It builds!

2021-01-30 15:56:03 +10:00
parent 35fd594477
commit c4f53a0be9
14 changed files with 255 additions and 12 deletions
--- a/internal/handlers.go
+++ b/internal/handlers.go
@@ -99,6 +99,14 @@ func (s *Server) IndexHandler() httprouter.Handle {
 	}
 }

+// AddHandler ...
+func (s *Server) AddHandler() httprouter.Handle {
+	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		ctx := NewContext(s.config, s.db, r)
+		s.render("add", w, ctx)
+	}
+}
+
 // CachedHandler ...
 func (s *Server) CachedHandler() httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
--- a/internal/manage_handlers.go
+++ b/internal/manage_handlers.go
@@ -0,0 +1,190 @@
+package internal
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/julienschmidt/httprouter"
+	"github.com/renstrom/shortuuid"
+	log "github.com/sirupsen/logrus"
+)
+
+// ManageHandler ...
+func (s *Server) ManageHandler() httprouter.Handle {
+	isAdminUser := IsAdminUserFactory(s.config)
+
+	return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
+		ctx := NewContext(s.config, s.db, r)
+
+		if !isAdminUser(ctx.User) {
+			ctx.Error = true
+			ctx.Message = "You are not a Pod Owner!"
+			s.render("403", w, ctx)
+			return
+		}
+
+		if r.Method == "GET" {
+			s.render("managePod", w, ctx)
+			return
+		}
+
+		name := strings.TrimSpace(r.FormValue("podName"))
+		description := strings.TrimSpace(r.FormValue("podDescription"))
+
+		// Update name
+		if name != "" {
+			s.config.Name = name
+		} else {
+			ctx.Error = true
+			ctx.Message = ""
+			s.render("error", w, ctx)
+			return
+		}
+
+		// Update pod description
+		if description != "" {
+			s.config.Description = description
+		} else {
+			ctx.Error = true
+			ctx.Message = ""
+			s.render("error", w, ctx)
+			return
+		}
+
+		// Save config file
+		if err := s.config.Settings().Save(filepath.Join(s.config.Data, "settings.yaml")); err != nil {
+			log.WithError(err).Error("error saving config")
+			os.Exit(1)
+		}
+
+		ctx.Error = false
+		ctx.Message = "Pod updated successfully"
+		s.render("error", w, ctx)
+	}
+}
+
+// ManageUsersHandler ...
+func (s *Server) ManageUsersHandler() httprouter.Handle {
+	isAdminUser := IsAdminUserFactory(s.config)
+
+	return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
+		ctx := NewContext(s.config, s.db, r)
+
+		if !isAdminUser(ctx.User) {
+			ctx.Error = true
+			ctx.Message = "You are not a Pod Owner!"
+			s.render("403", w, ctx)
+			return
+		}
+
+		s.render("manageUsers", w, ctx)
+
+	}
+}
+
+// AddUserHandler ...
+func (s *Server) AddUserHandler() httprouter.Handle {
+	isAdminUser := IsAdminUserFactory(s.config)
+
+	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		ctx := NewContext(s.config, s.db, r)
+
+		if !isAdminUser(ctx.User) {
+			ctx.Error = true
+			ctx.Message = "You are not a Pod Owner!"
+			s.render("403", w, ctx)
+			return
+		}
+
+		username := NormalizeUsername(r.FormValue("username"))
+		// XXX: We DO NOT store this! (EVER)
+		email := strings.TrimSpace(r.FormValue("email"))
+
+		// Random password -- User is expected to user "Password Reset"
+		password := shortuuid.New()
+
+		if err := ValidateUsername(username); err != nil {
+			ctx.Error = true
+			ctx.Message = fmt.Sprintf("Username validation failed: %s", err.Error())
+			s.render("error", w, ctx)
+			return
+		}
+
+		if s.db.HasUser(username) {
+			ctx.Error = true
+			ctx.Message = "User or Feed with that name already exists! Please pick another!"
+			s.render("error", w, ctx)
+			return
+		}
+
+		hash, err := s.pm.CreatePassword(password)
+		if err != nil {
+			log.WithError(err).Error("error creating password hash")
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		recoveryHash := fmt.Sprintf("email:%s", FastHash(email))
+
+		user := NewUser()
+		user.Username = username
+		user.Recovery = recoveryHash
+		user.Password = hash
+		user.CreatedAt = time.Now()
+
+		if err := s.db.SetUser(username, user); err != nil {
+			log.WithError(err).Error("error saving user object for new user")
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		ctx.Error = false
+		ctx.Message = "User successfully created"
+		s.render("error", w, ctx)
+	}
+}
+
+// DelUserHandler ...
+func (s *Server) DelUserHandler() httprouter.Handle {
+	isAdminUser := IsAdminUserFactory(s.config)
+
+	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		ctx := NewContext(s.config, s.db, r)
+
+		if !isAdminUser(ctx.User) {
+			ctx.Error = true
+			ctx.Message = "You are not a Pod Owner!"
+			s.render("403", w, ctx)
+			return
+		}
+
+		username := NormalizeUsername(r.FormValue("username"))
+
+		user, err := s.db.GetUser(username)
+		if err != nil {
+			log.WithError(err).Errorf("error loading user object for %s", username)
+			ctx.Error = true
+			ctx.Message = "Error deleting account"
+			s.render("error", w, ctx)
+			return
+		}
+
+		// Delete user
+		if err := s.db.DelUser(user.Username); err != nil {
+			ctx.Error = true
+			ctx.Message = "An error occured whilst deleting your account"
+			s.render("error", w, ctx)
+			return
+		}
+
+		s.sm.Delete(w, r)
+
+		ctx.Error = false
+		ctx.Message = "Successfully deleted account"
+		s.render("error", w, ctx)
+	}
+}
--- a/internal/options.go
+++ b/internal/options.go
@@ -149,7 +149,7 @@ func WithBaseURL(baseURL string) Option {
 	}
 }

