mycorrhiza/web/admin.go

package web

import (
	"fmt"
	"io"
	"log"
	"mime"
	"net/http"
	"os"
	"sort"

	"github.com/gorilla/mux"

	"github.com/bouncepaw/mycorrhiza/cfg"
	"github.com/bouncepaw/mycorrhiza/user"
	"github.com/bouncepaw/mycorrhiza/util"
	"github.com/bouncepaw/mycorrhiza/views"
)

// initAdmin sets up /admin routes if auth is used. Call it after you have decided if you want to use auth.
func initAdmin(r *mux.Router) {
	r.HandleFunc("/shutdown", handlerAdminShutdown).Methods(http.MethodPost)
	r.HandleFunc("/reindex-users", handlerAdminReindexUsers).Methods(http.MethodPost)

	r.HandleFunc("/user/new", handlerAdminUserNew).Methods(http.MethodGet, http.MethodPost)
	r.HandleFunc("/users/{username}/edit", handlerAdminUserEdit).Methods(http.MethodGet, http.MethodPost)
	r.HandleFunc("/users/{username}/delete", handlerAdminUserDelete).Methods(http.MethodGet, http.MethodPost)
	r.HandleFunc("/users", handlerAdminUsers)

	r.HandleFunc("/", handlerAdmin)
}

// handlerAdmin provides the admin panel.
func handlerAdmin(w http.ResponseWriter, rq *http.Request) {
	w.Header().Set("Content-Type", "text/html;charset=utf-8")
	w.WriteHeader(http.StatusOK)
	io.WriteString(w, views.BaseHTML("Admin panel", views.AdminPanelHTML(), user.FromRequest(rq)))
}

// handlerAdminShutdown kills the wiki.
func handlerAdminShutdown(w http.ResponseWriter, rq *http.Request) {
	if user.CanProceed(rq, "admin/shutdown") {
		log.Println("An admin commanded the wiki to shutdown")
		os.Exit(0)
	}
}

// handlerAdminReindexUsers reinitialises the user system.
func handlerAdminReindexUsers(w http.ResponseWriter, rq *http.Request) {
	user.ReadUsersFromFilesystem()
	redirectTo := rq.Referer()
	if redirectTo == "" {
		redirectTo = "/hypha/" + cfg.UserHypha
	}
	http.Redirect(w, rq, redirectTo, http.StatusSeeOther)
}

func handlerAdminUsers(w http.ResponseWriter, rq *http.Request) {
	// Get a sorted list of users
	var userList []*user.User
	for u := range user.YieldUsers() {
		userList = append(userList, u)
	}

	sort.Slice(userList, func(i, j int) bool {
		less := userList[i].RegisteredAt.Before(userList[j].RegisteredAt)
		return less
	})

	html := views.AdminUsersPanelHTML(userList)
	html = views.BaseHTML("Manage users", html, user.FromRequest(rq))

	w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
	io.WriteString(w, html)
}

func handlerAdminUserEdit(w http.ResponseWriter, rq *http.Request) {
	vars := mux.Vars(rq)
	u := user.UserByName(vars["username"])
	if u == nil {
		util.HTTP404Page(w, "404 page not found")
		return
	}

	f := util.FormDataFromRequest(rq, []string{"group"})

	if rq.Method == http.MethodPost {
		oldGroup := u.Group
		newGroup := f.Get("group")

		if user.ValidGroup(newGroup) {
			u.Group = newGroup
			if err := user.SaveUserDatabase(); err != nil {
				u.Group = oldGroup
				log.Println(err)
				f = f.WithError(err)
			} else {
				http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
				return
			}
		} else {
			f = f.WithError(fmt.Errorf("invalid group ‘%s’", newGroup))
		}
	}

	f.Put("group", u.Group)

	html := views.AdminUserEditHTML(u, f)
	html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(rq))

	if f.HasError() {
		w.WriteHeader(http.StatusBadRequest)
	}
	w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
	io.WriteString(w, html)
}

func handlerAdminUserDelete(w http.ResponseWriter, rq *http.Request) {
	vars := mux.Vars(rq)
	u := user.UserByName(vars["username"])
	if u == nil {
		util.HTTP404Page(w, "404 page not found")
		return
	}

	f := util.NewFormData()

	if rq.Method == http.MethodPost {
		f = f.WithError(user.DeleteUser(u.Name))
		if !f.HasError() {
			http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
		} else {
			log.Println(f.Error())
		}
	}

	html := views.AdminUserDeleteHTML(u, util.NewFormData())
	html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(rq))

	if f.HasError() {
		w.WriteHeader(http.StatusBadRequest)
	}
	w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
	io.WriteString(w, html)
}

