token handling and verification

1 files changed, 68 insertions, 44 deletions

diff --git a/public/js/panel.js b/public/js/panel.js
index ed1bea0..cff5609 100644
--- a/public/js/panel.js
+++ b/public/js/panel.js
@@ -1,15 +1,11 @@
 window.onload = function () {
 
-	if(!localStorage.admintoken){
-		askForToken();
-		return;
-	}
+	var page;
 
-	var dashboard = document.getElementById('dashboard');
-	var page = document.getElementById('page');
+	if(!localStorage.admintoken)
+		return askForToken();
 
-	dashboard.style.display = 'block';
-	prepareMenu();
+	prepareDashboard();
 
 	function askForToken(){
 		document.getElementById('tokenSubmit').addEventListener('click', function(){
@@ -21,15 +17,35 @@ window.onload = function () {
 
 			xhr.onreadystatechange = function() {
 				if (xhr.readyState == XMLHttpRequest.DONE) {
+					try{
+						
+						var json = JSON.parse(xhr.responseText);
+						if(json.success === false)
+							return alert(json.description);
+
+						localStorage.admintoken = document.getElementById('token').value;
+						prepareDashboard();
+
+					}catch(e){
+						console.log(e);
+					}
+
+					console.log(xhr.responseText);
 					// xhr.responseText
 				}
 			}
-			xhr.open('POST', '/api/info', true);
+			xhr.open('GET', '/api/verify', true);
+			xhr.setRequestHeader('type', 'admin');
+			xhr.setRequestHeader('token', document.getElementById('token').value);
 			xhr.send(null);
 		}
 	}
 
-	function prepareMenu(){
+	function prepareDashboard(){
+		page = document.getElementById('page');
+		document.getElementById('auth').style.display = 'none';
+		document.getElementById('dashboard').style.display = 'block';
+
 		document.getElementById('itemUploads').addEventListener('click', function(){
 			getUploads();
 		});
@@ -45,44 +61,47 @@ window.onload = function () {
 
 		xhr.onreadystatechange = function() {
 			if(xhr.readyState == XMLHttpRequest.DONE){
-				if(xhr.responseText !== 'not-authorized'){
-					var json = JSON.parse(xhr.responseText);
-
-					var container = document.createElement('div');
-					container.innerHTML = `
-						<table class="table">
-					  		<thead>
-					    		<tr>
-								      <th>File</th>
-								      <th>Gallery</th>
-								      <th>Date</th>
-					    		</tr>
-					  		</thead>
-					  		<tbody id="table">
-					  		</tbody>
-					  	</table>`;
-					page.appendChild(container);
-
-					var table = document.getElementById('table');
-
-					for(var item of json){
-
-						var tr = document.createElement('tr');
-						tr.innerHTML = `
-							<tr>
-						    	<th><a href="${item.file}" target="_blank">${item.file}</a></th>
-						      	<th>${item.gallery}</th>
-						      	<td>${item.date}</td>
-						    </tr>
-						    `;
-
-						table.appendChild(tr);
-					}
+				
+				if(xhr.responseText === 'not-authorized')
+					return notAuthorized();
+
+				var json = JSON.parse(xhr.responseText);
+
+				var container = document.createElement('div');
+				container.innerHTML = `
+					<table class="table">
+				  		<thead>
+				    		<tr>
+							      <th>File</th>
+							      <th>Gallery</th>
+							      <th>Date</th>
+				    		</tr>
+				  		</thead>
+				  		<tbody id="table">
+				  		</tbody>
+				  	</table>`;
+				page.appendChild(container);
+
+				var table = document.getElementById('table');
+
+				for(var item of json){
+
+					var tr = document.createElement('tr');
+					tr.innerHTML = `
+						<tr>
+					    	<th><a href="${item.file}" target="_blank">${item.file}</a></th>
+					      	<th>${item.gallery}</th>
+					      	<td>${item.date}</td>
+					    </tr>
+					    `;
+
+					table.appendChild(tr);
 				}
+				
 			}
 		}
 		xhr.open('GET', '/api/uploads', true);
-		xhr.setRequestHeader('auth', localStorage.token);
+		xhr.setRequestHeader('auth', localStorage.admintoken);
 		xhr.send(null);
 	}
 
@@ -93,4 +112,9 @@ window.onload = function () {
 
 	}
 
+	function notAuthorized() {
+		localStorage.removeItem("admintoken");
+		location.reload();
+	}
+
 }