npm - blockmine - Versions diffs - 1.12.1 → 1.13.0 - Mend

blockmine 1.12.1 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +7 -0
package/backend/prisma/schema.prisma +219 -201
package/backend/src/api/routes/auth.js +140 -0
package/frontend/dist/assets/{index-BzDKhCKk.js → index-CHwi1QN9.js} +1682 -1681
package/frontend/dist/index.html +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,13 @@
 # История версий
+## [1.13.0](https://github.com/blockmineJS/blockmine/compare/v1.12.0...v1.13.0) (2025-07-18)
+### ✨ Новые возможности
+* возможность сбрасывать пароль рут аккаунта ([e23181d](https://github.com/blockmineJS/blockmine/commit/e23181d29dbe730ff882d654b8ec0e80a1f007bc))
 ## [1.12.0](https://github.com/blockmineJS/blockmine/compare/v1.11.5...v1.12.0) (2025-07-18)

package/backend/prisma/schema.prisma CHANGED Viewed

@@ -1,201 +1,219 @@
-generator client {
-  provider = "prisma-client-js"
-}
-datasource db {
-  provider = "sqlite"
-  url      = "file:C:\\Users\\user\\.blockmine\\blockmine.db"
-}
-model Server {
-  id      Int    @id @default(autoincrement())
-  name    String @unique
-  host    String
-  port    Int    @default(25565)
-  version String
-  bots    Bot[]
-}
-model Bot {
-  id               Int               @id @default(autoincrement())
-  username         String            @unique
-  password         String?
-  prefix           String?           @default("@")
-  note             String?
-  serverId         Int
-  proxyHost        String?
-  proxyPort        Int?
-  proxyUsername    String?
-  proxyPassword    String?
-  createdAt        DateTime          @default(now())
-  updatedAt        DateTime          @updatedAt
-  owners           String?           @default("")
-  server           Server            @relation(fields: [serverId], references: [id])
-  commands         Command[]
-  eventGraphs      EventGraph[]
-  groups           Group[]
-  installedPlugins InstalledPlugin[]
-  permissions      Permission[]
-  pluginData       PluginDataStore[]
-  users            User[]
-}
-model InstalledPlugin {
-  id          Int      @id @default(autoincrement())
-  botId       Int
-  name        String
-  version     String
-  description String?
-  sourceType  String
-  sourceUri   String?
-  path        String
-  isEnabled   Boolean  @default(true)
-  manifest    String?
-  settings    String?  @default("{}")
-  createdAt   DateTime @default(now())
-  bot         Bot      @relation(fields: [botId], references: [id], onDelete: Cascade)
-  @@unique([botId, name])
-}
-model Command {
-  id               Int         @id @default(autoincrement())
-  botId            Int
-  name             String
-  isEnabled        Boolean     @default(true)
-  cooldown         Int         @default(0)
-  aliases          String      @default("[]")
-  description      String?
-  owner            String?
-  permissionId     Int?
-  allowedChatTypes String      @default("[\"chat\", \"private\"]")
-  isVisual         Boolean     @default(false)
-  argumentsJson    String?     @default("[]")
-  graphJson        String?     @default("null")
-  permission       Permission? @relation(fields: [permissionId], references: [id])
-  bot              Bot         @relation(fields: [botId], references: [id], onDelete: Cascade)
-  @@unique([botId, name])
-}
-model EventGraph {
-  id        Int            @id @default(autoincrement())
-  botId     Int
-  name      String
-  isEnabled Boolean        @default(true)
-  graphJson String?        @default("null")
-  createdAt DateTime       @default(now())
-  updatedAt DateTime       @updatedAt
-  variables String?        @default("[]")
-  bot       Bot            @relation(fields: [botId], references: [id], onDelete: Cascade)
-  triggers  EventTrigger[]
-  @@unique([botId, name])
-}
-model EventTrigger {
-  id        Int        @id @default(autoincrement())
-  graphId   Int
-  eventType String
-  graph     EventGraph @relation(fields: [graphId], references: [id], onDelete: Cascade)
-  @@unique([graphId, eventType])
-}
-model User {
-  id            Int         @id @default(autoincrement())
-  username      String
-  isBlacklisted Boolean     @default(false)
-  botId         Int
-  bot           Bot         @relation(fields: [botId], references: [id], onDelete: Cascade)
-  groups        UserGroup[]
-  @@unique([botId, username])
-}
-model Group {
-  id          Int               @id @default(autoincrement())
-  name        String
-  owner       String            @default("system")
-  botId       Int
-  bot         Bot               @relation(fields: [botId], references: [id], onDelete: Cascade)
-  permissions GroupPermission[]
-  users       UserGroup[]
-  @@unique([botId, name])
-}
-model Permission {
-  id          Int               @id @default(autoincrement())
-  name        String
-  description String?