func handlerAdminUserNew(w http.ResponseWriter, rq *http.Request) {
	if rq.Method == http.MethodGet {
		// New user form
		html := views.AdminUserNewHTML(util.NewFormData())
		html = views.BaseHTML("New user", html, user.FromRequest(rq))

		w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
		io.WriteString(w, html)
	} else if rq.Method == http.MethodPost {
		// Create a user
		f := util.FormDataFromRequest(rq, []string{"name", "password", "group"})

		err := user.Register(f.Get("name"), f.Get("password"), f.Get("group"), "local", true)

		if err != nil {
			html := views.AdminUserNewHTML(f.WithError(err))
			html = views.BaseHTML("New user", html, user.FromRequest(rq))

			w.WriteHeader(http.StatusBadRequest)
			w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
			io.WriteString(w, html)
		} else {
			http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
		}
	}
}
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+								package web
 								import (
-												Working user panel

See https://mycorrhiza.wiki/hypha/idea/user_panel

It's not pretty, but it works. The next step is to make it look good.

											
										
										
											2021-06-29 15:10:48 +00:00
+									"fmt"
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+									"io"
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+									"log"
-												Link the user panel from the admin panel

											
										
										
											2021-06-29 18:43:04 +00:00
+									"mime"
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+									"net/http"
-												Get rid of " in some places

Violently

											
										
										
											2021-08-12 12:12:53 +00:00
+									"os"
-												Initial user panel draft

											
										
										
											2021-06-29 10:34:36 +00:00
+									"sort"
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+									"github.com/gorilla/mux"
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+									"github.com/bouncepaw/mycorrhiza/cfg"
 									"github.com/bouncepaw/mycorrhiza/user"
 									"github.com/bouncepaw/mycorrhiza/util"
 									"github.com/bouncepaw/mycorrhiza/views"
 								)
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+								// initAdmin sets up /admin routes if auth is used. Call it after you have decided if you want to use auth.
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+								func initAdmin(r *mux.Router) {
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									r.HandleFunc("/shutdown", handlerAdminShutdown).Methods(http.MethodPost)
 									r.HandleFunc("/reindex-users", handlerAdminReindexUsers).Methods(http.MethodPost)
-												Initial user panel draft

											
										
										
											2021-06-29 10:34:36 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									r.HandleFunc("/user/new", handlerAdminUserNew).Methods(http.MethodGet, http.MethodPost)
 									r.HandleFunc("/users/{username}/edit", handlerAdminUserEdit).Methods(http.MethodGet, http.MethodPost)
 									r.HandleFunc("/users/{username}/delete", handlerAdminUserDelete).Methods(http.MethodGet, http.MethodPost)
 									r.HandleFunc("/users", handlerAdminUsers)
 									r.HandleFunc("/", handlerAdmin)
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+								}
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+								// handlerAdmin provides the admin panel.
 								func handlerAdmin(w http.ResponseWriter, rq *http.Request) {
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									w.Header().Set("Content-Type", "text/html;charset=utf-8")
 									w.WriteHeader(http.StatusOK)
 									io.WriteString(w, views.BaseHTML("Admin panel", views.AdminPanelHTML(), user.FromRequest(rq)))
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+								}
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+								// handlerAdminShutdown kills the wiki.
 								func handlerAdminShutdown(w http.ResponseWriter, rq *http.Request) {
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									if user.CanProceed(rq, "admin/shutdown") {
 										log.Println("An admin commanded the wiki to shutdown")
 										os.Exit(0)
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+									}
 								}
-												Reorganise and document the web stuff a little

											
										
										
											2021-05-09 11:09:27 +00:00
+								// handlerAdminReindexUsers reinitialises the user system.
 								func handlerAdminReindexUsers(w http.ResponseWriter, rq *http.Request) {
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									user.ReadUsersFromFilesystem()
 									redirectTo := rq.Referer()
 									if redirectTo == "" {
 										redirectTo = "/hypha/" + cfg.UserHypha
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+									}
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									http.Redirect(w, rq, redirectTo, http.StatusSeeOther)
-												Move all web-related stuff to a new module

											
										
										
											2021-05-09 10:42:12 +00:00
+								}
-												Initial user panel draft

											
										
										
											2021-06-29 10:34:36 +00:00
-												Make the lock work

There is a new config field: Authorization.Locked.

I am a little bit sorry for how actually the lock is implemented. I've added the check on almost every handler there is. Good luck maintaining that ❤️

											
										
										
											2021-07-10 19:04:21 +00:00
+								func handlerAdminUsers(w http.ResponseWriter, rq *http.Request) {
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									// Get a sorted list of users
 									var userList []*user.User
 									for u := range user.YieldUsers() {
 										userList = append(userList, u)
 									}
-												Working user panel

See https://mycorrhiza.wiki/hypha/idea/user_panel

It's not pretty, but it works. The next step is to make it look good.

