lukas/server-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: lukas:ac6e47d90648d45694547af9a13189acd3b421dd
Branches Tags
lukas:main
lukas:feature/move-to-svelte
..
compare: lukas:4b0a9bdd6df57b9dfc0c2ce8783a79bd322f322b
Branches Tags
lukas:feature/move-to-svelte
lukas:main

No commits in common. "ac6e47d90648d45694547af9a13189acd3b421dd" and "4b0a9bdd6df57b9dfc0c2ce8783a79bd322f322b" have entirely different histories.
ac6e47d906 ... 4b0a9bdd6d

6 changed files with 62 additions and 64 deletions
Show Stats Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -78,7 +78,7 @@ add_executable(${TARGET_NAME}
target_compile_definitions(${TARGET_NAME} PRIVATE APPLICATION_NAME="${TARGET_NAME}") target_compile_definitions(${TARGET_NAME} PRIVATE APPLICATION_NAME="${TARGET_NAME}")
target_link_libraries(${TARGET_NAME} pthread sqlite3 sodium) target_link_libraries(${TARGET_NAME} pthread sqlite3)
# Optional: Print build type at configuration time # Optional: Print build type at configuration time
message(STATUS "Configuring build type: ${CMAKE_BUILD_TYPE}") message(STATUS "Configuring build type: ${CMAKE_BUILD_TYPE}")

51
src/database/database.cpp
View File

@ -1,7 +1,6 @@
#include "crow.h" #include "crow.h"
#include "utils.hpp" #include "utils.hpp"
#include "database.hpp" #include "database.hpp"
#include <optional>
using namespace std; using namespace std;
@ -37,29 +36,9 @@ bool Database::exec(const std::string& sqlQuery){
return exec(sqlQuery.c_str()); return exec(sqlQuery.c_str());
} }
sqlite3_stmt* Database::bind(const std::string sql, const Database::QueryData& data) { map<string, string> Database::getStrMap(const string& sql){
sqlite3_stmt* stmt = nullptr; sqlite3_stmt* stmt = prepareStmt(sql);
if (sqlite3_prepare_v2(m_db, sql.c_str(), -1, &stmt, nullptr) != SQLITE_OK) {
CROW_LOG_ERROR << "Failed to prepare statement: " << sqlite3_errmsg(m_db);
return nullptr;
}
for (int i = 0; i < data.size(); i++) {
std::visit([stmt, i](auto&& val) {
using T = std::decay_t<decltype(val)>;
if constexpr (std::is_same_v<T, int64_t>)
sqlite3_bind_int64(stmt, i + 1, val);
else if constexpr (std::is_same_v<T, double>)
sqlite3_bind_double(stmt, i + 1, val);
else if constexpr (std::is_same_v<T, std::string>)
sqlite3_bind_text(stmt, i + 1, val.c_str(), -1, SQLITE_TRANSIENT);
}, data[i]);
}
return stmt;
}
map<string, string> Database::getStrMap(const std::string sql, const Database::QueryData& data){
map<string, string> map; map<string, string> map;
sqlite3_stmt* stmt = bind(sql, data);
if (stmt == nullptr) if (stmt == nullptr)
return map; return map;
@ -73,6 +52,18 @@ map<string, string> Database::getStrMap(const std::string sql, const Database::Q
return map; return map;
} }
string Database::getStr(const string& sql){
sqlite3_stmt* stmt = prepareStmt(sql);
string str;
if (stmt == nullptr)
return str;
str = reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0));
sqlite3_finalize(stmt);
return str;
}
set<string> Database::getStrSet(const string& sql){ set<string> Database::getStrSet(const string& sql){
sqlite3_stmt* stmt = prepareStmt(sql); sqlite3_stmt* stmt = prepareStmt(sql);
set<string> vec; set<string> vec;
@ -88,6 +79,20 @@ set<string> Database::getStrSet(const string& sql){
return vec; return vec;
} }
std::optional<int64_t> Database::getInt(const char* sql) {
sqlite3_stmt* stmt = prepareStmt(sql);
if (stmt == nullptr)
return {};
std::optional<int64_t> id;
if (sqlite3_step(stmt) == SQLITE_ROW) {
id = sqlite3_column_int64(stmt, 0);
}
sqlite3_finalize(stmt);
return id;
}
std::optional<int64_t> Database::insert(const char* sql) { std::optional<int64_t> Database::insert(const char* sql) {
sqlite3_stmt* stmt = prepareStmt(sql); sqlite3_stmt* stmt = prepareStmt(sql);
if (stmt == nullptr) if (stmt == nullptr)

