npm - stem-lab-toolkit - Versions diffs - 1.0.1 → 1.0.2 - Mend

stem-lab-toolkit 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/admin.html CHANGED Viewed

@@ -1,7 +1,18 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <meta charset="UTF-8">
+<meta charset="UTF-8">
+<script>
+(function(){
+  var n=performance.getEntriesByType('navigation')[0];
+  if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}
+  if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}
+  var rank=sessionStorage.getItem('mm_rank');
+  if(rank==='admin'){window.location.replace('./control-panel.html');return;}
+  if(rank!=='administrator'){window.location.replace('./browse.html');}
+})();
+</script>
+  <link rel="icon" type="image/png" href="/assets/favicon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Admin — MM Games</title>
   <link rel="stylesheet" href="./css/style.css">
@@ -12,6 +23,11 @@
     .overflow-x { overflow-x: auto; }
     .thumb-preview { width: 56px; height: 42px; object-fit: cover; border-radius: 4px; background: var(--surface); }
     .thumb-ph { width: 56px; height: 42px; border-radius: 4px; background: #e0e7ff; display:flex; align-items:center; justify-content:center; font-size:.65rem; font-weight:600; padding:4px; line-height:1.2; overflow:hidden; }
+    .rank-badge { font-size: 0.72rem; padding: 2px 8px; border-radius: 20px; font-weight: 600; text-transform: uppercase; letter-spacing: .04em; }
+    .rank-administrator { background: #ede9fe; color: #6d28d9; }
+    .rank-admin  { background: #fef3c7; color: #92400e; }
+    .rank-user   { background: #ecfdf5; color: #065f46; }
+    .rank-select { font-size: 0.8rem; padding: 4px 8px; border-radius: 6px; border: 1px solid var(--border); background: var(--surface); color: var(--text); cursor: pointer; }
   </style>
 </head>
 <body>
@@ -19,20 +35,21 @@
 <header class="site-header">
   <div class="header-inner">
     <a href="./browse.html" class="logo-link">
-      <img src="./assets/logo.png" alt="" class="logo-img" onerror="this.style.display='none'">
-      <span>MM Games</span><span style="font-size:0.65rem;color:var(--muted);margin-left:6px;">v1.0.0</span>
+      <img src="./assets/logo.png?v=new" alt="" class="logo-img" onerror="this.style.display='none'">
+      <span>MM Games</span>
     </a>
     <nav class="site-nav">
       <a href="./browse.html">Browse</a>
       <a href="./admin.html" class="active">Admin</a>
       <a href="./index.html" class="nav-calc-btn" title="Calculator"><svg width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round" viewBox="0 0 24 24"><rect x="4" y="2" width="16" height="20" rx="2"/><line x1="8" y1="6" x2="16" y2="6"/><line x1="8" y1="10" x2="10" y2="10"/><line x1="8" y1="14" x2="10" y2="14"/><line x1="8" y1="18" x2="10" y2="18"/><line x1="14" y1="10" x2="16" y2="10"/><line x1="14" y1="14" x2="16" y2="14"/><line x1="14" y1="18" x2="16" y2="18"/></svg></a>
+      <button onclick="sessionStorage.clear();window.location.href='./index.html';" style="background:none;border:1px solid var(--border);color:var(--muted);font-size:.8rem;padding:5px 12px;border-radius:8px;cursor:pointer;margin-left:4px;">Logout</button>
     </nav>
   </div>
 </header>
 <div class="admin-wrap">
   <div class="page-title">Admin Panel</div>
-  <div class="page-sub">Manage games and site settings</div>
+  <div class="page-sub">Manage games, users, and site settings</div>
   <!-- Stats -->
   <div class="card">
@@ -49,23 +66,50 @@
     </div>
   </div>
-  <!-- Change PINs -->
+  <!-- User Management -->
   <div class="card">
-    <div class="card-title">Change PINs</div>
+    <div class="card-title">User Management</div>
+    <!-- Add user -->
     <div class="form-grid">
       <div class="form-group">
-        <label>New Admin PIN <span style="font-weight:400;text-transform:none;">(4–8 digits)</span></label>
-        <input type="password" id="pin-admin" placeholder="Leave blank to keep current" maxlength="8" inputmode="numeric" pattern="[0-9]*">
+        <label>Username</label>
+        <input type="text" id="new-username" placeholder="New username" autocomplete="off">
+      </div>
+      <div class="form-group">
+        <label>Password</label>
+        <input type="password" id="new-password" placeholder="Password">
       </div>
       <div class="form-group">
-        <label>New User PIN <span style="font-weight:400;text-transform:none;">(4–8 digits)</span></label>
-        <input type="password" id="pin-user" placeholder="Leave blank to keep current" maxlength="8" inputmode="numeric" pattern="[0-9]*">
+        <label>Rank</label>
+        <select id="new-rank">
+          <option value="user">user</option>
+          <option value="admin">admin</option>
+          <option value="administrator">administrator</option>
+        </select>
       </div>
     </div>
     <div style="margin-top:16px; display:flex; gap:10px; align-items:center;">
-      <button class="btn btn-primary" id="pin-save-btn">Save PINs</button>
-      <span class="feedback" id="pin-feedback"></span>
+      <button class="btn btn-primary" id="add-user-btn">Add User</button>
+      <span class="feedback" id="add-user-feedback"></span>
     </div>
+    <!-- Users table -->
+    <div class="overflow-x" style="margin-top:28px;">
+      <table class="admin-table" id="users-table">
+        <thead>
+          <tr>
+            <th>Username</th>
+            <th>Rank</th>
+            <th>Actions</th>
+          </tr>
+        </thead>
+        <tbody id="users-tbody">
+          <tr><td colspan="3" style="color:var(--muted);text-align:center;padding:24px;">Loading…</td></tr>
+        </tbody>
+      </table>
+    </div>
+    <div class="feedback" id="users-feedback" style="margin-top:12px;"></div>
   </div>
   <!-- Games table -->
@@ -93,6 +137,7 @@
   </div>
 </div>
-<script src="./js/admin.js?v=2"></script>
+<script src="./js/admin.js?v=1.0.5"></script>
 </body>
 </html>

