diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-users.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-users.js
index 06a4cf769..4ecb6e7fd 100644
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-users.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-users.js
@@ -18,6 +18,10 @@ exports.path = /^\/admin\/users$/;
exports.handler = function(request,response,state) {
var userList = state.server.sqlTiddlerDatabase.listUsers();
+ if (request.url.includes("*")) {
+ $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/post-user/error");
+ $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/post-user/success");
+ }
// Ensure userList is an array
if (!Array.isArray(userList)) {
diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/manage-roles.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/manage-roles.js
index 8519b002a..f390c9db6 100644
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/manage-roles.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/manage-roles.js
@@ -17,6 +17,10 @@ exports.method = "GET";
exports.path = /^\/admin\/roles\/?$/;
exports.handler = function(request, response, state) {
+ if (request.url.includes("*")) {
+ $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/post-role/error");
+ $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/post-role/success");
+ }
var roles = state.server.sqlTiddlerDatabase.listRoles();
var editRoleId = request.url.includes("?") ? request.url.split("?")[1]?.split("=")[1] : null;
var editRole = editRoleId ? roles.find(role => role.role_id === $tw.utils.parseInt(editRoleId, 10)) : null;
diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-role.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-role.js
index c2c693131..9692c7d68 100644
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-role.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-role.js
@@ -25,12 +25,58 @@ exports.handler = function (request, response, state) {
var role_name = state.data.role_name;
var role_description = state.data.role_description;
- // Add your authentication check here if needed
+ if(!state.authenticatedUser || !state.authenticatedUser.isAdmin) {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-role/error",
+ text: "Unauthorized access. Admin privileges required."
+ }));
+ response.writeHead(302, { "Location": "/login" });
+ response.end();
+ return;
+ }
- sqlTiddlerDatabase.createRole(role_name, role_description);
+ if(!role_name || !role_description) {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-role/error",
+ text: "Role name and description are required"
+ }));
+ response.writeHead(302, { "Location": "/admin/roles" });
+ response.end();
+ return;
+ }
- response.writeHead(302, { "Location": "/admin/roles" });
- response.end();
+ try {
+ // Check if role already exists
+ var existingRole = sqlTiddlerDatabase.getRole(role_name);
+ if(existingRole) {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-role/error",
+ text: "Role already exists"
+ }));
+ response.writeHead(302, { "Location": "/admin/roles" });
+ response.end();
+ return;
+ }
+
+ sqlTiddlerDatabase.createRole(role_name, role_description);
+
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-role/success",
+ text: "Role created successfully"
+ }));
+ response.writeHead(302, { "Location": "/admin/roles" });
+ response.end();
+
+ } catch(error) {
+ console.error("Error creating role:", error);
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-role/error",
+ text: "Error creating role: " + error.message
+ }));
+ response.writeHead(302, { "Location": "/admin/roles" });
+ response.end();
+ return;
+ }
};
}());
\ No newline at end of file
diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-user.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-user.js
index 01955a2e9..ec5b81f29 100644
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-user.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-user.js
@@ -30,62 +30,103 @@ exports.handler = function(request, response, state) {
var confirmPassword = state.data.confirmPassword;
if(!state.authenticatedUser && !state.firstGuestUser) {
- response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
- response.end("Unauthorized");
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/error",
+ text: "Unauthorized access"
+ }));
+ response.writeHead(302, { "Location": "/login" });
+ response.end();
return;
}
if(!username || !email || !password || !confirmPassword) {
- response.writeHead(400, {"Content-Type": "application/json"});
- response.end(JSON.stringify({error: "All fields are required"}));
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/error",
