From eb95d308f9fb0db9c31b3d93c2c420495cdb9e82 Mon Sep 17 00:00:00 2001
From: Matthias <root@mattv.de>
Date: Thu, 25 Aug 2022 21:27:39 +0200
Subject: [PATCH] Created hidden Admin Panel

---
 frontend/src/api/admin.ts        |   8 +--
 frontend/src/router/index.ts     |   5 ++
 frontend/src/views/AdminView.vue | 109 +++++++++++++++++++++++++++++++
 src/controller/admin.ts          |  12 +---
 src/services/auth/base.ts        |   4 ++
 5 files changed, 125 insertions(+), 13 deletions(-)
 create mode 100644 frontend/src/views/AdminView.vue

diff --git a/frontend/src/api/admin.ts b/frontend/src/api/admin.ts
index d3fdfc1..0c8ef35 100644
--- a/frontend/src/api/admin.ts
+++ b/frontend/src/api/admin.ts
@@ -8,7 +8,7 @@ export const set_role = (
 	user: number,
 	role: UserRole,
 	token: string
-): Promise<Responses.Admin.SetUserRole> =>
+): Promise<Responses.Admin.SetUserRole | Responses.ErrorResponse> =>
 	post_token<Requests.Admin.SetUserRole>(
 		'/api/admin/set_role',
 		{
@@ -21,7 +21,7 @@ export const set_role = (
 export const logout = (
 	user: number,
 	token: string
-): Promise<Responses.Admin.LogoutAllUser> =>
+): Promise<Responses.Admin.LogoutAllUser | Responses.ErrorResponse> =>
 	post_token<Requests.Admin.LogoutAll>(
 		'/api/admin/logout',
 		{
@@ -33,7 +33,7 @@ export const logout = (
 export const delete_user = (
 	user: number,
 	token: string
-): Promise<Responses.Admin.DeleteUser> =>
+): Promise<Responses.Admin.DeleteUser | Responses.ErrorResponse> =>
 	post_token<Requests.Admin.DeleteUser>(
 		'/api/admin/delete',
 		{
@@ -45,7 +45,7 @@ export const delete_user = (
 export const disable_tfa = (
 	user: number,
 	token: string
-): Promise<Responses.Admin.DisableTfa> =>
+): Promise<Responses.Admin.DisableTfa | Responses.ErrorResponse> =>
 	post_token<Requests.Admin.DisableTfa>(
 		'/api/admin/disable_2fa',
 		{
diff --git a/frontend/src/router/index.ts b/frontend/src/router/index.ts
index f006059..b045c4c 100644
--- a/frontend/src/router/index.ts
+++ b/frontend/src/router/index.ts
@@ -7,6 +7,7 @@ import FSView from '@/views/FSView.vue';
 import SetTokenView from '@/views/SetTokenView.vue';
 import ProfileView from '@/views/ProfileView.vue';
 import TFAView from '@/views/TFAView.vue';
+import AdminView from '@/views/AdminView.vue';
 
