leo
ae5c4f1dd4
All checks were successful
continuous-integration/drone/push Build is passing
* add tmpl * add handler for route /manage/user/:id * add convenience helper func * handle not found/invalid uuid errors
490 lines
11 KiB
Go
490 lines
11 KiB
Go
// Copyright 2023 wanderer <a_mirre at utb dot cz>
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"git.dotya.ml/mirre-mt/pcmt/ent"
|
|
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
|
|
"github.com/labstack/echo-contrib/session"
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
func ManageUsers(client *ent.Client) echo.HandlerFunc { //nolint:gocognit
|
|
return func(c echo.Context) error {
|
|
addHeaders(c)
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess == nil {
|
|
c.Logger().Info("No session found, unauthorised.")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusUnauthorized,
|
|
http.StatusText(http.StatusUnauthorized),
|
|
"No session found, please log in",
|
|
)
|
|
}
|
|
|
|
uname := sess.Values["username"]
|
|
if uname == nil {
|
|
c.Logger().Debugf("%d - %s", http.StatusUnauthorized, "session expired or invalid")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusUnauthorized,
|
|
http.StatusText(http.StatusUnauthorized)+": Log in again",
|
|
"Session expired, log in again.",
|
|
)
|
|
}
|
|
|
|
log.Info("gorilla session", "username", sess.Values["username"].(string))
|
|
|
|
username := sess.Values["username"].(string)
|
|
|
|
var u moduser.User
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
|
|
if usr, err := moduser.QueryUser(ctx, client, username); err == nil && usr != nil {
|
|
u.ID = usr.ID
|
|
u.Username = usr.Username
|
|
u.IsAdmin = usr.IsAdmin
|
|
u.CreatedAt = usr.CreatedAt
|
|
u.IsActive = usr.IsActive
|
|
u.IsLoggedIn = true
|
|
} else {
|
|
c.Logger().Error(http.StatusText(http.StatusInternalServerError) + " - " + err.Error())
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if !u.IsAdmin {
|
|
c.Logger().Debug("this is a restricted endpoint")
|
|
|
|
status := http.StatusUnauthorized
|
|
msg := http.StatusText(status)
|
|
|
|
return renderErrorPage(
|
|
c, status, msg+": You should not be here", "Restricted endpoint",
|
|
)
|
|
}
|
|
|
|
data := make(map[string]any)
|
|
flash := sess.Values["flash"]
|
|
path := c.Request().URL.Path
|
|
|
|
if path == "/manage/users/new" {
|
|
p := page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Manage Users - New User",
|
|
CSRF: c.Get("csrf").(string),
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "manage-users-new",
|
|
User: u,
|
|
}
|
|
|
|
if flash != nil {
|
|
data["flash"] = flash.(string)
|
|
|
|
delete(sess.Values, "flash")
|
|
|
|
_ = sess.Save(c.Request(), c.Response())
|
|
}
|
|
|
|
err := c.Render(
|
|
http.StatusOK,
|
|
"manage/user-new.tmpl",
|
|
p,
|
|
)
|
|
if err != nil {
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
var allUsers []*moduser.User
|
|
|
|
if users, err := moduser.ListAll(ctx, client); err == nil && users != nil {
|
|
for _, u := range users {
|
|
usr := &moduser.User{
|
|
Username: u.Username,
|
|
Email: u.Email,
|
|
ID: u.ID,
|
|
IsActive: u.IsActive,
|
|
IsAdmin: u.IsAdmin,
|
|
CreatedAt: u.CreatedAt,
|
|
UpdatedAt: u.UpdatedAt,
|
|
}
|
|
|
|
allUsers = append(allUsers, usr)
|
|
}
|
|
} else {
|
|
c.Logger().Error(http.StatusText(http.StatusInternalServerError) + " - " + err.Error())
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
