2021-05-09 10:42:12 +00:00
|
|
|
|
package web
|
|
|
|
|
|
|
|
|
|
import (
|
2021-06-29 15:10:48 +00:00
|
|
|
|
"fmt"
|
2022-03-29 20:59:36 +00:00
|
|
|
|
"github.com/bouncepaw/mycorrhiza/viewutil"
|
2021-05-09 11:09:27 +00:00
|
|
|
|
"io"
|
2021-05-09 10:42:12 +00:00
|
|
|
|
"log"
|
2021-06-29 18:43:04 +00:00
|
|
|
|
"mime"
|
2021-05-09 10:42:12 +00:00
|
|
|
|
"net/http"
|
2021-08-12 12:12:53 +00:00
|
|
|
|
"os"
|
2021-06-29 10:34:36 +00:00
|
|
|
|
"sort"
|
2021-05-09 10:42:12 +00:00
|
|
|
|
|
2021-07-15 17:46:35 +00:00
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
|
|
2021-05-09 10:42:12 +00:00
|
|
|
|
"github.com/bouncepaw/mycorrhiza/cfg"
|
2021-09-06 17:46:34 +00:00
|
|
|
|
"github.com/bouncepaw/mycorrhiza/l18n"
|
2021-05-09 10:42:12 +00:00
|
|
|
|
"github.com/bouncepaw/mycorrhiza/user"
|
|
|
|
|
"github.com/bouncepaw/mycorrhiza/util"
|
|
|
|
|
"github.com/bouncepaw/mycorrhiza/views"
|
|
|
|
|
)
|
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
|
// initAdmin sets up /admin routes if auth is used. Call it after you have decided if you want to use auth.
|
2021-07-15 17:46:35 +00:00
|
|
|
|
func initAdmin(r *mux.Router) {
|
2021-07-15 18:58:27 +00:00
|
|
|
|
r.HandleFunc("/shutdown", handlerAdminShutdown).Methods(http.MethodPost)
|
|
|
|
|
r.HandleFunc("/reindex-users", handlerAdminReindexUsers).Methods(http.MethodPost)
|
2021-06-29 10:34:36 +00:00
|
|
|
|
|
2021-12-30 20:39:31 +00:00
|
|
|
|
r.HandleFunc("/new-user", handlerAdminUserNew).Methods(http.MethodGet, http.MethodPost)
|
2021-07-15 18:58:27 +00:00
|
|
|
|
r.HandleFunc("/users/{username}/edit", handlerAdminUserEdit).Methods(http.MethodGet, http.MethodPost)
|
|
|
|
|
r.HandleFunc("/users/{username}/delete", handlerAdminUserDelete).Methods(http.MethodGet, http.MethodPost)
|
|
|
|
|
r.HandleFunc("/users", handlerAdminUsers)
|
|
|
|
|
|
|
|
|
|
r.HandleFunc("/", handlerAdmin)
|
2021-05-09 10:42:12 +00:00
|
|
|
|
}
|
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
|
// handlerAdmin provides the admin panel.
|
|
|
|
|
func handlerAdmin(w http.ResponseWriter, rq *http.Request) {
|
2021-07-15 18:58:27 +00:00
|
|
|
|
w.Header().Set("Content-Type", "text/html;charset=utf-8")
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
2022-03-29 20:59:36 +00:00
|
|
|
|
views.AdminPanel(viewutil.MetaFrom(w, rq))
|
2021-05-09 10:42:12 +00:00
|
|
|
|
}
|
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
|
// handlerAdminShutdown kills the wiki.
|
|
|
|
|
func handlerAdminShutdown(w http.ResponseWriter, rq *http.Request) {
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if user.CanProceed(rq, "admin/shutdown") {
|
|
|
|
|
log.Println("An admin commanded the wiki to shutdown")
|
|
|
|
|
os.Exit(0)
|
2021-05-09 10:42:12 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-09 11:09:27 +00:00
|
|
|
|
// handlerAdminReindexUsers reinitialises the user system.
|
|
|
|
|
func handlerAdminReindexUsers(w http.ResponseWriter, rq *http.Request) {
|
2021-07-15 18:58:27 +00:00
|
|
|
|
user.ReadUsersFromFilesystem()
|
|
|
|
|
redirectTo := rq.Referer()
|
|
|
|
|
if redirectTo == "" {
|
|
|
|
|
redirectTo = "/hypha/" + cfg.UserHypha
|
2021-05-09 10:42:12 +00:00
|
|
|
|
}
|
2021-07-15 18:58:27 +00:00
|
|
|
|
http.Redirect(w, rq, redirectTo, http.StatusSeeOther)
|
2021-05-09 10:42:12 +00:00
|
|
|
|
}
|
2021-06-29 10:34:36 +00:00
|
|
|
|
|
2021-07-10 19:04:21 +00:00
|
|
|
|
func handlerAdminUsers(w http.ResponseWriter, rq *http.Request) {
|
2021-07-15 18:58:27 +00:00
|
|
|
|
// Get a sorted list of users
|
|
|
|
|
var userList []*user.User
|
|
|
|
|
for u := range user.YieldUsers() {
|
|
|
|
|
userList = append(userList, u)
|
|
|
|
|
}
|
2021-06-29 15:10:48 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
sort.Slice(userList, func(i, j int) bool {
|
|
|
|
|
less := userList[i].RegisteredAt.Before(userList[j].RegisteredAt)
|
|
|
|
|
return less
|
|
|
|
|
})
|
2021-06-29 15:10:48 +00:00
|
|
|
|
|
2021-09-06 17:46:34 +00:00
|
|
|
|
var lc = l18n.FromRequest(rq)
|
2022-03-20 21:24:40 +00:00
|
|
|
|
html := views.AdminUsersPanel(userList, lc)
|
|
|
|
|
html = views.Base(lc.Get("admin.users_title"), html, lc, user.FromRequest(rq))
|
2021-06-29 15:10:48 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
|
|
|
|
io.WriteString(w, html)
|
|
|
|
|
}
|
2021-06-29 10:34:36 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
func handlerAdminUserEdit(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
|
vars := mux.Vars(rq)
|
2021-10-01 17:12:16 +00:00
|
|
|
|
u := user.ByName(vars["username"])
