修复登录表单处理，确保在表单动作为空时不进行字符串比较

include/db/auth.h

@@ -19,11 +19,17 @@ extern "C"
     int registe(const char* user_id, const char* password);
 
     int delete_user(const char* user_id);
-    
+
     int get_user_permission(const char* user_id, int* result);
-    
+
     int set_user_permission(const char* user_id, int permission);
 
+    int set_admin_password(const char* password);
+
+    int admin_login(const char* password, int* result);
+
+    int has_admin_password(int* result);
+
 #ifdef __cplusplus
 }
 #endif

include/hash/hash.h

@@ -0,0 +1,21 @@
+#ifndef JWT_H
+#define JWT_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+    char* kqm_generate_hash(const char* password, size_t rounds);
+
+    int kqm_validate_password(const char* password, const char* hash);
+
+    char* kqm_random_password(size_t length);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // JWT_H

include/hash/hash.hpp

@@ -5,6 +5,9 @@
 #include <string_view>
 
 auto generate_hash(const std::string_view password, std::size_t rounds) -> std::string;
+
 auto validate_password(const std::string_view password, const std::string_view hash) -> bool;
 
+auto random_password(std::size_t length) -> std::string;
+
 #endif // HASH_HPP

include/server/auth.h

@@ -3,10 +3,16 @@
 
 #include "server/types.h"
 
-int login_handler(mg_connection* conn, void* cbdata);
-int register_handler(mg_connection* conn, void* cbdata);
-int delete_handler(mg_connection* conn, void* cbdata);
+int user_login_handler(mg_connection* conn, void* cbdata);
+int user_register_handler(mg_connection* conn, void* cbdata);
+int user_delete_handler(mg_connection* conn, void* cbdata);
+int user_repasswd_handler(mg_connection* conn, void* cbdata);
+int user_logout_handler(mg_connection* conn, void* cbdata);
+int user_permission_handler(mg_connection* conn, void* cbdata);
+int admin_handler(mg_connection* conn, void* cbdata);
 
 extern char* secret;
 
+extern char* admin_session;
+
 #endif // SERVER_AUTH_H

include/server/response.h

@@ -11,13 +11,12 @@ void res_auth_fail(mg_connection* conn);
 void res_check_exist_fail(mg_connection* conn);
 void res_user_exist(mg_connection* conn);
 void res_not_exist(mg_connection* conn);
-void res_check_permission_fail(mg_connection* conn);
 void res_permission_denied(mg_connection* conn);
 void res_need_user_id(mg_connection* conn);
 void res_need_password(mg_connection* conn);
-void res_(mg_connection* conn);
-void res_(mg_connection* conn);
-void res_(mg_connection* conn);
+void res_need_action(mg_connection* conn);
+void res_bad_action(mg_connection* conn);
+void res_need_xxx(mg_connection* conn,const char* xxx);
 void res_(mg_connection* conn);
 
 
@@ -37,6 +36,12 @@ void res_repasswd(mg_connection* conn);
 void res_logout_fail(mg_connection* conn);
 void res_logout(mg_connection* conn);
 
+void res_check_permission_fail(mg_connection* conn);
+void res_permission(mg_connection* conn, int permission);
+
+void res_repermission_fail(mg_connection* conn);
+void res_repermission(mg_connection* conn);
+
 void res_(mg_connection* conn);
 void res_(mg_connection* conn);
 void res_(mg_connection* conn);

src/db/auth.cpp

@@ -70,8 +70,8 @@ extern "C"
     {
         if (filter(user_id)) return 0;
 
-        auto status =
-            user_db->Put(leveldb::WriteOptions{}, mangle_user_id(user_id), generate_hash(password, iter_round));
+        auto hash   = generate_hash(password, iter_round);
+        auto status = user_db->Put(leveldb::WriteOptions{}, mangle_user_id(user_id), hash);
         if (!status.ok()) {
             std::println(stderr, "Failed to set user password: {}", status.ToString());
             return 0;
@@ -99,7 +99,7 @@ extern "C"
 
