mirrors/mycorrhiza
1
0
Fork 0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2025-01-07 18:30:26 +00:00
Code Issues Releases Wiki Activity

Make the lock work

Browse Source 
There is a new config field: Authorization.Locked.

I am a little bit sorry for how actually the lock is implemented. I've added the check on almost every handler there is. Good luck maintaining that ❤️
This commit is contained in:
Timur Ismagilov 2021-07-11 00:04:21 +05:00
parent d8f4f40f52
commit 5d45ae67d4
9 changed files with 123 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cfg/config.go
View File

@ -23,13 +23,13 @@ var (
UserHypha string UserHypha string
HeaderLinksHypha string HeaderLinksHypha string
ListenAddr string ListenAddr string
URL string URL string
GeminiCertificatePath string
UseAuth bool UseAuth bool
AllowRegistration bool AllowRegistration bool
RegistrationLimit uint64 RegistrationLimit uint64
Locked bool
CommonScripts []string CommonScripts []string
ViewScripts []string ViewScripts []string
@ -82,6 +82,7 @@ type Authorization struct {
UseAuth bool UseAuth bool
AllowRegistration bool AllowRegistration bool
RegistrationLimit uint64 `comment:"This field controls the maximum amount of allowed registrations."` RegistrationLimit uint64 `comment:"This field controls the maximum amount of allowed registrations."`
Locked bool `comment:"Set if users have to authorize to see anything on the wiki."`
} }
// ReadConfigFile reads a config on the given path and stores the // ReadConfigFile reads a config on the given path and stores the
@ -103,6 +104,7 @@ func ReadConfigFile(path string) error {
UseAuth: false, UseAuth: false,
AllowRegistration: false, AllowRegistration: false,
RegistrationLimit: 0, RegistrationLimit: 0,
Locked: false,
}, },
CustomScripts: CustomScripts{ CustomScripts: CustomScripts{
CommonScripts: []string{}, CommonScripts: []string{},
@ -135,7 +137,9 @@ func ReadConfigFile(path string) error {
// Map the config file to the config struct. It'll do nothing if the file // Map the config file to the config struct. It'll do nothing if the file
// doesn't exist or is empty. // doesn't exist or is empty.
f.MapTo(cfg) if err := f.MapTo(cfg); err != nil {
return err
}
// Map the struct to the global variables // Map the struct to the global variables
WikiName = cfg.WikiName WikiName = cfg.WikiName
@ -150,6 +154,7 @@ func ReadConfigFile(path string) error {
UseAuth = cfg.UseAuth UseAuth = cfg.UseAuth
AllowRegistration = cfg.AllowRegistration AllowRegistration = cfg.AllowRegistration
RegistrationLimit = cfg.RegistrationLimit RegistrationLimit = cfg.RegistrationLimit
Locked = cfg.Locked && cfg.UseAuth // Makes no sense to have the lock but no auth
CommonScripts = cfg.CommonScripts CommonScripts = cfg.CommonScripts
ViewScripts = cfg.ViewScripts ViewScripts = cfg.ViewScripts
EditScripts = cfg.EditScripts EditScripts = cfg.EditScripts

10
user/user.go
View File

@ -1,6 +1,7 @@
package user package user
import ( import (
"net/http"
"sync" "sync"
"time" "time"
@ -96,3 +97,12 @@ func (user *User) isCorrectPassword(password string) bool {
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
return err == nil return err == nil
} }
// ShowLockMaybe redirects to the lock page if the user is anon and the wiki has been configured to use the lock. It returns true if the user was redirected.
func (user *User) ShowLockMaybe(w http.ResponseWriter, rq *http.Request) bool {
if cfg.Locked && user.Group == "anon" {
http.Redirect(w, rq, "/lock", http.StatusSeeOther)
return true
}
return false
}

