Add user system, login/register pages, and reader management dashboard

This commit is contained in:
copilot-swe-agent[bot] 2026-07-02 02:12:59 +00:00 committed by GitHub
parent 85ca136c5a
commit 633b0a79a0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 1048 additions and 0 deletions

View file

@ -0,0 +1,3 @@
CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP);
ALTER TABLE places ADD COLUMN ownerId INTEGER REFERENCES users(id);

10
package-lock.json generated
View file

@ -9,6 +9,7 @@
"version": "1.0.0", "version": "1.0.0",
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"bcryptjs": "^3.0.3",
"colors": "^1.4.0", "colors": "^1.4.0",
"dotenv": "^17.3.1", "dotenv": "^17.3.1",
"express": "^5.2.1", "express": "^5.2.1",
@ -178,6 +179,15 @@
], ],
"license": "MIT" "license": "MIT"
}, },
"node_modules/bcryptjs": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
"integrity": "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g==",
"license": "BSD-3-Clause",
"bin": {
"bcrypt": "bin/bcrypt"
}
},
"node_modules/bindings": { "node_modules/bindings": {
"version": "1.5.0", "version": "1.5.0",
"resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz", "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",

View file

@ -1,5 +1,6 @@
{ {
"dependencies": { "dependencies": {
"bcryptjs": "^3.0.3",
"colors": "^1.4.0", "colors": "^1.4.0",
"dotenv": "^17.3.1", "dotenv": "^17.3.1",
"express": "^5.2.1", "express": "^5.2.1",