         auto batch = leveldb::WriteBatch{};
         batch.Put(mangle_user_id(user_id), generate_hash(password, iter_round));
-        batch.Put(mangle_permission(user_id), "1");
+        batch.Put(mangle_permission(user_id), "2");
         auto status = user_db->Write(leveldb::WriteOptions{}, &batch);
         if (!status.ok()) {
             std::println(stderr, "Failed to register: {}", status.ToString());
@@ -149,4 +149,42 @@ extern "C"
         }
         return 1;
     }
+
+    int set_admin_password(const char* password)
+    {
+        auto hash   = generate_hash(password, iter_round);
+        auto status = user_db->Put(leveldb::WriteOptions{}, "admin_password_hash", hash);
+        if (!status.ok()) {
+            std::println(stderr, "Failed to set admin password: {}", status.ToString());
+            return 0;
+        }
+        return 1;
+    }
+
+    int admin_login(const char* password, int* result)
+    {
+        auto value  = std::string{};
+        auto status = user_db->Get(leveldb::ReadOptions{}, "admin_password_hash", &value);
+        if (!status.ok()) {
+            std::println(stderr, "Failed to login admin: {}", status.ToString());
+            return 0;
+        }
+        *result = validate_password(password, value.data());
+        return 1;
+    }
+
+    int has_admin_password(int* result)
+    {
+        auto value  = std::string{};
+        auto status = user_db->Get(leveldb::ReadOptions{}, "admin_password_hash", &value);
+        if (status.ok()) {
+            *result = 1;
+        } else if (status.IsNotFound()) {
+            *result = 0;
+        } else {
+            std::println(stderr, "Failed to check admin password existence: {}", status.ToString());
+            return 0;
+        }
+        return 1;
+    }
 }

src/hash/hash.cpp

@@ -1,4 +1,5 @@
-#include <hash.hpp>
+#include "hash.hpp"
+#include "hash.h"
 
 #include <cryptopp/algparam.h>
 #include <cryptopp/cryptlib.h>
@@ -11,6 +12,7 @@
 
 #include <array>
 #include <format>
+#include <random>
 #include <vector>
 
 using namespace CryptoPP;
@@ -89,3 +91,37 @@ auto validate_password(const std::string_view password, const std::string_view h
     return entered_hashed_password == stored_hashed_password;
 }
 
+auto random_password(std::size_t length) -> std::string
+{
+    static const auto chars = std::string_view{"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"};
+
+    auto rd  = std::random_device{};
+    auto gen = std::mt19937{rd()};
+    auto dis = std::uniform_int_distribution{std::size_t{0}, chars.size() - 1};
+
+    std::string password;
+    for (size_t i = 0; i < length; ++i) {
+        password += chars[dis(gen)];
+    }
+
+    return password;
+}
+
+
+extern "C"
+{
+    char* kqm_generate_hash(const char* password, size_t rounds)
+    {
+        return strdup(generate_hash(password, rounds).c_str());
+    }
+
+    int kqm_validate_password(const char* password, const char* hash)
+    {
+        return validate_password(password, hash);
+    }
+
+    char* kqm_random_password(size_t length)
+    {
+        return strdup(random_password(length).c_str());
+    }
+}