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if u == nil {
|
|
|
|
|
util.HTTP404Page(w, "404 page not found")
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
f := util.FormDataFromRequest(rq, []string{"group"})
|
|
|
|
|
|
|
|
|
|
if rq.Method == http.MethodPost {
|
|
|
|
|
oldGroup := u.Group
|
|
|
|
|
newGroup := f.Get("group")
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if user.ValidGroup(newGroup) {
|
|
|
|
|
u.Group = newGroup
|
|
|
|
|
if err := user.SaveUserDatabase(); err != nil {
|
|
|
|
|
u.Group = oldGroup
|
|
|
|
|
log.Println(err)
|
|
|
|
|
f = f.WithError(err)
|
|
|
|
|
} else {
|
|
|
|
|
http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
|
|
|
|
|
return
|
2021-07-02 14:04:00 +00:00
|
|
|
|
}
|
2021-07-15 18:58:27 +00:00
|
|
|
|
} else {
|
2021-08-12 12:12:53 +00:00
|
|
|
|
f = f.WithError(fmt.Errorf("invalid group ‘%s’", newGroup))
|
2021-07-15 18:58:27 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
f.Put("group", u.Group)
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-09-06 17:46:34 +00:00
|
|
|
|
var lc = l18n.FromRequest(rq)
|
2022-03-20 21:24:40 +00:00
|
|
|
|
html := views.AdminUserEdit(u, f, lc)
|
|
|
|
|
html = views.Base(fmt.Sprintf(lc.Get("admin.user_title"), u.Name), html, lc, user.FromRequest(rq))
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if f.HasError() {
|
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
|
}
|
|
|
|
|
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
|
|
|
|
io.WriteString(w, html)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func handlerAdminUserDelete(w http.ResponseWriter, rq *http.Request) {
|
|
|
|
|
vars := mux.Vars(rq)
|
2021-10-01 17:12:16 +00:00
|
|
|
|
u := user.ByName(vars["username"])
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if u == nil {
|
|
|
|
|
util.HTTP404Page(w, "404 page not found")
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
f := util.NewFormData()
|
2021-07-02 14:04:00 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if rq.Method == http.MethodPost {
|
|
|
|
|
f = f.WithError(user.DeleteUser(u.Name))
|
|
|
|
|
if !f.HasError() {
|
|
|
|
|
http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
|
|
|
|
|
} else {
|
|
|
|
|
log.Println(f.Error())
|
2021-06-29 10:34:36 +00:00
|
|
|
|
}
|
2021-07-15 18:58:27 +00:00
|
|
|
|
}
|
2021-07-02 12:02:42 +00:00
|
|
|
|
|
2021-09-06 17:46:34 +00:00
|
|
|
|
var lc = l18n.FromRequest(rq)
|
2022-03-20 21:24:40 +00:00
|
|
|
|
html := views.AdminUserDelete(u, util.NewFormData(), lc)
|
|
|
|
|
html = views.Base(fmt.Sprintf(lc.Get("admin.user_title"), u.Name), html, l18n.FromRequest(rq), user.FromRequest(rq))
|
2021-07-15 18:58:27 +00:00
|
|
|
|
|
|
|
|
|
if f.HasError() {
|
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
2021-07-02 14:04:00 +00:00
|
|
|
|
}
|
2021-07-15 18:58:27 +00:00
|
|
|
|
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
|
|
|
|
io.WriteString(w, html)
|
2021-07-02 12:02:42 +00:00
|
|
|
|
}
|
|
|
|
|
|
2021-07-10 19:04:21 +00:00
|
|
|
|
func handlerAdminUserNew(w http.ResponseWriter, rq *http.Request) {
|
2021-09-06 17:46:34 +00:00
|
|
|
|
var lc = l18n.FromRequest(rq)
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if rq.Method == http.MethodGet {
|
|
|
|
|
// New user form
|
2022-03-20 21:24:40 +00:00
|
|
|
|
html := views.AdminUserNew(util.NewFormData(), lc)
|
|
|
|
|
html = views.Base(lc.Get("admin.newuser_title"), html, lc, user.FromRequest(rq))
|
2021-06-29 15:10:48 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
|
|
|
|
io.WriteString(w, html)
|
|
|
|
|
} else if rq.Method == http.MethodPost {
|
|
|
|
|
// Create a user
|
|
|
|
|
f := util.FormDataFromRequest(rq, []string{"name", "password", "group"})
|
2021-07-02 12:02:42 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
err := user.Register(f.Get("name"), f.Get("password"), f.Get("group"), "local", true)
|
2021-07-02 12:02:42 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
if err != nil {
|
2022-03-20 21:24:40 +00:00
|
|
|
|
html := views.AdminUserNew(f.WithError(err), lc)
|
|
|
|
|
html = views.Base(lc.Get("admin.newuser_title"), html, lc, user.FromRequest(rq))
|
2021-07-02 12:02:42 +00:00
|
|
|
|
|
2021-07-15 18:58:27 +00:00
|
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
|
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
|
|
|
|
io.WriteString(w, html)
|
|
|
|
|
} else {
|
|
|
|
|
http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
|
2021-07-02 12:02:42 +00:00
|
|
|
|
}
|
2021-06-29 10:34:36 +00:00
|
|
|
|
}
|
|
|
|
|
}
|