mirrors/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2025-01-26 17:06:51 +00:00
Code Issues Releases Wiki Activity
2a9f646ec4
TiddlyWiki5/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-user.js

191 lines
6.0 KiB
JavaScript
Raw Blame History

/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-user.js
type: application/javascript
module-type: mws-route
POST /admin/post-user
\*/
(function() {
/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";
if($tw.node) {
var crypto = require("crypto");
}
exports.method = "POST";
exports.path = /^\/admin\/post-user\/?$/;
exports.bodyFormat = "www-form-urlencoded";
exports.csrfDisable = true;
function deleteTempTiddlers() {
setTimeout(function() {
$tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/queryParams");
$tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/post-user/error");
$tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/post-user/success");
}, 1000);
}
exports.handler = function(request, response, state) {
var current_user_id = state.authenticatedUser.user_id;
var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
var username = state.data.username;
var email = state.data.email;
var password = state.data.password;
var confirmPassword = state.data.confirmPassword;
var queryParamsTiddlerTitle = "$:/temp/mws/queryParams";
if(!state.authenticatedUser && !state.firstGuestUser) {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/error",
text: "Unauthorized access"
}));
response.writeHead(302, { "Location": "/login" });
response.end();
deleteTempTiddlers();
return;
}
if(!username || !email || !password || !confirmPassword) {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/error",
text: "All fields are required"
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: queryParamsTiddlerTitle,
username: username,
email: email,
}));
response.writeHead(302, { "Location": "/admin/users" });
response.end();
deleteTempTiddlers();
return;
}
if(password !== confirmPassword) {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/error",
text: "Passwords do not match"
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/queryParams",
username: username,
email: email,
}));
response.writeHead(302, { "Location": "/admin/users" });
response.end();
deleteTempTiddlers();
return;
}
try {
// Check if username or email already exists
var existingUser = sqlTiddlerDatabase.getUserByUsername(username);
var existingUserByEmail = sqlTiddlerDatabase.getUserByEmail(email);
if(existingUser || existingUserByEmail) {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/error",
text: existingUser ? "User with this username already exists" : "User account with this email already exists"
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: queryParamsTiddlerTitle,
username: username,
email: email,
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/queryParams",
username: username,
email: email,
}));
response.writeHead(302, { "Location": "/admin/users" });
response.end();
deleteTempTiddlers();
return;
}
var hasUsers = sqlTiddlerDatabase.listUsers().length > 0;
var hashedPassword = crypto.createHash("sha256").update(password).digest("hex");
// Create new user
var userId = sqlTiddlerDatabase.createUser(username, email, hashedPassword);
if(!hasUsers) {
try {
// If this is the first guest user, assign admin privileges
sqlTiddlerDatabase.setUserAdmin(userId, true);
// Create a session for the new admin user
var auth = require("$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js").Authenticator;
var authenticator = auth(sqlTiddlerDatabase);
var sessionId = authenticator.createSession(userId);
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/success",
text: "Admin user created successfully"
}));
response.setHeader("Set-Cookie", "session="+sessionId+"; HttpOnly; Path=/");
response.writeHead(302, {"Location": "/"});
response.end();
deleteTempTiddlers();
return;
} catch(adminError) {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/error",
text: "Error creating admin user"
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: queryParamsTiddlerTitle,
username: username,
email: email,
}));
response.writeHead(302, { "Location": "/admin/users" });
response.end();
deleteTempTiddlers();
return;
}
} else {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/success",
text: "User created successfully"
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: queryParamsTiddlerTitle,
username: username,
email: email,
}));
// assign role to user
var roles = sqlTiddlerDatabase.listRoles();
var role = roles.find(function(role) {
return role.role_name.toUpperCase() !== "ADMIN";
});
if(role) {
sqlTiddlerDatabase.addRoleToUser(userId, role.role_id);
}
response.writeHead(302, {"Location": "/admin/users/"+userId});
response.end();
deleteTempTiddlers();
}
} catch(error) {
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: "$:/temp/mws/post-user/error",
text: "Error creating user: " + error.message
}));
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
title: queryParamsTiddlerTitle,
username: username,
email: email,
}));
response.writeHead(302, { "Location": "/admin/users" });
response.end();
deleteTempTiddlers();
return;
}
};
}());
Reference in New Issue View Git Blame Copy Permalink