From 804cab9c8d0eb0665fa66be6a4a939d15221bb80 Mon Sep 17 00:00:00 2001 From: simplonco Date: Sun, 15 Jan 2023 13:38:12 +0100 Subject: [PATCH] if password changed, other users cannot continue to send message --- .../api_back/src/chat/chat.controller.ts | 11 +++-- .../nestjs/api_back/src/chat/chat.service.ts | 44 ++++++++++++++----- .../nestjs/api_back/src/chat/dto/room.dto.ts | 5 +++ .../api_back/src/chat/dto/socket.dto.ts | 4 ++ .../src/chat/entities/chatroom.entity.ts | 10 ++--- .../src/pieces/chat/Layout_create.svelte | 2 +- .../src/pieces/chat/Layout_password.svelte | 2 +- .../src/pieces/chat/Layout_room.svelte | 1 - .../src/pieces/chat/Request_rooms.ts | 4 +- .../src/pieces/chat/Request_utils.ts | 3 +- .../api_front/src/pieces/chat/Socket_chat.ts | 8 +++- .../api_front/src/pieces/chat/Store_chat.ts | 4 +- .../api_front/src/pieces/chat/Types_chat.ts | 16 ++++--- .../api_front/src/pieces/chat/Utils_chat.ts | 7 +++ 14 files changed, 86 insertions(+), 35 deletions(-) create mode 100644 srcs/requirements/svelte/api_front/src/pieces/chat/Utils_chat.ts diff --git a/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts b/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts index a2570d8d..290dea5a 100644 --- a/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts +++ b/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts @@ -53,17 +53,19 @@ export class ChatController { let fields = ["name", "type", "users", "protection", "allowed_users"]; const rooms = await this.chatService.getMyRooms(req.user.username, fields); - rooms.forEach(room => { + const ret_rooms = rooms.map(room => + { + let new_room = this.format_room(room); if (room.protection) { if (room.allowed_users.includes(req.user.username)) - room.allowed = true; + new_room.allowed = true; else - room.allowed = false; + new_room.allowed = false; } + return new_room; }); - const ret_rooms = rooms.map(room => this.format_room(room)); res.status(HttpStatus.OK).json({ rooms: ret_rooms }); printCaller("- out "); } @@ -266,6 +268,7 @@ export class ChatController { // inform other connected users let socket: socketDto = this.chatGateway.sockets.get(req.user.username); await socket.to(socket.room).emit('message', "SERVER", message); + await socket.to(socket.room).emit('new_password'); const ret_room = this.format_room(room); res.status(HttpStatus.OK).json({ room: ret_room }); diff --git a/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts b/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts index e094920f..92178307 100644 --- a/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts +++ b/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts @@ -216,14 +216,20 @@ export class ChatService { throw new HttpException({ error: true, code: 'DIRECT_PASSWORD_FORBIDDEN', message: `you cannot set a password in a direct message room` }, HttpStatus.FORBIDDEN); } - const current_room = await this.getRoomByName(room.name); + const room_db = await this.getRoomByName(room.name); + + if (!room_db.admins.includes(username)) + { + console.log("throw error: error: true, code: 'NO_ADMIN', message: 'only admins are allowed to set or modify password'"); + throw new HttpException({ error: true, code: 'NO_ADMIN', message: `only admins are allowed to set or modify password` }, HttpStatus.FORBIDDEN); + } if (!room.password) { console.log("throw error: error: true, code: 'NO_PASSWORD', message: 'this room has no password protection'"); throw new HttpException({ error: true, code: 'NO_PASSWORD', message: `this room has no password protection` }, HttpStatus.FORBIDDEN); } - if (current_room.protection) + if (room_db.protection) { if (room.protection && !old_password) { @@ -232,7 +238,13 @@ export class ChatService { } if (old_password) { - const is_match = await bcrypt.compare(old_password, current_room.hash); + const is_old_match = await bcrypt.compare(room.password, room_db.hash); + if (is_old_match) + { + printCaller(`throw error: error: true, code: 'SAME_PASSWORD', message: 'you provided the same password'`); + throw new HttpException({ error: true, code: 'SAME_PASSWORD', message: `you provided the same password` }, HttpStatus.BAD_REQUEST); + } + const is_match = await bcrypt.compare(old_password, room_db.hash); if (!is_match) { printCaller(`throw error: error: true, code: 'BAD_PASSWORD', message: 'you provided a bad password'`); @@ -248,14 +260,14 @@ export class ChatService { hash = await