diff --git a/backend/core/core.js b/backend/core/core.js index 03c3bfc..1de436c 100644 --- a/backend/core/core.js +++ b/backend/core/core.js @@ -7,6 +7,7 @@ let s3; const crypto = require("crypto"); const validate = require("../form_validation"); const permissions = require("../permissions"); +const bcrypt = require("bcrypt"); const md = require("markdown-it")() .use(require("markdown-it-underline")) .use(require("markdown-it-footnote")) @@ -100,23 +101,25 @@ async function getUser({ user_id, username, include_password = false }) { } // TODO: Rename patchUser async function editUser({ requester_id, user_id, user_content }) { + const valid_settings = ['display_name', 'password', 'role']; // Valid settings that can be changed + let user = await getUser({ user_id: user_id }); if (!user.success) return _r(false, "User not found"); user = user.data; // TODO: // If there was a role change, see if the acting user can make these changes + const setting_name = user_content.setting_name + if (!valid_settings.includes(setting_name)) return _r(false, "Invalid setting."); - // TODO: - // If there was a password change, - // check to see if the user can make these changes - // Hash the password + if (setting_name == 'password'){ + user_content.value = await bcrypt.hash(user_content.value, 10); + } - // FIXME: Not secure. ASAP! let formatted = {}; - formatted[user_content.setting_name] = user_content.value; + formatted[setting_name] = user_content.value; - await prisma.user.update({ where: { id: user.id }, data: formatted }); + await prisma.user.update({ where: { id: user.id }, data: formatted }) return _r(true); } async function deleteUser({ user_id }) { diff --git a/eslint.config.mjs b/eslint.config.mjs index 299f664..57e8920 100644 --- a/eslint.config.mjs +++ b/eslint.config.mjs @@ -1,4 +1,4 @@ import globals from "globals"; import pluginJs from "@eslint/js"; -export default [{ files: ["**/*.js"], languageOptions: { sourceType: "commonjs" } }, { languageOptions: { globals: globals.browser } }, { rules: { "no-unused-vars": "error", "no-undef": "error", indent: ["error", "tab", { tabWidth: 4 }] } }, pluginJs.configs.recommended]; +export default [{ files: ["**/*.js"], languageOptions: { sourceType: "commonjs" } }, { languageOptions: { globals: globals.browser } }, { rules: { "no-unused-vars": "error", "no-undef": "error", "indent": ["error", "tab", { tabWidth: 4 }], "semi-style": ["error", "last"], } }, pluginJs.configs.recommended]; diff --git a/frontend/views/themes/default/css/settings.css b/frontend/views/themes/default/css/settings.css index fe0b93c..68e550d 100644 --- a/frontend/views/themes/default/css/settings.css +++ b/frontend/views/themes/default/css/settings.css @@ -159,4 +159,42 @@ input:checked + .slider:before { .slider.round:before { border-radius: 50%; +} + +dialog { + border-radius: 5px; + border: 0; + min-width: 300px; +} +dialog .title { + font-size: 1.1rem; + text-align: center; + margin-bottom: 1rem; +} +dialog .entry { + width: 100%; + margin-bottom: 0.5rem; +} +dialog .entry input { + width: 100%; + margin: 0; + box-sizing: border-box; + font-size: 1.1rem; +} +dialog .status { + margin-bottom: 1rem; + color: red; + text-align: center; +} +dialog .horizontal-button-container { + display: flex; + flex-direction: row; +} +dialog .horizontal-button-container * { + flex-grow: 1; + margin: 0 0.1rem; +} + +dialog::backdrop { + background-color: rgba(0, 0, 0, 0.5); } \ No newline at end of file diff --git a/frontend/views/themes/default/css/settings.scss b/frontend/views/themes/default/css/settings.scss index f931841..cf358c8 100644 --- a/frontend/views/themes/default/css/settings.scss +++ b/frontend/views/themes/default/css/settings.scss @@ -171,3 +171,44 @@ input:checked + .slider:before { .slider.round:before { border-radius: 50%; } + +dialog { + border-radius: 5px; + border: 0; + min-width: 300px; + + .title { + font-size: 1.1rem; + text-align: center; + margin-bottom: 1rem; + } + + .entry { + width: 100%; + margin-bottom: 0.5rem; + input { + width: 100%; + margin: 0; + box-sizing: border-box; + font-size: 1.1rem; + } + } + + .status { + margin-bottom: 1rem; + color: red; + text-align: center; + } + + .horizontal-button-container { + display: flex; + flex-direction: row; + * { + flex-grow: 1; + margin: 0 0.1rem; + } + } + } + dialog::backdrop { + background-color: rgba(0, 0, 0, 0.5); + } \ No newline at end of file diff --git a/frontend/views/themes/default/ejs/authorEdit.ejs b/frontend/views/themes/default/ejs/authorEdit.ejs index 9bcf489..909e0ff 100644 --- a/frontend/views/themes/default/ejs/authorEdit.ejs +++ b/frontend/views/themes/default/ejs/authorEdit.ejs @@ -8,6 +8,29 @@