57
web/admin.go
View File

@ -30,6 +30,9 @@ func initAdmin() {
// handlerAdmin provides the admin panel. // handlerAdmin provides the admin panel.
func handlerAdmin(w http.ResponseWriter, rq *http.Request) { func handlerAdmin(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
if user.CanProceed(rq, "admin") { if user.CanProceed(rq, "admin") {
w.Header().Set("Content-Type", "text/html;charset=utf-8") w.Header().Set("Content-Type", "text/html;charset=utf-8")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
@ -43,6 +46,9 @@ func handlerAdmin(w http.ResponseWriter, rq *http.Request) {
// handlerAdminShutdown kills the wiki. // handlerAdminShutdown kills the wiki.
func handlerAdminShutdown(w http.ResponseWriter, rq *http.Request) { func handlerAdminShutdown(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
if user.CanProceed(rq, "admin/shutdown") && rq.Method == "POST" { if user.CanProceed(rq, "admin/shutdown") && rq.Method == "POST" {
log.Fatal("An admin commanded the wiki to shutdown") log.Fatal("An admin commanded the wiki to shutdown")
} }
@ -51,6 +57,9 @@ func handlerAdminShutdown(w http.ResponseWriter, rq *http.Request) {
// handlerAdminReindexUsers reinitialises the user system. // handlerAdminReindexUsers reinitialises the user system.
func handlerAdminReindexUsers(w http.ResponseWriter, rq *http.Request) { func handlerAdminReindexUsers(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
if user.CanProceed(rq, "admin") && rq.Method == "POST" { if user.CanProceed(rq, "admin") && rq.Method == "POST" {
user.ReadUsersFromFilesystem() user.ReadUsersFromFilesystem()
redirectTo := rq.Referer() redirectTo := rq.Referer()
@ -61,10 +70,13 @@ func handlerAdminReindexUsers(w http.ResponseWriter, rq *http.Request) {
} }
} }
func handlerAdminUsers(w http.ResponseWriter, r *http.Request) { func handlerAdminUsers(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(r) util.PrepareRq(rq)
if user.CanProceed(r, "admin") { if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
path := strings.TrimPrefix(r.URL.Path, "/admin/users") return
}
if user.CanProceed(rq, "admin") {
path := strings.TrimPrefix(rq.URL.Path, "/admin/users")
parts := strings.Split(path, "/")[1:] parts := strings.Split(path, "/")[1:]
// Users dashboard // Users dashboard
@ -81,7 +93,7 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
}) })
html := views.AdminUsersPanelHTML(userList) html := views.AdminUsersPanelHTML(userList)
html = views.BaseHTML("Manage users", html, user.FromRequest(r)) html = views.BaseHTML("Manage users", html, user.FromRequest(rq))
w.Header().Set("Content-Type", mime.TypeByExtension(".html")) w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
if _, err := io.WriteString(w, html); err != nil { if _, err := io.WriteString(w, html); err != nil {
@ -103,9 +115,9 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
switch parts[1] { switch parts[1] {
case "edit": case "edit":
f := util.FormDataFromRequest(r, []string{"group"}) f := util.FormDataFromRequest(rq, []string{"group"})
if r.Method == http.MethodPost { if rq.Method == http.MethodPost {
oldGroup := u.Group oldGroup := u.Group
newGroup := f.Get("group") newGroup := f.Get("group")
@ -116,7 +128,7 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
log.Println(err) log.Println(err)
f = f.WithError(err) f = f.WithError(err)
} else { } else {
