lighthouse score

buckler.py

@@ -16,9 +16,8 @@ import asyncpg
 import uvloop
 
 import auth
-import mail
+import tools
 import config
-import validation
 
 uvloop.install()
 routes = web.RouteTableDef()
@@ -36,7 +35,7 @@ async def index(request):
 			request['session']['id'])
 		if request['session']['admin']:
 			apps = await conn.fetch(
-				"SELECT name FROM app_info")
+				"SELECT id, name FROM app_info")
 			user_perms = await conn.fetch(
 				"SELECT user_info.id, user_info.username, app_user.app_id "
 				"FROM user_info LEFT JOIN app_user "
@@ -45,15 +44,16 @@ async def index(request):
 			"SELECT * FROM user_credential WHERE user_id = $1",
 			request['session']['id'])
 		active_sessions = await conn.fetch(
-			"SELECT ip_address FROM user_session "
+			"SELECT id, ip_address FROM user_session "
 			"WHERE user_id = $1",
 			request['session']['id'])
 
 	if request['session']['admin']:
-		apps = [app['name'] for app in apps]
+		users = defaultdict(lambda: {app['name']: False for app in apps})
-		users = defaultdict(lambda: [False]*len(apps))
 		for user_perm in user_perms:
-			users[user_perm['username']][user_perm['app_id']-1] = True
+			index = tools.find_dict(apps, 'id', user_perm['app_id'])
+			if index != -1:
+				users[user_perm['username']][apps[index]['name']] = True
 		users_json = json.dumps(users)
 	return render_template("index.html", request, locals())
 
@@ -170,7 +170,7 @@ async def register(request):
 				return render_template("register.html", request, locals())
 
 			form = await request.post()
-			errors = await validation.validate_register(request, form)
+			errors = await tools.validate_register(request, form)
 			if any(errors.values()):
 				return render_template("register.html", request, locals())
 
@@ -186,7 +186,7 @@ async def register(request):
 				await conn.execute(
 					"DELETE FROM invite WHERE token = $1",
 					invite_token)
-			await mail.send_confirmation(request, user['id'], email)
+			await tools.send_confirmation(request, user['id'], email)
 			message = "An email has been sent." # TODO: more better
 		else:
 			message = "Invalid invitation token."

static/buckler.js

@@ -14,19 +14,19 @@ function load() {
 
 function perm_change(row) {
 	let user_perms = users_perms[row.children[0].textContent];
-	let row_perms = [];
+	let row_perms = {};
 	for (let child of row.children) {
 		if (child.firstChild.type == "checkbox") {
 			if (child.firstChild.checked) {
-				row_perms.push(true);
+				row_perms[child.firstChild.dataset.appName] = true;
 			} else {
-				row_perms.push(false);
+				row_perms[child.firstChild.dataset.appName] = false;
 			}
 		}
 	}
 	let perms_changed = false;
-	for (let i = 0; i < user_perms.length; i++) {
+	for (let app_name of Object.keys(user_perms)) {
-		if (user_perms[i] != row_perms[i]) {
+		if (user_perms[app_name] != row_perms[app_name]) {
 			perms_changed = true;
 		}
 	}

