191 lines
4.4 KiB
Go
191 lines
4.4 KiB
Go
package internal
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/renstrom/shortuuid"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// ManageHandler ...
|
|
func (s *Server) ManageHandler() httprouter.Handle {
|
|
isAdminUser := IsAdminUserFactory(s.config)
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
|
ctx := NewContext(s.config, s.db, r)
|
|
|
|
if !isAdminUser(ctx.User) {
|
|
ctx.Error = true
|
|
ctx.Message = "You are not a Pod Owner!"
|
|
s.render("403", w, ctx)
|
|
return
|
|
}
|
|
|
|
if r.Method == "GET" {
|
|
s.render("managePod", w, ctx)
|
|
return
|
|
}
|
|
|
|
name := strings.TrimSpace(r.FormValue("podName"))
|
|
description := strings.TrimSpace(r.FormValue("podDescription"))
|
|
|
|
// Update name
|
|
if name != "" {
|
|
s.config.Name = name
|
|
} else {
|
|
ctx.Error = true
|
|
ctx.Message = ""
|
|
s.render("error", w, ctx)
|
|
return
|
|
}
|
|
|
|
// Update pod description
|
|
if description != "" {
|
|
s.config.Description = description
|
|
} else {
|
|
ctx.Error = true
|
|
ctx.Message = ""
|
|
s.render("error", w, ctx)
|
|
return
|
|
}
|
|
|
|
// Save config file
|
|
if err := s.config.Settings().Save(filepath.Join(s.config.Data, "settings.yaml")); err != nil {
|
|
log.WithError(err).Error("error saving config")
|
|
os.Exit(1)
|
|
}
|
|
|
|
ctx.Error = false
|
|
ctx.Message = "Pod updated successfully"
|
|
s.render("error", w, ctx)
|
|
}
|
|
}
|
|
|
|
// ManageUsersHandler ...
|
|
func (s *Server) ManageUsersHandler() httprouter.Handle {
|
|
isAdminUser := IsAdminUserFactory(s.config)
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
|
ctx := NewContext(s.config, s.db, r)
|
|
|
|
if !isAdminUser(ctx.User) {
|
|
ctx.Error = true
|
|
ctx.Message = "You are not a Pod Owner!"
|
|
s.render("403", w, ctx)
|
|
return
|
|
}
|
|
|
|
s.render("manageUsers", w, ctx)
|
|
|
|
}
|
|
}
|
|
|
|
// AddUserHandler ...
|
|
func (s *Server) AddUserHandler() httprouter.Handle {
|
|
isAdminUser := IsAdminUserFactory(s.config)
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
ctx := NewContext(s.config, s.db, r)
|
|
|
|
if !isAdminUser(ctx.User) {
|
|
ctx.Error = true
|
|
ctx.Message = "You are not a Pod Owner!"
|
|
s.render("403", w, ctx)
|
|
return
|
|
}
|
|
|
|
username := NormalizeUsername(r.FormValue("username"))
|
|
// XXX: We DO NOT store this! (EVER)
|
|
email := strings.TrimSpace(r.FormValue("email"))
|
|
|
|
// Random password -- User is expected to user "Password Reset"
|
|
password := shortuuid.New()
|
|
|
|
if err := ValidateUsername(username); err != nil {
|
|
ctx.Error = true
|
|
ctx.Message = fmt.Sprintf("Username validation failed: %s", err.Error())
|
|
s.render("error", w, ctx)
|
|
return
|
|
}
|
|
|
|
if s.db.HasUser(username) {
|
|
ctx.Error = true
|
|
ctx.Message = "User or Feed with that name already exists! Please pick another!"
|
|
s.render("error", w, ctx)
|
|
return
|
|
}
|
|
|
|
hash, err := s.pm.CreatePassword(password)
|
|
if err != nil {
|
|
log.WithError(err).Error("error creating password hash")
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
recoveryHash := fmt.Sprintf("email:%s", FastHash(email))
|
|
|
|
user := NewUser()
|
|
user.Username = username
|
|
user.Recovery = recoveryHash
|
|
user.Password = hash
|
|
user.CreatedAt = time.Now()
|
|
|
|
if err := s.db.SetUser(username, user); err != nil {
|
|
log.WithError(err).Error("error saving user object for new user")
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
ctx.Error = false
|
|
ctx.Message = "User successfully created"
|
|
s.render("error", w, ctx)
|
|
}
|
|
}
|
|
|
|
// DelUserHandler ...
|
|
func (s *Server) DelUserHandler() httprouter.Handle {
|
|
isAdminUser := IsAdminUserFactory(s.config)
|
|
|
|
return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
ctx := NewContext(s.config, s.db, r)
|
|
|
|
if !isAdminUser(ctx.User) {
|
|
ctx.Error = true
|
|
ctx.Message = "You are not a Pod Owner!"
|
|
s.render("403", w, ctx)
|
|
return
|
|
}
|
|
|
|
username := NormalizeUsername(r.FormValue("username"))
|
|
|
|
user, err := s.db.GetUser(username)
|
|
if err != nil {
|
|
log.WithError(err).Errorf("error loading user object for %s", username)
|
|
ctx.Error = true
|
|
ctx.Message = "Error deleting account"
|
|
s.render("error", w, ctx)
|
|
return
|
|
}
|
|
|
|
// Delete user
|
|
if err := s.db.DelUser(user.Username); err != nil {
|
|
ctx.Error = true
|
|
ctx.Message = "An error occured whilst deleting your account"
|
|
s.render("error", w, ctx)
|
|
return
|
|
}
|
|
|
|
s.sm.Delete(w, r)
|
|
|
|
ctx.Error = false
|
|
ctx.Message = "Successfully deleted account"
|
|
s.render("error", w, ctx)
|
|
}
|
|
}
|