http.Redirect(w, r, "/admin/users/", http.StatusSeeOther) http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
return return
} }
} else { } else {
@ -127,7 +139,7 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
f.Put("group", u.Group) f.Put("group", u.Group)
html := views.AdminUserEditHTML(u, f) html := views.AdminUserEditHTML(u, f)
html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(r)) html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(rq))
if f.HasError() { if f.HasError() {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
@ -138,17 +150,17 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
case "delete": case "delete":
f := util.NewFormData() f := util.NewFormData()
if r.Method == http.MethodPost { if rq.Method == http.MethodPost {
f = f.WithError(user.DeleteUser(u.Name)) f = f.WithError(user.DeleteUser(u.Name))
if !f.HasError() { if !f.HasError() {
http.Redirect(w, r, "/admin/users/", http.StatusSeeOther) http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
} else { } else {
log.Println(f.Error()) log.Println(f.Error())
} }
} }
html := views.AdminUserDeleteHTML(u, util.NewFormData()) html := views.AdminUserDeleteHTML(u, util.NewFormData())
html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(r)) html = views.BaseHTML(fmt.Sprintf("User %s", u.Name), html, user.FromRequest(rq))
if f.HasError() { if f.HasError() {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
@ -162,32 +174,35 @@ func handlerAdminUsers(w http.ResponseWriter, r *http.Request) {
} }
} }
func handlerAdminUserNew(w http.ResponseWriter, r *http.Request) { func handlerAdminUserNew(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(r) util.PrepareRq(rq)
if user.CanProceed(r, "admin") { if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
if r.Method == http.MethodGet { return
}
if user.CanProceed(rq, "admin") {
if rq.Method == http.MethodGet {
// New user form // New user form
html := views.AdminUserNewHTML(util.NewFormData()) html := views.AdminUserNewHTML(util.NewFormData())
html = views.BaseHTML("New user", html, user.FromRequest(r)) html = views.BaseHTML("New user", html, user.FromRequest(rq))
w.Header().Set("Content-Type", mime.TypeByExtension(".html")) w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
io.WriteString(w, html) io.WriteString(w, html)
return return
} else if r.Method == http.MethodPost { } else if rq.Method == http.MethodPost {
// Create a user // Create a user
f := util.FormDataFromRequest(r, []string{"name", "password", "group"}) f := util.FormDataFromRequest(rq, []string{"name", "password", "group"})
err := user.Register(f.Get("name"), f.Get("password"), f.Get("group"), true) err := user.Register(f.Get("name"), f.Get("password"), f.Get("group"), true)
if err != nil { if err != nil {
html := views.AdminUserNewHTML(f.WithError(err)) html := views.AdminUserNewHTML(f.WithError(err))
html = views.BaseHTML("New user", html, user.FromRequest(r)) html = views.BaseHTML("New user", html, user.FromRequest(rq))
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
w.Header().Set("Content-Type", mime.TypeByExtension(".html")) w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
io.WriteString(w, html) io.WriteString(w, html)
} else { } else {
http.Redirect(w, r, "/admin/users/", http.StatusSeeOther) http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
} }
return return
} }

