opengist/internal/web/settings.go

package web

import (
	"crypto/md5"
	"fmt"
	"github.com/thomiceli/opengist/internal/config"
	"github.com/thomiceli/opengist/internal/git"
	"github.com/thomiceli/opengist/internal/i18n"
	"github.com/thomiceli/opengist/internal/utils"
	"os"
	"path/filepath"
	"strconv"
	"strings"
	"time"

	"github.com/labstack/echo/v4"
	"github.com/thomiceli/opengist/internal/db"
	"golang.org/x/crypto/ssh"
)

func userSettings(ctx echo.Context) error {
	user := getUserLogged(ctx)

	keys, err := db.GetSSHKeysByUserID(user.ID)
	if err != nil {
		return errorRes(500, "Cannot get SSH keys", err)
	}

	passkeys, err := db.GetAllCredentialsForUser(user.ID)
	if err != nil {
		return errorRes(500, "Cannot get WebAuthn credentials", err)
	}

	setData(ctx, "email", user.Email)
	setData(ctx, "sshKeys", keys)
	setData(ctx, "passkeys", passkeys)
	setData(ctx, "hasPassword", user.Password != "")
	setData(ctx, "disableForm", getData(ctx, "DisableLoginForm"))
	setData(ctx, "htmlTitle", trH(ctx, "settings"))
	return html(ctx, "settings.html")
}

func emailProcess(ctx echo.Context) error {
	user := getUserLogged(ctx)
	email := ctx.FormValue("email")
	var hash string

	if email == "" {
		// generate random md5 string
		hash = fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String())))
	} else {
		hash = fmt.Sprintf("%x", md5.Sum([]byte(strings.ToLower(strings.TrimSpace(email)))))
	}

	user.Email = strings.ToLower(email)
	user.MD5Hash = hash

	if err := user.Update(); err != nil {
		return errorRes(500, "Cannot update email", err)
	}

	addFlash(ctx, tr(ctx, "flash.user.email-updated"), "success")
	return redirect(ctx, "/settings")
}

func accountDeleteProcess(ctx echo.Context) error {
	user := getUserLogged(ctx)

	if err := user.Delete(); err != nil {
		return errorRes(500, "Cannot delete this user", err)
	}

	return redirect(ctx, "/all")
}

func sshKeysProcess(ctx echo.Context) error {
	user := getUserLogged(ctx)

	dto := new(db.SSHKeyDTO)
	if err := ctx.Bind(dto); err != nil {
		return errorRes(400, tr(ctx, "error.cannot-bind-data"), err)
	}

	if err := ctx.Validate(dto); err != nil {
		addFlash(ctx, utils.ValidationMessages(&err, getData(ctx, "locale").(*i18n.Locale)), "error")
		return redirect(ctx, "/settings")
	}
	key := dto.ToSSHKey()

	key.UserID = user.ID

	pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))
	if err != nil {
		addFlash(ctx, tr(ctx, "flash.user.invalid-ssh-key"), "error")
		return redirect(ctx, "/settings")
	}
	key.Content = strings.TrimSpace(string(ssh.MarshalAuthorizedKey(pubKey)))

	if exists, err := db.SSHKeyDoesExists(key.Content); exists {
		if err != nil {
			return errorRes(500, "Cannot check if SSH key exists", err)
		}
		addFlash(ctx, tr(ctx, "settings.ssh-key-exists"), "error")
		return redirect(ctx, "/settings")
	}

	if err := key.Create(); err != nil {
		return errorRes(500, "Cannot add SSH key", err)
	}

	addFlash(ctx, tr(ctx, "flash.user.ssh-key-added"), "success")
	return redirect(ctx, "/settings")
}

func sshKeysDelete(ctx echo.Context) error {
	user := getUserLogged(ctx)
	keyId, err := strconv.Atoi(ctx.Param("id"))
	if err != nil {
		return redirect(ctx, "/settings")
	}

