commit 484a23db169a87e145199d29235cac525117d587
parent 3148f5abd63610857773012011208275963b61fb
Author: JayVii <jayvii[AT]posteo[DOT]de>
Date: Fri, 1 Nov 2024 17:28:53 +0100
feat: implement account view
Diffstat:
10 files changed, 191 insertions(+), 23 deletions(-)
diff --git a/api/new.php b/api/new.php
@@ -1,9 +1,8 @@
<?php
/* Load library functions */
- $libs = array("api.php", "write.php", "users.php", "helpers.php");
- foreach ($libs as $lib) {
- include($_SERVER["DOCUMENT_ROOT"] . "/lib/" . $lib);
+ foreach (glob($_SERVER["DOCUMENT_ROOT"] . "/lib/*.php") as $lib) {
+ include($lib);
}
/* Load configurations */
@@ -86,7 +85,6 @@
}
/* update filename, once we found a unique one */
$filename = $file_counter . "_" . $filename;
- }
}
/* write note */
diff --git a/api/rss.php b/api/rss.php
@@ -17,7 +17,6 @@
$token = validate_input_string(gather_post("token"));
$return = validate_input_string(gather_post("return"));
-
/* Fallback to GET request, if no POST was found */
if (empty($category)) {
$category = validate_input_string(gather_get("category"));
@@ -32,7 +31,6 @@
$return = validate_input_string(gather_get("return"));
}
-
/* run authentification method. exit immediately if it fails */
$auth = auth_user($user, $token, -1);
if ($auth !== true) {
diff --git a/assets/css/custom.css b/assets/css/custom.css
@@ -79,3 +79,7 @@ header {
.danger.likeanchor:hover {
color: #ff6161 !important;
}
+
+input.marked {
+
+}
diff --git a/config/i18n.php b/config/i18n.php
@@ -33,9 +33,16 @@ if ($lang == "en") {
$GLOBALS["i18n_search"] = "Search";
$GLOBALS["i18n_search_placeholder"] = "Search your notes...";
$GLOBALS["i18n_matches"] = "Matches";
+ $GLOBALS["i18n_account"] = "Account";
$GLOBALS["i18n_bookmarklet"] = "Bookmarklet";
$GLOBALS["i18n_bookmarklet_tp"] = "Drag this to your bookmark toolbar. On other websites you can then click the icon to remember it in Rememori.";
$GLOBALS["i18n_bookmarklet_prompt"] = "Under which category do you want to remember this site?";
+ $GLOBALS["i18n_tokens"] = "Login-Tokens";
+ $GLOBALS["i18n_tokens_info"] = "Tokens are used for authentication. They represent your passwords, but they do not work at the login-screen, only for API requests. In order to remove a token along with its connected password, empty the according input field.";
+ $GLOBALS["i18n_tokens_add"] = "Add Login-Token";
+ $GLOBALS["i18n_tokens_add_info"] = "Insert a password here, which you then can use for the login to your account. It will appear as \"Token\" above, which you can also use for API requests.";
+ $GLOBALS["i18n_tokens_curr"] = "Corresponds to the password you are currently logged in with.";
+
}
if ($lang == "de") {
$GLOBALS["i18n_error"] = "Fehler";
@@ -65,10 +72,15 @@ if ($lang == "de") {
$GLOBALS["i18n_search"] = "Suchen";
$GLOBALS["i18n_search_placeholder"] = "Notizen durchsuchen...";
$GLOBALS["i18n_matches"] = "Funde";
+ $GLOBALS["i18n_account"] = "Konto";
$GLOBALS["i18n_bookmarklet"] = "Bookmarklet";
$GLOBALS["i18n_bookmarklet_tp"] = "Dieser Link kann zur Lesezeichensymbollietse gezogen werden. Anderen Webseiten können dann per Klick auf das Symbol in Rememori gespeichert werden.";
$GLOBALS["i18n_bookmarklet_prompt"] = "Unter welcher Kategorie soll diese Seite gespeicher werden?";
+ $GLOBALS["i18n_tokens"] = "Login-Tokens";
+ $GLOBALS["i18n_tokens_info"] = "Tokens werden für den Authentifizierungs-Vorgang genutzt. Sie repräsentieren Passwörter, funktionieren jedoch nicht zum Login in Rememori, sondern nur für API-Anfragen. Um einen Token zusammen mit dem damit verbundenen Passwort zu löschen, muss das entsprechende Eingabefeld geleert werden.";
+ $GLOBALS["i18n_tokens_add"] = "Login-Token hinzufügen";
+ $GLOBALS["i18n_tokens_add_info"] = "Ein neues Passwort für den Login zu Rememori kann hier erstellt werden. Das Passwort wird im Anschluss als \"Token\" aufgelistet, welche für API-Anfragen genutzt werden können.";
+ $GLOBALS["i18n_tokens_curr"] = "Gehört zu dem Passwort, mit dem dieser Account aktuell angemeldet ist."
