package internal import ( "fmt" "net/http" "os" "path/filepath" "strings" "time" "github.com/julienschmidt/httprouter" "github.com/renstrom/shortuuid" log "github.com/sirupsen/logrus" ) // ManageHandler ... func (s *Server) ManageHandler() httprouter.Handle { isAdminUser := IsAdminUserFactory(s.config) return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) { ctx := NewContext(s.config, s.db, r) if !isAdminUser(ctx.User) { ctx.Error = true ctx.Message = "You are not a Pod Owner!" s.render("403", w, ctx) return } if r.Method == "GET" { s.render("managePod", w, ctx) return } name := strings.TrimSpace(r.FormValue("podName")) description := strings.TrimSpace(r.FormValue("podDescription")) // Update name if name != "" { s.config.Name = name } else { ctx.Error = true ctx.Message = "" s.render("error", w, ctx) return } // Update pod description if description != "" { s.config.Description = description } else { ctx.Error = true ctx.Message = "" s.render("error", w, ctx) return } // Save config file if err := s.config.Settings().Save(filepath.Join(s.config.Data, "settings.yaml")); err != nil { log.WithError(err).Error("error saving config") os.Exit(1) } ctx.Error = false ctx.Message = "Pod updated successfully" s.render("error", w, ctx) } } // ManageUsersHandler ... func (s *Server) ManageUsersHandler() httprouter.Handle { isAdminUser := IsAdminUserFactory(s.config) return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) { ctx := NewContext(s.config, s.db, r) if !isAdminUser(ctx.User) { ctx.Error = true ctx.Message = "You are not a Pod Owner!" s.render("403", w, ctx) return } s.render("manageUsers", w, ctx) } } // AddUserHandler ... func (s *Server) AddUserHandler() httprouter.Handle { isAdminUser := IsAdminUserFactory(s.config) return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { ctx := NewContext(s.config, s.db, r) if !isAdminUser(ctx.User) { ctx.Error = true ctx.Message = "You are not a Pod Owner!" s.render("403", w, ctx) return } username := NormalizeUsername(r.FormValue("username")) // XXX: We DO NOT store this! (EVER) email := strings.TrimSpace(r.FormValue("email")) // Random password -- User is expected to user "Password Reset" password := shortuuid.New() if err := ValidateUsername(username); err != nil { ctx.Error = true ctx.Message = fmt.Sprintf("Username validation failed: %s", err.Error()) s.render("error", w, ctx) return } if s.db.HasUser(username) { ctx.Error = true ctx.Message = "User or Feed with that name already exists! Please pick another!" s.render("error", w, ctx) return } hash, err := s.pm.CreatePassword(password) if err != nil { log.WithError(err).Error("error creating password hash") http.Error(w, err.Error(), http.StatusInternalServerError) return } recoveryHash := fmt.Sprintf("email:%s", FastHash(email)) user := NewUser() user.Username = username user.Recovery = recoveryHash user.Password = hash user.CreatedAt = time.Now() if err := s.db.SetUser(username, user); err != nil { log.WithError(err).Error("error saving user object for new user") http.Error(w, err.Error(), http.StatusInternalServerError) return } ctx.Error = false ctx.Message = "User successfully created" s.render("error", w, ctx) } } // DelUserHandler ... func (s *Server) DelUserHandler() httprouter.Handle { isAdminUser := IsAdminUserFactory(s.config) return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { ctx := NewContext(s.config, s.db, r) if !isAdminUser(ctx.User) { ctx.Error = true ctx.Message = "You are not a Pod Owner!" s.render("403", w, ctx) return } username := NormalizeUsername(r.FormValue("username")) user, err := s.db.GetUser(username) if err != nil { log.WithError(err).Errorf("error loading user object for %s", username) ctx.Error = true ctx.Message = "Error deleting account" s.render("error", w, ctx) return } // Delete user if err := s.db.DelUser(user.Username); err != nil { ctx.Error = true ctx.Message = "An error occured whilst deleting your account" s.render("error", w, ctx) return } s.sm.Delete(w, r) ctx.Error = false ctx.Message = "Successfully deleted account" s.render("error", w, ctx) } }