julius/cutt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: julius:2e965834240bce676328d09fe12476939ff91f48
Branches Tags
julius:main julius:feat/demo julius:feat/interactive_network julius:feat/security julius:floating_button
julius:v1-beta
...
compare: julius:main
Branches Tags
julius:main julius:feat/demo julius:feat/interactive_network julius:feat/security julius:floating_button
julius:v1-beta

10 Commits
2e96583424 ... main

Author SHA1 Message Date
julius
14c34066f3 gender mandatory 2025-12-21 17:20:59 +01:00
julius
52ec93d51e generate link for forgotten password 2025-12-21 17:17:44 +01:00
julius
828b0ee7d2 reinstate set password page 2025-12-21 17:08:24 +01:00
julius
5147299c0e advise to fill in email 2025-12-21 08:27:21 +01:00
julius
07a121200a remove from team instead of disable 2025-12-21 08:26:44 +01:00
julius
a654b12c64 permit team managers to see the team 2025-12-21 08:26:16 +01:00
julius
b2b6f4af14 add logo to Register page 2025-12-21 07:25:24 +01:00
julius
23255fd9c7 fix 2025-12-19 12:51:18 +01:00
julius
fb207dc7c7 let admin disable players 2025-12-19 12:48:23 +01:00
julius
685c877ffa fix password repetition check 2025-12-19 12:39:48 +01:00
6 changed files with 221 additions and 338 deletions
Expand all files Collapse all files

77
cutt/player.py
View File

@@ -110,7 +110,7 @@ class DisablePlayerRequest(BaseModel):
player_id: int player_id: int
def disable_player( def remove_player_from_team(
r: DisablePlayerRequest, r: DisablePlayerRequest,
request: Annotated[TeamScopedRequest, Depends(verify_team_scope)], request: Annotated[TeamScopedRequest, Depends(verify_team_scope)],
): ):
@@ -123,6 +123,47 @@ def disable_player(
.join(Team) .join(Team)
.where(Team.id == request.team_id, P.id == r.player_id) .where(Team.id == request.team_id, P.id == r.player_id)
).one_or_none() ).one_or_none()
if player:
team = session.exec(select(Team).where(Team.id == request.team_id)).one()
player.teams.remove(team)
session.add(team)
session.commit()
return PlainTextResponse(f"removed {player.display_name} from {team.name}.")
else:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="no such player found in your team",
)
def disable_player_team(
r: DisablePlayerRequest,
request: Annotated[TeamScopedRequest, Depends(verify_team_scope)],
):
if request.team_id == 42:
raise DEMO_TEAM_REQUEST
with Session(engine) as session:
player = session.exec(
select(P)
.join(PlayerTeamLink)
.join(Team)
.where(Team.id == request.team_id, P.id == r.player_id)
).one_or_none()
if player:
player.disabled = True
session.add(player)
session.commit()
return PlainTextResponse(f"disabled {player.display_name}")
else:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="no such player found in your team",
)
def disable_player(r: DisablePlayerRequest):
with Session(engine) as session:
player = session.exec(select(P).where(P.id == r.player_id)).one_or_none()
if player: if player:
player.disabled = True player.disabled = True
session.add(player) session.add(player)
@@ -170,6 +211,8 @@ async def list_players(
) )
] + demo_players ] + demo_players
allowed_scopes = set(user.scopes.split())
with Session(engine) as session: with Session(engine) as session:
current_user = session.exec( current_user = session.exec(
select(P) select(P)
@@ -177,7 +220,7 @@ async def list_players(
.join(Team) .join(Team)
.where(Team.id == team_id, P.disabled == False, P.id == user.id) .where(Team.id == team_id, P.disabled == False, P.id == user.id)
).one_or_none() ).one_or_none()
if not current_user: if not current_user and f"team:{team_id}" not in allowed_scopes:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST, status_code=status.HTTP_400_BAD_REQUEST,
detail="you're not in this team", detail="you're not in this team",
@@ -208,10 +251,28 @@ async def list_players(
def read_teams_me(user: Annotated[P, Depends(get_current_active_user)]): def read_teams_me(user: Annotated[P, Depends(get_current_active_user)]):
allowed_scopes = set(user.scopes.split())
team_ids = {
int(scope.split(":")[1])
for scope in allowed_scopes
if scope.startswith("team:")
}
with Session(engine) as session: with Session(engine) as session:
return [p.teams for p in session.exec(select(P).where(P.id == user.id))][0] + [ member_in = [p.teams for p in session.exec(select(P).where(P.id == user.id))][0]
{"country": "nowhere", "id": 42, "location": "everywhere", "name": "DEMO"} team_ids -= {team.id for team in member_in}
team_manager_in = session.exec(select(Team).where(Team.id.in_(team_ids))).all()
return (
member_in
+ list(team_manager_in)
+ [
{
"country": "nowhere",
"id": 42,
"location": "everywhere",
"name": "DEMO",
}
] ]
)
player_router.add_api_route( player_router.add_api_route(
@@ -226,7 +287,7 @@ player_router.add_api_route(
) )
player_router.add_api_route( player_router.add_api_route(
"/{team_id}", "/{team_id}",
endpoint=disable_player, endpoint=remove_player_from_team,
methods=["DELETE"], methods=["DELETE"],
) )
player_router.add_api_route( player_router.add_api_route(
@@ -246,6 +307,12 @@ player_router.add_api_route(
methods=["GET"], methods=["GET"],
dependencies=[Security(get_current_active_user, scopes=["admin"])], dependencies=[Security(get_current_active_user, scopes=["admin"])],
) )
player_router.add_api_route(
"/disable",
endpoint=disable_player,
methods=["DELETE"],
dependencies=[Security(get_current_active_user, scopes=["admin"])],
)
player_router.add_api_route("/me", endpoint=read_player_me, methods=["GET"]) player_router.add_api_route("/me", endpoint=read_player_me, methods=["GET"])
player_router.add_api_route("/me/teams", endpoint=read_teams_me, methods=["GET"]) player_router.add_api_route("/me/teams", endpoint=read_teams_me, methods=["GET"])
player_router.add_api_route( player_router.add_api_route(

