Merge branch 'development' of djpbessems/lucidAuth into master

Resolved merge conflicts

include/lucidAuth.functions.php

@@ -66,17 +66,17 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
 			INSERT INTO SecureToken (UserId, Value)
 			SELECT User.Id, :securetoken
 			FROM User
-			WHERE User.Username = :qualifiedusername
+			WHERE LOWER(User.Username) = :qualifiedusername
 		');
 		$pdoQuery->execute([
 			':securetoken'			=>	$secureToken,
-			':qualifiedusername'	=>	$qualifiedUsername
+			':qualifiedusername'	=>	strtolower($qualifiedUsername)
 		]);
 	}
 	catch (Exception $e) {
 		return ['status' => 'Fail', 'reason' => $e];
 	}
-	
+
 	// Save authentication token in cookie clientside
 	$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
 		// Check if $_SERVER['HTTP_HOST'] matches any of the configured domains (either explicitly or as a subdomain)
@@ -114,18 +114,19 @@ function validateToken (string $secureToken) {
 
 	// Retrieve all authentication tokens from database matching username
 	$pdoQuery = $pdoDB->prepare('
-		SELECT SecureToken.Value
+		SELECT User.Id, SecureToken.Value
 		FROM SecureToken
-		LEFT JOIN User 
+		LEFT JOIN User
 			ON (User.Id=SecureToken.UserId)
-		WHERE User.Username = :username
+		WHERE LOWER(User.Username) = :username
 	');
 	$pdoQuery->execute([
-			':username'	=>	(string)$jwtPayload->sub
+			':username'	=>	(string) strtolower($jwtPayload->sub)
 		]);
 	foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
 		try {
 			$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
+            $currentUserId = $row['Id'];
 		} catch (Exception $e) {
 			continue;
 		}
@@ -137,7 +138,8 @@ function validateToken (string $secureToken) {
 	})) === 1) {
 		return [
 			'status'	=> 'Success',
-			'name'		=> $jwtPayload->name
+			'name'		=> $jwtPayload->name,
+            'uid'       => $currentUserId
 		];
 	} else {
 		if ($settings->Debug['LogToFile']) {

include/lucidAuth.template.php

@@ -13,8 +13,7 @@ $pageLayout['full'] = <<<'FULL'
 	<link href="misc/style.css" rel="stylesheet" />
 	<link href="misc/style.theme.css" rel="stylesheet" />
     <link href="misc/style.button.css" rel="stylesheet" />
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
-    <script src="misc/script.theme.js"></script>
     <script src="misc/script.translation.js"></script>
   </head>
   <body>
@@ -33,7 +32,7 @@ $pageLayout['full'] = <<<'FULL'
 </html>
 FULL;
 
-$pageLayout['full2'] = <<<'FULL2'
+$pageLayout['full_alt'] = <<<'FULL_ALT'
 <!DOCTYPE html>
 <html lang="nl">
   <head>
@@ -47,7 +46,6 @@ $pageLayout['full2'] = <<<'FULL2'
     <link href="misc/style.theme.css" rel="stylesheet" />
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
     <script src="misc/script.translation.js"></script>
-    <script src="misc/script.index.js"></script>
   </head>
   <body>
  	<div class="wrapper">
@@ -72,23 +70,7 @@ $pageLayout['full2'] = <<<'FULL2'
    	</div>
   </body>
 </html>
-FULL2;
+FULL_ALT;
-
-$pageLayout['bare'] = <<<'BARE'
-<!DOCTYPE html>
-<html lang="nl">
-  <head>
-    <meta charset="utf-8" />
-    <title>lucidAuth</title>
-	<meta name="application-name" content="lucidAuth" />
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
-    <script src="misc/script.iframe.js"></script>
-  </head>
-  <body>
-  	%1$s
-  </body>
-</html>
-BARE;
 