306
public/css/style.css Normal file
View file

@ -0,0 +1,306 @@
:root {
--bg: #0f1115;
--panel: #171a21;
--border: #262b36;
--text: #e6e9ef;
--muted: #8b93a7;
--accent: #4f7cff;
--accent-hover: #6a90ff;
--danger: #e5484d;
--success: #3ecf8e;
}
* {
box-sizing: border-box;
}
body {
margin: 0;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
background: var(--bg);
color: var(--text);
}
.auth-wrapper {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 24px;
}
.auth-card {
width: 100%;
max-width: 380px;
background: var(--panel);
border: 1px solid var(--border);
border-radius: 12px;
padding: 32px;
}
.auth-card h1 {
margin: 0 0 4px;
font-size: 22px;
}
.auth-card p.subtitle {
margin: 0 0 24px;
color: var(--muted);
font-size: 14px;
}
label {
display: block;
font-size: 13px;
margin-bottom: 6px;
color: var(--muted);
}
input {
width: 100%;
padding: 10px 12px;
margin-bottom: 16px;
border-radius: 8px;
border: 1px solid var(--border);
background: #0f1115;
color: var(--text);
font-size: 14px;
}
input:focus {
outline: none;
border-color: var(--accent);
}
button {
cursor: pointer;
border: none;
border-radius: 8px;
font-size: 14px;
font-weight: 600;
padding: 10px 16px;
}
button.primary {
width: 100%;
background: var(--accent);
color: #fff;
}
button.primary:hover {
background: var(--accent-hover);
}
button.secondary {
background: transparent;
border: 1px solid var(--border);
color: var(--text);
}
button.danger {
background: var(--danger);
color: #fff;
}
.error {
background: rgba(229, 72, 77, 0.12);
border: 1px solid rgba(229, 72, 77, 0.4);
color: #ff9a9c;
padding: 8px 12px;
border-radius: 8px;
font-size: 13px;
margin-bottom: 16px;
display: none;
}
.error.visible {
display: block;
}
.switch-link {
text-align: center;
margin-top: 16px;
font-size: 13px;
color: var(--muted);
}
.switch-link a {
color: var(--accent);
text-decoration: none;
}
/* Dashboard */
.app-shell {
display: flex;
min-height: 100vh;
}
.sidebar {
width: 260px;
background: var(--panel);
border-right: 1px solid var(--border);
padding: 24px 16px;
display: flex;
flex-direction: column;
}
.sidebar h2 {
font-size: 16px;
margin: 0 0 24px;
}
.sidebar .user-info {
color: var(--muted);
font-size: 13px;
margin-bottom: 8px;
}
.place-list {
list-style: none;
margin: 0;
padding: 0;
flex: 1;
overflow-y: auto;
}
.place-list li {
padding: 10px 12px;
border-radius: 8px;
cursor: pointer;
font-size: 14px;
margin-bottom: 4px;
color: var(--muted);
}
.place-list li:hover {
background: rgba(255, 255, 255, 0.04);
}
.place-list li.active {
background: rgba(79, 124, 255, 0.15);
color: var(--text);
}
.main {
flex: 1;
padding: 32px 40px;
overflow-y: auto;
}
.main-header {
display: flex;
align-items: center;
justify-content: space-between;
margin-bottom: 24px;
}
.main-header h1 {
margin: 0;
font-size: 20px;
}
.card {
background: var(--panel);
border: 1px solid var(--border);
border-radius: 12px;
padding: 20px;
margin-bottom: 20px;
}
.card h3 {
margin-top: 0;
}
.readers-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(260px, 1fr));
gap: 16px;
}
.reader-card {
background: #0f1115;
border: 1px solid var(--border);
border-radius: 10px;
padding: 16px;
}
.reader-card .reader-name {
font-weight: 600;
margin-bottom: 4px;
}
.reader-card .reader-id {
color: var(--muted);
font-size: 12px;
margin-bottom: 12px;
}
.reader-card .field {
display: flex;
align-items: center;
justify-content: space-between;
margin-bottom: 8px;
font-size: 13px;
}
.reader-card .field input[type="number"],
.reader-card .field select {
width: 90px;
margin: 0;
padding: 6px 8px;
}
.reader-card .actions {
display: flex;
gap: 8px;
margin-top: 12px;
}
.badge {
display: inline-block;
padding: 2px 8px;
border-radius: 999px;
font-size: 11px;
font-weight: 600;
}
.badge.on {
background: rgba(62, 207, 142, 0.15);
color: var(--success);
}
.badge.off {
background: rgba(229, 72, 77, 0.15);
color: var(--danger);
}
.empty-state {
color: var(--muted);
font-size: 14px;
text-align: center;
padding: 40px 0;
}
.inline-form {
display: flex;
gap: 8px;
flex-wrap: wrap;
align-items: flex-end;
}
.inline-form .field-group {
flex: 1;
min-width: 140px;
}
.inline-form .field-group label {
margin-bottom: 4px;
}
.inline-form input {
margin-bottom: 0;
}
.hidden {
display: none !important;
}

66
public/dashboard.html Normal file
View file

@ -0,0 +1,66 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dashboard - NOTXCS</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="app-shell">
<aside class="sidebar">
<h2>NOTXCS</h2>
<div class="user-info">Signed in as <strong id="username-display"></strong></div>
<button class="secondary" id="logout-btn" style="margin-bottom: 16px;">Log out</button>
<ul class="place-list" id="place-list"></ul>
<div class="card" style="margin-top: 16px;">
<h3 style="margin-top:0;font-size:14px;">Add place</h3>
<form id="add-place-form">
<label for="place-id">Place ID</label>
<input type="text" id="place-id" required>
<label for="place-api-key">API Key</label>
<input type="text" id="place-api-key" required>
<button type="submit" class="primary">Add place</button>
</form>
</div>
</aside>
<main class="main">
<div id="no-place" class="empty-state">
Select or create a place from the sidebar to manage its readers.
</div>
<div id="place-view" class="hidden">
<div class="main-header">
<h1 id="place-title"></h1>
<button class="danger" id="delete-place-btn">Delete place</button>
</div>
<div class="card">
<h3>Add reader</h3>
<form id="add-reader-form" class="inline-form">
<div class="field-group">
<label for="reader-id">Reader ID</label>
<input type="text" id="reader-id" required>
</div>
<div class="field-group">
<label for="reader-name">Name</label>
<input type="text" id="reader-name" required>
</div>
<button type="submit" class="primary">Add reader</button>
</form>
</div>
<div class="card">
<h3>Readers</h3>
<div id="readers-empty" class="empty-state hidden">No readers yet for this place.</div>
<div class="readers-grid" id="readers-grid"></div>
</div>
</div>
</main>
</div>
<script src="/js/dashboard.js"></script>
</body>
</html>