17
forgotten_password.py Normal file
View File

@@ -0,0 +1,17 @@
import sys
from sqlmodel import Session, select
from cutt.security import set_password_token
from cutt.db import Player, TokenDB, engine
if len(sys.argv) > 1:
with Session(engine) as session:
for p in session.exec(
select(Player.username).where(Player.username == sys.argv[1].strip())
):
print(p)
token = set_password_token(p)
if token:
session.add(TokenDB(token=token))
print(f"https://cutt.0124816.xyz/setpassword?token={token}")
session.commit()

1
frontend/src/CUTT.tsx
View File

@@ -27,6 +27,7 @@ function App() {
<BrowserRouter> <BrowserRouter>
<Routes> <Routes>
<Route path="/register" element={<Register />} /> <Route path="/register" element={<Register />} />
<Route path="/setpassword" element={<SetPassword />} />
<Route <Route
path="/*" path="/*"
element={ element={

6
frontend/src/Footer.tsx
View File

@@ -1,10 +1,4 @@
import { useLocation } from "react-router";
import { Link } from "react-router";
import { useSession } from "./Session";
export default function Footer() { export default function Footer() {
const location = useLocation();
const { user, teams } = useSession();
return ( return (
<footer className="footer"> <footer className="footer">
<div className="content has-text-centered"> <div className="content has-text-centered">