-  owner       String            @default("system")
-  botId       Int
-  commands    Command[]
-  groups      GroupPermission[]
-  bot         Bot               @relation(fields: [botId], references: [id], onDelete: Cascade)
-  @@unique([botId, name])
-}
-model UserGroup {
-  userId  Int
-  groupId Int
-  group   Group @relation(fields: [groupId], references: [id], onDelete: Cascade)
-  user    User  @relation(fields: [userId], references: [id], onDelete: Cascade)
-  @@id([userId, groupId])
-}
-model GroupPermission {
-  groupId      Int
-  permissionId Int
-  permission   Permission @relation(fields: [permissionId], references: [id], onDelete: Cascade)
-  group        Group      @relation(fields: [groupId], references: [id], onDelete: Cascade)
-  @@id([groupId, permissionId])
-}
-model ScheduledTask {
-  id           Int       @id @default(autoincrement())
-  name         String
-  cronPattern  String?
-  action       String
-  targetBotIds String
-  payload      String?   @default("{}")
-  isEnabled    Boolean   @default(true)
-  runOnStartup Boolean   @default(false)
-  lastRun      DateTime?
-  createdAt    DateTime  @default(now())
-  updatedAt    DateTime  @updatedAt
-}
-model PanelUser {
-  id           Int       @id @default(autoincrement())
-  uuid         String    @unique @default(uuid())
-  username     String    @unique
-  passwordHash String
-  roleId       Int
-  createdAt    DateTime  @default(now())
-  role         PanelRole @relation(fields: [roleId], references: [id])
-}
-model PanelRole {
-  id          Int         @id @default(autoincrement())
-  name        String      @unique
-  permissions String      @default("[]")
-  users       PanelUser[]
-}
-model PluginDataStore {
-  id         Int      @id @default(autoincrement())
-  pluginName String
-  botId      Int
-  key        String
-  value      String
-  createdAt  DateTime @default(now())
-  updatedAt  DateTime @updatedAt
-  bot        Bot      @relation(fields: [botId], references: [id], onDelete: Cascade)
-  @@unique([pluginName, botId, key])
-}
+generator client {
+  provider = "prisma-client-js"
+}
+datasource db {
+  provider = "sqlite"
+  url      = env("DATABASE_URL")
+}
+model Server {
+  id      Int    @id @default(autoincrement())
+  name    String @unique
+  host    String
+  port    Int    @default(25565)
+  version String
+  bots    Bot[]
+}
+model Bot {
+  id       Int    @id @default(autoincrement())
+  username String @unique
+  password String?
+  prefix   String? @default("@")
+  note     String?
+  owners   String? @default("")
+  server   Server @relation(fields: [serverId], references: [id])
+  serverId Int
+  proxyHost     String?
+  proxyPort     Int?
+  proxyUsername String?
+  proxyPassword String?
+  installedPlugins InstalledPlugin[]
+  users            User[]
+  groups           Group[]
+  permissions      Permission[]
+  commands         Command[]
+  eventGraphs      EventGraph[]
+  pluginData       PluginDataStore[]
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+}
+model InstalledPlugin {
+  id          Int     @id @default(autoincrement())
+  botId       Int
+  bot         Bot     @relation(fields: [botId], references: [id], onDelete: Cascade)
+  name        String
+  version     String
+  description String?
+  sourceType  String
+  sourceUri   String?
+  path        String
+  isEnabled   Boolean @default(true)
+  manifest String?
+  settings String? @default("{}")
+  createdAt DateTime @default(now())
+  @@unique([botId, name])
+}
+model Command {
+  id               Int     @id @default(autoincrement())
+  botId            Int
+  bot              Bot     @relation(fields: [botId], references: [id], onDelete: Cascade)
+  name             String
+  isEnabled        Boolean @default(true)
+  cooldown         Int     @default(0)
+  aliases          String  @default("[]")
+  description      String?
+  owner            String?
+  permissionId     Int?