+ text: "All fields are required"
+ }));
+ response.writeHead(302, { "Location": "/admin/users" });
+ response.end();
return;
}
if(password !== confirmPassword) {
- response.writeHead(400, {"Content-Type": "application/json"});
- response.end(JSON.stringify({error: "Passwords do not match"}));
- return;
- }
-
- // Check if user already exists
- var existingUser = sqlTiddlerDatabase.getUser(username);
- if(existingUser) {
- response.writeHead(400, {"Content-Type": "application/json"});
- response.end(JSON.stringify({error: "Username already exists"}));
- return;
- }
-
- var hasUsers = sqlTiddlerDatabase.listUsers().length > 0;
- var hashedPassword = crypto.createHash("sha256").update(password).digest("hex");
-
- // Create new user
- var userId = sqlTiddlerDatabase.createUser(username, email, hashedPassword);
-
- if(!hasUsers) {
- // If this is the first guest user, assign admin privileges
- sqlTiddlerDatabase.setUserAdmin(userId, true);
-
- // Create a session for the new admin user
- var auth = require('$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js').Authenticator;
- var authenticator = auth(sqlTiddlerDatabase);
- var sessionId = authenticator.createSession(userId);
-
- // Set the session cookie and redirect
- response.setHeader('Set-Cookie', `session=${sessionId}; HttpOnly; Path=/`);
- response.writeHead(302, {
- 'Location': '/'
- });
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/error",
+ text: "Passwords do not match"
+ }));
+ response.writeHead(302, { "Location": "/admin/users" });
response.end();
return;
- } else {
- // assign role to user
- const roles = sqlTiddlerDatabase.listRoles();
- const roleId = roles.find(role => role.role_name.toUpperCase() !== "ADMIN")?.role_id;
- if (roleId) {
- sqlTiddlerDatabase.addRoleToUser(userId, roleId);
+ }
+
+ try {
+ // Check if user already exists
+ var existingUser = sqlTiddlerDatabase.getUser(username);
+ if(existingUser) {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/error",
+ text: "Username already exists"
+ }));
+ response.writeHead(302, { "Location": "/admin/users" });
+ response.end();
+ return;
}
- response.writeHead(302, {"Location": "/admin/users/"+userId});
+
+ var hasUsers = sqlTiddlerDatabase.listUsers().length > 0;
+ var hashedPassword = crypto.createHash("sha256").update(password).digest("hex");
+
+ // Create new user
+ var userId = sqlTiddlerDatabase.createUser(username, email, hashedPassword);
+
+ if(!hasUsers) {
+ try {
+ // If this is the first guest user, assign admin privileges
+ sqlTiddlerDatabase.setUserAdmin(userId, true);
+
+ // Create a session for the new admin user
+ var auth = require('$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js').Authenticator;
+ var authenticator = auth(sqlTiddlerDatabase);
+ var sessionId = authenticator.createSession(userId);
+
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/success",
+ text: "Admin user created successfully"
+ }));
+ response.setHeader('Set-Cookie', `session=${sessionId}; HttpOnly; Path=/`);
+ response.writeHead(302, {'Location': '/'});
+ response.end();
+ return;
+ } catch (adminError) {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/error",
+ text: "Error creating admin user"
+ }));
+ response.writeHead(302, { "Location": "/admin/users" });
+ response.end();
+ return;
+ }
+ } else {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/success",
+ text: "User created successfully"
+ }));
+ // assign role to user
+ const roles = sqlTiddlerDatabase.listRoles();
+ const roleId = roles.find(role => role.role_name.toUpperCase() !== "ADMIN")?.role_id;
+ if (roleId) {
+ sqlTiddlerDatabase.addRoleToUser(userId, roleId);
+ }
+ response.writeHead(302, {"Location": "/admin/users/"+userId});
+ response.end();
+ }
+ } catch (error) {
+ $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+ title: "$:/temp/mws/post-user/error",
+ text: "Error creating user: " + error.message
+ }));
+ response.writeHead(302, { "Location": "/admin/users" });
response.end();
+ return;
}
};
diff --git a/plugins/tiddlywiki/multiwikiserver/templates/add-user-form.tid b/plugins/tiddlywiki/multiwikiserver/templates/add-user-form.tid
index 6d1eb9169..23f1d7221 100644
--- a/plugins/tiddlywiki/multiwikiserver/templates/add-user-form.tid
+++ b/plugins/tiddlywiki/multiwikiserver/templates/add-user-form.tid
@@ -19,6 +19,18 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/add-user-form
+ <$list filter="[[$:/temp/mws/post-user/error]!is[missing]]" variable="errorTiddler">
+
+ <$text text={{{[get[text]]}}}/>
+
+
+
+ <$list filter="[[$:/temp/mws/post-user/success]!is[missing]]" variable="successTiddler">
+
+ <$text text={{{[get[text]]}}}/>
+
+
+