25
frontend/src/Register.tsx
View File

@@ -49,6 +49,7 @@ export const Register = () => {
setPasswordHint(""); setPasswordHint("");
} else setPasswordHint("passwords do not match"); } else setPasswordHint("passwords do not match");
} }
useEffect(() => passwordCheck(), [passwordr]);
async function handleSubmit(e: FormEvent) { async function handleSubmit(e: FormEvent) {
e.preventDefault(); e.preventDefault();
@@ -95,8 +96,18 @@ export const Register = () => {
} }
return ( return (
<section className="section"> <section className="section is-medium">
<div className="container is-max-tablet"> <div className="container is-max-tablet">
<div className="block">
<p className="level-item has-text-centered">
<img
className="image"
alt="cool ultimate team tool"
src="cutt.svg"
style={{ width: 200 }}
/>
</p>
</div>
<h1 className="title"> <h1 className="title">
Register {teamName && `in team "${teamName}"`} Register {teamName && `in team "${teamName}"`}
</h1> </h1>
@@ -150,7 +161,6 @@ export const Register = () => {
/> />
</div> </div>
<div className="field"> <div className="field">
<label className="label">repeat password</label>
<input <input
className={"input" + (passwordHint ? " is-danger" : "")} className={"input" + (passwordHint ? " is-danger" : "")}
type={"password"} type={"password"}
@@ -163,21 +173,19 @@ export const Register = () => {
onChange={(evt) => { onChange={(evt) => {
setError(""); setError("");
setPasswordr(evt.target.value); setPasswordr(evt.target.value);
passwordCheck();
}} }}
/> />
<p className={"help is-danger"}>{passwordHint}</p> <p className={"help is-danger"}>{passwordHint}</p>
</div> </div>
<hr /> <hr />
<div className="field"> <div className="field">
<label className="label"> <label className="label">gender</label>
gender <small>(optional)</small>
</label>
<div className="control"> <div className="control">
<div className="select"> <div className="select">
<select <select
name="gender" name="gender"
value={gender} value={gender}
required
onChange={(e) => { onChange={(e) => {
setGender(e.target.value as Gender); setGender(e.target.value as Gender);
setError(""); setError("");
@@ -221,11 +229,12 @@ export const Register = () => {
}} }}
/> />
</div> </div>
<p className="help">helpful in case of a forgotten password</p>
</div>
</div>
<p className={"help" + (error ? " is-danger" : " is-success")}> <p className={"help" + (error ? " is-danger" : " is-success")}>
{error} {error}
</p> </p>
</div>
</div>
<div className="field is-grouped is-grouped-centered"> <div className="field is-grouped is-grouped-centered">
<button className="button is-light is-success">register</button> <button className="button is-light is-success">register</button>
</div> </div>

