Add ability to have admin role

frontend/index.html

@@ -30,7 +30,7 @@
       <h2>Login</h2>
       <el-form ref="form" :model="loginForm" @submit.native.prevent="login(loginForm.username, loginForm.password)">
         <el-form-item label="Username">
-          <el-input id="loginUsername" v-model="loginForm.username" :disabled="busy" required autofocus></el-input>
+          <el-input id="loginUsername" v-model="loginForm.username" ref="usernameInput" :disabled="busy" required autofocus></el-input>
         </el-form-item>
         <el-form-item label="Password">
           <el-input id="loginPassword" v-model="loginForm.password" ref="passwordInput" type="password" :disabled="busy" required></el-input>

frontend/js/app.js

@@ -59,7 +59,10 @@
           .end((error, result) => {
             this.busy = false
 
-            if (result && result.statusCode === 401) return this.user = null
+            if (result && result.statusCode === 401) {
+              this.$nextTick(() => this.$refs.usernameInput.focus())
+              return this.user = null
+            }
             if (error) return console.error(error)
 
             this.user = result.body.user

package-lock.json

@@ -1112,7 +1112,18 @@
         "is-path-cwd": "^1.0.0",
         "is-path-in-cwd": "^1.0.0",
         "p-map": "^1.1.1",
-        "pify": "^3.0.0"
+        "pify": "^3.0.0",
+        "rimraf": "^2.2.8"
+      },
+      "dependencies": {
+        "rimraf": {
+          "version": "2.7.1",
+          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
+          "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
+          "requires": {
+            "glob": "^7.1.3"
+          }
+        }
       }
     },
     "delayed-stream": {
@@ -1914,7 +1925,7 @@
     "find-root": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz",
-      "integrity": "sha512-NKfW6bec6GfKc0SGx1e07QZY9PE99u0Bft/0rzSD5k3sO/vwkVUpDUKVm5Gpp5Ue3YfShPFTX2070tDs5kB9Ng==",
+      "integrity": "sha1-q8/Iunb3CMQql7PWhbfpRQv7nOQ=",
       "dev": true
     },
     "find-up": {
@@ -2260,6 +2271,11 @@
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
       "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
     },
+    "ini": {
+      "version": "1.3.5",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz",
+      "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw=="
+    },
     "inquirer": {
       "version": "7.3.2",
       "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-7.3.2.tgz",
@@ -4600,7 +4616,7 @@
     "uid-safe": {
       "version": "2.1.5",
       "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
-      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "integrity": "sha1-Kz1cckDo/C5Y+Komnl7knAhXvTo=",
       "requires": {
         "random-bytes": "~1.0.0"
       }

package.json

@@ -36,6 +36,7 @@
     "element-ui": "^2.13.2",
     "express": "^4.17.1",
     "express-session": "^1.17.1",
+    "ini": "^1.3.5",
     "ldapjs": "^1.0.2",
     "mkdirp": "^1.0.4",
     "morgan": "^1.10.0",

server.js

@@ -5,6 +5,7 @@ const express = require('express')
 const morgan = require('morgan')
 const path = require('path')
 const compression = require('compression')
+const ini = require('ini')
 const session = require('express-session')
 const lastMile = require('connect-lastmile')
 const {HttpSuccess, HttpError} = require('connect-lastmile')
@@ -22,6 +23,26 @@ const jsonParser = bodyParser.json({strict: true})
 
 const baseDir = process.env.CLOUDRON ? '/app/data' : path.join(__dirname, '.dev/data')
 
+const CONFIG_FILE_PATH = path.join(baseDir, 'config.ini')
+console.log(`Using config file at ${CONFIG_FILE_PATH}`)
+
+function reloadConfig() {
+  let config = {}
+  try {
+    config = ini.parse(fs.readFileSync(CONFIG_FILE_PATH, 'utf-8'))
+  } catch (e) {
+    console.log('No config file found, creating empty one')
+    fs.writeFileSync(CONFIG_FILE_PATH, '[roles]\n#admins=username1,username2\n')
+  }
+  config.roles = config.roles || {}
+  config.roles.admins = config.roles.admins || ''
+  config.roles.admins = config.roles.admins.split(',')
+
+  return config
+}
+
+let config = reloadConfig()
+
 const isAuthenticated = (req, res, next) => (req.session && req.session.user) ? next() : res.status(401).send({})
 
 app.use('/api/healthcheck', (req, res) => openvpn.isRunning()
@@ -54,6 +75,11 @@ router.post('/api/login', jsonParser, (req, res, next) => {
   } else {
     ldap.auth(req.body.username, req.body.password)
       .then(profile => {
+        // on login check for new roles
+        config = reloadConfig()
+
+        profile.isAdmin = config.roles.admins.indexOf(profile.username) !== -1
+
         req.session.user = profile
 
         next(new HttpSuccess(200, {user: req.session.user}))