src/server/auth/admin.c

@@ -0,0 +1,213 @@
+#include "server/auth.h"
+#include "server/response.h"
+#include "server/types.h"
+#include "server/util.h"
+
+#include "db/auth.h"
+
+#include "hash/hash.h"
+
+#include <civetweb.h>
+
+#include <cjson/cJSON.h>
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct
+{
+    char* action;
+    char* password;
+    char* token;
+    char* user_id;
+    char* raw_passwd;
+    char* new_passwd;
+    char* permission;
+} admin_form_t;
+
+static void admin_form_dtor(admin_form_t* form)
+{
+    if (form->action) free(form->action);
+    if (form->password) free(form->password);
+    if (form->token) free(form->token);
+    if (form->user_id) free(form->user_id);
+    if (form->raw_passwd) free(form->raw_passwd);
+    if (form->new_passwd) free(form->new_passwd);
+    if (form->permission) free(form->permission);
+}
+
+static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
+{
+    return MG_FORM_FIELD_HANDLE_GET;
+}
+
+static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
+{
+    admin_form_t* form = (admin_form_t*)user_data;
+    if (strcmp(key, "action") == 0) {
+        form->action = kqm_strndup(value, valuelen);
+    } else if (strcmp(key, "password") == 0) {
+        form->password = kqm_strndup(value, valuelen);
+    } else if (strcmp(key, "token") == 0) {
+        form->token = kqm_strndup(value, valuelen);
+    } else if (strcmp(key, "user_id") == 0) {
+        form->user_id = kqm_strndup(value, valuelen);
+    } else if (strcmp(key, "raw_passwd") == 0) {
+        form->raw_passwd = kqm_strndup(value, valuelen);
+    } else if (strcmp(key, "permission") == 0) {
+        form->permission = kqm_strndup(value, valuelen);
+    }
+    return MG_FORM_FIELD_HANDLE_GET;
+}
+
+static void impl_login(mg_connection* conn, admin_form_t* form)
+{
+    if (!form->password) {
+        res_need_password(conn);
+        return;
+    }
+
+    int result;
+    int flag = admin_login(form->password, &result);
+    if (!flag) {
+        res_login_fail(conn);
+    } else if (!result) {
+        res_incorrect(conn);
+    } else {
+        if (admin_session) free(admin_session);
+        admin_session = kqm_random_password(32);
+        res_login(conn, admin_session);
+    }
+}
+
+static void impl_repasswd(mg_connection* conn, admin_form_t* form)
+{
+    if (!form->raw_passwd || !form->new_passwd) {
+        res_need_password(conn);
+        return;
+    }
+
+    int result;
+    if (!admin_login(form->password, &result)) {
+        res_auth_fail(conn);
+    } else if (!result) {
+        res_incorrect(conn);
+    }
+
+    if (!set_admin_password(form->new_passwd)) {
+        res_repasswd_fail(conn);
+    } else {
+        res_repasswd(conn);
+    }
+}
+
+static void impl_repasswd2(mg_connection* conn, admin_form_t* form)
+{
+    if (!form->user_id) {
+        res_need_user_id(conn);
+        return;
+    }
+    if (!form->new_passwd) {
+        res_need_password(conn);
+        return;
+    }
+
+    int flag = set_user_password(form->user_id, form->new_passwd);
+    if (!flag) {
+        res_repasswd_fail(conn);
+    } else {
+        res_repasswd(conn);
+    }
+}
+
+static void impl_permission(mg_connection* conn, admin_form_t* form)
+{
+    if (!form->user_id) {
+        res_need_user_id(conn);
+        return;
+    }
+    if (!form->permission) {
+        res_need_xxx(conn, "permission");
+        return;
+    }
+
+    int flag = set_user_permission(form->user_id, atoi(form->permission));
+    if (!flag) {
+        res_repermission_fail(conn);
+    } else {
+        res_repermission(conn);
+    }
+}
+
+static void impl_delete(mg_connection* conn, admin_form_t* form)
+{
+    if (!form->user_id) {
+        res_need_user_id(conn);
+        return;
+    }
+
+    int flag = delete_user(form->user_id);
+    if (!flag) {
+        res_delete_account_fail(conn);
+    } else {
+        res_delete_account(conn);
+    }
+}
+
+
+int admin_handler(mg_connection* conn, void* cbdata)
+{
+    const mg_request_info* post_body = mg_get_request_info(conn);
+
+    if (post_body == NULL) {
+        res_null_req(conn);
+        return 1;
+    }
+
+    if (strcmp(post_body->request_method, "POST")) {
+        res_must_post(conn);
+        return 1;
+    }
+
+    admin_form_t form = {NULL, NULL, NULL, NULL, NULL, NULL, NULL};
+
+    mg_form_data_handler admin_callback = {
+        .field_found = field_found,
+        .field_get   = field_get,
+        .field_store = NULL,
+        .user_data   = &form,
+    };
+
+    mg_handle_form_request(conn, &admin_callback);
+
+    if (form.action && !strcmp(form.action, "login")) {
+        form.token    = strdup("");
+        admin_session = strdup("");
+    }
+
+    if (!form.action) {
+        res_need_action(conn);
+    } else if (!form.token) {
+        res_need_token(conn);
+    } else if (!admin_session || strcmp(form.token, admin_session)) {
+        res_permission_denied(conn);
+    } else {
+        if (!strcmp(form.action, "login")) {
+            impl_login(conn, &form);
+        } else if (!strcmp(form.action, "repasswd")) {
+            impl_repasswd(conn, &form);
+        } else if (!strcmp(form.action, "repasswd2")) {
+            impl_repasswd2(conn, &form);
+        } else if (!strcmp(form.action, "permission")) {
+            impl_permission(conn, &form);
+        } else if (!strcmp(form.action, "delete")) {
+            impl_delete(conn, &form);
+        } else {
+            res_bad_action(conn);
+        }
+    }
+
+    admin_form_dtor(&form);
+    return 1;
+}

src/server/auth/auth.c

@@ -1,5 +1,7 @@
-#include <server/auth.h>
+#include "server/auth.h"
 
