From 829b939273802d3702e81d649c365896c5db2019 Mon Sep 17 00:00:00 2001
From: Dita Aji Pratama <ditaajipratama@protonmail.com>
Date: Wed, 13 Aug 2025 16:57:11 +0700
Subject: [PATCH] Invitation features done

---
 handler.py               | 11 +++++++++
 modules/api/auth.py      |  3 ++-
 modules/public/accept.py | 42 +++++++++++++++++++++++++++++++
 pages/public/accept.html | 15 ++++++++++++
 static/js/accept.js      | 53 ++++++++++++++++++++++++++++++++++++++++
 static/js/users.js       |  1 +
 6 files changed, 124 insertions(+), 1 deletion(-)
 create mode 100644 modules/public/accept.py
 create mode 100644 pages/public/accept.html
 create mode 100644 static/js/accept.js

diff --git a/handler.py b/handler.py
index a29cd8e..bdb9f7e 100644
--- a/handler.py
+++ b/handler.py
@@ -24,6 +24,7 @@ import	modules.public.reset	as public_reset
 
 import	modules.public.roles	as public_roles
 import	modules.public.users	as public_users
+import	modules.public.accept	as public_accept
 
 import  modules.api.auth        as api_auth
 import  modules.api.roles	as api_auth_roles
@@ -139,6 +140,16 @@ def index():
     }
     return public_users.users().html(params)
 