-// WithAdminUser sets the Admin user used for granting special features to
+// WithAdminUser sets the Admin username
 func WithAdminUser(adminUser string) Option {
 	return func(cfg *Config) error {
 		cfg.AdminUser = adminUser
@@ -157,6 +157,14 @@ func WithAdminUser(adminUser string) Option {
 	}
 }

+// WithAdminPass sets the Admin password
+func WithAdminPass(adminPass string) Option {
+	return func(cfg *Config) error {
+		cfg.AdminPass = adminPass
+		return nil
+	}
+}
+
 // WithAdminName sets the Admin name used to identify the pod operator
 func WithAdminName(adminName string) Option {
 	return func(cfg *Config) error {
--- a/internal/server.go
+++ b/internal/server.go
@@ -300,10 +300,6 @@ func (s *Server) initRoutes() {
 	s.router.GET("/add", s.AddHandler())
 	s.router.POST("/add", s.AddHandler())

-	s.router.GET("/settings", s.am.MustAuth(s.SettingsHandler()))
-	s.router.POST("/settings", s.am.MustAuth(s.SettingsHandler()))
-	s.router.POST("/token/delete/:signature", s.am.MustAuth(s.DeleteTokenHandler()))
-
 	s.router.GET("/manage", s.ManageHandler())
 	s.router.POST("/manage", s.ManageHandler())

@@ -357,7 +353,7 @@ func NewServer(bind string, options ...Option) (*Server, error) {
 		return nil, err
 	}

-	tmplman, err := NewTemplateManager(config, blogs, cache)
+	tmplman, err := NewTemplateManager(config)
 	if err != nil {
 		log.WithError(err).Error("error creating template manager")
 		return nil, err
@@ -431,9 +427,6 @@ func NewServer(bind string, options ...Option) (*Server, error) {
 	server.cron.Start()
 	log.Info("started background jobs")

-	server.tasks.Start()
-	log.Info("started task dispatcher")
-
 	server.setupMetrics()
 	log.Infof("serving metrics endpoint at %s/metrics", server.config.BaseURL)

--- a/internal/support_handlers.go
+++ b/internal/support_handlers.go
@@ -122,7 +122,6 @@ func (s *Server) ReportHandler() httprouter.Handle {

 		if r.Method == "GET" {
 			ctx.Title = "Report abuse"
-			ctx.ReportNick = nick
 			ctx.ReportURL = url
 			s.render("report", w, ctx)
 			return
--- a/internal/utils.go
+++ b/internal/utils.go
@@ -13,6 +13,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"regexp"
 	"strconv"
 	"strings"
 	"syscall"
@@ -30,6 +31,9 @@ import (
 )

 const (
+	admin             = "admin"
+	maxUsernameLength = 15 // avg 6 chars / 2 syllables per name commonly
+
 	CacheDir = "cache"

 	requestTimeout = time.Second * 30
@@ -41,7 +45,16 @@ const (
 )

 var (
-	ErrBadRequest = errors.New("error: request failed with non-200 response")
+	reservedUsernames = []string{
+		admin,
+	}
+
+	validUsername = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]+$`)
+
+	ErrBadRequest       = errors.New("error: request failed with non-200 response")
+	ErrInvalidUsername  = errors.New("error: invalid username")
+	ErrUsernameTooLong  = errors.New("error: username is too long")
+	ErrReservedUsername = errors.New("error: username is reserved")
 )

 func GenerateRandomToken() string {
@@ -370,6 +383,29 @@ func SafeParseInt(s string, d int) int {
 	return n
 }

+// ValidateUsername validates the username before allowing it to be created.
+// This ensures usernames match a defined pattern and that some usernames
+// that are reserved are never used by users.
+func ValidateUsername(username string) error {
+	username = NormalizeUsername(username)
+
+	if !validUsername.MatchString(username) {
+		return ErrInvalidUsername
+	}
+
+	for _, reservedUsername := range reservedUsernames {
+		if username == reservedUsername {
+			return ErrReservedUsername
+		}
+	}
+
+	if len(username) > maxUsernameLength {
+		return ErrUsernameTooLong
+	}
+
+	return nil
+}
+
 func FormatForDateTime(t time.Time) string {
 	var format string