From fe114e749c1018610d66bbbee0899fb592a6ce5a Mon Sep 17 00:00:00 2001
From: mrkubax10 <mrkubax10@onet.pl>
Date: Fri, 15 Sep 2023 21:01:26 +0200
Subject: [PATCH] Frontend: Implement support for adding channels

---
 frontend.pm            |  23 +++++++-
 frontend_routes.pm     | 121 ++++++++++++++++++++++++-----------------
 static/user_added.html |  10 ++++
 3 files changed, 102 insertions(+), 52 deletions(-)
 create mode 100644 static/user_added.html

diff --git a/frontend.pm b/frontend.pm
index f5cd2f9..f4b5e94 100644
--- a/frontend.pm
+++ b/frontend.pm
@@ -486,6 +486,25 @@ sub sendResponse {
 	}
 }
 
+sub createUser {
+	my $aName = $_[0];
+	my $aPassword = $_[1];
+	my $aPrivileges = $_[2];
+	my $aConnection = $_[3];
+
+	my $id = 0;
+	my $query = $aConnection->prepare(qq(select id from users order by rowid desc limit 1;));
+	$query->execute();
+	my @row = $query->fetchrow_array();
+	if(scalar(@row)>0) {
+		$id = $row[0]+1;
+	}
+
+	my $password = Digest::SHA::sha256_hex($aPassword);
+	$query = $aConnection->prepare(qq(insert into users values($id, ?, ?, ?);));
+	$query->execute($aName, $aPassword, $aPrivileges);
+}
+
 sub httpServerWorker {
 	my $db = DBI->connect("DBI:SQLite:dbname=$configuration::database", "", "", {RaiseError=>1});
 	my $query = $db->prepare(qq(select id from users;));
@@ -493,9 +512,7 @@ sub httpServerWorker {
 	my @row = $query->fetchrow_array();
 	if(scalar(@row)==0) {
 		# Create default user
-		my $password = Digest::SHA::sha256_hex("admin");
-		$query = $db->prepare(qq(insert into users values(0, "admin", "$password", 2);));
-		$query->execute();
+		createUser("admin", "admin", 2, $db);
 	}
 
 	my $server = new IO::Socket::INET(LocalHost=>"localhost", LocalPort=>$configuration::httpServerPort, Proto=>"tcp", Listen=>1, Reuse=>1);
diff --git a/frontend_routes.pm b/frontend_routes.pm
index 0c05dd9..20a126d 100644
--- a/frontend_routes.pm
+++ b/frontend_routes.pm
@@ -27,6 +27,35 @@ use feature qw(switch);
 use strict;
 use warnings;
 
+sub verifyRequestPrivileges {
+	my $aRequest = $_[0];
+	my $aClient = $_[1];
+	my $aPrivileges = $_[2];
+	my $aConnection = $_[3];
+
+	if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
+		frontend::redirect($aClient, "/");
+		return 0;
+	}
+	if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
+		frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
+		return 0;
+	}
+	if(!defined($aRequest->{"content"})) {
+		frontend::sendBadRequest($aClient, "Request content required");
+		return 0;
+	}
+	my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
+	my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
+	$query->execute($session->{"username"});
+	my @row = $query->fetchrow_array();
+	if($row[0]<$aPrivileges) {
+		frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
+		return 0;
+	}
+	return 1;
+}
+
 sub verifyChannelAccess {
 	my $aRequest = $_[0];
 	my $aClient = $_[1];
@@ -309,35 +338,48 @@ sub handlePath {
 