6
web/auth.go
View File

@ -33,6 +33,9 @@ func handlerLock(w http.ResponseWriter, rq *http.Request) {
// handlerRegister both displays the register form (GET) and registers users (POST). // handlerRegister both displays the register form (GET) and registers users (POST).
func handlerRegister(w http.ResponseWriter, rq *http.Request) { func handlerRegister(w http.ResponseWriter, rq *http.Request) {
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
util.PrepareRq(rq) util.PrepareRq(rq)
if !cfg.AllowRegistration { if !cfg.AllowRegistration {
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusForbidden)
@ -102,6 +105,9 @@ func handlerLogoutConfirm(w http.ResponseWriter, rq *http.Request) {
// handlerLogin shows the login form. // handlerLogin shows the login form.
func handlerLogin(w http.ResponseWriter, rq *http.Request) { func handlerLogin(w http.ResponseWriter, rq *http.Request) {
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
util.PrepareRq(rq) util.PrepareRq(rq)
w.Header().Set("Content-Type", "text/html;charset=utf-8") w.Header().Set("Content-Type", "text/html;charset=utf-8")
if cfg.UseAuth { if cfg.UseAuth {

9
web/history.go
View File

@ -24,6 +24,9 @@ func initHistory() {
// handlerHistory lists all revisions of a hypha. // handlerHistory lists all revisions of a hypha.
func handlerHistory(w http.ResponseWriter, rq *http.Request) { func handlerHistory(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
hyphaName := util.HyphaNameFromRq(rq, "history") hyphaName := util.HyphaNameFromRq(rq, "history")
var list string var list string
@ -41,6 +44,9 @@ func handlerHistory(w http.ResponseWriter, rq *http.Request) {
// handlerRecentChanges displays the /recent-changes/ page. // handlerRecentChanges displays the /recent-changes/ page.
func handlerRecentChanges(w http.ResponseWriter, rq *http.Request) { func handlerRecentChanges(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
var ( var (
noPrefix = strings.TrimPrefix(rq.URL.String(), "/recent-changes/") noPrefix = strings.TrimPrefix(rq.URL.String(), "/recent-changes/")
n, err = strconv.Atoi(noPrefix) n, err = strconv.Atoi(noPrefix)
@ -55,6 +61,9 @@ func handlerRecentChanges(w http.ResponseWriter, rq *http.Request) {
// genericHandlerOfFeeds is a helper function for the web feed handlers. // genericHandlerOfFeeds is a helper function for the web feed handlers.
func genericHandlerOfFeeds(w http.ResponseWriter, rq *http.Request, f func() (string, error), name string) { func genericHandlerOfFeeds(w http.ResponseWriter, rq *http.Request, f func() (string, error), name string) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
if content, err := f(); err != nil { if content, err := f(); err != nil {
w.Header().Set("Content-Type", "text/plain;charset=utf-8") w.Header().Set("Content-Type", "text/plain;charset=utf-8")
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)

15
web/mutators.go
View File

@ -42,6 +42,9 @@ func factoryHandlerAsker(
h = hyphae.ByName(hyphaName) h = hyphae.ByName(hyphaName)
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if err, errtitle := asker(u, h); err != nil { if err, errtitle := asker(u, h); err != nil {
httpErr( httpErr(
w, w,
@ -92,6 +95,9 @@ func factoryHandlerConfirmer(
h = hyphae.ByName(hyphaName) h = hyphae.ByName(hyphaName)
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if hop, errtitle := confirmer(h, u, rq); hop.HasErrors() { if hop, errtitle := confirmer(h, u, rq); hop.HasErrors() {
httpErr(w, http.StatusInternalServerError, hyphaName, httpErr(w, http.StatusInternalServerError, hyphaName,
errtitle, errtitle,
@ -139,6 +145,9 @@ func handlerEdit(w http.ResponseWriter, rq *http.Request) {
err error err error
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if err, errtitle := shroom.CanEdit(u, h); err != nil { if err, errtitle := shroom.CanEdit(u, h); err != nil {
httpErr(w, http.StatusInternalServerError, hyphaName, httpErr(w, http.StatusInternalServerError, hyphaName,
errtitle, errtitle,
@ -178,6 +187,9 @@ func handlerUploadText(w http.ResponseWriter, rq *http.Request) {
hop *history.HistoryOp hop *history.HistoryOp
errtitle string errtitle string
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if action != "Preview" { if action != "Preview" {
hop, errtitle = shroom.UploadText(h, []byte(textData), message, u) hop, errtitle = shroom.UploadText(h, []byte(textData), message, u)
@ -219,6 +231,9 @@ func handlerUploadBinary(w http.ResponseWriter, rq *http.Request) {
u = user.FromRequest(rq) u = user.FromRequest(rq)
file, handler, err = rq.FormFile("binary") file, handler, err = rq.FormFile("binary")
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if err != nil { if err != nil {
httpErr(w, http.StatusInternalServerError, hyphaName, httpErr(w, http.StatusInternalServerError, hyphaName,
"Error", "Error",

