From c39495149fb25510350c6aed0564ff55382e30f6 Mon Sep 17 00:00:00 2001
From: Jack Eilles <jack@eilles.xyz>
Date: Thu, 4 Jan 2024 18:58:42 +0000
Subject: [PATCH] add idpass reset, finish dashboard functionality

---
 app/routes.py                | 49 +++++++++++++++++++++-----
 app/templates/dashboard.html | 68 ++++++++++++++++++++++++++++++++++++
 app/worker.py                | 24 ++++++++++---
 3 files changed, 128 insertions(+), 13 deletions(-)
 create mode 100644 app/templates/dashboard.html

diff --git a/app/routes.py b/app/routes.py
index 7838ad9..65c6e16 100644
--- a/app/routes.py
+++ b/app/routes.py
@@ -76,8 +76,6 @@ def index():
             # Call the function to upload the file, this will return either HTTP Status codes or a 200 with a URL.
             result, status = worker.uploadFile(file, ip, userid, filename, id, retention)
 
-            result = "https://xygt.cc/{}".format(result)
-
             return result, status
 
         elif 'file' in request.form:
@@ -85,8 +83,6 @@ def index():
             file = FileStorage(stream=BytesIO(request.form['file'].encode("utf-8")), filename=id, content_type="text/plain")
 
             result, status = worker.uploadFile(file, ip, userid, filename, id, retention)
-            
-            result = "https://xygt.cc/{}".format(result)
 
             return result, status
 
@@ -96,8 +92,6 @@ def index():
 
             result, status = worker.shortenURL(url, ip, userid, id, retention)
 
-            result = "https://xygt.cc/{}".format(result)
-
             return result, status
 
 @app.route('/about')
@@ -128,6 +122,11 @@ def transparency():
 def public():
     return "Nothing here yet."
 
+@app.route('/dashboard')
+@login_required
+def dashboard():
+    return render_template('dashboard.html', files=Config.files.find({"userid": current_user.userid}), urls=Config.url.find({"userid": current_user.userid}))
+
 @app.route('/<id>')
 def getData(id):
 
@@ -161,6 +160,28 @@ def getInfo(id):
 
     return worker.idInfo(id)
 
+@app.route('/<id>/delete')
+@login_required
+def delete(id):
+    if Config.files.find_one({"id": id}) is not None:
+        if Config.files.find_one({"id": id}) is None:
+            return Errors.file404
+        else:
+            data = Config.files.find_one({"id": id})
+        
+        if data["userid"] == current_user.userid:
+            Config.files.delete_one({"id": id})
+            os.remove(os.path.join(Config.fileDir, secure_filename(id)))
+            return "File deleted."
+        
+        elif data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.user.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
+            Config.files.delete_one({"id": id})
+            os.remove(os.path.join(Config.fileDir, secure_filename(id)))
+            return "File deleted."
+        
+        else:
+            return "You are not the owner of this file."
+
 @app.route('/teapot')
 def teapot():
     return 'I\'m a teapot. 418.', 418
@@ -201,7 +222,6 @@ def login():
 