14
public/index.html Normal file
View file

@ -0,0 +1,14 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>NOTXCS</title>
<script>
fetch('/auth/me').then(r => r.json()).then(data => {
window.location.replace(data.success ? '/dashboard.html' : '/login.html');
}).catch(() => window.location.replace('/login.html'));
</script>
</head>
<body>
</body>
</html>

188
public/js/dashboard.js Normal file
View file

@ -0,0 +1,188 @@
let currentPlaceId = null;
let places = [];
async function api(path, options = {}) {
const res = await fetch(path, {
headers: { 'Content-Type': 'application/json' },
...options
});
const data = await res.json().catch(() => ({ success: false, message: 'Invalid response from server' }));
if (res.status === 401) {
window.location.href = '/login.html';
throw new Error('Not authenticated');
}
return data;
}
async function init() {
const me = await api('/auth/me');
if (!me.success) {
window.location.href = '/login.html';
return;
}
document.getElementById('username-display').textContent = me.user.username;
await loadPlaces();
}
async function loadPlaces() {
const data = await api('/dashboard/places');
places = data.places || [];
renderPlaceList();
}
function renderPlaceList() {
const list = document.getElementById('place-list');
list.innerHTML = '';
places.forEach((place) => {
const li = document.createElement('li');
li.textContent = place.id;
li.className = place.id === currentPlaceId ? 'active' : '';
li.addEventListener('click', () => selectPlace(place.id));
list.appendChild(li);
});
}
async function selectPlace(placeId) {
currentPlaceId = placeId;
renderPlaceList();
const data = await api(`/dashboard/places/${encodeURIComponent(placeId)}`);
if (!data.success) return;
document.getElementById('no-place').classList.add('hidden');
document.getElementById('place-view').classList.remove('hidden');
document.getElementById('place-title').textContent = placeId;
renderReaders(data.accessPoints || []);
}
function renderReaders(accessPoints) {
const grid = document.getElementById('readers-grid');
const empty = document.getElementById('readers-empty');
grid.innerHTML = '';
if (accessPoints.length === 0) {
empty.classList.remove('hidden');
return;
}
empty.classList.add('hidden');
accessPoints.forEach((ap) => {
const card = document.createElement('div');
card.className = 'reader-card';
card.innerHTML = `
<div class="reader-name">${escapeHtml(ap.name)}</div>
<div class="reader-id">${escapeHtml(ap.id)}</div>
<div class="field">
<span>Enabled</span>
<input type="checkbox" data-field="enabled" ${ap.enabled ? 'checked' : ''}>
</div>
<div class="field">
<span>Armed</span>
<input type="checkbox" data-field="armState" ${ap.armState ? 'checked' : ''}>
</div>
<div class="field">
<span>Unlock time (s)</span>
<input type="number" data-field="unlockTime" value="${ap.unlockTime}" min="0">
</div>
<div class="actions">
<button class="secondary save-btn">Save</button>
<button class="danger delete-btn">Delete</button>
</div>
`;
card.querySelector('.save-btn').addEventListener('click', () => saveReader(ap.id, card));
card.querySelector('.delete-btn').addEventListener('click', () => deleteReader(ap.id));
grid.appendChild(card);
});
}
function escapeHtml(str) {
const div = document.createElement('div');
div.textContent = str;
return div.innerHTML;
}
async function saveReader(readerId, card) {
const enabled = card.querySelector('[data-field="enabled"]').checked;
const armState = card.querySelector('[data-field="armState"]').checked ? 1 : 0;
const unlockTime = parseInt(card.querySelector('[data-field="unlockTime"]').value, 10) || 0;
await api(`/dashboard/places/${encodeURIComponent(currentPlaceId)}/access-points/${encodeURIComponent(readerId)}`, {
method: 'PUT',
body: JSON.stringify({ enabled, armState, unlockTime })
});
selectPlace(currentPlaceId);
}
async function deleteReader(readerId) {
if (!confirm(`Delete reader "${readerId}"?`)) return;
await api(`/dashboard/places/${encodeURIComponent(currentPlaceId)}/access-points/${encodeURIComponent(readerId)}`, {
method: 'DELETE'
});
selectPlace(currentPlaceId);
}
document.getElementById('add-place-form').addEventListener('submit', async (e) => {
e.preventDefault();
const id = document.getElementById('place-id').value.trim();
const apiKey = document.getElementById('place-api-key').value.trim();
if (!id || !apiKey) return;
const data = await api('/dashboard/places', {
method: 'POST',
body: JSON.stringify({ id, apiKey })
});
if (data.success) {
document.getElementById('place-id').value = '';
document.getElementById('place-api-key').value = '';
await loadPlaces();
selectPlace(id);
} else {
alert(data.message || 'Failed to add place');
}
});
document.getElementById('add-reader-form').addEventListener('submit', async (e) => {
e.preventDefault();
if (!currentPlaceId) return;
const id = document.getElementById('reader-id').value.trim();
const name = document.getElementById('reader-name').value.trim();
if (!id || !name) return;
const data = await api(`/dashboard/places/${encodeURIComponent(currentPlaceId)}/access-points`, {
method: 'POST',
body: JSON.stringify({ id, name })
});
if (data.success) {
document.getElementById('reader-id').value = '';
document.getElementById('reader-name').value = '';
selectPlace(currentPlaceId);
} else {
alert(data.message || 'Failed to add reader');
}
});
document.getElementById('delete-place-btn').addEventListener('click', async () => {
if (!currentPlaceId) return;
if (!confirm(`Delete place "${currentPlaceId}" and all of its readers?`)) return;
await api(`/dashboard/places/${encodeURIComponent(currentPlaceId)}`, { method: 'DELETE' });
currentPlaceId = null;
document.getElementById('place-view').classList.add('hidden');
document.getElementById('no-place').classList.remove('hidden');
await loadPlaces();
});
document.getElementById('logout-btn').addEventListener('click', async () => {
await api('/auth/logout', { method: 'POST' });
window.location.href = '/login.html';
});
init();