18
web/readers.go
View File

@ -37,6 +37,9 @@ func handlerAttachment(w http.ResponseWriter, rq *http.Request) {
h = hyphae.ByName(hyphaName) h = hyphae.ByName(hyphaName)
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
util.HTTP200Page(w, util.HTTP200Page(w,
views.BaseHTML( views.BaseHTML(
fmt.Sprintf("Attachment of %s", util.BeautifulName(hyphaName)), fmt.Sprintf("Attachment of %s", util.BeautifulName(hyphaName)),
@ -54,6 +57,9 @@ func handlerPrimitiveDiff(w http.ResponseWriter, rq *http.Request) {
h = hyphae.ByName(hyphaName) h = hyphae.ByName(hyphaName)
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
util.HTTP200Page(w, util.HTTP200Page(w,
views.BaseHTML( views.BaseHTML(
fmt.Sprintf("Diff of %s at %s", hyphaName, revHash), fmt.Sprintf("Diff of %s at %s", hyphaName, revHash),
@ -74,6 +80,9 @@ func handlerRevision(w http.ResponseWriter, rq *http.Request) {
textContents, err = history.FileAtRevision(h.TextPath, revHash) textContents, err = history.FileAtRevision(h.TextPath, revHash)
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if err == nil { if err == nil {
ctx, _ := mycocontext.ContextFromStringInput(hyphaName, textContents) ctx, _ := mycocontext.ContextFromStringInput(hyphaName, textContents)
contents = mycomarkup.BlocksToHTML(ctx, mycomarkup.BlockTree(ctx)) contents = mycomarkup.BlocksToHTML(ctx, mycomarkup.BlockTree(ctx))
@ -92,6 +101,9 @@ func handlerRevision(w http.ResponseWriter, rq *http.Request) {
// handlerText serves raw source text of the hypha. // handlerText serves raw source text of the hypha.
func handlerText(w http.ResponseWriter, rq *http.Request) { func handlerText(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
hyphaName := util.HyphaNameFromRq(rq, "text") hyphaName := util.HyphaNameFromRq(rq, "text")
if h := hyphae.ByName(hyphaName); h.Exists { if h := hyphae.ByName(hyphaName); h.Exists {
log.Println("Serving", h.TextPath) log.Println("Serving", h.TextPath)
@ -103,6 +115,9 @@ func handlerText(w http.ResponseWriter, rq *http.Request) {
// handlerBinary serves binary part of the hypha. // handlerBinary serves binary part of the hypha.
func handlerBinary(w http.ResponseWriter, rq *http.Request) { func handlerBinary(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
hyphaName := util.HyphaNameFromRq(rq, "binary") hyphaName := util.HyphaNameFromRq(rq, "binary")
if h := hyphae.ByName(hyphaName); h.Exists { if h := hyphae.ByName(hyphaName); h.Exists {
log.Println("Serving", h.BinaryPath) log.Println("Serving", h.BinaryPath)
@ -121,6 +136,9 @@ func handlerHypha(w http.ResponseWriter, rq *http.Request) {
openGraph string openGraph string
u = user.FromRequest(rq) u = user.FromRequest(rq)
) )
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
if h.Exists { if h.Exists {
fileContentsT, errT := os.ReadFile(h.TextPath) fileContentsT, errT := os.ReadFile(h.TextPath)
_, errB := os.Stat(h.BinaryPath) _, errB := os.Stat(h.BinaryPath)

