v1.3.1

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog #
 
+**2021-08-13**
+
+* v1.3.1 : 
+  * Added csrf protection
+  * Adjusted some details
+  * Updated dependencies
+
 **2021-08-12**
 
 * v1.3.0 : 

Makefile

@@ -2,8 +2,8 @@
 # @Description: Golang implementation of pi-dashboard
 # @Author: github.com/plutobell
 # @Creation: 2020-08-10
-# @Last modify: 2021-08-12
-# @Version: 1.3.0
+# @Last modification: 2021-08-13
+# @Version: 1.3.1
 
 PROGRAM = pi-dashboard-go
 OUTPUT = build

README.md

@@ -38,7 +38,7 @@ chmod +x pi-dashboard-go
 **Pi Dashboard Go** can be configured via command line parameters：
 
 ```bash
-Pi Dashboard Go version: 1.3.0
+Pi Dashboard Go version: 1.3.1
 Project address: https://github.com/plutobell/pi-dashboard-go
 
 Usage: Pi Dashboard Go [-auth USR:PSW] [-disk Paths] [-help]

assets/view.js → assets/dashboard.js

@@ -2,14 +2,21 @@
 // @Description: Golang implementation of pi-dashboard
 // @Author: github.com/plutobell
 // @Creation: 2020-08-01
-// @Last modify: 2021-08-12
-// @Version: 1.3.0
+// @Last modification: 2021-08-13
+// @Version: 1.3.1
 
 window.oncontextmenu=function(){return false;}
-window.onkeydown = window.onkeyup = window.onkeypress = function () {
-    window.event.returnValue = false;
-    return false;
+window.onkeydown = window.onkeyup = window.onkeypress = function (event) {
+    if (event.keyCode === 123) {
+        event.preventDefault();
+        window.event.returnValue = false;
+    }
 }
+window.addEventListener('keydown', function (event) {
+    if (event.ctrlKey) {
+        event.preventDefault();
+    }
+})
 
 unScroll();
 
@@ -319,6 +326,7 @@ $(document).ready(function() {
     net_Out2 = [0,0,0,0,0,0,0,0,0,0];
 
     setInterval(function() {
+        $.ajaxSetup(csrfAddToAjaxHeader());
         $.post('api/device', function(data){
             $("#loading").hide();
             removeUnScroll();
@@ -443,15 +451,22 @@ function unScroll() {
     $(document).on('scroll.unable',function (e) {
         $(document).scrollTop(top);
     })
+    $(document.body).css({
+        "overflow-y": "hidden"
+    });
 }
 
 function removeUnScroll() {
     $(document).unbind("scroll.unable");
+    $(document.body).css({
+        "overflow-y": "auto"
+    });
 }
 
 
 $("#logout").click(function(){
     $("#logout").attr("disabled", true);
+    $.ajaxSetup(csrfAddToAjaxHeader());
     $.post('/api/logout', function(result){
         if (result.status == true) {
             $("#logout").attr("disabled", false);
@@ -467,6 +482,7 @@ $("#logout").click(function(){
 });
 
 $("#reboot").click(function(){
+    $.ajaxSetup(csrfAddToAjaxHeader());
     $.post('/api/operation?action=reboot', function(data){
         if (data.status == true) {
             window.alert("OK")
@@ -481,6 +497,7 @@ $("#reboot").click(function(){
 });
 
 $("#shutdown").click(function(){
+    $.ajaxSetup(csrfAddToAjaxHeader());
     $.post('/api/operation?action=shutdown', function(data){
         if (data.status == true) {
             window.alert("OK");
@@ -495,6 +512,7 @@ $("#shutdown").click(function(){
 });
 
 $("#dropcaches").click(function(){
+    $.ajaxSetup(csrfAddToAjaxHeader());
     $.post('/api/operation?action=dropcaches', function(data){ //$.getJSON()
         if (data.status == true) {
             window.alert("OK");
@@ -506,4 +524,75 @@ $("#dropcaches").click(function(){
         // $("#loading").show();
         // unScroll();
         });
-});
+});
+
+
+
+// Login Page
+$("form").keyup(function(event){
+    if(event.keyCode == 13){
+        $("#login-btn").trigger("click");
+    }
+});
+
+$("#login-btn").click(function(){
+    $("#login-btn").attr("disabled", true);
+    var username = $("#username").val();
+    var password = $("#password").val();
+    var json = {
+        "username": username,
+        "password": password,
+    };
+    if (username == "" || password == "") {
+        $("#login-tips").text("Username or password is empty")
+        $("#login-btn").attr("disabled", false);
+    } else {
+        $.ajaxSetup(csrfAddToAjaxHeader());
+        $.post('/api/login', JSON.stringify(json), function(result){
+            if (result.status == true) {
+                $("#login-tips").text("")
+                $(window).attr('location','/');
+            } else if (result.status == false) {
+                $("#login-tips").text("Wrong credentialss")
+                $("#login-btn").attr("disabled", false);
+            }
+        }).fail(function() {
+            $("#login-tips").text("Unknown error")
+            $("#login-btn").attr("disabled", false);
+        });
+    }
+
+});
+
+function getCookie(name) {
+    var cookieValue = null;
+    if (document.cookie && document.cookie !== '') {
+        var cookies = document.cookie.split(';');
+        for (var i = 0; i < cookies.length; i++) {
+            var cookie = jQuery.trim(cookies[i]);
