-dropbtn:focus {
cursor: pointer;
opacity: 0.8;
}
.mws-admin-dropdown-content {
display: none;
position: absolute;
background-color: #f1f1f1;
min-width: 160px;
box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2);
z-index: 1;
right: 0;
}
.mws-admin-dropdown-content a {
color: black;
padding: 12px 16px;
text-decoration: none;
display: block;
}
.mws-admin-dropdown-content a:hover {background-color: #ddd;}
.mws-admin-dropdown:hover .mws-admin-dropdown-content {display: block;}
.mws-admin-dropdown:hover {background-color: #2980B9;}
</style>