templates/index.html

@@ -38,7 +38,7 @@
 							<tr>
 								<th>User</th>
 								{% for app in apps %}
-								<th>{{ app }}</th>
+								<th>{{ app['name'] }}</th>
 								{% endfor %}
 								<th></th>
 							</tr>
@@ -47,8 +47,8 @@
 							{% for username, values in users.items() %}
 							<tr>
 								<td>{{ username }}</td>
-								{% for value in values %}
+								{% for name, value in values.items() %}
-								<td><input type="checkbox" onchange="perm_change(this.parentElement.parentElement)"{% if value %} checked{% endif %}></td>
+								<td><input aria-label="{{ username }}-{{ name }}" data-app-name={{ name }} type="checkbox" onchange="perm_change(this.parentElement.parentElement)"{% if value %} checked{% endif %}></td>
 								{% endfor %}
 								<td><input type="submit"></td>
 							</tr>
@@ -89,7 +89,7 @@
 							{% for key in fido2_keys %}
 							<tr>
 								<td>{{ key['nick'] }}</td>
-								<td><input type="checkbox"></td>
+								<td><input aria-label="Delete {{ key['nick'] }}" id="fido-{{ key['id'] }}" name="fido-{{ key['id'] }}" type="checkbox"></td>
 							</tr>
 							{% endfor %}
 						</tbody>
@@ -115,7 +115,7 @@
 							{% for session in active_sessions %}
 							<tr>
 								<td>{{ session['ip_address'] }}</td>
-								<td><input type="checkbox"></td>
+								<td><input aria-label="Delete {{ session['id'][:5] }}" id="session-{{ session['id'][:5] }}" name="session-{{ session['id'][:5] }}"  type="checkbox"></td>
 							</tr>
 							{% endfor %}
 						</tbody>

tools.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 """
-Tools for sending emails.
+Various different tools for Buckler.
 """
 import email.mime.text
 import smtplib
@@ -8,6 +8,7 @@ import secrets
 
 import config
 
+
 def send_mail(to_addr, subject, body):
 	"""
 	Sends an email.
@@ -53,4 +54,44 @@ async def send_confirmation(request, user_id, to_addr):
 	confirm_url = request.app.router['register'].url_for().with_query(d)
 	confirm_url = config.server_domain + str(confirm_url)
 	body = "Buckle up.\n" + confirm_url
-	send_mail(to_addr, "Buckler Invite", body)
+
+
+async def validate_register(request, form):
+	"""Validate data from the registration form."""
+	username = form.get('username')
+	email = form.get('email')
+	password = form.get('password')
+	password_verify = form.get('password_verify')
+
+	async with request.app['pool'].acquire() as conn:
+		users = await conn.fetch(
+			"SELECT username, email FROM user_info "
+			"WHERE username = $1 OR email = $2",
+			username, email)
+
+	errors = {'password': [], 'username': [], 'email': []}
+	if password != password_verify:
+		errors['password'].append("Passwords do not match.")
+	if len(password) < 8 or len(password) > 10240:
+		errors['password'].append(
+			"Password must be between 8 and 10240 characters long.")
+	if len(username) < 3 or len(username) > 20:
+		errors['username'].append(
+			"Username must be between 3 and 20 characters long.")
+	if username in [user['username'] for user in users]:
+		errors['username'].append("Username already in use.")
+	if email in [user['email'] for user in users]:
+		errors['email'].append("Email already in use.")
+	
+	return errors
+
+
+def find_dict(lst, key, value):
+	"""
+	Returns the index of the dictionary in the given `lst` which
+	has d[`key`] == `value`.
+	"""
+	for i, d in enumerate(lst):
+		if d[key] == value:
+			return i
+	return -1

validation.py

@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-"""
-Functions for validating forms.
-"""
-
-async def validate_register(request, form):
-	"""Validate data from the registration form."""
-	username = form.get('username')
-	email = form.get('email')
-	password = form.get('password')
-	password_verify = form.get('password_verify')
-
-	async with request.app['pool'].acquire() as conn:
-		users = await conn.fetch(
-			"SELECT username, email FROM user_info "
-			"WHERE username = $1 OR email = $2",
-			username, email)
-
-	errors = {'password': [], 'username': [], 'email': []}
-	if password != password_verify:
-		errors['password'].append("Passwords do not match.")
-	if len(password) < 8 or len(password) > 10240:
-		errors['password'].append(
-			"Password must be between 8 and 10240 characters long.")
-	if len(username) < 3 or len(username) > 20:
-		errors['username'].append(
-			"Username must be between 3 and 20 characters long.")
-	if username in [user['username'] for user in users]:
-		errors['username'].append("Username already in use.")
-	if email in [user['email'] for user in users]:
-		errors['email'].append("Email already in use.")
-	
-	return errors