+            // Does this cookie string begin with the name we want?
+            if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                break;
+            }
+        }
+    }
+    return cookieValue;
+}
+
+function csrfSafeMethod(method) {
+    // 这些HTTP方法不要求携带CSRF令牌。test()是js正则表达式方法，若模板匹配成功，则返回true
+    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+}
+
+function csrfAddToAjaxHeader() {
+    var csrftoken = getCookie('cf_sid');
+
+    return {
+        beforeSend: function(xhr, settings) {
+            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+                xhr.setRequestHeader("X-XSRF-TOKEN", csrftoken);
+            }
+        }
+    }
+}

assets/login.tmpl

@@ -9,11 +9,8 @@
     <link rel="icon" href="assets/favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="assets/favicon.ico" type="image/x-icon" />
     <link href="assets/bootstrap.min.css" rel="stylesheet">
-    <script src="assets/jquery-3.1.1.min.js"></script>
+    <script src="assets/jquery-3.6.0.min.js"></script>
     <script src="assets/bootstrap.min.js"></script>
-    <script language="JavaScript">
-        window.oncontextmenu=function(){return false;}
-    </script>
     <style type="text/css">
         .label {color: #9da3a4; font-size: 75%; font-weight: bolder;}
         ::-webkit-scrollbar {
@@ -40,94 +37,6 @@
         margin-top: 70px;
         }
 
-        #loading{
-            background: #363636;
-            position: fixed;
-            left: 0px;
-            top: 0px;
-            width: 100%;
-            height: 100%;
-            display: block;
-            z-index: 20;
-            filter: alpha(opacity=90);
-            opacity: 0.9 !important;
-        }
-
-        .spinner {
-        width: 50px;
-        height: 60px;
-        text-align: center;
-        font-size: 10px;
-        position: absolute;
-        left: 50%;
-        top: 50%;
-        transform: translate(-50%,-50%);
-        }
-
-        .spinner > div {
-        background-color: #D6264F;
-        height: 100%;
-        width: 6px;
-        border-radius: 20px;
-        display: inline-block;
-
-        -webkit-animation: stretchdelay 1.2s infinite ease-in-out;
-        animation: stretchdelay 1.2s infinite ease-in-out;
-        }
-
-        .spinner .rect2 {
-        -webkit-animation-delay: -1.1s;
-        animation-delay: -1.1s;
-        }
-
-        .spinner .rect3 {
-        -webkit-animation-delay: -1.0s;
-        animation-delay: -1.0s;
-        }
-
-        .spinner .rect4 {
-        -webkit-animation-delay: -0.9s;
-        animation-delay: -0.9s;
-        }
-
-        .spinner .rect5 {
-        -webkit-animation-delay: -0.8s;
-        animation-delay: -0.8s;
-        }
-
-        @-webkit-keyframes stretchdelay {
-        0%, 40%, 100% { -webkit-transform: scaleY(0.4) }
-        20% { -webkit-transform: scaleY(1.0) }
-        }
-
-        @keyframes stretchdelay {
-        0%, 40%, 100% {
-            transform: scaleY(0.4);
-            -webkit-transform: scaleY(0.4);
-        }  20% {
-            transform: scaleY(1.0);
-            -webkit-transform: scaleY(1.0);
-        }
-        }
-
-        #command-btns{
-            list-style-type:none;
-            display: block;
-            margin-top: 0 auto;
-            margin-top: 10px;
-            padding: 0;
-        }
-        #command-btns li{
-            display: inline;
-            white-space:nowrap;
-            margin: auto 7px;
-            cursor: pointer;
-        }
-        #command-btns li img:hover{
-            border: 1px solid #E5E6E4;
-            border-radius: 90px;
-        }
-
         .box-radius {
             border-radius: 3px;
         }
@@ -151,7 +60,7 @@
                 <ul class="nav navbar-nav navbar-right">
                     <!-- <li><a target="_blank" href="#">Blog</a></li> -->
                     <li class="dropdown">
-                        <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">About <span class="caret"></span></a>
+                        <a href="javascript:void(0);" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">About <span class="caret"></span></a>
                         <ul class="dropdown-menu" role="menu">
                             <li><a target="_blank" href="https://ojoll.com/archives/86/">Pi Dashboard Go</a></li>
                             <li><a target="_blank" href="https://github.com/plutobell/pi-dashboard-go">GitHub Source</a></li>
@@ -188,13 +97,13 @@
         </div>
     </div>
 </div>
-<script src="assets/login.js"></script>
+<script src="assets/dashboard.js"></script>
 <!--
 @Program : Pi Dashboard Go (https://github.com/plutobell/pi-dashboard-go)
 @Description: Golang implementation of pi-dashboard
 @Author: github.com/plutobell
 @Creation: 2020-08-01
-@Last modify: 2021-08-12
-@Version: 1.3.0 -->
+@Last modification: 2021-08-13
+@Version: 1.3.1 -->
 </body>
 </html>