}
-
?>
diff --git a/index.php b/index.php
@@ -73,6 +73,21 @@
$action = "login";
}
+ /* New Password action */
+ if ($action == "add_password") {
+ add_auth(
+ $user,
+ gather_post("new_pass")
+ );
+ $action = "account";
+ }
+
+ /* Update tokens action */
+ if ($action == "update_tokens") {
+ update_tokens($user);
+ $action = "account";
+ }
+
/* Edit action */
if ($action == "edit") {
/* if no filename is given, try to come up with one ourselves */
@@ -122,7 +137,7 @@
<link rel="apple-touch-icon" type="image/png" href="/assets/img/favicon.png">
<link rel=stylesheet href=/assets/css/simple.min.css media=all>
<link rel=stylesheet href=/assets/css/custom.css>
- <link rel="manifest" href="/manifest.json">
+ <link crossorigin="use-credentials" rel="manifest" href="/manifest.json">
<script async src="/assets/js/deletion.js"></script>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
@@ -175,6 +190,11 @@
die(); // ensure the process stops after this
}
+ /* Account action */
+ if ($action == "account") {
+ show_account($user, $token);
+ }
+
/* Listing action */
if ($action == "list") {
list_notes($user, $category);
diff --git a/lib/account.php b/lib/account.php
@@ -0,0 +1,94 @@
+<?php
+
+function show_account(
+ string $user,
+ string $token
+) {
+
+ /* generate token path */
+ $tokens_storage = $GLOBALS["data_dir"] . "/" . $user . "/tokens.json";
+
+ /* Read from file */
+ if (file_exists($tokens_storage)) {
+ $tokens = json_decode(file_get_contents($tokens_storage));
+ } else {
+ die();
+ }
+
+?>
+
+<!-- Headline -->
+<h4><?php echo $GLOBALS["i18n_account"] . ": " . $user; ?></h4>
+
+<!-- Bookmarklet -->
+<h5><?php echo $GLOBALS["i18n_bookmarklet"]; ?></h5>
+<p><?php echo $GLOBALS["i18n_bookmarklet_tp"]; ?></p>
+<a
+ href="<?php echo bookmarklet(); ?>"
+ onclick="window.alert('<?php echo $GLOBALS["i18n_bookmarklet_tp"];?>');"
+ title="<?php echo $GLOBALS["i18n_bookmarklet_tp"]; ?>"
+>
+ Rememori
+</a>
+
+<!-- Tokens -->
+<h5><?php echo $GLOBALS["i18n_tokens"]; ?></h5>
+<p><?php echo $GLOBALS["i18n_tokens_info"]; ?></p>
+<form action="/" target="_self" method="post">
+ <input
+ id="action"
+ name="action"
+ type="hidden"
+ value="update_tokens"
+ >
+<?php
+
+ /* cycle through each token and list it in the form */
+ for ($i = 0; $i < count($tokens); $i++) {
+
+ /* mark token as "current" if the user is auth'ed with it */
+ if ($token == $tokens[$i]) {
+ $class="marked";
+ } else {
+ $class = "";
+ }
+
+?>
+ <label for="token_<?php echo $i; ?>">
+ Token <?php echo ($i + 1); ?>
+ </label>
+ <stretch style="font-size:66%;">
+<?php if ($token == $tokens[$i]) { echo " " . $GLOBALS["i18n_tokens_curr"]; } ?>
+ </stretch>
+ <input
+ id="token_<?php echo $i; ?>"
+ name="token_<?php echo $i; ?>"
+ class="<?php echo $class; ?>"
+ type="text"
+ value="<?php echo $tokens[$i]; ?>"
+ >
+<?php
+ } // for-loop
+?>
+ <input type="submit" value="<?php echo $GLOBALS["i18n_save"]; ?>">
+</form>
+
+<!-- New token -->
+<h5><?php echo $GLOBALS["i18n_tokens_add"]; ?></h5>