+  permission       Permission? @relation(fields: [permissionId], references: [id], onDelete: SetNull)
+  allowedChatTypes String  @default("[\"chat\", \"private\"]")
+  isVisual         Boolean @default(false)
+  argumentsJson    String? @default("[]")
+  graphJson        String? @default("null")
+  @@unique([botId, name])
+}
+model EventGraph {
+  id          Int     @id @default(autoincrement())
+  botId       Int
+  bot         Bot     @relation(fields: [botId], references: [id], onDelete: Cascade)
+  name        String
+  isEnabled   Boolean @default(true)
+  graphJson   String? @default("null")
+  variables   String? @default("[]")
+  triggers    EventTrigger[]
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  @@unique([botId, name])
+}
+model EventTrigger {
+  id        Int      @id @default(autoincrement())
+  graphId   Int
+  graph     EventGraph @relation(fields: [graphId], references: [id], onDelete: Cascade)
+  eventType String   // e.g., "entitySpawn", "chat"
+  @@unique([graphId, eventType])
+}
+model User {
+  id            Int       @id @default(autoincrement())
+  username      String
+  isBlacklisted Boolean   @default(false)
+  botId         Int
+  bot           Bot       @relation(fields: [botId], references: [id], onDelete: Cascade)
+  groups        UserGroup[]
+  @@unique([botId, username])
+}
+model Group {
+  id          Int             @id @default(autoincrement())
+  name        String
+  owner       String          @default("system")
+  botId       Int
+  bot         Bot             @relation(fields: [botId], references: [id], onDelete: Cascade)
+  permissions GroupPermission[]
+  users       UserGroup[]
+  @@unique([botId, name])
+}
+model Permission {
+  id          Int             @id @default(autoincrement())
+  name        String
+  description String?
+  owner       String          @default("system")
+  botId       Int
+  bot         Bot             @relation(fields: [botId], references: [id], onDelete: Cascade)
+  groups      GroupPermission[]
+  commands    Command[]
+  @@unique([botId, name])
+}
+model UserGroup {
+  user    User  @relation(fields: [userId], references: [id], onDelete: Cascade)
+  userId  Int
+  group   Group @relation(fields: [groupId], references: [id], onDelete: Cascade)
+  groupId Int
+  @@id([userId, groupId])
+}
+model GroupPermission {
+  group        Group      @relation(fields: [groupId], references: [id], onDelete: Cascade)
+  groupId      Int
+  permission   Permission @relation(fields: [permissionId], references: [id], onDelete: Cascade)
+  permissionId Int
+  @@id([groupId, permissionId])
+}
+model ScheduledTask {
+  id           Int        @id @default(autoincrement())
+  name         String
+  cronPattern  String?
+  action       String
+  targetBotIds String // джсон массив ID ботов или "ALL"
+  payload      String?    @default("{}") // джсон для доп данных, например, команды
+  isEnabled    Boolean    @default(true)
+  runOnStartup Boolean    @default(false)
+  lastRun      DateTime?
+  createdAt    DateTime   @default(now())
+  updatedAt    DateTime   @updatedAt
+}
+model PanelUser {
+  id           Int      @id @default(autoincrement())
+  uuid         String   @unique @default(uuid())
+  username     String   @unique
+  passwordHash String
+  role         PanelRole @relation(fields: [roleId], references: [id])
+  roleId       Int
+  createdAt    DateTime @default(now())
+}
+// Роли пользователей (Admin, Moderator, Viewer)
+model PanelRole {
+  id          Int      @id @default(autoincrement())
+  name        String   @unique
+  // Храним права как джсон строку.  SQLite не поддерживает массивы.