data["allusers"] = allUsers
|
|
|
|
p := page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Manage Users",
|
|
CSRF: c.Get("csrf").(string),
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "manage-users",
|
|
User: u,
|
|
Data: data,
|
|
}
|
|
|
|
if flash != nil {
|
|
data["flash"] = flash.(string)
|
|
|
|
delete(sess.Values, "flash")
|
|
|
|
_ = sess.Save(c.Request(), c.Response())
|
|
}
|
|
|
|
err := c.Render(
|
|
http.StatusOK,
|
|
"manage/user.tmpl",
|
|
p,
|
|
)
|
|
if err != nil {
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func CreateUser(client *ent.Client) echo.HandlerFunc { //nolint:gocognit
|
|
return func(c echo.Context) error {
|
|
addHeaders(c)
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess == nil {
|
|
c.Logger().Info("No session found, unauthorised.")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusUnauthorized,
|
|
http.StatusText(http.StatusUnauthorized),
|
|
"No session found, please log in",
|
|
)
|
|
}
|
|
|
|
uname := sess.Values["username"]
|
|
if uname == nil {
|
|
c.Logger().Debugf("%d - %s", http.StatusUnauthorized, "session expired or invalid")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusUnauthorized,
|
|
http.StatusText(http.StatusUnauthorized)+": Log in again",
|
|
"Session expired, log in again.",
|
|
)
|
|
}
|
|
|
|
log.Info("gorilla session", "username", sess.Values["username"].(string))
|
|
|
|
username := sess.Values["username"].(string)
|
|
|
|
var u moduser.User
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
|
|
if usr, err := moduser.QueryUser(ctx, client, username); err == nil && usr != nil {
|
|
u.ID = usr.ID
|
|
u.Username = usr.Username
|
|
u.IsAdmin = usr.IsAdmin
|
|
u.CreatedAt = usr.CreatedAt
|
|
u.IsActive = usr.IsActive
|
|
u.IsLoggedIn = true
|
|
} else {
|
|
c.Logger().Error(http.StatusText(http.StatusInternalServerError) + " - " + err.Error())
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if !u.IsAdmin {
|
|
c.Logger().Debug("this is a restricted endpoint")
|
|
|
|
status := http.StatusUnauthorized
|
|
msg := http.StatusText(status)
|
|
|
|
return renderErrorPage(
|
|
c, status, msg+": You should not be here", "Restricted endpoint",
|
|
)
|
|
}
|
|
|
|
uc := new(userCreate)
|
|
|
|
if err := c.Bind(uc); err != nil {
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusBadRequest,
|
|
http.StatusText(http.StatusBadRequest),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if uc.Username == "" || uc.Password == "" || uc.RepeatPassword == "" || uc.Password != uc.RepeatPassword {
|
|
c.Logger().Error("username or password not set, returning to /manage/users/new")
|
|
|
|
msg := "Error: both username and password need to be set"
|
|
|
|
if uc.Password != uc.RepeatPassword {
|
|
msg += "; password needs to be passed the same twice"
|
|
}
|
|
|
|
data := make(map[string]any)
|
|
|
|
data["flash"] = msg
|
|
data["form"] = uc
|
|
|
|
return c.Render(
|
|
http.StatusBadRequest,
|
|
"manage/user-new.tmpl",
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Manage Users - New User",
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "manage-user-new",
|
|
Data: data,
|
|
},
|
|
)
|
|
}
|
|
|
|
var msg string
|
|
|
|
usr, err := moduser.CreateUser(ctx, client, uc.Email, uc.Username, uc.Password, uc.IsAdmin)
|
|
if err == nil && usr != nil {
|
|
msg = "created user '" + usr.Username + "'!"