	key, err := db.GetSSHKeyByID(uint(keyId))

	if err != nil || key.UserID != user.ID {
		return redirect(ctx, "/settings")
	}

	if err := key.Delete(); err != nil {
		return errorRes(500, "Cannot delete SSH key", err)
	}

	addFlash(ctx, tr(ctx, "flash.user.ssh-key-deleted"), "success")
	return redirect(ctx, "/settings")
}

func passkeyDelete(ctx echo.Context) error {
	user := getUserLogged(ctx)
	keyId, err := strconv.Atoi(ctx.Param("id"))
	if err != nil {
		return redirect(ctx, "/settings")
	}

	passkey, err := db.GetCredentialByIDDB(uint(keyId))
	if err != nil || passkey.UserID != user.ID {
		return redirect(ctx, "/settings")
	}

	if err := passkey.Delete(); err != nil {
		return errorRes(500, "Cannot delete passkey", err)
	}

	addFlash(ctx, tr(ctx, "flash.auth.passkey-deleted"), "success")
	return redirect(ctx, "/settings")
}

func passwordProcess(ctx echo.Context) error {
	user := getUserLogged(ctx)

	dto := new(db.UserDTO)
	if err := ctx.Bind(dto); err != nil {
		return errorRes(400, tr(ctx, "error.cannot-bind-data"), err)
	}
	dto.Username = user.Username

	if err := ctx.Validate(dto); err != nil {
		addFlash(ctx, utils.ValidationMessages(&err, getData(ctx, "locale").(*i18n.Locale)), "error")
		return html(ctx, "settings.html")
	}

	password, err := utils.Argon2id.Hash(dto.Password)
	if err != nil {
		return errorRes(500, "Cannot hash password", err)
	}
	user.Password = password

	if err = user.Update(); err != nil {
		return errorRes(500, "Cannot update password", err)
	}

	addFlash(ctx, tr(ctx, "flash.user.password-updated"), "success")
	return redirect(ctx, "/settings")
}

func usernameProcess(ctx echo.Context) error {
	user := getUserLogged(ctx)

	dto := new(db.UserDTO)
	if err := ctx.Bind(dto); err != nil {
		return errorRes(400, tr(ctx, "error.cannot-bind-data"), err)
	}
	dto.Password = user.Password

	if err := ctx.Validate(dto); err != nil {
		addFlash(ctx, utils.ValidationMessages(&err, getData(ctx, "locale").(*i18n.Locale)), "error")
		return redirect(ctx, "/settings")
	}

	if exists, err := db.UserExists(dto.Username); err != nil || exists {
		addFlash(ctx, tr(ctx, "flash.auth.username-exists"), "error")
		return redirect(ctx, "/settings")
	}

	sourceDir := filepath.Join(config.GetHomeDir(), git.ReposDirectory, strings.ToLower(user.Username))
	destinationDir := filepath.Join(config.GetHomeDir(), git.ReposDirectory, strings.ToLower(dto.Username))

	if _, err := os.Stat(sourceDir); !os.IsNotExist(err) {
		err := os.Rename(sourceDir, destinationDir)
		if err != nil {
			return errorRes(500, "Cannot rename user directory", err)
		}
	}

	user.Username = dto.Username

	if err := user.Update(); err != nil {
		return errorRes(500, "Cannot update username", err)
	}

	addFlash(ctx, tr(ctx, "flash.user.username-updated"), "success")
	return redirect(ctx, "/settings")
}
Initial commit 2023-03-14 15:22:52 +00:00			`package web`