package/api.js CHANGED Viewed

@@ -1,106 +1,155 @@
-const http = require('http');
-const fs   = require('fs');
-const path = require('path');
+const express    = require('express');
+const bcrypt     = require('bcrypt');
+const rateLimit  = require('express-rate-limit');
+const fs         = require('fs');
+const path       = require('path');
+const crypto     = require('crypto');
-const GAMES_FILE = path.join(__dirname, 'games.json');
-const PINS_FILE  = path.join(__dirname, 'pins.json');
+const app        = express();
 const PORT       = 3001;
+const USERS_FILE = path.join(__dirname, 'users.json');
+const GAMES_FILE = path.join(__dirname, 'games.json');
+// In-memory sessions: token -> { username, rank, expires }
+const sessions = new Map();
+app.use(express.json({ limit: '1mb' }));
+app.use((req, res, next) => {
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+  if (req.method === 'OPTIONS') return res.sendStatus(204);
+  next();
+});
+function readUsers() {
+  try { return JSON.parse(fs.readFileSync(USERS_FILE, 'utf8')); }
+  catch { return []; }
+}
+function writeUsers(users) {
+  fs.writeFileSync(USERS_FILE, JSON.stringify(users, null, 2));
+}
 function readGames() {
   try { return JSON.parse(fs.readFileSync(GAMES_FILE, 'utf8')); }
   catch { return []; }
 }
 function writeGames(games) {
   fs.writeFileSync(GAMES_FILE, JSON.stringify(games, null, 2));
 }
-function readPins() {
-  try { return JSON.parse(fs.readFileSync(PINS_FILE, 'utf8')); }
-  catch { return { admin: '1234', user: '5555' }; }
+function getSession(req) {
+  const auth  = (req.headers.authorization || '').replace('Bearer ', '').trim();
+  if (!auth) return null;
+  const sess = sessions.get(auth);
+  if (!sess || sess.expires < Date.now()) { sessions.delete(auth); return null; }
+  return sess;
 }
-function writePins(pins) {
-  fs.writeFileSync(PINS_FILE, JSON.stringify(pins));
+function requireAdmin(req, res, next) {
+  const sess = getSession(req);
+  if (!sess || sess.rank !== 'administrator') return res.status(403).json({ error: 'Forbidden.' });
+  req.sess = sess;
+  next();
 }
-function json(res, status, obj) {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
+const loginLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 5,
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: (_req, res) =>
+    res.status(429).json({ success: false, error: 'Too many attempts. Try again in 60 seconds.' }),
+});
+// ── Auth ───────────────────────────────────────────────────────────────────
+app.post('/api/login', loginLimiter, async (req, res) => {
+  const { username, password } = req.body || {};
+  if (!username || !password) return res.status(400).json({ success: false });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(401).json({ success: false });
+  const match = await bcrypt.compare(password, user.password);
+  if (!match) return res.status(401).json({ success: false });
+  const token = crypto.randomBytes(32).toString('hex');
+  sessions.set(token, {
+    username: user.username,
+    rank: user.rank,
+    expires: Date.now() + 8 * 3600 * 1000,
   });
-  res.end(JSON.stringify(obj));
-}
+  res.json({ success: true, rank: user.rank, token });
+});
-function parseBody(req, cb) {
-  let body = '';
-  req.on('data', d => { body += d; if (body.length > 1e6) req.destroy(); });
-  req.on('end', () => { try { cb(JSON.parse(body)); } catch { cb(null); } });
-}
+// ── Games ──────────────────────────────────────────────────────────────────
-const server = http.createServer((req, res) => {
-  if (req.method === 'OPTIONS') {
-    res.writeHead(204, {
-      'Access-Control-Allow-Origin': '*',
-      'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-      'Access-Control-Allow-Headers': 'Content-Type',
-    });
-    return res.end();
-  }
-  // GET /api/games — visible games for browse page
-  if (req.method === 'GET' && req.url === '/api/games') {
-    return json(res, 200, readGames().filter(g => g.visible));
-  }
-  // GET /api/games/all — all games for admin
-  if (req.method === 'GET' && req.url === '/api/games/all') {
-    return json(res, 200, readGames());
-  }
-  // POST /api/games — full save (admin only)
-  if (req.method === 'POST' && req.url === '/api/games') {
-    return parseBody(req, data => {
-      if (!data || data.adminPin !== readPins().admin)