|
|
|
|
sess.Values["flash"] = msg
|
|
_ = sess.Save(c.Request(), c.Response())
|
|
|
|
return c.Redirect(http.StatusSeeOther, "/manage/users")
|
|
}
|
|
|
|
if ent.IsNotSingular(err) {
|
|
c.Logger().Error("user exists")
|
|
|
|
msg = "Error: user already exists: " + err.Error()
|
|
} else {
|
|
msg = "Error: " + err.Error()
|
|
}
|
|
|
|
data := make(map[string]any)
|
|
|
|
data["flash"] = msg
|
|
data["form"] = uc
|
|
|
|
return c.Render(
|
|
http.StatusInternalServerError,
|
|
"manage/user-new.tmpl",
|
|
page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Manage Users",
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "manage-user",
|
|
Data: data,
|
|
},
|
|
)
|
|
}
|
|
}
|
|
|
|
func ViewUser(client *ent.Client) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
addHeaders(c)
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess == nil {
|
|
c.Logger().Info("No session found, unauthorised.")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusUnauthorized,
|
|
http.StatusText(http.StatusUnauthorized),
|
|
"No session found, please log in",
|
|
)
|
|
}
|
|
|
|
uname := sess.Values["username"]
|
|
if uname == nil {
|
|
c.Logger().Debugf("%d - %s", http.StatusUnauthorized, "session expired or invalid")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusUnauthorized,
|
|
http.StatusText(http.StatusUnauthorized)+": Log in again",
|
|
"Session expired, log in again.",
|
|
)
|
|
}
|
|
|
|
log.Info("gorilla session", "username", sess.Values["username"].(string))
|
|
|
|
username := sess.Values["username"].(string)
|
|
|
|
var u moduser.User
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
|
|
if usr, err := moduser.QueryUser(ctx, client, username); err == nil && usr != nil {
|
|
u.ID = usr.ID
|
|
u.Username = usr.Username
|
|
u.IsAdmin = usr.IsAdmin
|
|
u.CreatedAt = usr.CreatedAt
|
|
u.IsActive = usr.IsActive
|
|
u.IsLoggedIn = true
|
|
} else {
|
|
c.Logger().Error(http.StatusText(http.StatusInternalServerError) + " - " + err.Error())
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
refreshSession(
|
|
sess,
|
|
"/",
|
|
// setting.SessionMaxAge,
|
|
86400,
|
|
true,
|
|
c.Request().URL.Scheme == "https", //nolint:goconst
|
|
http.SameSiteStrictMode,
|
|
)
|
|
|
|
if err := sess.Save(c.Request(), c.Response()); err != nil {
|
|
c.Logger().Error("failed to save session")
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if !u.IsAdmin {
|
|
c.Logger().Debug("this is a restricted endpoint")
|
|
|
|
status := http.StatusUnauthorized
|
|
msg := http.StatusText(status)
|
|
|
|
return renderErrorPage(
|
|
c, status, msg+": You should not be here", "Restricted endpoint",
|
|
)
|
|
}
|
|
|
|
p := page{
|
|
AppName: setting.AppName(),
|
|
AppVer: appver,
|
|
Title: "Manage Users - User Details",
|
|
DevelMode: setting.IsDevel(),
|
|
Current: "manage-users-user-details",
|
|
User: u,
|
|
}
|
|
data := make(map[string]any)
|
|
uid := new(userID)
|
|
|
|
err := c.Bind(uid)
|
|
if err == nil {
|
|
usr, err := getUserByID(ctx, client, uid.ID)
|
|
if err != nil {
|
|
if errors.Is(err, moduser.ErrUserNotFound) { //nolint:gocritic
|
|
c.Logger().Errorf("user not found by ID: '%s'", uid.ID)
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusNotFound,
|
|
http.StatusText(http.StatusNotFound)+" no such user",
|
|
err.Error(),
|
|
)
|
|
} else if errors.Is(err, moduser.ErrFailedToQueryUser) {
|
|
c.Logger().Errorf("failed to query user by ID: '%s'", uid.ID)
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
} else if errors.Is(err, moduser.ErrBadUUID) {
|
|
c.Logger().Errorf("invalid UUID '%s': %q", uid.ID, err)
|
|
|
|
data["flash"] = fmt.Sprintf("%s: %q", err.Error(), uid.ID)
|
|
p.Data = data
|
|
|
|
return c.Render(
|
|
http.StatusNotFound,
|
|
"manage/user-details.tmpl",
|
|
p,
|
|
)
|
|
}
|
|
|
|
c.Logger().Errorf("UUID-related issue for UUID '%s': %q", uid.ID, err)
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
data["user"] = usr
|
|
p.Data = data
|
|
|
|
return c.Render(
|
|
http.StatusOK,
|
|
"manage/user-details.tmpl",
|
|
p,
|
|
)
|
|
}
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusBadRequest,
|
|
http.StatusText(http.StatusBadRequest),
|
|
err.Error(),
|
|
)
|
|
}
|
|
}
|