mirror of
https://github.com/1f349/tulip.git
synced 2024-12-22 16:24:10 +00:00
192 lines
5.2 KiB
Go
192 lines
5.2 KiB
Go
package server
|
|
|
|
import (
|
|
"errors"
|
|
"github.com/1f349/tulip/database"
|
|
"github.com/1f349/tulip/database/types"
|
|
"github.com/1f349/tulip/logger"
|
|
"github.com/1f349/tulip/pages"
|
|
"github.com/emersion/go-message/mail"
|
|
"github.com/google/uuid"
|
|
"github.com/julienschmidt/httprouter"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func (h *HttpServer) ManageUsersGet(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
|
|
q := req.URL.Query()
|
|
offset, _ := strconv.Atoi(q.Get("offset"))
|
|
|
|
var role types.UserRole
|
|
var userList []database.GetUserListRow
|
|
if h.DbTx(rw, func(tx *database.Queries) (err error) {
|
|
role, err = tx.GetUserRole(req.Context(), auth.Subject)
|
|
if err != nil {
|
|
return
|
|
}
|
|
userList, err = tx.GetUserList(req.Context(), int64(offset))
|
|
return
|
|
}) {
|
|
return
|
|
}
|
|
|
|
if role != types.RoleAdmin {
|
|
http.Error(rw, "403 Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
m := map[string]any{
|
|
"ServiceName": h.conf.ServiceName,
|
|
"Users": userList,
|
|
"Offset": offset,
|
|
"EmailShow": req.URL.Query().Has("show-email"),
|
|
"CurrentAdmin": auth.Subject,
|
|
"Namespace": h.conf.Namespace,
|
|
}
|
|
if q.Has("edit") {
|
|
for _, i := range userList {
|
|
if i.Subject == q.Get("edit") {
|
|
m["EditUser"] = i
|
|
rw.Header().Set("Content-Type", "text/html")
|
|
rw.WriteHeader(http.StatusOK)
|
|
pages.RenderPageTemplate(rw, "manage-users-edit", m)
|
|
return
|
|
}
|
|
}
|
|
http.Error(rw, "400 Bad Request: Invalid user to edit", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
rw.Header().Set("Content-Type", "text/html")
|
|
rw.WriteHeader(http.StatusOK)
|
|
pages.RenderPageTemplate(rw, "manage-users", m)
|
|
}
|
|
|
|
func (h *HttpServer) ManageUsersCreateGet(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
|
|
var roles types.UserRole
|
|
if h.DbTx(rw, func(tx *database.Queries) (err error) {
|
|
roles, err = tx.GetUserRole(req.Context(), auth.Subject)
|
|
return
|
|
}) {
|
|
return
|
|
}
|
|
|
|
m := map[string]any{
|
|
"ServiceName": h.conf.ServiceName,
|
|
"IsAdmin": roles == types.RoleAdmin,
|
|
"Namespace": h.conf.Namespace,
|
|
}
|
|
|
|
rw.Header().Set("Content-Type", "text/html")
|
|
rw.WriteHeader(http.StatusOK)
|
|
pages.RenderPageTemplate(rw, "manage-users-create", m)
|
|
}
|
|
|
|
func (h *HttpServer) ManageUsersPost(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
|
|
err := req.ParseForm()
|
|
if err != nil {
|
|
http.Error(rw, "400 Bad Request: Failed to parse form", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var role types.UserRole
|
|
if h.DbTx(rw, func(tx *database.Queries) (err error) {
|
|
role, err = tx.GetUserRole(req.Context(), auth.Subject)
|
|
return
|
|
}) {
|
|
return
|
|
}
|
|
if role != types.RoleAdmin {
|
|
http.Error(rw, "400 Bad Request: Only admin users can manage users", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
offset := req.Form.Get("offset")
|
|
action := req.Form.Get("action")
|
|
name := req.Form.Get("name")
|
|
username := req.Form.Get("username")
|
|
email := req.Form.Get("email")
|
|
newRole, err := parseRoleValue(req.Form.Get("role"))
|
|
if err != nil {
|
|
http.Error(rw, "400 Bad Request: Invalid role", http.StatusBadRequest)
|
|
return
|
|
}
|
|
active := req.Form.Has("active")
|
|
|
|
switch action {
|
|
case "create":
|
|
// parse email for headers
|
|
address, err := mail.ParseAddress(email)
|
|
if err != nil {
|
|
http.Error(rw, "500 Internal Server Error: Failed to parse user email address", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
n := strings.IndexByte(address.Address, '@')
|
|
// This case should never happen and fail the above address parsing
|
|
if n == -1 {
|
|
return
|
|
}
|
|
addrDomain := address.Address[n+1:]
|
|
|
|
var userSub string
|
|
if h.DbTx(rw, func(tx *database.Queries) (err error) {
|
|
userSub, err = tx.AddUser(req.Context(), database.AddUserParams{
|
|
Name: name,
|
|
Username: username,
|
|
Password: "",
|
|
Email: email,
|
|
EmailVerified: addrDomain == h.conf.Namespace,
|
|
Role: newRole,
|
|
UpdatedAt: time.Now(),
|
|
Active: active,
|
|
})
|
|
return err
|
|
}) {
|
|
return
|
|
}
|
|
|
|
u, u2 := uuid.NewString(), uuid.NewString()
|
|
h.mailLinkCache.Set(mailLinkKey{mailLinkResetPassword, u}, userSub, time.Now().Add(10*time.Minute))
|
|
h.mailLinkCache.Set(mailLinkKey{mailLinkDelete, u2}, userSub, time.Now().Add(10*time.Minute))
|
|
|
|
err = h.conf.Mail.SendEmailTemplate("mail-register-admin", "Register", name, address, map[string]any{
|
|
"RegisterUrl": h.conf.BaseUrl + "/mail/password/" + u,
|
|
})
|
|
if err != nil {
|
|
logger.Logger.Warn("Login: Failed to send register email:", "err", err)
|
|
http.Error(rw, "500 Internal Server Error: Failed to send register email", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
case "edit":
|
|
if h.DbTx(rw, func(tx *database.Queries) error {
|
|
sub := req.Form.Get("subject")
|
|
return tx.UpdateUserRole(req.Context(), database.UpdateUserRoleParams{
|
|
Active: active,
|
|
Role: newRole,
|
|
Subject: sub,
|
|
})
|
|
}) {
|
|
return
|
|
}
|
|
default:
|
|
http.Error(rw, "400 Bad Request: Invalid action", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
redirectUrl := url.URL{Path: "/manage/users", RawQuery: url.Values{"offset": []string{offset}}.Encode()}
|
|
http.Redirect(rw, req, redirectUrl.String(), http.StatusFound)
|
|
}
|
|
|
|
func parseRoleValue(role string) (types.UserRole, error) {
|
|
switch role {
|
|
case "member":
|
|
return types.RoleMember, nil
|
|
case "admin":
|
|
return types.RoleAdmin, nil
|
|
}
|
|
return 0, errors.New("invalid role value")
|
|
}
|