											
										
										
											2021-06-29 15:10:48 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									sort.Slice(userList, func(i, j int) bool {
 										less := userList[i].RegisteredAt.Before(userList[j].RegisteredAt)
 										return less
 									})
-												Working user panel

See https://mycorrhiza.wiki/hypha/idea/user_panel

It's not pretty, but it works. The next step is to make it look good.

											
										
										
											2021-06-29 15:10:48 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									html := views.AdminUsersPanelHTML(userList)
 									html = views.BaseHTML("Manage users", html, user.FromRequest(rq))
-												Working user panel

See https://mycorrhiza.wiki/hypha/idea/user_panel

It's not pretty, but it works. The next step is to make it look good.

											
										
										
											2021-06-29 15:10:48 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 									io.WriteString(w, html)
 								}
-												Initial user panel draft

											
										
										
											2021-06-29 10:34:36 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+								func handlerAdminUserEdit(w http.ResponseWriter, rq *http.Request) {
 									vars := mux.Vars(rq)
 									u := user.UserByName(vars["username"])
 									if u == nil {
 										util.HTTP404Page(w, "404 page not found")
 										return
 									}
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									f := util.FormDataFromRequest(rq, []string{"group"})
 									if rq.Method == http.MethodPost {
 										oldGroup := u.Group
 										newGroup := f.Get("group")
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+										if user.ValidGroup(newGroup) {
 											u.Group = newGroup
 											if err := user.SaveUserDatabase(); err != nil {
 												u.Group = oldGroup
 												log.Println(err)
 												f = f.WithError(err)
 											} else {
 												http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
 												return
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
+											}
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+										} else {
-												Get rid of " in some places

Violently

											
										
										
											2021-08-12 12:12:53 +00:00
+											f = f.WithError(fmt.Errorf("invalid group ‘%s’", newGroup))
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+										}
 									}
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									f.Put("group", u.Group)
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									html := views.AdminUserEditHTML(u, f)
 									html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(rq))
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									if f.HasError() {
 										w.WriteHeader(http.StatusBadRequest)
 									}
 									w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 									io.WriteString(w, html)
 								}
 								func handlerAdminUserDelete(w http.ResponseWriter, rq *http.Request) {
 									vars := mux.Vars(rq)
 									u := user.UserByName(vars["username"])
 									if u == nil {
 										util.HTTP404Page(w, "404 page not found")
 										return
 									}
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									f := util.NewFormData()
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									if rq.Method == http.MethodPost {
 										f = f.WithError(user.DeleteUser(u.Name))
 										if !f.HasError() {
 											http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
 										} else {
 											log.Println(f.Error())
-												Initial user panel draft

											
										
										
											2021-06-29 10:34:36 +00:00
+										}
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									}
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									html := views.AdminUserDeleteHTML(u, util.NewFormData())
 									html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(rq))
 									if f.HasError() {
 										w.WriteHeader(http.StatusBadRequest)
-												Ability to delete user in the user panel

											
										
										
											2021-07-02 14:04:00 +00:00
+									}
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 									io.WriteString(w, html)
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
+								}
-												Make the lock work

There is a new config field: Authorization.Locked.

I am a little bit sorry for how actually the lock is implemented. I've added the check on almost every handler there is. Good luck maintaining that ❤️

											
										
										
											2021-07-10 19:04:21 +00:00
+								func handlerAdminUserNew(w http.ResponseWriter, rq *http.Request) {
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+									if rq.Method == http.MethodGet {
 										// New user form
 										html := views.AdminUserNewHTML(util.NewFormData())
 										html = views.BaseHTML("New user", html, user.FromRequest(rq))
-												Working user panel

See https://mycorrhiza.wiki/hypha/idea/user_panel

It's not pretty, but it works. The next step is to make it look good.

											
										
										
											2021-06-29 15:10:48 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+										w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 										io.WriteString(w, html)
 									} else if rq.Method == http.MethodPost {
 										// Create a user
 										f := util.FormDataFromRequest(rq, []string{"name", "password", "group"})
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+										err := user.Register(f.Get("name"), f.Get("password"), f.Get("group"), "local", true)
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+										if err != nil {
 											html := views.AdminUserNewHTML(f.WithError(err))
 											html = views.BaseHTML("New user", html, user.FromRequest(rq))
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
-												Refactor admin routes

They're not perfect, I still don't like them, but I can't think of a
good solution right now. I'm going to thinking about the best way of
doing web stuff for some time.

											
										
										
											2021-07-15 18:58:27 +00:00
+											w.WriteHeader(http.StatusBadRequest)
 											w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
 											io.WriteString(w, html)
 										} else {
 											http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
+										}
-												Initial user panel draft

											
										
										
											2021-06-29 10:34:36 +00:00
+									}
 								}