extern/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-02-04 20:40:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix:Non-admin access to config pages #1848 and dev proxy #1848

Browse Source
This commit is contained in:
advplyr 2023-06-15 17:41:27 -05:00
parent 0e1c6c0ba7
commit 77b030199e
17 changed files with 101 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client/components/stats/Heatmap.vue
View File

@ -235,7 +235,6 @@ export default {
style: `transform:translate(${x}px,${y}px);background-color:${bgColor};outline:1px solid ${outlineColor};outline-offset:-1px;` style: `transform:translate(${x}px,${y}px);background-color:${bgColor};outline:1px solid ${outlineColor};outline-offset:-1px;`
}) })
} }
console.log('Data', this.data)
this.monthLabels = [] this.monthLabels = []
var lastMonth = null var lastMonth = null

3
client/nuxt.config.js
View File

@ -72,7 +72,8 @@ module.exports = {
proxy: { proxy: {
'/s/': { target: process.env.NODE_ENV !== 'production' ? 'http://localhost:3333' : '/' }, '/s/': { target: process.env.NODE_ENV !== 'production' ? 'http://localhost:3333' : '/' },
'/api/': { target: process.env.NODE_ENV !== 'production' ? 'http://localhost:3333' : '/' } '/api/': { target: process.env.NODE_ENV !== 'production' ? 'http://localhost:3333' : '/' },
'/dev/': { target: 'http://localhost:3333', pathRewrite: { '^/dev/': '' } }
}, },
io: { io: {

31
client/pages/config/backups.vue
View File

@ -11,14 +11,18 @@
<div v-if="enableBackups" class="mb-6"> <div v-if="enableBackups" class="mb-6">
<div class="flex items-center pl-6 mb-2"> <div class="flex items-center pl-6 mb-2">
<span class="material-icons-outlined text-2xl text-black-50 mr-2">schedule</span> <span class="material-icons-outlined text-2xl text-black-50 mr-2">schedule</span>
<div class="w-48"><span class="text-white text-opacity-60 uppercase text-sm">{{ $strings.HeaderSchedule }}:</span></div> <div class="w-48">
<span class="text-white text-opacity-60 uppercase text-sm">{{ $strings.HeaderSchedule }}:</span>
</div>
<div class="text-gray-100">{{ scheduleDescription }}</div> <div class="text-gray-100">{{ scheduleDescription }}</div>
<span class="material-icons text-lg text-black-50 hover:text-yellow-500 cursor-pointer ml-2" @click="showCronBuilder = !showCronBuilder">edit</span> <span class="material-icons text-lg text-black-50 hover:text-yellow-500 cursor-pointer ml-2" @click="showCronBuilder = !showCronBuilder">edit</span>
</div> </div>
<div v-if="nextBackupDate" class="flex items-center pl-6 py-0.5 px-2"> <div v-if="nextBackupDate" class="flex items-center pl-6 py-0.5 px-2">
<span class="material-icons-outlined text-2xl text-black-50 mr-2">event</span> <span class="material-icons-outlined text-2xl text-black-50 mr-2">event</span>
<div class="w-48"><span class="text-white text-opacity-60 uppercase text-sm">{{ $strings.LabelNextBackupDate }}:</span></div> <div class="w-48">
<span class="text-white text-opacity-60 uppercase text-sm">{{ $strings.LabelNextBackupDate }}:</span>
</div>
<div class="text-gray-100">{{ nextBackupDate }}</div> <div class="text-gray-100">{{ nextBackupDate }}</div>
</div> </div>
</div> </div>
@ -48,6 +52,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
updatingServerSettings: false, updatingServerSettings: false,
@ -108,15 +117,15 @@ export default {
updateServerSettings(payload) { updateServerSettings(payload) {
this.updatingServerSettings = true this.updatingServerSettings = true
this.$store this.$store
.dispatch('updateServerSettings', payload) .dispatch('updateServerSettings', payload)
.then((success) => { .then((success) => {
console.log('Updated Server Settings', success) console.log('Updated Server Settings', success)
this.updatingServerSettings = false this.updatingServerSettings = false
}) })
.catch((error) => { .catch((error) => {
console.error('Failed to update server settings', error) console.error('Failed to update server settings', error)
this.updatingServerSettings = false this.updatingServerSettings = false
}) })
}, },
initServerSettings() { initServerSettings() {
this.newServerSettings = this.serverSettings ? { ...this.serverSettings } : {} this.newServerSettings = this.serverSettings ? { ...this.serverSettings } : {}

5
client/pages/config/email.vue
View File

@ -84,6 +84,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
loading: false, loading: false,

5
client/pages/config/index.vue
View File

@ -249,6 +249,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
isResettingLibraryItems: false, isResettingLibraryItems: false,

5
client/pages/config/item-metadata-utils/genres.vue
View File

@ -38,6 +38,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
loading: false, loading: false,

5
client/pages/config/item-metadata-utils/index.vue
View File

@ -19,6 +19,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return {} return {}
}, },

5
client/pages/config/item-metadata-utils/tags.vue
View File

@ -38,6 +38,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
loading: false, loading: false,

5
client/pages/config/libraries.vue
View File

@ -9,6 +9,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
showLibraryModal: false, showLibraryModal: false,