28
public/js/login.js Normal file
View file

@ -0,0 +1,28 @@
document.getElementById('login-form').addEventListener('submit', async (e) => {
e.preventDefault();
const errorEl = document.getElementById('error');
errorEl.classList.remove('visible');
const username = document.getElementById('username').value.trim();
const password = document.getElementById('password').value;
try {
const res = await fetch('/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username, password })
});
const data = await res.json();
if (!data.success) {
errorEl.textContent = data.message || 'Login failed';
errorEl.classList.add('visible');
return;
}
window.location.href = '/dashboard.html';
} catch (err) {
errorEl.textContent = 'Unable to reach the server. Please try again.';
errorEl.classList.add('visible');
}
});

28
public/js/register.js Normal file
View file

@ -0,0 +1,28 @@
document.getElementById('register-form').addEventListener('submit', async (e) => {
e.preventDefault();
const errorEl = document.getElementById('error');
errorEl.classList.remove('visible');
const username = document.getElementById('username').value.trim();
const password = document.getElementById('password').value;
try {
const res = await fetch('/auth/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username, password })
});
const data = await res.json();
if (!data.success) {
errorEl.textContent = data.message || 'Registration failed';
errorEl.classList.add('visible');
return;
}
window.location.href = '/dashboard.html';
} catch (err) {
errorEl.textContent = 'Unable to reach the server. Please try again.';
errorEl.classList.add('visible');
}
});