-        return json(res, 403, { error: 'Unauthorized.' });
-      if (!Array.isArray(data.games))
-        return json(res, 400, { error: 'Invalid payload.' });
-      writeGames(data.games);
-      json(res, 200, { ok: true });
-    });
-  }
-  // POST /api/pin — validate PIN, return role
-  if (req.method === 'POST' && req.url === '/api/pin') {
-    return parseBody(req, data => {
-      if (!data) return json(res, 400, { error: 'Bad request.' });
-      const pins = readPins();
-      if (data.pin === pins.admin) return json(res, 200, { role: 'admin' });
-      if (data.pin === pins.user)  return json(res, 200, { role: 'user' });
-      return json(res, 403, { role: 'none' });
-    });
-  }
-  // POST /api/pins — update PINs (admin only)
-  if (req.method === 'POST' && req.url === '/api/pins') {
-    return parseBody(req, data => {
-      if (!data) return json(res, 400, { error: 'Bad request.' });
-      const pins = readPins();
-      if (data.adminPin !== pins.admin) return json(res, 403, { error: 'Unauthorized.' });
-      const newAdmin = String(data.newAdmin || '').trim();
-      const newUser  = String(data.newUser  || '').trim();
-      if (newAdmin && !/^\d{4,8}$/.test(newAdmin)) return json(res, 400, { error: 'Admin PIN must be 4–8 digits.' });
-      if (newUser  && !/^\d{4,8}$/.test(newUser))  return json(res, 400, { error: 'User PIN must be 4–8 digits.'  });
-      if (newAdmin) pins.admin = newAdmin;
-      if (newUser)  pins.user  = newUser;
-      writePins(pins);
-      json(res, 200, { ok: true, pins: { admin: !!newAdmin, user: !!newUser } });
-    });
-  }
-  json(res, 404, { error: 'Not found.' });
+app.get('/api/games', (_req, res) => {
+  res.json(readGames().filter(g => g.visible));
 });
-server.listen(PORT, '127.0.0.1', () => {
-  console.log(`API listening on 127.0.0.1:${PORT}`);
+app.get('/api/games/all', requireAdmin, (_req, res) => {
+  res.json(readGames());
 });
+app.post('/api/games', requireAdmin, (req, res) => {
+  if (!Array.isArray(req.body.games)) return res.status(400).json({ error: 'Invalid payload.' });
+  writeGames(req.body.games);
+  res.json({ ok: true });
+});
+// ── Users ──────────────────────────────────────────────────────────────────
+const VALID_RANKS = ['administrator', 'admin', 'user'];
+app.get('/api/users', requireAdmin, (_req, res) => {
+  const users = readUsers().map(u => ({ username: u.username, rank: u.rank }));
+  res.json(users);
+});
+app.post('/api/users/add', requireAdmin, async (req, res) => {
+  const { username, password, rank } = req.body || {};
+  if (!username || !password || !VALID_RANKS.includes(rank))
+    return res.status(400).json({ error: 'username, password and valid rank required.' });
+  const users = readUsers();
+  if (users.find(u => u.username === username))
+    return res.status(409).json({ error: 'Username already exists.' });
+  const hashed = await bcrypt.hash(password, 12);
+  users.push({ username, password: hashed, rank });
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/update', requireAdmin, (req, res) => {
+  const { username, rank } = req.body || {};
+  if (!username || !VALID_RANKS.includes(rank))
+    return res.status(400).json({ error: 'username and valid rank required.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  user.rank = rank;
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/delete', requireAdmin, (req, res) => {
+  const { username } = req.body || {};
+  if (!username) return res.status(400).json({ error: 'username required.' });
+  const users = readUsers();
+  const idx   = users.findIndex(u => u.username === username);
+  if (idx === -1) return res.status(404).json({ error: 'User not found.' });
+  users.splice(idx, 1);
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.post('/api/users/reset-password', requireAdmin, async (req, res) => {
+  const { username, password } = req.body || {};
+  if (!username || !password) return res.status(400).json({ error: 'username and password required.' });
+  const users = readUsers();
+  const user  = users.find(u => u.username === username);
+  if (!user) return res.status(404).json({ error: 'User not found.' });
+  user.password = await bcrypt.hash(password, 12);
+  writeUsers(users);
+  res.json({ ok: true });
+});
+app.listen(PORT, '127.0.0.1', () => console.log(`API listening on 127.0.0.1:${PORT}`));