 $contentLayout['login'] = <<<'LOGIN'
 		  <script src="misc/script.index.js"></script>
@@ -98,12 +80,12 @@ $contentLayout['login'] = <<<'LOGIN'
                 <span class="indent">&nbsp;</span>
               </li>
               <li>
-                <label class="pre" for="username" data-translation="label_username">Gebruikersnaam:</label>
+                <label class="pre" for="username" data-translation="label_username">Username:</label>
                 <input type="text" id="username" name="username" tabindex="100" />
                 <label for="username">@lucidAuth</label>
               </li>
               <li>
-                <label class="pre" for="password" data-translation="label_password">Wachtwoord:</label>
+                <label class="pre" for="password" data-translation="label_password">Password:</label>
                 <input type="password" id="password" name="password" tabindex="200" />
               </li>
               <li>
@@ -111,7 +93,7 @@ $contentLayout['login'] = <<<'LOGIN'
 				<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
               </li>
               <li class="misc">
-                <span class="indent" data-translation="span_credentialsavailable">Inloggegevens verkrijgbaar op aanvraag!</span>
+                <span class="indent" data-translation="span_credentialsavailable">Login credentials available upon request!</span>
               </li>
             </ul>
           </section>
@@ -121,16 +103,13 @@ LOGIN;
 $contentLayout['manage']['header'] = <<<'MANAGE_HEADER'
 		  <script src="misc/script.editable.table.js"></script>
 		  <script src="misc/script.manage.js"></script>
-          <span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
+          <span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" class="current" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" href="#" tabindex="700">NL</a>]&nbsp;[<a id="linklogout" href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span>
           <ul style="clear: both; margin-top: 20px;">
             <li class="buttons">
-		        <button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">nieuw</button>
+		      <button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">new</button>
-		        <button id="btnfoo" class="bttn-simple bttn-xs bttn-primary" data-translation="button_foo">foo</button>
+                &nbsp;
-				<button id="btnbar" class="bttn-simple bttn-xs bttn-primary" data-translation="button_bar">bar</button>
+		      <button id="btnsave" class="bttn-simple bttn-xs bttn-primary" data-translation="button_save">save</button>
-            </li>
+              <button id="btncancel" class="bttn-simple bttn-xs bttn-primary" data-translation="button_cancel">cancel</button>
-            <li class="buttons">
-		      <button id="btnsync" class="bttn-simple bttn-xs bttn-primary" data-translation="button_save">opslaan</button>
-              <button id="btncancel" class="bttn-simple bttn-xs bttn-primary" data-translation="button_cancel">annuleren</button>
             </li>
           </ul>
 MANAGE_HEADER;
@@ -140,9 +119,9 @@ $contentLayout['manage']['section'] = <<<'MANAGE_SECTION'
                 <table id="usertable">
                   <thead>
                     <tr>
-                      <th class="immutable">Username</th>
+                      <th class="immutable" data-translation="th_username">Username</th>
-                      <th class="immutable">Role</th>
+                      <th class="immutable" data-translation="th_role">Role</th>
-                      <th class="immutable">Sessions</th>
+                      <th class="immutable" data-translation="th_manage">Manage</th>
                     </tr>
                   </thead>
                   <tbody>

public/example.php

@@ -0,0 +1,27 @@
+<?php
+
+// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
+// Note that is just an example. Should take precautions such as filtering the input data.
+
+header('Content-Type: application/json');
+
+$input = filter_input_array(INPUT_POST);
+
+$mysqli = new mysqli('localhost', 'user', 'password', 'database');
+
+if (mysqli_connect_errno()) {
+  echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
+  exit;
+}
+
+if ($input['action'] === 'edit') {
+    $mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
+} else if ($input['action'] === 'delete') {
+    $mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
+} else if ($input['action'] === 'restore') {
+    $mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
+}
+
+mysqli_close($mysqli);
+
+echo json_encode($input);

public/lucidAuth.login.php

@@ -14,10 +14,9 @@
 					"Result"			=>	"Failure",
 					"Reason"			=>	"Failed storing authentication token in database and/or cookie"
 				]);
-#				echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
 				exit;
 			}
-            
+
 			// Convert base64 encoded string back from JSON;
 			//   forcing it into an associative array (instead of javascript's default StdClass object)
 			try {
@@ -30,7 +29,6 @@
 					"Result"			=>	"Failure",
 					"Reason"			=>	"Original request-URI lost in transition"
 				]);
-#				echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
 				exit;
 			}
 			$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
@@ -40,7 +38,9 @@
 			echo json_encode([
 				"Result"			=>	"Success",
 				"Location"			=>	$originalUri,
-				"CrossDomainLogin"	=>	$settings->Session['CrossDomainLogin']
+				"CrossDomainLogin"	=>	$settings->Session['CrossDomainLogin'],
+                "CookieDomains"     =>  json_encode(array_diff($settings->Session['CookieDomains'], [$_SERVER['HTTP_HOST']])),
+                "SecureToken"       =>  $result['token']
 			]);
 		} else {
 			switch ($result['reason']) {
@@ -63,8 +63,8 @@
 	} else {
 		include_once('../include/lucidAuth.template.php');
 