29
public/login.html Normal file
View file

@ -0,0 +1,29 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - NOTXCS</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="auth-wrapper">
<div class="auth-card">
<h1>Welcome back</h1>
<p class="subtitle">Sign in to manage your readers and settings.</p>
<div id="error" class="error"></div>
<form id="login-form">
<label for="username">Username</label>
<input type="text" id="username" name="username" autocomplete="username" required>
<label for="password">Password</label>
<input type="password" id="password" name="password" autocomplete="current-password" required>
<button type="submit" class="primary">Log in</button>
</form>
<p class="switch-link">Don't have an account? <a href="/register.html">Register</a></p>
</div>
</div>
<script src="/js/login.js"></script>
</body>
</html>

29
public/register.html Normal file
View file

@ -0,0 +1,29 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Register - NOTXCS</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="auth-wrapper">
<div class="auth-card">
<h1>Create an account</h1>
<p class="subtitle">Register to start managing your readers.</p>
<div id="error" class="error"></div>
<form id="register-form">
<label for="username">Username</label>
<input type="text" id="username" name="username" autocomplete="username" minlength="3" required>
<label for="password">Password</label>
<input type="password" id="password" name="password" autocomplete="new-password" minlength="6" required>
<button type="submit" class="primary">Register</button>
</form>
<p class="switch-link">Already have an account? <a href="/login.html">Log in</a></p>
</div>
</div>
<script src="/js/register.js"></script>
</body>
</html>

87
routes/auth.js Normal file
View file

@ -0,0 +1,87 @@
const express = require('express');
const bcrypt = require('bcryptjs');
const router = express.Router();
let db;
module.exports = (dbInit) => {
db = dbInit;
return router;
};
router.post('/register', (req, res) => {
const { username, password } = req.body || {};
if (!username || !password) {
return res.status(400).json({ success: false, message: "Username and password are required" });
}
if (typeof username !== 'string' || typeof password !== 'string' || username.trim().length < 3 || password.length < 6) {
return res.status(400).json({ success: false, message: "Username must be at least 3 characters and password at least 6 characters" });
}
db.get(`SELECT id FROM users WHERE username = ?`, [username], (err, existing) => {
if (err) {
console.error('Failed to check for existing user:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
if (existing) {
return res.status(409).json({ success: false, message: "Username is already taken" });
}
const hash = bcrypt.hashSync(password, 10);
db.run(`INSERT INTO users (username, password) VALUES (?, ?)`, [username, hash], function (err) {
if (err) {
console.error('Failed to create user:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
req.session.userId = this.lastID;
req.session.username = username;
res.json({ success: true, user: { id: this.lastID, username } });
});
});
});
router.post('/login', (req, res) => {
const { username, password } = req.body || {};
if (!username || !password) {
return res.status(400).json({ success: false, message: "Username and password are required" });
}
db.get(`SELECT * FROM users WHERE username = ?`, [username], (err, user) => {
if (err) {
console.error('Failed to retrieve user:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
if (!user || !bcrypt.compareSync(password, user.password)) {
return res.status(401).json({ success: false, message: "Invalid username or password" });
}
req.session.userId = user.id;
req.session.username = user.username;
res.json({ success: true, user: { id: user.id, username: user.username } });
});
});
router.post('/logout', (req, res) => {
req.session.destroy((err) => {
if (err) {
console.error('Failed to destroy session:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.clearCookie('connect.sid');
res.json({ success: true });
});
});
router.get('/me', (req, res) => {
if (!req.session.userId) {
return res.status(401).json({ success: false, message: "Not authenticated" });
}
res.json({ success: true, user: { id: req.session.userId, username: req.session.username } });
});