 #include <stddef.h>
 
 char* secret = NULL;
+
+char* admin_session = NULL;

src/server/auth/permission.c

@@ -0,0 +1,83 @@
+#include "server/auth.h"
+#include "server/response.h"
+#include "server/util.h"
+
+#include "db/auth.h"
+
+#include "jwt/jwt.h"
+
+#include <civetweb.h>
+
+#include <cjson/cJSON.h>
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct
+{
+    char* user_id;
+} permission_form_t;
+
+static void permission_form_dtor(permission_form_t* form)
+{
+    if (form->user_id) free(form->user_id);
+}
+
+static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
+{
+    return MG_FORM_FIELD_HANDLE_GET;
+}
+
+static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
+{
+    permission_form_t* form = (permission_form_t*)user_data;
+    if (strcmp(key, "user_id") == 0) {
+        form->user_id = kqm_strndup(value, valuelen);
+        return MG_FORM_FIELD_HANDLE_ABORT;
+    }
+    return MG_FORM_FIELD_HANDLE_GET;
+}
+
+int user_permission_handler(mg_connection* conn, void* cbdata)
+{
+    const mg_request_info* post_body = mg_get_request_info(conn);
+
+    if (post_body == NULL) {
+        res_null_req(conn);
+        return 1;
+    }
+
+    if (strcmp(post_body->request_method, "POST")) {
+        res_must_post(conn);
+        return 1;
+    }
+
+    permission_form_t form = {NULL};
+
+    mg_form_data_handler permission_callback = {
+        .field_found = field_found,
+        .field_get   = field_get,
+        .field_store = NULL,
+        .user_data   = &form,
+    };
+
+    mg_handle_form_request(conn, &permission_callback);
+
+    if (!form.user_id) {
+        res_need_user_id(conn);
+        permission_form_dtor(&form);
+        return 1;
+    }
+
+    int perm;
+    int flag = get_user_permission(form.user_id, &perm);
+    if (!flag) {
+        res_check_permission_fail(conn);
+    } else {
+        res_permission(conn, perm);
+    }
+
+    permission_form_dtor(&form);
+    return 1;
+}

src/server/auth/repasswd.c

@@ -27,6 +27,8 @@ static void repasswd_form_dtor(repasswd_form_t* form)
 {
     if (form->token) free(form->token);
     if (form->user_id) free(form->user_id);
+    if (form->raw_passwd) free(form->raw_passwd);
+    if (form->new_passwd) free(form->new_passwd);
 }
 
 static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)

src/server/response.c

@@ -199,5 +199,56 @@ void res_logout(mg_connection* conn)
               "{\"success\":\"logout success\"}");
 }
 
-void res_(mg_connection* conn);
-void res_(mg_connection* conn);
+void res_permission(mg_connection* conn, int permission)
+{
+    mg_printf(conn,
+              "HTTP/1.1 200 OK\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"success\":\"query success\", \"permission\":\"%d\"}",
+              permission);
+}
+
+void res_repermission_fail(mg_connection* conn)
+{
+    mg_printf(conn,
+              "HTTP/1.1 500 Internal Server Error\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"error\":\"failed to repermission\"}");
+}
+void res_repermission(mg_connection* conn)
+{
+    mg_printf(conn,
+              "HTTP/1.1 200 OK\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"success\":\"repermission success\"}");
+}
+void res_need_action(mg_connection* conn)
+{
+    mg_printf(conn,
+              "HTTP/1.1 400 Bad Request\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"error\":\"need action specification\"}");
+}
+
+void res_bad_action(mg_connection* conn)
+{
+    mg_printf(conn,
+              "HTTP/1.1 400 Bad Request\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"error\":\"bad action\"}");
+}
+
+void res_need_xxx(mg_connection* conn, const char* xxx)
+{
+    mg_printf(conn,
+              "HTTP/1.1 400 Bad Request\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"error\":\"need %s\"}",
+              xxx);
+}

ui/src/components/users/DeleteAccountDialog.vue

@@ -10,7 +10,7 @@
       <v-card-text>
         <v-row dense>
           <v-card-text style="color: red;">
-            请在下方文本框中一字不差地输入引号内的内容：“{{ DialogDeleteAccountPromise }}”之后，您才能删除账号。
+            请在下方文本框中一字不差地输入引号内的内容：“<span style="user-select: none;">{{ DialogDeleteAccountPromise }}</span>”之后，您才能删除账号。
           </v-card-text>
           <v-col cols="12" sm="12">
             <v-text-field v-model="dialogDeleteAccountPromise" :label="DialogDeleteAccountPromise"
@@ -78,7 +78,11 @@ const requestDeleteAccount = async () => {
     return res.data as DeleteAccountResponse;
   } catch (e) {
     let ex = e as AxiosError;
-    return ex.response?.data as DeleteAccountResponse;
+    if (ex.response?.data) {
+      return ex.response?.data as DeleteAccountResponse;
+    } {
+      return { error: ex.message };
+    }
   }
 }
 