-		echo sprintf($pageLayout['full'], 
+		echo sprintf($pageLayout['full'],
-			sprintf($contentLayout['login'], 
+			sprintf($contentLayout['login'],
 				$_GET['ref']
 			)
 		);

public/lucidAuth.manage.php

@@ -12,28 +12,26 @@
 
         try {
         	$allUsers = $pdoDB->query('
-                SELECT User.Id, User.Username, Role.Rolename, COUNT(DISTINCT SecureToken.Value) AS Sessions
+                SELECT User.Id, User.Username, Role.Rolename
 		        FROM User
-    		    LEFT JOIN Role
+	            LEFT JOIN Role
-	    		    ON (User.RoleId=Role.Id)
+                    ON (Role.Id = User.RoleId)
-                LEFT JOIN SecureToken
-                    ON (User.Id=SecureToken.UserId)
     	    ')->fetchAll(PDO::FETCH_ASSOC);
         } catch (Exception $e) {
 // Should really do some actual errorhandling here
             throw new Exception($e);
         }
-
     	foreach($allUsers as $row) {
-            $tableRows[] = sprintf('<tr><td data-userid="%1$s">%2$s</td><td>%3$s</td><td class="immutable"><a href="?">%4$s</a></td></tr>',
+            $tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
+                $validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
                 $row['Id'],
                 explode('\\', $row['Username'])[1],
                 $row['Rolename'],
-                $row['Sessions']
+                '<button class="bttn-simple bttn-xs bttn-primary" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : '&nbsp;<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
             );
     	}
 
-        echo sprintf($pageLayout['full2'],
+        echo sprintf($pageLayout['full_alt'],
             sprintf($contentLayout['manage']['header'],
                 $validateTokenResult['name']
             ),

public/lucidAuth.requestCookie.php

@@ -0,0 +1,59 @@
+<?php
+	error_reporting(E_ALL ^ E_NOTICE);
+
+	include_once('../include/lucidAuth.functions.php');
+
+    // Start with checking $_REQUEST['ref']
+	if (!empty($_REQUEST['ref'])) {
+		try {
+			$queryString = json_decode(base64_decode($_REQUEST['ref']), JSON_OBJECT_AS_ARRAY);
+		}
+		catch (Exception $e) {
+			// Silently fail, unless explicitly specified otherwise
+            header("HTTP/1.1 400 Bad Request");
+			if ($settings->Debug['Verbose']) throw new Exception($e);
+            exit;
+		}
+
+        switch ($queryString['action']) {
+            case 'login':
+                if (validateToken($queryString['token'])['status'] === "Success") {
+                    // This request appears valid; try storing a cookie
+                    $httpHost = $_SERVER['HTTP_HOST'];
+                    $httpOrigin = $_SERVER['HTTP_ORIGIN'];
+                    // Check if $_SERVER['HTTP_HOST'] and $_SERVER['HTTP_ORIGIN'] match any of the configured domains (either explicitly or as a subdomain)
+                    //   This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
+                    $cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
+                        return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
+                    }))[0];
+                    $originDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpOrigin) {
+                        return (strlen($value) > strlen($httpOrigin)) ? false : (0 === substr_compare($httpOrigin, $value, -strlen($value)));
+                    }))[0];
+                    if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
+                        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+                        header('Access-Control-Allow-Credentials: true');
+                        header('Access-Control-Max-Age: 86400');
+                        header("HTTP/1.1 202 Accepted");
+                        exit;
+                    }
+                    else {
+                        header("HTTP/1.1 400 Bad Request");
+                        exit;
+                    }
+                }
+                else {
+                    header("HTTP/1.1 401 Unauthorized");
+                    exit;
+                }
+                break;
+            default:
+                header("HTTP/1.1 400 Bad Request");
+                exit;
+                break;
+        }
+	}
+    else {
+        header("HTTP/1.1 400 Bad Request");
+        exit;
+    }
+?>

