fixed merging error on auth.js

www/js/auth/auth.js

@@ -1,45 +1,108 @@
-#!/bin/sh
+document.addEventListener("DOMContentLoaded", () => {
-
+    // Function to generate a random token
-# Set Content-Type for CGI script
+    function generateAuthToken(length = 32) {
-echo "Content-type: application/json"
+      const charset =
-echo ""
+        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-
+      let token = "";
-# Read POST data
+      for (let i = 0; i < length; i++) {
-read POST_DATA
+        const randomIndex = Math.floor(Math.random() * charset.length);
-
+        token += charset[randomIndex];
-# Extract the password from POST data (URL encoded)
+      }
-USER="root"
+      return token;
-INPUT_PASSWORD=$(echo "$POST_DATA" | sed -n 's/^.*password=\([^&]*\).*$/\1/p')
+    }
-
+  
-# URL-decode the password (replace + with space and decode %XX)
+    // Initially hide the body to prevent content from flashing
-INPUT_PASSWORD=$(echo "$INPUT_PASSWORD" | sed 's/+/ /g;s/%\(..\)/\\x\1/g' | xargs -0 printf "%b")
+    document.body.style.display = "none";
-
+  
-# Log received password for debugging (remove in production)
+    // Check if the user is already logged in
-echo "Received password: $INPUT_PASSWORD" >&2
+    const authToken = localStorage.getItem("authToken");
-
+  
-# Extract the hashed password from /etc/shadow for the specified user
+    // Define which pages should be protected
-USER_SHADOW_ENTRY=$(grep "^$USER:" /etc/shadow)
+    const protectedPages = [
-
+      "/home.html",
-if [ -z "$USER_SHADOW_ENTRY" ]; then
+      "advance-settings.html",
-    echo '{"state":"failed", "message":"User not found"}'
+      "/bandlock.html",
-    exit 1
+      "/cell-locking.html",
-fi
+      "/cell-scanner.html",
-
+      "/cell-settings.html",
-# Extract the password hash (it's the second field, colon-separated)
+      "/cell-sms.html",
-USER_HASH=$(echo "$USER_SHADOW_ENTRY" | cut -d: -f2)
+      "/about.html", // Add all the protected HTML pages here
-
+    ];
-# Extract the salt (MD5 uses the $1$ prefix followed by the salt)
+  
-SALT=$(echo "$USER_HASH" | cut -d'$' -f3)
+    const currentPage = window.location.pathname;
-
+  
-# Generate a hash from the input password using the same salt
+    // If the user is not logged in and tries to access a protected page, redirect to login
-GENERATED_HASH=$(echo "$INPUT_PASSWORD" | openssl passwd -1 -salt "$SALT" -stdin)
+    if (!authToken && protectedPages.includes(currentPage)) {
-
+      window.location.href = "index.html";
-# Log generated hash for debugging
+    } else {
-echo "Generated hash: $GENERATED_HASH" >&2
+      // Show the page if authentication is successful or not required
-
+      document.body.style.display = "";
-# Compare the generated hash with the one in the shadow file
+    }
-if [ "$GENERATED_HASH" = "$USER_HASH" ]; then
+  
-    echo '{"state":"success", "hashed_password":"'"$GENERATED_HASH"'"}'
+    // If the user is logged in and tries to access the login page, redirect to home
-else
+    if (authToken && currentPage.includes("index.html")) {
-    echo '{"state":"failed", "hashed_password":"'"$GENERATED_HASH"'"}'
+      window.location.href = "home.html";
-fi
+    }
+  
+    // Login form logic (only for login page)
+    const loginForm = document.getElementById("loginForm");
+    if (loginForm) {
+      loginForm.addEventListener("submit", async (e) => {
+        e.preventDefault();
+  
+        const username = document.getElementById("username").value;
+        const password = document.getElementById("password").value;
+        const errorElement = document.getElementById("error");
+  
+        try {
+          const formData = new URLSearchParams();
+          formData.append("username", username);
+          formData.append("password", encodeURIComponent(password)); // URL-encode the password
+  
+          const response = await fetch("/cgi-bin/auth.sh", {
+            method: "POST",
+            body: formData,
+            headers: {
+              "Content-Type": "application/x-www-form-urlencoded",
+            },
+          });
+  
+          const result = await response.json(); // Parse JSON response
+  
+          if (result.state === "success") {
+            const newToken = generateAuthToken();
+            localStorage.setItem("authToken", newToken); // Store the token
+            window.location.href = "home.html"; // Redirect on success
+          } else {
+            document.getElementById("error").textContent =
+              "Invalid username or password";
+            console.log("Invalid username or password");
+          }
+        } catch (error) {
+          // Handle any errors (e.g., network issues)
+          errorElement.textContent = "An error occurred. Please try again later.";
+        }
+      });
+    }
+  
+    // Logout button logic (only for pages that have the logout button)
+    const logoutButton = document.getElementById("logoutButton");
+    if (logoutButton) {
+      logoutButton.addEventListener("click", () => {
+        localStorage.removeItem("authToken"); // Remove token
+        window.location.href = "index.html"; // Redirect to login
+      });
+    }
+  
+    // Fix for the issue of being redirected to login every time the Home button is clicked
+    document.querySelectorAll(".navbar-item").forEach((el) => {
+      if (el.textContent.includes("Home")) {
+        el.addEventListener("click", (e) => {
+          if (localStorage.getItem("authToken")) {
+            e.preventDefault();
+            window.location.href = "home.html";
+          }
+        });
+      }
+    });
+  });