18
web/stuff.go
View File

@ -30,13 +30,20 @@ func initStuff() {
// handlerList shows a list of all hyphae in the wiki in random order. // handlerList shows a list of all hyphae in the wiki in random order.
func handlerList(w http.ResponseWriter, rq *http.Request) { func handlerList(w http.ResponseWriter, rq *http.Request) {
u := user.FromRequest(rq)
if shown := u.ShowLockMaybe(w, rq); shown {
return
}
util.PrepareRq(rq) util.PrepareRq(rq)
util.HTTP200Page(w, views.BaseHTML("List of pages", views.HyphaListHTML(), user.FromRequest(rq))) util.HTTP200Page(w, views.BaseHTML("List of pages", views.HyphaListHTML(), u))
} }
// handlerReindex reindexes all hyphae by checking the wiki storage directory anew. // handlerReindex reindexes all hyphae by checking the wiki storage directory anew.
func handlerReindex(w http.ResponseWriter, rq *http.Request) { func handlerReindex(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
if ok := user.CanProceed(rq, "reindex"); !ok { if ok := user.CanProceed(rq, "reindex"); !ok {
httpErr(w, http.StatusForbidden, cfg.HomeHypha, "Not enough rights", "You must be an admin to reindex hyphae.") httpErr(w, http.StatusForbidden, cfg.HomeHypha, "Not enough rights", "You must be an admin to reindex hyphae.")
log.Println("Rejected", rq.URL) log.Println("Rejected", rq.URL)
@ -54,6 +61,9 @@ func handlerReindex(w http.ResponseWriter, rq *http.Request) {
// See https://mycorrhiza.wiki/hypha/configuration/header // See https://mycorrhiza.wiki/hypha/configuration/header
func handlerUpdateHeaderLinks(w http.ResponseWriter, rq *http.Request) { func handlerUpdateHeaderLinks(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
if ok := user.CanProceed(rq, "update-header-links"); !ok { if ok := user.CanProceed(rq, "update-header-links"); !ok {
httpErr(w, http.StatusForbidden, cfg.HomeHypha, "Not enough rights", "You must be a moderator to update header links.") httpErr(w, http.StatusForbidden, cfg.HomeHypha, "Not enough rights", "You must be a moderator to update header links.")
log.Println("Rejected", rq.URL) log.Println("Rejected", rq.URL)
@ -66,6 +76,9 @@ func handlerUpdateHeaderLinks(w http.ResponseWriter, rq *http.Request) {
// handlerRandom redirects to a random hypha. // handlerRandom redirects to a random hypha.
func handlerRandom(w http.ResponseWriter, rq *http.Request) { func handlerRandom(w http.ResponseWriter, rq *http.Request) {
util.PrepareRq(rq) util.PrepareRq(rq)
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
var ( var (
randomHyphaName string randomHyphaName string
amountOfHyphae = hyphae.Count() amountOfHyphae = hyphae.Count()
@ -87,6 +100,9 @@ func handlerRandom(w http.ResponseWriter, rq *http.Request) {
// handlerAbout shows a summary of wiki's software. // handlerAbout shows a summary of wiki's software.
func handlerAbout(w http.ResponseWriter, rq *http.Request) { func handlerAbout(w http.ResponseWriter, rq *http.Request) {
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
w.Header().Set("Content-Type", "text/html;charset=utf-8") w.Header().Set("Content-Type", "text/html;charset=utf-8")
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
_, err := io.WriteString(w, views.BaseHTML("About "+cfg.WikiName, views.AboutHTML(), user.FromRequest(rq))) _, err := io.WriteString(w, views.BaseHTML("About "+cfg.WikiName, views.AboutHTML(), user.FromRequest(rq)))

3
web/web.go
View File

@ -54,6 +54,9 @@ func handlerStyle(w http.ResponseWriter, rq *http.Request) {
} }
func handlerUserList(w http.ResponseWriter, rq *http.Request) { func handlerUserList(w http.ResponseWriter, rq *http.Request) {
if shown := user.FromRequest(rq).ShowLockMaybe(w, rq); shown {
return
}
w.Header().Set("Content-Type", mime.TypeByExtension(".html")) w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
w.Write([]byte(views.BaseHTML("User list", views.UserListHTML(), user.FromRequest(rq)))) w.Write([]byte(views.BaseHTML("User list", views.UserListHTML(), user.FromRequest(rq))))