			`import (`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`"crypto/md5"`
			`"fmt"`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`"github.com/thomiceli/opengist/internal/config"`
Fix directory renaming on username change (#205) * src/dest dirs have to be lowercase * if the src dir doesn't exist, don't rename 2024-01-05 21:56:04 +00:00			`"github.com/thomiceli/opengist/internal/git"`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`"github.com/thomiceli/opengist/internal/i18n"`
Set gist URL and title via push options (#216) 2024-01-30 00:02:28 +00:00			`"github.com/thomiceli/opengist/internal/utils"`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`"os"`
			`"path/filepath"`
Initial commit 2023-03-14 15:22:52 +00:00			`"strconv"`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`"strings"`
			`"time"`
feat: default visibility (#155) Signed-off-by: jolheiser <john.olheiser@gmail.com> 2023-12-15 01:14:59 +00:00
			`"github.com/labstack/echo/v4"`
			`"github.com/thomiceli/opengist/internal/db"`
			`"golang.org/x/crypto/ssh"`
Initial commit 2023-03-14 15:22:52 +00:00			`)`

Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`func userSettings(ctx echo.Context) error {`
Initial commit 2023-03-14 15:22:52 +00:00			`user := getUserLogged(ctx)`

Tweaked project structure (#88) 2023-09-02 22:30:57 +00:00			`keys, err := db.GetSSHKeysByUserID(user.ID)`
Initial commit 2023-03-14 15:22:52 +00:00			`if err != nil {`
			`return errorRes(500, "Cannot get SSH keys", err)`
			`}`

Add passkeys support + MFA (#341) 2024-10-07 21:56:32 +00:00			`passkeys, err := db.GetAllCredentialsForUser(user.ID)`
			`if err != nil {`
			`return errorRes(500, "Cannot get WebAuthn credentials", err)`
			`}`

Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`setData(ctx, "email", user.Email)`
Initial commit 2023-03-14 15:22:52 +00:00			`setData(ctx, "sshKeys", keys)`
Add passkeys support + MFA (#341) 2024-10-07 21:56:32 +00:00			`setData(ctx, "passkeys", passkeys)`
Create/change account password (#156) 2023-11-20 17:03:28 +00:00			`setData(ctx, "hasPassword", user.Password != "")`
Hide change password form when login via password disabled (#314) 2024-09-03 15:48:45 +00:00			`setData(ctx, "disableForm", getData(ctx, "DisableLoginForm"))`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`setData(ctx, "htmlTitle", trH(ctx, "settings"))`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return html(ctx, "settings.html")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`

Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`func emailProcess(ctx echo.Context) error {`
			`user := getUserLogged(ctx)`
			`email := ctx.FormValue("email")`
			`var hash string`

			`if email == "" {`
			`// generate random md5 string`
			`hash = fmt.Sprintf("%x", md5.Sum([]byte(time.Now().String())))`
			`} else {`
			`hash = fmt.Sprintf("%x", md5.Sum([]byte(strings.ToLower(strings.TrimSpace(email)))))`
			`}`
Initial commit 2023-03-14 15:22:52 +00:00
Disable Gravatar (#37) * Disable Gravatar * Lowercase emails * Add migration 2023-05-26 07:15:37 +00:00			`user.Email = strings.ToLower(email)`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`user.MD5Hash = hash`

			`if err := user.Update(); err != nil {`
			`return errorRes(500, "Cannot update email", err)`
			`}`

Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.user.email-updated"), "success")`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
			`}`

			`func accountDeleteProcess(ctx echo.Context) error {`
			`user := getUserLogged(ctx)`

			`if err := user.Delete(); err != nil {`
			`return errorRes(500, "Cannot delete this user", err)`
			`}`

			`return redirect(ctx, "/all")`
			`}`

			`func sshKeysProcess(ctx echo.Context) error {`
Initial commit 2023-03-14 15:22:52 +00:00			`user := getUserLogged(ctx)`

feat: default visibility (#155) Signed-off-by: jolheiser <john.olheiser@gmail.com> 2023-12-15 01:14:59 +00:00			`dto := new(db.SSHKeyDTO)`
Enhanced model structs with DTOs 2023-03-17 13:56:39 +00:00			`if err := ctx.Bind(dto); err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`return errorRes(400, tr(ctx, "error.cannot-bind-data"), err)`
Initial commit 2023-03-14 15:22:52 +00:00			`}`