public/lucidAuth.setXDomainCookie.php

@@ -1,24 +0,0 @@
-<?php
-	error_reporting(E_ALL ^ E_NOTICE);
-
-	include_once('../include/lucidAuth.functions.php');
-
-
-	// Start with checking $_REQUEST['ref']
-	// What do we need?
-	//   token again?
-
-	// approach 1:
-	//   origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
-	//   this might be slower because it means one additional roundtrip between client and server
-
-	// approach 2:
-	//   let the client setup multiple iframes for all domains other than origin domains
-	//   this requires passing an array of domains to the client in asynchronous reply; which feels insecure
-
-	include_once('../include/lucidAuth.template.php');
-
-	echo sprintf($pageLayout['bare'],
-		'// iFrames go here'
-	);
-?>

public/lucidAuth.validateRequest.php

@@ -14,7 +14,7 @@
 	$proxyHeaders = array_filter($proxyHeaders, function ($key) {
 		return substr($key, 0, 10) === 'XForwarded';
 	}, ARRAY_FILTER_USE_KEY);
-	
+
 	// For debugging purposes - enable it in ../lucidAuth.config.php
 	if ($settings->Debug['LogToFile']) {
 		file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
@@ -22,7 +22,7 @@
 
 	if (sizeof($proxyHeaders) === 0) {
 		// Non-proxied request; this is senseless, go fetch!
-		header("HTTP/1.1 403 Forbidden");
+		header("HTTP/1.1 400 Bad Request");
 		exit;
 	}
 

public/misc/script.index.js

@@ -31,11 +31,34 @@ $(document).ready(function(){
 						'color':		'#FFF'
 					});
 					if (data.CrossDomainLogin) {
-						// Create iframes for other domains
+                        var cookieDomains = JSON.parse(data.CookieDomains);
-console.log('CrossDomainLogin initiated');
+                        var XHR = [];
+                        cookieDomains.forEach(function(domain) {
+                            XHR.push($.get({
+                                url: "https://auth." + domain + "/lucidAuth.requestCookie.php",
+                                crossDomain: true,
+                                xhrFields: {
+                                    withCredentials: true,
+                                },
+                                data: {
+                                    ref: btoa(JSON.stringify({
+                                        action: 'login',
+                                        token: data.SecureToken
+                                    }))
+                                }
+                            }));
+                        });
+                        $.when.apply($, XHR).then(function(){
+                            $.each(arguments, function(_index, _arg) {
+                                // Show progress somehow (maybe something like https://minicss.org/v2/progress)
+                            });
+                        });
 					}
-console.log("Navigating to :" + data.Location);
+                    // Finished (either succesfully or through timeout) cross-domain logins
-					window.location.replace(data.Location);
+// redirect once all finished loading or timeout after $X ms
+// origin domain should be exempted from timeout
+//   (because origin domain can/will be different from current domain --due to traefik design).
+					//window.location.replace(data.Location);
 				}, 2250);
 			} else {
 				$('#btnlogin').css({

public/misc/script.manage.js

@@ -2,13 +2,75 @@ $(document).ready(function(){
     // Initialize the editable-table functionality
     $('#usertable').editableTableWidget();
 
+    $('#usertable button.delete').click(function() {
+        $(this).closest('tr').addClass('removed');
+    });
+
     $('#btnnewuser').click(function() {
+        // Create a new user; generate pseudo-random username
         var newUser = 'User' + String(Math.floor(Math.random() * Math.floor(9999))).padStart(4, '0');
 
-        $('#usertable tbody').append($('<tr class="new"><td>' + newUser + '</td><td>User</td><td class="immutable"><a href="?">0</a></td></tr>'));
+        // Add new user to the interface
+        //   (new `<tr>` in `<table id="usertable">`)
+        $('#usertable tbody').append($('<tr>', {class: 'new'})
+            .append($('<td>', {
+                text: newUser
+            }))
+            .append($('<td>', {
+                text: 'User'
+            }))
+            .append($('<td>', {
+                class: 'immutable',
+                html: '<button class="bttn-simple bttn-xs bttn-primary disabled" data-translation="button_sessions" disabled="true">' +
+                    locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_sessions'] + '</button>&nbsp;' +
+                    '<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">' +
+                    locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'] +
+                    '</button>'
+            }))
+        );
         // Call `editableTableWidget()` again to include the newly added `<tr>`
         //   To prevent recreating multiple new editors; reference the already existing `<input>`
         $('#usertable').editableTableWidget({editor: $('#editor')});
+        // Add eventhandlers to buttons of newly added `<tr>`
+        $('#usertable .new button.delete').unbind().click(function() {
+            $(this).closest('tr').remove();
+        });
+    });
+
+    $('#btnsave').click(function() {
+        var newEntries = [];
+        $('#usertable .new').each(function() {
+            newEntries.push({
+                'userName': $(this).find('td:nth-child(1)').text(),
+                'roleName': $(this).find('td:nth-child(2)').text()
+            });
+        });
+        var removedEntries = [];
+        $('#usertable .removed').each(function() {
+            removedEntries.push({
+                'userId':   $(this).find('td:nth-child(1)').data('userid'),
+                'userName': $(this).find('td:nth-child(1)').text(),
+                'roleName': $(this).find('td:nth-child(2)').text()
+            });
+        });
+
+console.log({'new': newEntries, 'removed': removedEntries});
+
+/*        $.get("psworker.php", {
+			do: "mutate",
+			mutations: {
+				new: newEntries,
+				removed: removedEntries
+			}
+		})*/
+    });
+
+    $('#btncancel').click(function() {
+        window.location.reload();
+    });
+
+    $('#linklogout').click(function() {
+        console.log('Logging out!');
     });
 