329
frontend/src/SetPassword.tsx
View File

@@ -1,11 +1,7 @@
import { jwtDecode, JwtPayload } from "jwt-decode"; import { jwtDecode, JwtPayload } from "jwt-decode";
import { ReactNode, useEffect, useState } from "react"; import { useEffect, useState } from "react";
import { apiAuth, baseUrl, Gender, User } from "./api"; import { baseUrl } from "./api";
import { useNavigate } from "react-router"; import { useNavigate } from "react-router";
import { Eye, EyeSlash } from "./Icons";
import { useSession } from "./Session";
import { relative } from "path";
import Header from "./Header";
interface PassToken extends JwtPayload { interface PassToken extends JwtPayload {
username: string; username: string;
@@ -13,53 +9,46 @@ interface PassToken extends JwtPayload {
team_id: number; team_id: number;
} }
enum Mode {
register = "register",
set = "set password",
change = "change password",
}
export const SetPassword = () => { export const SetPassword = () => {
const [mode, setMode] = useState<Mode>(); const [name, setName] = useState("");
const [name, setName] = useState("after getting your token.");
const [username, setUsername] = useState(""); const [username, setUsername] = useState("");
const [teamID, setTeamID] = useState<number>();
const [currentPassword, setCurrentPassword] = useState("");
const [password, setPassword] = useState(""); const [password, setPassword] = useState("");
const [passwordr, setPasswordr] = useState(""); const [passwordr, setPasswordr] = useState("");
const [passwordHint, setPasswordHint] = useState("");
const [token, setToken] = useState(""); const [token, setToken] = useState("");
const [error, setError] = useState(""); const [error, setError] = useState("");
const [loading, setLoading] = useState(false); const [loading, setLoading] = useState(false);
const [visible, setVisible] = useState(false);
const newPlayerTemplate = {
username: "",
display_name: "",
number: "",
email: "",
} as User;
const [player, setPlayer] = useState(newPlayerTemplate);
const navigate = useNavigate(); const navigate = useNavigate();
const { user } = useSession();
useEffect(() => {
const params = new URLSearchParams(window.location.search);
const token = params.get("token");
if (token) {
setToken(token);
try {
const payload = jwtDecode<PassToken>(token);
if (payload.sub === "set password") {
if (payload.name) setName(payload.name);
if (payload.username) setUsername(payload.username);
} else {
setError("not a valid token for setting your password");
}
} catch (InvalidTokenError) {
setError("not a valid token");
}
} else setError("no token found");
}, []);
function passwordCheck() {
if (password === passwordr) {
setPasswordHint("");
} else setPasswordHint("passwords do not match");
}
useEffect(() => passwordCheck(), [passwordr]);
async function handleSubmit(e: React.FormEvent) { async function handleSubmit(e: React.FormEvent) {
e.preventDefault(); e.preventDefault();
if (password === passwordr) { if (password === passwordr) {
setLoading(true);
if (mode === Mode.change) {
//====CHANGING PASSWORD====
const resp = await apiAuth(
"player/change_password",
{ current_password: currentPassword, new_password: password },
"POST"
);
setLoading(false);
if (resp.detail) setError(resp.detail);
else {
setError(resp);
setTimeout(() => navigate("/"), 2000);
}
} else if (mode === Mode.set) {
//====SETTING PASSWORD====
const req = new Request(`${baseUrl}api/set_password`, { const req = new Request(`${baseUrl}api/set_password`, {
method: "POST", method: "POST",
headers: { headers: {
@@ -91,198 +80,32 @@ export const SetPassword = () => {
throw new Error("Unauthorized"); throw new Error("Unauthorized");
} }
} }
} else if (mode === Mode.register) {
//====REGISTER NEW USER====
const req = new Request(`${baseUrl}api/register`, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
...player,
team_id: teamID,
token: token,
password: password,
}),
});
let resp: Response;
try {
resp = await fetch(req);
} catch (e) {
throw new Error(`request failed: ${e}`);
}
setLoading(false);
if (resp.ok) {
console.log(resp);
navigate("/", {
replace: true,
state: { username: player.username, password: password },
});
}
if (!resp.ok) {
const { detail } = await resp.json();
if (detail) setError(detail);
else setError("unauthorized");
throw new Error("Unauthorized");
}
}
} else setError("passwords are not the same"); } else setError("passwords are not the same");
} }
useEffect(() => { return (
if (user) { <section className="section is-medium">
setUsername(user.username); <div className="container is-max-tablet">