bcrypt.hash(password, saltOrRounds); // add password to chatroom - current_room.allowed_users = room.allowed_users; - current_room.protection = room.protection; + room_db.allowed_users = room.allowed_users; + room_db.protection = room.protection; if (room.protection) - current_room.hash = hash; + room_db.hash = hash; else - delete current_room.hash; - current_room.messages.push({ name: "SERVER", message: message }); - await this.chatroomRepository.save(current_room); + delete room_db.hash; + room_db.messages.push({ name: "SERVER", message: message }); + await this.chatroomRepository.save(room_db); printCaller("-- out "); } @@ -280,6 +292,7 @@ export class ChatService { newChatroom.name = room.name; newChatroom.type = room.type; newChatroom.owner = username; + newChatroom.admins = [username]; newChatroom.users = room.users; newChatroom.allowed_users = []; newChatroom.protection = false; @@ -416,8 +429,19 @@ export class ChatService { { printCaller("-- in "); - socket.to(socket.room).emit('message', socket.username, message); let room_name = await this.getCurrentRoomName(socket.username); + const current_room = await this.getRoomByName(room_name); + + if (current_room.protection) + { + if (!current_room.allowed_users.includes(socket.username)) + { + socket.emit('message', "SERVER", "your message was not sent because you need to validate the password"); + return; + } + } + + socket.to(socket.room).emit('message', socket.username, message); await this.addMessageToRoom(room_name, socket.username, message); printCaller("-- out "); diff --git a/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts b/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts index e3451468..61c6b174 100644 --- a/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts +++ b/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts @@ -31,6 +31,11 @@ export class roomDto @IsOptional() owner?: string; + @IsArray() + @IsString({ each: true }) + @IsOptional() + admins?: string[]; + @IsString() @IsOptional() client_name?: string; diff --git a/srcs/requirements/nestjs/api_back/src/chat/dto/socket.dto.ts b/srcs/requirements/nestjs/api_back/src/chat/dto/socket.dto.ts index abc5350e..089c02a0 100644 --- a/srcs/requirements/nestjs/api_back/src/chat/dto/socket.dto.ts +++ b/srcs/requirements/nestjs/api_back/src/chat/dto/socket.dto.ts @@ -8,6 +8,10 @@ export class socketDto extends Socket @IsString() room: string; + + @IsBoolean() + @IsOptional() + new_password?: boolean; } diff --git a/srcs/requirements/nestjs/api_back/src/chat/entities/chatroom.entity.ts b/srcs/requirements/nestjs/api_back/src/chat/entities/chatroom.entity.ts index 82522e1a..337cdc97 100644 --- a/srcs/requirements/nestjs/api_back/src/chat/entities/chatroom.entity.ts +++ b/srcs/requirements/nestjs/api_back/src/chat/entities/chatroom.entity.ts @@ -25,11 +25,6 @@ export class Chatroom @IsBoolean() protection: boolean = false; - @Column({ nullable: true }) - @IsBoolean() - @IsOptional() - allowed?: boolean; - @Column({ nullable: true }) @IsString() @IsOptional() @@ -38,6 +33,11 @@ export class Chatroom @Column() owner: string; // username + @Column("simple-array") + @IsArray() + @IsString({ each: true }) + admins: string[]; // username + @Column("simple-array") @IsArray() @IsString({ each: true }) diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_create.svelte b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_create.svelte index 99030f01..51482f05 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_create.svelte +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_create.svelte @@ -3,7 +3,7 @@ import { msgs, layout, allowed_chars } from './Store_chat'; import { change_room, create_room } from './Request_rooms'; import { onMount } from 'svelte'; - import { FetchResponse } from './Types_chat'; + import type { FetchResponse } from './Types_chat'; import Button from './Element_button.svelte'; import Warning from './Element_warning.svelte'; diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte index d2d87f92..59a3322b 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_password.svelte @@ -2,7 +2,7 @@ import { layout, current_room } from './Store_chat'; import { change_room, validate_password, change_password, add_password, remove_password } from './Request_rooms'; - import { FetchResponse } from './Types_chat'; + import type { FetchResponse } from './Types_chat'; import Button from './Element_button.svelte'; import Warning from './Element_warning.svelte'; diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room.svelte b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room.svelte index 49de63a7..dd105363 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room.svelte +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Layout_room.svelte @@ -15,7 +15,6 @@ if (msg.length > 0) { socket.emit('message', msg); add_msg("me", msg); - console.log(msgs); } msg = ""; diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts index 36b98d4c..7bde98a4 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Request_rooms.ts @@ -1,5 +1,6 @@ import { msgs, user, layout, socket, current_room } from './Store_chat'; -import { Room, FetchResponse, FetchMethod } from './Types_chat'; +import type { Room, FetchResponse } from './Types_chat'; +import { FetchMethod } from './Utils_chat'; import { fetch_chat_request, set_client_name_on_room, fill_fetch_response } from './Request_utils'; export async function get_room_messages() @@ -9,7 +10,6 @@ export async function get_room_messages() let response: FetchResponse = await fetch_chat_request('messages', FetchMethod.GET); const messages = response.messages; - if (messages === null) return; diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Request_utils.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Request_utils.ts index 4ef90b5b..4ce66ae1 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Request_utils.ts +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Request_utils.ts @@ -1,5 +1,6 @@ import { user } from './Store_chat'; -import { Room, FetchResponse, FetchInit, FetchMethod } from './Types_chat'; +import type { Room, FetchResponse, FetchInit } from './Types_chat'; +import type { FetchMethod } from './Utils_chat'; export async function fetch_chat_request(route: string, fetchMethod: FetchMethod, param?: any) { diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Socket_chat.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Socket_chat.ts index 18d0a322..58341c9e 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Socket_chat.ts +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Socket_chat.ts @@ -1,6 +1,6 @@ import io from 'socket.io-client'; import { set_socket, set_user } from './Store_chat'; -import { user, msgs } from './Store_chat'; +import { user, msgs, layout } from './Store_chat'; const address = `http://${process.env.WEBSITE_HOST}:${process.env.WEBSITE_PORT}`; @@ -34,6 +34,12 @@ function socket_events(socket) from = "me"; msgs.update(msgs => [...msgs, { name: from, message: message }]); }); + + socket.on('new_password', function() + { + console.log("notification new password:"); + layout.set("password"); + }); } function socket_states(socket) diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Store_chat.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Store_chat.ts index 2b74f87c..b3aaf78b 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Store_chat.ts +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Store_chat.ts @@ -1,9 +1,9 @@ import { writable } from 'svelte/store'; -import { Room } from './Types_chat'; +import type { Room, Message } from './Types_chat'; export let msgs = writable([]); export let layout = writable("close"); -export let current_room: Room = writable({ +export let current_room = writable({ name: "", type: "", protection: false, diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts index 82f5c419..6741111f 100644 --- a/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Types_chat.ts @@ -8,13 +8,22 @@ export interface Room allowed?: boolean; } +export interface Message +{ + name: string; + type: string; +} + export interface FetchResponse { status: number; error?: boolean; code?: string; message?: string; + messages?: Message[]; + users?: string[]; room?: Room; + rooms?: Room[]; } export interface FetchInit @@ -24,10 +33,3 @@ export interface FetchInit body?: string; } -export enum FetchMethod -{ - POST = 'POST', - GET = 'GET', - DELETE = 'DELETE', -} - diff --git a/srcs/requirements/svelte/api_front/src/pieces/chat/Utils_chat.ts b/srcs/requirements/svelte/api_front/src/pieces/chat/Utils_chat.ts new file mode 100644 index 00000000..706de416 --- /dev/null +++ b/srcs/requirements/svelte/api_front/src/pieces/chat/Utils_chat.ts @@ -0,0 +1,7 @@ +export enum FetchMethod +{ + POST = 'POST', + GET = 'GET', + DELETE = 'DELETE', +} +