             if user and bcrypt.check_password_hash(user.password, password):
                 login_user(user)
-                print(current_user.is_authenticated)
                 flash("Successfully logged in!", "success")
                 return redirect("/")
             else:
@@ -211,4 +231,17 @@ def login():
 @app.route('/logout')
 def logout():
     logout_user()
-    return redirect("/")
\ No newline at end of file
+    return redirect("/")
+
+@app.route('/resetidpass')
+def resetidpass():
+    idpass = worker.resetIDPass(current_user.userid)
+    if idpass == False:
+        return "Something went wrong, sorry. Please try again."
+    else:
+        return f"Your new IDPass is \n {idpass}\n This will only be shown once, please save it somewhere safe."
+
+
+@app.errorhandler(404)
+def page_not_found(e):
+    return random.choice(Errors.file404), 404
\ No newline at end of file
diff --git a/app/templates/dashboard.html b/app/templates/dashboard.html
new file mode 100644
index 0000000..54106d7
--- /dev/null
+++ b/app/templates/dashboard.html
@@ -0,0 +1,68 @@
+{% extends 'base.html' %}
+
+{% block content %}
+    <script>
+        function showUserIDandIDPass() {
+            var x = document.getElementById("userid");
+            if (x.style.display === "none") {
+                x.style.display = "block";
+            } else {
+                x.style.display = "none";
+            }
+        }
+    </script>
+    <h1>Dashboard</h1>
+    <p>Hello, {{ current_user.user }}</p>
+    <h3>Files</h3>
+    <table>
+        <tr>
+            <th>ID</th>
+            <th>Filename</th>
+            <th>Size</th>
+            <th>Retention</th>
+            <th>Uploaded</th>
+            <th>Actions</th>
+        </tr>
+        {% for file in files %}
+            <tr>
+                <td><a href="https://xygt.cc/{{ file['id'] }}">{{ file['id'] }}</a></td>
+                <td>{{ file["filename"] }}</td>
+                <td>{{ file["size"] }}</td>
+                <td>{{ file["retention"] }}</td>
+                <td>{{ file["uploaded"] }}</td>
+                <td><a href="/{{ file.id }}/delete">Delete</a></td>
+            </tr>
+        {% endfor %}
+    </table>
+    <br>
+    <h3>URL's</h3>
+    <table>
+        <tr>
+            <th>ID</th>
+            <th>URL</th>
+            <th>Retention</th>
+            <th>Uploaded</th>
+            <th>Actions</th>
+        </tr>
+        {% for url in urls %}
+            <tr>
+                <td><a href="https://xygt.cc/{{ url['id'] }}">{{ url['id'] }}</a></td>
+                <td>{{ url["url"] }}</td>
+                <td>{{ url["retention"] }}</td>
+                <td>{{ url["uploaded"] }}</td>
+                <td><a href="/{{ url['id'] }}/delete">Delete</a></td>
+            </tr>
+        {% endfor %}
+    </table>
+    <br>
+    <h3>Forgot your UserID?</h3>
+    <p>Click below to view it.</p>
+    <button onclick="showUserIDandIDPass();">View UserID/IDPass</button>
+    <div id="userid" style="display: none;">
+        <p>Your UserID is: {{ current_user.userid }}</p>
+    </div>
+    <br>
+    <h3>Generate a new IDPass.</h3>
+    <p>If you've just created an account, lost your IDPass, or believe someone else is using your IDPass, you can reset it here.</p>
+    <a href="/resetidpass">Reset IDPass</a>
+{% endblock %}
\ No newline at end of file
diff --git a/app/worker.py b/app/worker.py
index 20ea33f..c72fc72 100644
--- a/app/worker.py
+++ b/app/worker.py
@@ -28,7 +28,9 @@ def uploadFile(file, ip, userid, filename, id, retention):
             # Calculate retention before the file is written, we'll grab the filesize here as it's needed for the equation.
             file.seek(0, os.SEEK_END)
             fileSize = round(float(file.tell()) / 1024, 2)
-            print(fileSize)
+            
+            # Set the position back to 0
+            file.seek(0)
 
             if retention == None:
                 retention = (Config.minretention+(-Config.maxretention + Config.minretention)*pow((fileSize / Config.maxFileSize -1), 3))
@@ -60,7 +62,7 @@ def uploadFile(file, ip, userid, filename, id, retention):
             Config.files.insert_one(data)
             print(Config.files.find_one({"id": id}))
 
-            return id, 200
+            return f"https://xygt.cc/{id}", 200
         else:
             return random.choice(Errors.fileTooLarge), 400
     else:
@@ -96,7 +98,7 @@ def shortenURL(url, ip, userid, id, retention):
     Config.url.insert_one(data)
     print(Config.url.find_one({"id": data["id"]}))
 
-    return id, 200
+    return f"https://xygt.cc/{id}", 200
 
 def idInfo(id):
     # Check files and url for the ID
@@ -118,12 +120,24 @@ def registerUser(username, password):
     # Initialise some values
     try:
         level = 1
-        userid = randomHex()
-        idpass = bcrypt.generate_password_hash(randomHex()).decode("utf-8")
+        while True:
+            userid = randomHex()
+            if Config.users.find_one({"userid": userid}) is None:
+                break
+        idpass = bcrypt.generate_password_hash(randomHex()).decode("utf-8") # The user will not know this, they'll need to generate a new one.
         password = bcrypt.generate_password_hash(password).decode("utf-8")
         user = User(username, userid, password, idpass, level)
         Config.users.insert_one(user.__dict__)
 
         return True
+    except:
+        return False
+    
+def resetIDPass(userid):
+    try:
+        idpass = randomHex(8)
+        hashedPass = bcrypt.generate_password_hash(idpass).decode("utf-8")
+        Config.users.update_one({"userid": userid}, {"$set": {"idpass": hashedPass}})
+        return idpass
     except:
         return False
\ No newline at end of file