+<p><?php echo $GLOBALS["i18n_tokens_add_info"]; ?></p>
+<form action="/" target="_self" method="post">
+ <input
+ id="action"
+ name="action"
+ type="hidden"
+ value="add_password"
+ >
+ <input id="new_pass" name="new_pass" type="text" placeholder="secret123">
+ <input type="submit" value="<?php echo $GLOBALS["i18n_save"]; ?>">
+</form>
+
+<?php
+
+} // function
+
+?>
diff --git a/lib/menus.php b/lib/menus.php
@@ -55,15 +55,20 @@ function top_navigation() {
>
</form>
- <!-- Bookmarklet -->
- <a
- class="likenavitem"
- href="<?php echo bookmarklet(); ?>"
- onclick="window.alert('<?php echo $GLOBALS["i18n_bookmarklet_tp"];?>');"
- title="<?php echo $GLOBALS["i18n_bookmarklet_tp"]; ?>"
- >
- <?php echo $GLOBALS["i18n_bookmarklet"]; ?>
- </a>
+ <!-- Configure user: Account-Action -->
+ <form action="/" method="post" class="inline">
+ <input
+ id="action"
+ name="action"
+ type="hidden"
+ value="account"
+ >
+ <input
+ class="likenavitem"
+ type="submit"
+ value="<?php echo $GLOBALS["i18n_account"]; ?>"
+ >
+ </form>
<!-- Logout-Action -->
<form action="/" method="post" class="inline">
diff --git a/lib/users.php b/lib/users.php
@@ -138,10 +138,8 @@ function add_auth(
/* create hash from given password */
$token = create_password_hash($pass);
- echo "New token: " . $token . PHP_EOL;
-
/* generate token path */
- $tokens_storage = "./" . $GLOBALS["data_dir"] . "/" . $user . "/tokens.json";
+ $tokens_storage = $GLOBALS["data_dir"] . "/" . $user . "/tokens.json";
/* get filesize */
$filesize = filesize($tokens_storage);
@@ -172,14 +170,51 @@ function add_auth(
/* close file-hanle */
fclose($file);
- /* return "true" on success and "false" otherwise */
- return $bytes !== false;
+ /* return token on success and "false" otherwise */
+ if ($bytes !== false) {
+ return $token;
+ } else {
+ return false;
+ }
} else {
return false;
}
-}
+} // function
+
+
+function update_tokens(
+ string $user
+) {
+
+ /* gather tokens from POST */
+ $tokens = array();
+ $i = 0;
+ while (array_key_exists("token_" . $i, $_POST)) {
+ $token = $_POST["token_" . $i];
+ if (!empty($token)) {
+ array_push($tokens, $token);
+ }
+ $i++;
+ }
+
+ /* generate token path */
+ $tokens_storage = $GLOBALS["data_dir"] . "/" . $user . "/tokens.json";
+
+ /* write file */
+ if (file_exists($tokens_storage)) {
+ file_put_contents(
+ $tokens_storage,
+ json_encode($tokens)
+ );
+ } else {
+ return false;
+ }
+
+ /* return "true" */
+ return true;
+} // function
?>
diff --git a/misc/add_token_for_user.php b/misc/add_token_for_user.php
@@ -2,6 +2,7 @@
include("./lib/users.php");
include("./config/config.php");
+$GLOBALS["data_dir"] = "./" . $GLOBALS["data_dir"];
$user = readline('Enter the username: ');
$pass = readline('Enter new password: ');
diff --git a/misc/create_initial_user.php b/misc/create_initial_user.php
@@ -2,6 +2,7 @@
include("./lib/users.php");
include("./config/config.php");
+$GLOBALS["data_dir"] = "./" . $GLOBALS["data_dir"];
$user = readline('Enter new username: ');
$pass = readline('Enter new password: ');