+  // Пример: '[\"bot:create\", \"bot:delete\", \"user:manage\"]'
+  permissions String   @default("[]")
+  users       PanelUser[]
+}
+model PluginDataStore {
+  id         Int      @id @default(autoincrement())
+  pluginName String
+  botId      Int
+  key        String
+  value      String // в виде json
+  createdAt  DateTime @default(now())
+  updatedAt  DateTime @updatedAt
+  bot Bot @relation(fields: [botId], references: [id], onDelete: Cascade)
+  @@unique([pluginName, botId, key])
+}

package/backend/src/api/routes/auth.js CHANGED Viewed

@@ -1,9 +1,12 @@
 const express = require('express');
 const bcrypt = require('bcryptjs');
 const jwt = require('jsonwebtoken');
+const crypto = require('crypto');
 const { PrismaClient } = require('@prisma/client');
 const config = require('../../config');
 const { authenticate, authorize } = require('../middleware/auth');
+const path = require('path');
+const os = require('os');
 const router = express.Router();
 const prisma = new PrismaClient();
@@ -11,6 +14,8 @@ const prisma = new PrismaClient();
 const JWT_SECRET = config.security.jwtSecret;
 const JWT_EXPIRES_IN = '7d';
+const activeResetTokens = new Map();
 /**
  * @route   GET /api/auth/status
  * @desc    Проверяет, была ли произведена первоначальная настройка (создан админ)
@@ -26,6 +31,16 @@ router.get('/status', async (req, res) => {
     }
 });
+/**
+ * @route   GET /api/auth/config-path
+ * @desc    Получить путь к конфигурационному файлу
+ * @access  Public
+ */
+router.get('/config-path', (req, res) => {
+    const configPath = path.join(os.homedir(), '.blockmine', 'config.json');
+    res.json({ configPath });
+});
 /**
  * @route   POST /api/auth/setup
  * @desc    Создает первого пользователя с ролью администратора
@@ -100,6 +115,131 @@ router.post('/setup', async (req, res) => {
     }
 });
+/**
+ * @route   POST /api/auth/recovery/verify
+ * @desc    Проверка кода восстановления
+ * @access  Public
+ */
+router.post('/recovery/verify', async (req, res) => {
+    try {
+        const { recoveryCode } = req.body;
+        if (!recoveryCode) {
+            return res.status(400).json({ error: 'Код восстановления обязателен' });
+        }
+        if (recoveryCode !== config.security.adminRecoveryCode) {
+            await new Promise(resolve => setTimeout(resolve, 1000));
+            return res.status(401).json({ error: 'Неверный код восстановления' });
+        }
+        const rootUser = await prisma.panelUser.findFirst({
+            orderBy: { id: 'asc' },
+            include: { role: true }
+        });
+        if (!rootUser) {
+            return res.status(404).json({ error: 'В системе нет ни одного пользователя. Выполните первоначальную настройку.' });
+        }
+        const tokenId = crypto.randomBytes(16).toString('hex');
+        const resetToken = jwt.sign(
+            {
+                userId: rootUser.id,
+                type: 'password-reset',
+                tokenId: tokenId,
+                timestamp: Date.now()
+            },
+            JWT_SECRET,
+            { expiresIn: '5m' }
+        );
+        activeResetTokens.set(tokenId, {
+            userId: rootUser.id,
+            createdAt: Date.now(),
+            used: false
+        });
+        setTimeout(() => {
+            activeResetTokens.delete(tokenId);
+        }, 5 * 60 * 1000);
+        res.json({
+            success: true,
+            username: rootUser.username,
+            resetToken
+        });
+    } catch (error) {
+        console.error('[Recovery Verify Error]', error);
+        res.status(500).json({ error: 'Ошибка при проверке кода восстановления' });
+    }
+});
+/**
+ * @route   POST /api/auth/recovery/reset
+ * @desc    Сброс пароля с использованием токена
+ * @access  Public (с валидным токеном сброса)
+ */
+router.post('/recovery/reset', async (req, res) => {
+    try {
+        const { resetToken, newPassword } = req.body;
+        if (!resetToken || !newPassword) {
+            return res.status(400).json({ error: 'Токен и новый пароль обязательны' });
+        }
+        if (newPassword.length < 4) {
+            return res.status(400).json({ error: 'Пароль должен быть не менее 4 символов' });
+        }
+        let decoded;
+        try {
+            decoded = jwt.verify(resetToken, JWT_SECRET);
+            if (decoded.type !== 'password-reset') {
+                throw new Error('Invalid token type');
+            }
+            const tokenInfo = activeResetTokens.get(decoded.tokenId);
+            if (!tokenInfo) {
+                throw new Error('Token not found in active tokens');
+            }
+            if (tokenInfo.used) {
+                throw new Error('Token already used');
+            }
+            if (tokenInfo.userId !== decoded.userId) {
+                throw new Error('Token userId mismatch');
+            }
+        } catch (err) {
+            return res.status(401).json({ error: 'Недействительный или истекший токен' });
+        }
+        const hashedPassword = await bcrypt.hash(newPassword, 12);
+        const updatedUser = await prisma.panelUser.update({
+            where: { id: decoded.userId },
+            data: { passwordHash: hashedPassword },
+            select: { username: true }
+        });
+        const tokenInfo = activeResetTokens.get(decoded.tokenId);
+        tokenInfo.used = true;
+        activeResetTokens.delete(decoded.tokenId);
+        res.json({
+            message: 'Пароль успешно сброшен',
+            username: updatedUser.username
+        });
+    } catch (error) {
+        console.error('[Recovery Reset Error]', error);
+        res.status(500).json({ error: 'Ошибка при сбросе пароля' });
+    }
+});
 /**
  * @route   POST /api/auth/login
  * @desc    Аутентифицирует пользователя и возвращает токен