+@app.route('/accept', method='GET')
+def index():
+    params = {
+        "token"	: request.query.token,
+        "mako"  : {
+            "website" : template_public.main(directory.page["public"], "accept")
+        }
+    }
+    return public_accept.accept().html(params)
+
 @app.route('/api/auth/register/<roles>', method=['OPTIONS', 'POST'])
 def index(roles):
     try:
diff --git a/modules/api/auth.py b/modules/api/auth.py
index c94def6..6613bc8 100644
--- a/modules/api/auth.py
+++ b/modules/api/auth.py
@@ -382,7 +382,8 @@ class auth:
                 self.cursor.execute("INSERT INTO `auth_profile` VALUES (DEFAULT, %s, %s, %s, NULL);", (token, username, email) )
                 auth_profile_lastrowid = self.cursor.lastrowid
                 self.cursor.execute("INSERT INTO `auth_profile_verification` VALUES (DEFAULT, %s, 'email', 1);", (auth_profile_lastrowid,) )
-                self.cursor.execute("INSERT INTO `auth_profile_roles` VALUES (DEFAULT, %s, %s);", (auth_profile_lastrowid, roles) )
+                for role in roles:
+                    self.cursor.execute("INSERT INTO `auth_profile_roles` VALUES (DEFAULT, %s, %s);", (auth_profile_lastrowid, role) )
                 loggorilla.prcss(APIADDR, "Sending email")
                 webmail_data 	= {
                     "username"	: username,
diff --git a/modules/public/accept.py b/modules/public/accept.py
new file mode 100644
index 0000000..937766b
--- /dev/null
+++ b/modules/public/accept.py
@@ -0,0 +1,42 @@
+from    mako.template           import  Template
+from    config                  import  globalvar, navigation
+from    scripts                 import  loggorilla, tokenguard
+
+import  procedure.validation    as 		procedure_validation
+
+class accept:
+
+    def __init__(self):
+        pass
+
+    def html(self, params):
+        APIADDR         = "/accept"
+
+        loggorilla.prcss(APIADDR, "Define page parameters")
+        active_page     = "Accept"
+        allowed_roles   = [0,1,2,3]
+
+        loggorilla.prcss(APIADDR, "Account validation")
+        user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
+        user            = user_validation['data']
+
+        token		= params['token']
+        payload		= tokenguard.decode(token, globalvar.ssh['key']['public'])
+        username	= payload['username']
+        
+        return Template(params["mako"]["website"]['index']).render(
+            title	= globalvar.title,
+            header	= globalvar.header,
+            navbar	= Template(params["mako"]["website"]['navbar']).render(
+                menu		= navigation.menu['public']['navbar'],
+                user_roles	= user['profile']['roles'],
+                active_page	= active_page
+            ),
+            footer	= Template(params["mako"]["website"]['footer']).render(
+                copyright	= globalvar.copyright,
+            ),
+            container	= Template(params["mako"]["website"]['container']).render(
+                token       = token,
+                username    = username
+            )
+        )
diff --git a/pages/public/accept.html b/pages/public/accept.html
new file mode 100644
index 0000000..9090d0d
--- /dev/null
+++ b/pages/public/accept.html
@@ -0,0 +1,15 @@
+<input type="hidden" id="form-token" 		value="${token}">
+<input type="hidden" id="form-get-username"	value="${username or ''}">
+
+<h2>Set your account</h2>
+
+<input type="text"		id="form-username"  placeholder="Username" value="${username or ''}" required > <br>
+<input type="password"	id="form-password"	placeholder="Password" required > <br>
+<button type="button" onclick="accept()">Submit</button> <br>
+
+<div id="alert-response" role="alert">
+  <b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
+</div>
+
+<script type="text/javascript" src="/js/carrack.js"></script>
+<script type="text/javascript" src="/js/accept.js"></script>
diff --git a/static/js/accept.js b/static/js/accept.js
new file mode 100644
index 0000000..b6ae630
--- /dev/null
+++ b/static/js/accept.js
@@ -0,0 +1,53 @@
+function flushResponse() {
+  document.getElementById("alert-response"  ).style.display = 'none';
+  document.getElementById("alert-response"  ).classList.remove('alert-success'  );
+  document.getElementById("alert-response"  ).classList.remove('alert-danger'   );
+  document.getElementById("alert-response"  ).classList.remove('alert-primary'  );
+}
+
+function loadingResponse() {
+  flushResponse();
+  document.getElementById("alert-status"  ).innerHTML = "Loading...";
+  document.getElementById("alert-desc"    ).innerHTML = "Please wait...";
+  document.getElementById("alert-response").classList.add('alert-primary');
+  document.getElementById("alert-response").style.display = 'block';
+}
+
+function responseAlert(response) {
+  flushResponse();
+  const obj = JSON.parse(response);
+  if (obj.status == "success" ) document.getElementById("alert-response").classList.add('alert-success' );
+  if (obj.status == "failed"  ) document.getElementById("alert-response").classList.add('alert-danger'  );
+  document.getElementById("alert-status"  ).innerHTML     = obj.status;
+  document.getElementById("alert-desc"    ).innerHTML     = obj.desc;
+  document.getElementById("alert-response").style.display = 'block';
+}
+
+var token    		= document.getElementById("form-token"      	).value;
+var getUsername		= document.getElementById("form-get-username"	).value;
+if (getUsername != null && getUsername != "") document.getElementById("form-username").disabled=true;
+
+function accept() {
+    loadingResponse();
+    var 	username	= getUsername;
+    if 		(getUsername == null || getUsername == "") username	= document.getElementById('form-username').value;
+    const 	password	= document.getElementById('form-password').value;
+    var 	url     	= "/api/auth/accept";
+    var 	payload 	= {
+        "username"	: username,
+        "password"	: password
+    };
+    sendHttpRequest(url, "POST", payload, function (error, response) {
+        if (error) {
+            // console.error("Error:", error);
+            responseAlert({"status" : "failed", "desc" : error});
+        }
+        else {
+            // console.log("JSON Response:", response);
+            responseAlert(response);
+        }
+    }, "application/json", `Bearer ${token}`);
+}
+
+flushResponse();
+
diff --git a/static/js/users.js b/static/js/users.js
index bc7a8f1..9c647ef 100644
--- a/static/js/users.js
+++ b/static/js/users.js
@@ -79,6 +79,7 @@ sendHttpRequest("/api/auth/roles/list", "POST", null,
 );
 
 function invite() {
+    loadingResponse();
     const 	roles 		= Array
           .from(document.querySelectorAll('input[name="roles"]:checked'))
           .map(row => Number(row.value)); // Convert into number. Output example: [2, 3]