 		return 1;
 	}
-	when("/add_server_action") {
-		if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
-			frontend::redirect($aClient, "/");
+	when("/add_user_action") {
+		if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
 			return 1;
 		}
-		if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
-			frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
-			return 1;
-		}
-		if(!defined($aRequest->{"content"})) {
-			frontend::sendBadRequest($aClient, "Request content required");
-			return 1;
-		}
-		my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
-
-		my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
-		$query->execute($session->{"username"});
-		my @row = $query->fetchrow_array();
-		if($row[0]<2) {
-			frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
-			return 1;
-		}
-
 		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
-		if(!defined($parameters{"name"})) {
+		if(!defined($parameters{"name"}) || length($parameters{"name"})==0) {
+			frontend::sendBadRequest($aClient, "Username required");
+			return 1;
+		}
+		if(!defined($parameters{"password"}) || length($parameters{"password"})==0) {
+			frontend::sendBadRequest($aClient, "Password required");
+			return 1;
+		}
+		if(!defined($parameters{"confirmPassword"}) || length($parameters{"confirmPassword"})==0) {
+			frontend::sendBadRequest($aClient, "Confirm password required");
+			return 1;
+		}
+		if($parameters{"password"} ne $parameters{"confirmPassword"}) {
+			frontend::sendBadRequest($aClient, "Password and confirm password don't match");
+			return 1;
+		}
+		my $query = $aConnection->prepare(qq(select id from users where name=?;));
+		$query->execute($parameters{"name"});
+		my @row = $query->fetchrow_array();
+		if(scalar(@row)>0) {
+			frontend::sendConflict($aClient, "User $parameters{'name'} already exists");
+			return 1;
+		}
+		frontend::createUser($parameters{"name"}, $parameters{"password"}, defined($parameters{"operator"}), $aConnection);
+		frontend::redirect($aClient, "/user_added.html");
+		return 1;
+	}
+	when("/add_server_action") {
+		if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
+			return 1;
+		}
+		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
+		if(!defined($parameters{"name"}) || length($parameters{"name"})==0) {
 			frontend::sendBadRequest($aClient, "Server name required");
 			return 1;
 		}
-		if(!defined($parameters{"address"})) {
+		if(!defined($parameters{"address"}) || length($parameters{"address"})==0) {
 			frontend::sendBadRequest($aClient, "Server address required");
 			return 1;
 		}
@@ -346,9 +388,9 @@ sub handlePath {
 			$port = $parameters{"port"};
 		}
 
-		$query = $aConnection->prepare(qq(select id from servers where name=?;));
+		my $query = $aConnection->prepare(qq(select id from servers where name=?;));
 		$query->execute($parameters{"name"});
-		@row = $query->fetchrow_array();
+		my @row = $query->fetchrow_array();
 		if(scalar(@row)>0) {
 			frontend::sendConflict($aClient, "Server with name $parameters{'name'} already exists");
 			return 1;
@@ -369,41 +411,22 @@ sub handlePath {
 		return 1;
 	}
 	when("/add_channel_action") {
-		if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
-			frontend::redirect($aClient, "/");
+		if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
 			return 1;
 		}
-		if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
-			frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
-			return 1;
-		}
-		if(!defined($aRequest->{"content"})) {
-			frontend::sendBadRequest($aClient, "Request content required");
-			return 1;
-		}
-		my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
-
-		my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
-		$query->execute($session->{"username"});
-		my @row = $query->fetchrow_array();
-		if($row[0]<2) {
-			frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
-			return 1;
-		}
-
 		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
-		if(!defined($parameters{"channel"})) {
+		if(!defined($parameters{"channel"}) length($parameters{"channel"})==0) {
 			frontend::sendBadRequest($aClient, "Channel name required");
 			return 1;
 		}
-		if(!defined($parameters{"server"})) {
+		if(!defined($parameters{"server"}) || length($parameters{"server"})==0) {
 			frontend::sendBadRequest($aClient, "Server ID required");
 			return 1;
 		}
 
-		$query = $aConnection->prepare(qq(select name from servers where id=?;));
+		my $query = $aConnection->prepare(qq(select name from servers where id=?;));
 		$query->execute($parameters{"server"});
-		@row = $query->fetchrow_array();
+		my @row = $query->fetchrow_array();
 		if(scalar(@row)==0) {
 			frontend::sendBadRequest($aClient, "Invalid server ID");
 			return 1;
diff --git a/static/user_added.html b/static/user_added.html
new file mode 100644
index 0000000..76dc978
--- /dev/null
+++ b/static/user_added.html
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+	<head>
+		<title>User added</title>
+	</head>
+	<body>
+		<p>User successfully added</p>
+		<a href="/panel">Return to user panel</a>
+	</body>
+</html>