    	if (localStorage.getItem('theme') !== null) {

public/misc/script.translation.js

@@ -3,6 +3,7 @@ var locales = {
 		button_new:					"new",
         button_save:                "save",
 		button_cancel:				"cancel",
+        button_sessions:            "sessions",
 		button_delete:				"delete",
 		button_login:				"login",
 		heading_error:				"ERROR!",
@@ -10,12 +11,16 @@ var locales = {
 		label_username:				"Username:",
 		link_logout:				"Logout",
 		span_credentialsavailable:	"Login credentials available upon request!",
-		span_loggedinas:			"Logged in as"
+		span_loggedinas:			"Logged in as",
+        th_username:                "Username",
+        th_role:                    "Role",
+        th_manage:                  "Manage"
 	},
 	nl: {
 		button_new:					"nieuw",
         button_save:                "opslaan",
 		button_cancel:				"annuleren",
+        button_sessions:            "sessies",
 		button_delete:				"verwijder",
 		button_login:				"log in",
 		heading_error:				"FOUT!",
@@ -23,7 +28,10 @@ var locales = {
 		label_username:				"Gebruikersnaam:",
 		link_logout:				"Log uit",
 		span_credentialsavailable:	"Inloggegevens verkrijgbaar op aanvraag!",
-		span_loggedinas:			"Ingelogd als"
+		span_loggedinas:			"Ingelogd als",
+        th_username:                "Gebruikersnaam",
+        th_role:                    "Rol",
+        th_manage:                  "Beheer"
 	} // ... etc.
 };
 
@@ -31,7 +39,7 @@ $(document).ready(function(){
 	$('[id^=linklanguage-]').click(function() {
 		var selectedlang = $(this).attr('id').split('-')[1];
 		// Replace text of each element with translated value
-		$('[data-translation]').each(function(index) {
+		$('[data-translation]').each(function() {
 			$(this).text(locales[selectedlang][$(this).data('translation')]);
 		});
 		// Enable/disable (toggle) anchors
@@ -43,7 +51,7 @@ $(document).ready(function(){
 	});
 
 	if (localStorage.getItem('language') !== null) {
-		$('[data-translation]').each(function(index) {
+		$('[data-translation]').each(function() {
 			$(this).text(locales[localStorage.getItem('language')][$(this).data('translation')]);
 		});
 		$('span#user a.current').removeClass('current');

public/misc/style.css

@@ -137,6 +137,13 @@ body {
             padding: 2px;
             margin: 0;
         }
+        .main section table .new {
+            font-weight: bold;
+        }
+        .main section table .removed td:nth-child(-n+2) {
+            text-decoration: line-through;
+            color: grey;
+        }
         .main section table tbody tr:nth-child(odd) {
             background-color: rgb(215, 215, 215);
         }
@@ -202,4 +209,4 @@ body {
 	}
 		.main span#user nav {
 			display: inline;
-		}
+		}

public/misc/style.panes.css

@@ -8,7 +8,7 @@ body{
   flex-direction: column;
 }
 .header {
-  height: 125px;
+  height: 100px;
   background: #FFFFFF;
   color: #000000;
 }
@@ -36,7 +36,7 @@ body{
 }
 .main section {
 	overflow-y: scroll;
-	height: calc(100% - 125px);
+	height: calc(100% - 100px);
 }
 .sidebar-first{
   width: 25%;