29
src/database/database.hpp
View File

@ -3,16 +3,12 @@
#include "sqlite3.h" #include "sqlite3.h"
#include <string> #include <string>
#include <vector>
#include <variant>
#include <optional> #include <optional>
#include <set> #include <set>
#include <map> #include <map>
class Database { class Database {
typedef std::vector<std::variant<int64_t, std::string>> QueryData;
public: public:
Database(); Database();
~Database(); ~Database();
@ -21,31 +17,16 @@ public:
bool exec(const char* sqlQuery); bool exec(const char* sqlQuery);
bool exec(const std::string& sqlQuery); bool exec(const std::string& sqlQuery);
/// returns true if the sql statment returns at least one row
std::optional<int64_t> getInt(const char* sql);
std::optional<int64_t> insert(const char* sql); std::optional<int64_t> insert(const char* sql);
std::set<std::string> getStrSet(const std::string& sql); std::set<std::string> getStrSet(const std::string& sql);
template <typename T> string getStr(const string& sql)
std::optional<T> get(const std::string sql, const QueryData& data){
sqlite3_stmt* stmt = bind(sql, data);
T ret;
if ((stmt == nullptr) || (sqlite3_step(stmt) != SQLITE_ROW))
return {};
if constexpr (std::is_same_v<T, int>) { std::map<std::string, std::string> getStrMap(const std::string& sql);
ret = sqlite3_column_int64(stmt, 0);
}
else if constexpr (std::is_same_v<T, std::string>){
ret = reinterpret_cast<const char*>(sqlite3_column_text(stmt, 0));
}
sqlite3_finalize(stmt);
return ret;
}
sqlite3_stmt* bind(const std::string sql, const QueryData& data);
std::map<std::string, std::string> getStrMap(const std::string sql, const QueryData& data);
private: private:
sqlite3_stmt* prepareStmt(const std::string& sql); sqlite3_stmt* prepareStmt(const std::string& sql);