package/assets/favicon.png ADDED Viewed

Binary file

package/assets/logo.png CHANGED Viewed

Binary file

package/browse.html CHANGED Viewed

@@ -1,7 +1,9 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <meta charset="UTF-8">
+<meta charset="UTF-8">
+<script>(function(){var n=performance.getEntriesByType('navigation')[0];if(n&&n.type==='reload'){sessionStorage.clear();window.location.replace('./index.html');return;}if(sessionStorage.getItem('mm_auth')!=='true'){window.location.replace('./index.html');return;}var r=sessionStorage.getItem('mm_rank');if(!r){window.location.replace('./index.html');}})();</script>
+  <link rel="icon" type="image/png" href="/assets/favicon.png">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>MM Games</title>
   <link rel="stylesheet" href="./css/style.css">
@@ -11,8 +13,9 @@
 <header class="site-header">
   <div class="header-inner">
     <a href="./browse.html" class="logo-link">
-      <img src="./assets/logo.png" alt="" class="logo-img" onerror="this.style.display='none'">
-      <span>MM Games</span><span style="font-size:0.65rem;color:var(--muted);margin-left:6px;">v1.0.0</span>
+      <img src="./assets/logo.png?v=new" alt="" class="logo-img" onerror="this.style.display='none'">
+      <span>MM Games</span>
     </a>
     <nav class="site-nav">
       <a href="./browse.html" class="active">Browse</a>
@@ -53,10 +56,25 @@
       <div class="game-grid" id="game-grid"></div>
     </div>
   </div>
 </main>
-<script src="./js/games.js?v=2"></script>
-<script src="./js/pin-modal.js?v=2"></script>
+<script src="./js/games.js?v=1.0.5"></script>
+<script src="./js/pin-modal.js?v=1.0.5c"></script>
+<button id="scroll-top" onclick="window.scrollTo({top:0,behavior:'smooth'})" aria-label="Back to top" style="position:fixed;bottom:28px;right:28px;width:40px;height:40px;border-radius:50%;background:#2563eb;color:#fff;border:none;font-size:18px;cursor:pointer;box-shadow:0 2px 12px rgba(0,0,0,.18);opacity:0;transform:translateY(8px);transition:opacity .25s,transform .25s;pointer-events:none;z-index:200;display:flex;align-items:center;justify-content:center;">&#8593;</button>
+<script>
+(function(){
+  var btn=document.getElementById('scroll-top');
+  window.addEventListener('scroll',function(){
+    var show=window.scrollY>300;
+    btn.style.opacity=show?'1':'0';
+    btn.style.transform=show?'translateY(0)':'translateY(8px)';
+    btn.style.pointerEvents=show?'auto':'none';
+  },{passive:true});
+})();
+</script>
 </body>
 </html>

package/bump.sh CHANGED Viewed

@@ -1,4 +1,8 @@
 #!/bin/bash
 VER=$(cat /var/www/moshelab/version.txt | tr -d '[:space:]')
-sudo sed -i "s/v[0-9]\+/$VER/g" /var/www/moshelab/*.html
+VERNUM="${VER#v}"
+# Update visible version badges (vX.X.X)
+sudo sed -i "s/v[0-9][0-9.]*/$VER/g" /var/www/moshelab/*.html
+# Update script/link cache-buster query params (?v=X.X.X)
+sudo sed -i "s/?v=[0-9][0-9.]*/?v=$VERNUM/g" /var/www/moshelab/*.html
 echo "Version set to $VER"