ui/src/components/users/LoginForm.vue

@@ -21,7 +21,7 @@
 
       <v-card-text class="text-center">
         <a class="text-red text-decoration-none"
-          @click="dialog('忘记密码', '请联系老师重置密码。')">
+          @click="dialog('忘记密码', '请联系老师或管理员重置密码。')">
           忘记密码<v-icon icon="mdi-chevron-right"></v-icon>
         </a>
       </v-card-text>
@@ -78,7 +78,11 @@ const login = async (userId: string, password: string) => {
     return res.data as LoginResponse;
   } catch (e) {
     let ex = e as AxiosError;
-    return ex.response?.data as LoginResponse;
+    if (ex.response?.data) {
+      return ex.response?.data as LoginResponse;
+    } {
+      return { error: ex.message };
+    }
   }
 };
 

ui/src/components/users/RegisterForm.vue

@@ -84,7 +84,11 @@ const register = async (userId: string, password: string) => {
     return res.data as RegisterResponse;
   } catch (e) {
     let ex = e as AxiosError;
-    return ex.response?.data as RegisterResponse;
+    if (ex.response?.data) {
+      return ex.response?.data as RegisterResponse;
+    } {
+      return { error: ex.message };
+    }
   }
 };
 

ui/src/components/users/RepasswdDialog.vue

@@ -76,7 +76,11 @@ const requestRepasswd = async () => {
     return res.data as RepasswdResponse;
   } catch (e) {
     let ex = e as AxiosError;
-    return ex.response?.data as RepasswdResponse;
+    if (ex.response?.data) {
+      return ex.response?.data as RepasswdResponse;
+    } {
+      return { error: ex.message };
+    }
   }
 }
 

ui/src/components/users/UserPanel.vue

@@ -1,7 +1,14 @@
 <template>
   <v-card subtitle="占位符占位符占位符" title="用户信息面板" max-width="80%">
     <v-card-item>
-      用户 ID: {{ userId }}
+      <v-chip class="ma-2" color="primary" label>
+        <v-icon icon="mdi-account-circle-outline" start></v-icon>
+        用户 ID: {{ userId }}
+      </v-chip>
+      <v-chip class="ma-2" color="pink" label @click="updateUserPermission">
+        <v-icon icon="mdi-human" start></v-icon>
+        权限: {{ userPermissionReadable }}
+      </v-chip>
     </v-card-item>
     <v-card-item>
       <v-chip class="chips" color="orange" @click="logout">
@@ -20,9 +27,6 @@
         </v-expansion-panel>
       </v-expansion-panels>
     </v-card-item>
-    <v-card-item>
-      <Toy></Toy>
-    </v-card-item>
   </v-card>
   <v-dialog v-model="dialogShow" width="auto">
     <v-card max-width="400" prepend-icon="mdi-update" :text="dialogText" :title="dialogTitle">
@@ -36,10 +40,9 @@
 </template>
 
 <script setup lang="ts">
-import { ref, computed } from 'vue';
+import { ref, computed, watch } from 'vue';
 import { useAuthStore } from '@/store/auth';
 import { jwtDecode, type JwtPayload } from 'jwt-decode';
-import Toy from './Toy.vue';
 import axios, { AxiosError } from 'axios';
 import DeleteAccountDialog from './DeleteAccountDialog.vue';
 import RepasswdDialog from './RepasswdDialog.vue';
@@ -79,6 +82,46 @@ const userId = computed(() => {
   return '';
 });
 
+type UserPermissionResponse = { success?: string, permission?: string, error?: string };
+
+const queryPermission = async () => {
+  try {
+    const formData = new FormData;
+    formData.append("user_id", userId.value);
+    let res = await axios.post('/api/auth/permission', formData);
+    return res.data as UserPermissionResponse;
+  } catch (e) {
+    let ex = e as AxiosError;
+    return ex.response?.data as UserPermissionResponse;
+  }
+}
+
+const userPermission = ref('');
+
+const updateUserPermission = async () => {
+  let res = await queryPermission();
+  if (res?.success) {
+    userPermission.value = res.permission as string;
+  } else {
+    userPermission.value = '';
+  }
+}
+
+watch(userId, updateUserPermission, { immediate: true });
+
+const userPermissionReadable = computed(() => {
+  if (userPermission.value.length > 0) {
+    if (userPermission.value == '1') {
+      return '老师';
+    } else if (userPermission.value == '2') {
+      return '学生';
+    } else {
+      return '未知';
+    }
+  } else {
+    return '获取失败';
+  }
+})
 
 const logout = async () => {
   authStore.clearToken();