5
client/pages/config/library-stats.vue
View File

@ -87,6 +87,11 @@
<script> <script>
export default { export default {
asyncData({ redirect, store }) { asyncData({ redirect, store }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
return
}
if (!store.state.libraries.currentLibraryId) { if (!store.state.libraries.currentLibraryId) {
return redirect('/config') return redirect('/config')
} }

5
client/pages/config/log.vue
View File

@ -28,6 +28,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
search: null, search: null,

5
client/pages/config/notifications.vue
View File

@ -46,6 +46,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
loading: false, loading: false,

7
client/pages/config/sessions.vue
View File

@ -104,7 +104,12 @@
<script> <script>
export default { export default {
async asyncData({ params, redirect, app }) { async asyncData({ store, redirect, app }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
return
}
const users = await app.$axios const users = await app.$axios
.$get('/api/users') .$get('/api/users')
.then((res) => { .then((res) => {

6
client/pages/config/stats.vue
View File

@ -41,7 +41,7 @@
<div class="flex mb-4 items-center"> <div class="flex mb-4 items-center">
<h1 class="text-2xl">{{ $strings.HeaderStatsRecentSessions }}</h1> <h1 class="text-2xl">{{ $strings.HeaderStatsRecentSessions }}</h1>
<div class="flex-grow" /> <div class="flex-grow" />
<ui-btn :to="`/config/users/${user.id}/sessions`" class="text-xs" :padding-x="1.5" :padding-y="1">{{ $strings.ButtonViewAll }}</ui-btn> <ui-btn v-if="isAdminOrUp" :to="`/config/users/${user.id}/sessions`" class="text-xs" :padding-x="1.5" :padding-y="1">{{ $strings.ButtonViewAll }}</ui-btn>
</div> </div>
<p v-if="!mostRecentListeningSessions.length">{{ $strings.MessageNoListeningSessions }}</p> <p v-if="!mostRecentListeningSessions.length">{{ $strings.MessageNoListeningSessions }}</p>
<template v-for="(item, index) in mostRecentListeningSessions"> <template v-for="(item, index) in mostRecentListeningSessions">
@ -82,6 +82,9 @@ export default {
} }
}, },
computed: { computed: {
isAdminOrUp() {
return this.$store.getters['user/getIsAdminOrUp']
},
user() { user() {
return this.$store.state.user.user return this.$store.state.user.user
}, },
@ -116,7 +119,6 @@ export default {
console.error('Failed to load listening sesions', err) console.error('Failed to load listening sesions', err)
return [] return []
}) })
console.log('Loaded user listening data', this.listeningStats)
} }
}, },
mounted() { mounted() {

5
client/pages/config/users/index.vue
View File

@ -9,6 +9,11 @@
<script> <script>
export default { export default {
asyncData({ store, redirect }) {
if (!store.getters['user/getIsAdminOrUp']) {
redirect('/')
}
},
data() { data() {
return { return {
selectedAccount: null, selectedAccount: null,

20
client/pages/login.vue
View File

@ -74,9 +74,17 @@ export default {
} else { } else {
this.$router.replace('/oops?message=No libraries available') this.$router.replace('/oops?message=No libraries available')
} }
} else if (this.$route.query.redirect) {
this.$router.replace(this.$route.query.redirect)
} else { } else {
if (this.$route.query.redirect) {
const isAdminUser = this.$store.getters['user/getIsAdminOrUp']
const redirect = this.$route.query.redirect
// If not admin user then do not redirect to config pages other than your stats
if (isAdminUser || !redirect.startsWith('/config/') || redirect === '/config/stats') {
this.$router.replace(redirect)
return
}
}
this.$router.replace(`/library/${this.$store.state.libraries.currentLibraryId}`) this.$router.replace(`/library/${this.$store.state.libraries.currentLibraryId}`)
} }
} }
@ -144,17 +152,17 @@ export default {
this.error = null this.error = null
this.processing = true this.processing = true
var payload = { const payload = {
username: this.username, username: this.username,
password: this.password || '' password: this.password || ''
} }
var authRes = await this.$axios.$post('/login', payload).catch((error) => { const authRes = await this.$axios.$post('/login', payload).catch((error) => {
console.error('Failed', error.response) console.error('Failed', error.response)
if (error.response) this.error = error.response.data if (error.response) this.error = error.response.data
else this.error = 'Unknown Error' else this.error = 'Unknown Error'
return false return false
}) })
if (authRes && authRes.error) { if (authRes?.error) {
this.error = authRes.error this.error = authRes.error
} else if (authRes) { } else if (authRes) {
this.setUser(authRes) this.setUser(authRes)
@ -162,7 +170,7 @@ export default {
this.processing = false this.processing = false
}, },
checkAuth() { checkAuth() {
var token = localStorage.getItem('token') const token = localStorage.getItem('token')
if (!token) return false if (!token) return false
this.processing = true this.processing = true

5
client/plugins/axios.js
View File

@ -11,6 +11,11 @@ export default function ({ $axios, store, $config }) {
if (bearerToken) { if (bearerToken) {
config.headers.common['Authorization'] = `Bearer ${bearerToken}` config.headers.common['Authorization'] = `Bearer ${bearerToken}`
} }
if (process.env.NODE_ENV === 'development') {
config.url = `/dev${config.url}`
console.log('Making request to ' + config.url)
}
}) })
$axios.onError(error => { $axios.onError(error => {