31
src/login/login.cpp
View File

@ -13,7 +13,7 @@ struct Session {
std::unordered_map<std::string, Session> sessions; std::unordered_map<std::string, Session> sessions;
bool verifyHashWithPassword(const std::string& hash, std::string const& password) bool verifyHashWithPassword(std::string& const hash, std::string const& password)
{ {
if (crypto_pwhash_str_verify(hash.c_str(), password.c_str(), password.size()) == 0) { if (crypto_pwhash_str_verify(hash.c_str(), password.c_str(), password.size()) == 0) {
return true; return true;
@ -22,7 +22,7 @@ bool verifyHashWithPassword(const std::string& hash, std::string const& password
} }
} }
std::string hashPassword(const std::string& password) std::string hashPassword(std::string& const password)
{ {
// Allocate storage for the hash // Allocate storage for the hash
char hash[crypto_pwhash_STRBYTES]; char hash[crypto_pwhash_STRBYTES];
@ -41,6 +41,21 @@ std::string hashPassword(const std::string& password)
return hash; return hash;
} }
std::string generate_session_id(size_t bytes = 32) {
std::vector<unsigned char> buf(bytes);
randombytes_buf(buf.data(), buf.size());
// Convert to hex
std::string hex;
hex.reserve(bytes * 2);
static const char *hexmap = "0123456789abcdef";
for (unsigned char b : buf) {
hex.push_back(hexmap[b >> 4]);
hex.push_back(hexmap[b & 0xF]);
}
return hex;
}
std::string get_session_id(const crow::request& req) { std::string get_session_id(const crow::request& req) {
auto cookie_header = req.get_header_value("Cookie"); auto cookie_header = req.get_header_value("Cookie");
std::string prefix = "session_id="; std::string prefix = "session_id=";
@ -88,19 +103,21 @@ auto login_required = [](auto handler){
bool loginUser(const std::string& username, const std::string& password) bool loginUser(const std::string& username, const std::string& password)
{ {
auto sql = "SELECT id password_hash FROM users WHERE username = '?' LIMIT 1;"; auto sql = format("SELECT password_hash FROM users HERE username = '{}' LIMIT 1;", username);
auto db = Database(); auto db = Database();
if (!db.open()) if (!db.open())
return false; return false;
auto opt_str = db.get<std::string>(sql, {username}); auto opt_str = db.getStr(sql.c_str());
if (opt_str.has_value()) { if (opt_str.has_value()) {
return verifyHashWithPassword(opt_str.value(), password); return verifyHashWithPassword(opt_str.value(), password);
} else { } else {
return false; return false;
} }
} }
}
bool initDB() bool initDB()
{ {
@ -174,18 +191,16 @@ bool initLogin(crow::SimpleApp& app)
if (csrf_token != session.csrf_token) return crow::response(403, "CSRF failed"); if (csrf_token != session.csrf_token) return crow::response(403, "CSRF failed");
bool ok = loginUser(username, password); bool ok = loginUser();
if (!ok) return crow::response(401, "Invalid credentials"); if (!ok) return crow::response(401, "Invalid credentials");
// regenerate session, mark as logged in // regenerate session, mark as logged in
sessions[session_id].user_id = "123"; // user ID sessions[session_id].user_id = generate_session_id(); // user ID
crow::response res; crow::response res;
res.add_header("HX-Redirect", "/dashboard"); // htmx redirect res.add_header("HX-Redirect", "/dashboard"); // htmx redirect
return res; return res;
}); });
return true;
} }
} }

5
src/main.cpp
View File

@ -108,10 +108,7 @@ int main() {
} }
shadowrun::initApi(app); shadowrun::initApi(app);
if(!login::initLogin(app)) login::initLogin(app);
{
CROW_LOG_ERROR << "Failed to init Login API";
}
app.loglevel(crow::LogLevel::INFO); app.loglevel(crow::LogLevel::INFO);
app.port(httpPort).multithreaded().run(); app.port(httpPort).multithreaded().run();

8
src/shadowrun/ShadowrunDb.cpp
View File

@ -41,13 +41,13 @@ bool initDb() {
} }
int64_t getKeyOfCharacter(const string& name){ int64_t getKeyOfCharacter(const string& name){
std::string sql = "SELECT id FROM shadowrun_characters WHERE name = ? LIMIT 1;"; auto sql = format("SELECT id FROM shadowrun_characters WHERE name = '{}' LIMIT 1;", name);
auto db = Database(); auto db = Database();
if (!db.open()) if (!db.open())
return -1; return -1;
auto opt_int = db.get<int>(sql, {name}); auto opt_int = db.getInt(sql.c_str());
if (opt_int.has_value()) { if (opt_int.has_value()) {
return opt_int.value(); return opt_int.value();
} else { } else {
@ -99,12 +99,12 @@ std::set<std::string> getCharacters(){
} }
std::map<std::string, std::string> getCharacterData(int64_t characterKey) { std::map<std::string, std::string> getCharacterData(int64_t characterKey) {
std::string sql = "SELECT name, value FROM shadowrun_data WHERE character_id = ?;"; auto sql = format("SELECT name, value FROM shadowrun_data WHERE character_id = {};", characterKey);
auto db = Database(); auto db = Database();
if (!db.open()) if (!db.open())
return std::map<std::string, std::string>(); return std::map<std::string, std::string>();
return db.getStrMap(sql, {characterKey}); return db.getStrMap(sql);
} }
} }