setName(user.display_name); <div className="block">
setMode(Mode.change); <p className="level-item has-text-centered">
} else { <img
const params = new URLSearchParams(window.location.search); className="image"
const token = params.get("token"); alt="cool ultimate team tool"
if (token) { src="cutt.svg"
setToken(token); style={{ width: 200 }}
try {
const payload = jwtDecode<PassToken>(token);
console.log(payload);
switch (payload.sub) {
case "register":
setMode(Mode.register);
if (payload.team_id) setTeamID(payload.team_id);
break;
case "set password":
setMode(Mode.set);
if (payload.username) setUsername(payload.username);
break;
}
if (payload.name) setName(payload.name);
} catch (InvalidTokenError) {
setName("Mr. I-have-no-valid Token");
}
}
}
}, []);
let header: ReactNode;
switch (mode) {
case Mode.change:
header = <h2>change your password, {name}</h2>;
break;
case Mode.set:
header = (
<>
<Header />
<h2>set your password, {name}</h2>
</>
);
break;
case Mode.register:
header = (
<>
<Header />
<h2>
register as a member of <i>{name}</i>
</h2>
</>
);
}
let textInputs: ReactNode;
switch (mode) {
case Mode.change:
textInputs = (
<div>
<input
type={visible ? "text" : "password"}
id="password"
name="password"
placeholder="current password"
minLength={8}
value={currentPassword}
required
onChange={(evt) => {
setError("");
setCurrentPassword(evt.target.value);
}}
/> />
<hr style={{ margin: "8px" }} /> </p>
</div> </div>
); <h1 className="title">
break; Set password for {name && username && `${name} (${username})`}
case Mode.register: </h1>
textInputs = ( <form onSubmit={handleSubmit}>
<div className="new-player-inputs"> <div className="field">
<div> <div className="field">
<label>name</label> <label className="label">password</label>
<input <input
type="text" className="input"
required type={"password"}
value={player.display_name}
onChange={(e) => {
setPlayer({
...player,
display_name: e.target.value,
username: e.target.value.toLowerCase().replace(/\W/g, ""),
});
}}
/>
</div>
<div>
<label>username</label>
<input
type="text"
required
value={player.username}
onChange={(e) => {
setPlayer({ ...player, username: e.target.value });
}}
/>
</div>
<div>
<label>gender</label>
<select
name="gender"
required
value={player.gender}
onChange={(e) => {
setPlayer({ ...player, gender: e.target.value as Gender });
}}
>
<option value={undefined}></option>
<option value="fmp">FMP</option>
<option value="mmp">MMP</option>
</select>
</div>
<div>
<label>number (optional)</label>
<input
type="text"
value={player.number || ""}
onChange={(e) => {
setPlayer({ ...player, number: e.target.value });
}}
/>
</div>
<div>
<label>email (optional)</label>
<input
type="email"
value={player.email || ""}
onChange={(e) => {
setPlayer({ ...player, email: e.target.value });
}}
/>
</div>
<hr style={{ margin: "8px" }} />
</div>
);
break;
}
let passwordInputs = (
<>
<div>
<input
type={visible ? "text" : "password"}
id="password" id="password"
name="password" name="password"
placeholder="password" placeholder="password"
@@ -295,9 +118,10 @@ export const SetPassword = () => {
}} }}
/> />
</div> </div>
<div> <div className="field">
<input <input
type={visible ? "text" : "password"} className={"input" + (passwordHint ? " is-danger" : "")}
type={"password"}
id="password-repeat" id="password-repeat"
name="password-repeat" name="password-repeat"
placeholder="repeat password" placeholder="repeat password"
@@ -309,47 +133,18 @@ export const SetPassword = () => {
setPasswordr(evt.target.value); setPasswordr(evt.target.value);
}} }}
/> />
<p className={"help is-danger"}>{passwordHint}</p>
</div> </div>
</> <hr />
);
return mode ? (
<>
{header}
<hr style={{ width: "100%" }} />
<form onSubmit={handleSubmit}>
<div
style={{
display: "flex",
alignItems: "center",
justifyContent: "center",
flexDirection: "column",
}}
>
{textInputs}
{passwordInputs}
<div
style={{
background: "unset",
fontSize: "medium",
cursor: "pointer",
display: "flex",
alignItems: "center",
gap: "8px",
}}
onClick={() => setVisible(!visible)}
>
{visible ? <Eye /> : <EyeSlash />} show passwords
</div> </div>
<p className={"help" + (error ? " is-danger" : " is-success")}>
{error}
</p>
<div className="field is-grouped is-grouped-centered">
<button className="button is-light is-link">change password</button>
</div> </div>
<div>{error && <span style={{ color: "red" }}>{error}</span>}</div>
<button type="submit" value="login" style={{ fontSize: "small" }}>
submit
</button>
{loading && <span className="loader" />}
</form> </form>
</> </div>
) : ( </section>
<span className="loader" />
); );
}; };