259
routes/dashboard.js Normal file
View file

@ -0,0 +1,259 @@
const express = require('express');
const router = express.Router();
let db;
module.exports = (dbInit) => {
db = dbInit;
return router;
};
function requireAuth(req, res, next) {
if (!req.session || !req.session.userId) {
return res.status(401).json({ success: false, message: "Not authenticated" });
}
next();
}
function loadOwnedPlace(req, res, next) {
const { placeId } = req.params;
db.get(`SELECT * FROM places WHERE id = ? AND ownerId = ?`, [placeId, req.session.userId], (err, place) => {
if (err) {
console.error('Failed to retrieve place:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
if (!place) {
return res.status(404).json({ success: false, message: "Place not found" });
}
req.place = place;
next();
});
}
router.use(requireAuth);
// List places owned by the current user
router.get('/places', (req, res) => {
db.all(`SELECT * FROM places WHERE ownerId = ?`, [req.session.userId], (err, places) => {
if (err) {
console.error('Failed to retrieve places:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true, places });
});
});
// Create a new place
router.post('/places', (req, res) => {
const { id, apiKey, settings } = req.body || {};
if (!id || !apiKey) {
return res.status(400).json({ success: false, message: "Place id and apiKey are required" });
}
db.get(`SELECT id FROM places WHERE id = ?`, [id], (err, existing) => {
if (err) {
console.error('Failed to check for existing place:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
if (existing) {
return res.status(409).json({ success: false, message: "A place with that id already exists" });
}
db.run(`INSERT INTO places (id, apiKey, settings, ownerId) VALUES (?, ?, ?, ?)`, [id, apiKey, settings || '{}', req.session.userId], (err) => {
if (err) {
console.error('Failed to create place:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true, place: { id, apiKey, settings: settings || '{}', ownerId: req.session.userId } });
});
});
});
// Get a single place with its access points (readers)
router.get('/places/:placeId', loadOwnedPlace, (req, res) => {
db.all(`SELECT * FROM access_points WHERE placeId = ?`, [req.place.id], (err, accessPoints) => {
if (err) {
console.error('Failed to retrieve access points:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true, place: req.place, accessPoints });
});
});
// Update a place's apiKey/settings
router.put('/places/:placeId', loadOwnedPlace, (req, res) => {
const apiKey = req.body.apiKey !== undefined ? req.body.apiKey : req.place.apiKey;
const settings = req.body.settings !== undefined ? req.body.settings : req.place.settings;
db.run(`UPDATE places SET apiKey = ?, settings = ? WHERE id = ?`, [apiKey, settings, req.place.id], (err) => {
if (err) {
console.error('Failed to update place:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true });
});
});
// Delete a place (and its readers/acl entries)
router.delete('/places/:placeId', loadOwnedPlace, (req, res) => {
db.all(`SELECT id FROM access_points WHERE placeId = ?`, [req.place.id], (err, accessPoints) => {
if (err) {
console.error('Failed to retrieve access points:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
const apIds = accessPoints.map(ap => ap.id);
const deleteAclAndAp = (cb) => {
if (apIds.length === 0) return cb();
const placeholders = apIds.map(() => '?').join(',');
db.run(`DELETE FROM acl WHERE accessPoint IN (${placeholders})`, apIds, (err) => {
if (err) return cb(err);
db.run(`DELETE FROM access_points WHERE placeId = ?`, [req.place.id], cb);
});
};
deleteAclAndAp((err) => {
if (err) {
console.error('Failed to delete readers for place:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
db.run(`DELETE FROM places WHERE id = ?`, [req.place.id], (err) => {
if (err) {
console.error('Failed to delete place:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true });
});
});
});
});
function loadOwnedAccessPoint(req, res, next) {
db.get(`SELECT * FROM access_points WHERE id = ? AND placeId = ?`, [req.params.accessPointId, req.place.id], (err, ap) => {
if (err) {
console.error('Failed to retrieve reader:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
if (!ap) {
return res.status(404).json({ success: false, message: "Reader not found" });
}
req.accessPoint = ap;
next();
});
}
// Create a new reader (access point) for a place