 const routes: Array<RouteRecordRaw> = [
 	{
@@ -24,6 +25,10 @@ const routes: Array<RouteRecordRaw> = [
 		name: '2fa',
 		component: TFAView
 	},
+	{
+		path: '/admin',
+		component: AdminView
+	},
 	{
 		path: '/about',
 		component: AboutView
diff --git a/frontend/src/views/AdminView.vue b/frontend/src/views/AdminView.vue
new file mode 100644
index 0000000..fc715ee
--- /dev/null
+++ b/frontend/src/views/AdminView.vue
@@ -0,0 +1,109 @@
+<script setup lang="ts">
+import { inject, onBeforeMount, ref } from 'vue';
+import {
+	Responses,
+	check_token,
+	TokenInjectType,
+	Admin,
+	isErrorResponse
+} from '@/api';
+import { onBeforeRouteUpdate } from 'vue-router';
+import router from '@/router';
+
+const jwt = inject<TokenInjectType>('jwt') as TokenInjectType;
+
+const users = ref<Responses.Admin.GetUsersEntry[]>([]);
+
+onBeforeRouteUpdate(async () => {
+	await updatePanel();
+});
+onBeforeMount(async () => {
+	await updatePanel();
+});
+async function updatePanel() {
+	const token = await check_token(jwt);
+	if (!token) return;
+
+	const res = await Admin.get_users(token);
+	if (isErrorResponse(res)) return router.replace({ path: '/' });
+	users.value = res.users;
+}
+
+async function setRole(user: number, roleStr: string) {
+	const token = await check_token(jwt);
+	if (!token) return;
+
+	const res = await Admin.set_role(user, parseInt(roleStr, 10), token);
+	if (isErrorResponse(res)) console.error(res.message);
+	await updatePanel();
+}
+
+async function disableTfa(user: number) {
+	const token = await check_token(jwt);
+	if (!token) return;
+
+	const res = await Admin.disable_tfa(user, token);
+	if (isErrorResponse(res)) console.error(res.message);
+	await updatePanel();
+}
+
+async function logoutUser(user: number) {
+	const token = await check_token(jwt);
+	if (!token) return;
+
+	const res = await Admin.logout(user, token);
+	if (isErrorResponse(res)) console.error(res.message);
+	await updatePanel();
+}
+
+async function deleteUser(user: number) {
+	const token = await check_token(jwt);
+	if (!token) return;
+
+	const res = await Admin.delete_user(user, token);
+	if (isErrorResponse(res)) console.error(res.message);
+	await updatePanel();
+}
+</script>
+
+<template>
+	<table>
+		<tr>
+			<th>Name</th>
+			<th>Type</th>
+			<th>Role</th>
+			<th>Tfa Status</th>
+			<th>Actions</th>
+		</tr>
+		<tr v-for="user in users" :key="user.id">
+			<td>{{ user.name }}</td>
+			<td>{{ user.gitlab ? 'Gitlab' : 'Password' }}</td>
+			<td>
+				<select @change="setRole(user.id, $event.target.value)">
+					<option value="0" :selected="user.role === 0 ? true : null">
+						Disabled
+					</option>
+					<option value="1" :selected="user.role === 1 ? true : null">
+						User
+					</option>
+					<option value="2" :selected="user.role === 2 ? true : null">
+						Admin
+					</option>
+				</select>
+			</td>
+			<td v-if="user.gitlab"></td>
+			<td v-else>
+				{{ user.tfaEnabled ? 'Enabled' : 'Disabled' }}
+			</td>
+			<td>
+				<button v-if="user.tfaEnabled" @click="disableTfa(user.id)">
+					Disable Tfa
+				</button>
+				<button @click="logoutUser(user.id)">Logout all</button>
+				<button @click="deleteUser(user.id)">Delete</button>
+			</td>
+		</tr>
+	</table>
+</template>
+
+<style scoped></style>
diff --git a/src/controller/admin.ts b/src/controller/admin.ts
index 1008d95..78c3039 100644
--- a/src/controller/admin.ts
+++ b/src/controller/admin.ts
@@ -10,22 +10,16 @@ import {
 import { AuthService } from 'services/auth';
 import { Requests, Responses, UserRole } from 'dto';
 import { Role } from 'authguards';
-import { InjectRepository } from '@nestjs/typeorm';
-import { tfaTypes, User } from 'entities';
-import { Repository } from 'typeorm';
+import { tfaTypes } from 'entities';
 
 @Controller('api/admin')
 export default class AdminController {
-	constructor(
-		@InjectRepository(User)
-		private userRepo: Repository<User>,
-		private authService: AuthService
-	) {}
+	constructor(private authService: AuthService) {}
 
 	@Role(UserRole.ADMIN)
 	@Get('users')
 	async getUsers(): Promise<Responses.Admin.GetUsers> {
-		const users = await this.userRepo.find();
+		const users = await this.authService.getUsers();
 		const entries = users.map(
 			(user) =>
 				new Responses.Admin.GetUsersEntry(
diff --git a/src/services/auth/base.ts b/src/services/auth/base.ts
index a56f5e0..31add80 100644
--- a/src/services/auth/base.ts
+++ b/src/services/auth/base.ts
@@ -30,6 +30,10 @@ export default class BaseAuthService {
 		protected fsService: FileSystemService
 	) {}
 
+	getUsers(): Promise<User[]> {
+		return this.userRepo.find();
+	}
+
 	async getUser(userId: number): Promise<User | null> {
 		return this.userRepo.findOneBy({
 			id: userId