router.post('/places/:placeId/access-points', loadOwnedPlace, (req, res) => {
const { id, name } = req.body || {};
if (!id || !name) {
return res.status(400).json({ success: false, message: "Reader id and name are required" });
}
const enabled = req.body.enabled !== undefined ? (req.body.enabled ? 1 : 0) : 1;
const unlockTime = req.body.unlockTime !== undefined ? req.body.unlockTime : 8;
const armState = req.body.armState !== undefined ? req.body.armState : 1;
db.get(`SELECT id FROM access_points WHERE id = ?`, [id], (err, existing) => {
if (err) {
console.error('Failed to check for existing reader:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
if (existing) {
return res.status(409).json({ success: false, message: "A reader with that id already exists" });
}
db.run(
`INSERT INTO access_points (id, placeId, name, enabled, unlockTime, armState) VALUES (?, ?, ?, ?, ?, ?)`,
[id, req.place.id, name, enabled, unlockTime, armState],
(err) => {
if (err) {
console.error('Failed to create reader:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true });
}
);
});
});
// Update a reader's settings
router.put('/places/:placeId/access-points/:accessPointId', loadOwnedPlace, loadOwnedAccessPoint, (req, res) => {
const ap = req.accessPoint;
const name = req.body.name !== undefined ? req.body.name : ap.name;
const enabled = req.body.enabled !== undefined ? (req.body.enabled ? 1 : 0) : ap.enabled;
const unlockTime = req.body.unlockTime !== undefined ? req.body.unlockTime : ap.unlockTime;
const armState = req.body.armState !== undefined ? req.body.armState : ap.armState;
const readyData = req.body.readyData !== undefined ? req.body.readyData : ap.readyData;
const disarmedData = req.body.disarmedData !== undefined ? req.body.disarmedData : ap.disarmedData;
const grantedData = req.body.grantedData !== undefined ? req.body.grantedData : ap.grantedData;
const deniedData = req.body.deniedData !== undefined ? req.body.deniedData : ap.deniedData;
db.run(
`UPDATE access_points SET name = ?, enabled = ?, unlockTime = ?, armState = ?, readyData = ?, disarmedData = ?, grantedData = ?, deniedData = ? WHERE id = ?`,
[name, enabled, unlockTime, armState, readyData, disarmedData, grantedData, deniedData, ap.id],
(err) => {
if (err) {
console.error('Failed to update reader:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true });
}
);
});
// Delete a reader
router.delete('/places/:placeId/access-points/:accessPointId', loadOwnedPlace, loadOwnedAccessPoint, (req, res) => {
db.run(`DELETE FROM acl WHERE accessPoint = ?`, [req.accessPoint.id], (err) => {
if (err) {
console.error('Failed to delete ACL entries for reader:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
db.run(`DELETE FROM access_points WHERE id = ?`, [req.accessPoint.id], (err) => {
if (err) {
console.error('Failed to delete reader:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true });
});
});
});
// List ACL entries for a reader
router.get('/places/:placeId/access-points/:accessPointId/acl', loadOwnedPlace, loadOwnedAccessPoint, (req, res) => {
db.all(`SELECT * FROM acl WHERE accessPoint = ?`, [req.accessPoint.id], (err, entries) => {
if (err) {
console.error('Failed to retrieve ACL entries:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true, acl: entries });
});
});
// Add an ACL entry for a reader
router.post('/places/:placeId/access-points/:accessPointId/acl', loadOwnedPlace, loadOwnedAccessPoint, (req, res) => {
const { type, data } = req.body || {};
if (type === undefined || !data) {
return res.status(400).json({ success: false, message: "ACL type and data are required" });
}
db.run(`INSERT INTO acl (accessPoint, type, data) VALUES (?, ?, ?)`, [req.accessPoint.id, type, data], function (err) {
if (err) {
console.error('Failed to create ACL entry:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true, id: this.lastID });
});
});
// Delete an ACL entry
router.delete('/places/:placeId/access-points/:accessPointId/acl/:aclId', loadOwnedPlace, loadOwnedAccessPoint, (req, res) => {
db.run(`DELETE FROM acl WHERE id = ? AND accessPoint = ?`, [req.params.aclId, req.accessPoint.id], (err) => {
if (err) {
console.error('Failed to delete ACL entry:', err.message);
return res.status(500).json({ success: false, message: "Internal server error" });
}
res.json({ success: true });
});
});