Enhanced model structs with DTOs 2023-03-17 13:56:39 +00:00			`if err := ctx.Validate(dto); err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, utils.ValidationMessages(&err, getData(ctx, "locale").(*i18n.Locale)), "error")`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`
Enhanced model structs with DTOs 2023-03-17 13:56:39 +00:00			`key := dto.ToSSHKey()`
Initial commit 2023-03-14 15:22:52 +00:00
			`key.UserID = user.ID`

Fix SSH pubkey detection 2023-05-01 00:55:34 +00:00			`pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))`
Initial commit 2023-03-14 15:22:52 +00:00			`if err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.user.invalid-ssh-key"), "error")`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`
Fix SSH pubkey detection 2023-05-01 00:55:34 +00:00			`key.Content = strings.TrimSpace(string(ssh.MarshalAuthorizedKey(pubKey)))`
Initial commit 2023-03-14 15:22:52 +00:00
Fix perms for http/ssh clone (#288) 2024-05-27 23:30:08 +00:00			`if exists, err := db.SSHKeyDoesExists(key.Content); exists {`
			`if err != nil {`
			`return errorRes(500, "Cannot check if SSH key exists", err)`
			`}`
			`addFlash(ctx, tr(ctx, "settings.ssh-key-exists"), "error")`
			`return redirect(ctx, "/settings")`
			`}`

Enhanced model structs with DTOs 2023-03-17 13:56:39 +00:00			`if err := key.Create(); err != nil {`
Initial commit 2023-03-14 15:22:52 +00:00			`return errorRes(500, "Cannot add SSH key", err)`
			`}`

Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.user.ssh-key-added"), "success")`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`

			`func sshKeysDelete(ctx echo.Context) error {`
			`user := getUserLogged(ctx)`
			`keyId, err := strconv.Atoi(ctx.Param("id"))`
			`if err != nil {`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`

Tweaked project structure (#88) 2023-09-02 22:30:57 +00:00			`key, err := db.GetSSHKeyByID(uint(keyId))`
Initial commit 2023-03-14 15:22:52 +00:00
			`if err != nil \|\| key.UserID != user.ID {`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`

Enhanced model structs with DTOs 2023-03-17 13:56:39 +00:00			`if err := key.Delete(); err != nil {`
Initial commit 2023-03-14 15:22:52 +00:00			`return errorRes(500, "Cannot delete SSH key", err)`
			`}`

Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.user.ssh-key-deleted"), "success")`
Added email and gravatar to user config 2023-03-19 15:29:14 +00:00			`return redirect(ctx, "/settings")`
Initial commit 2023-03-14 15:22:52 +00:00			`}`
Create/change account password (#156) 2023-11-20 17:03:28 +00:00
Add passkeys support + MFA (#341) 2024-10-07 21:56:32 +00:00			`func passkeyDelete(ctx echo.Context) error {`
			`user := getUserLogged(ctx)`
			`keyId, err := strconv.Atoi(ctx.Param("id"))`
			`if err != nil {`
			`return redirect(ctx, "/settings")`
			`}`

			`passkey, err := db.GetCredentialByIDDB(uint(keyId))`
			`if err != nil \|\| passkey.UserID != user.ID {`
			`return redirect(ctx, "/settings")`
			`}`

			`if err := passkey.Delete(); err != nil {`
			`return errorRes(500, "Cannot delete passkey", err)`
			`}`

			`addFlash(ctx, tr(ctx, "flash.auth.passkey-deleted"), "success")`
			`return redirect(ctx, "/settings")`
			`}`

Create/change account password (#156) 2023-11-20 17:03:28 +00:00			`func passwordProcess(ctx echo.Context) error {`
			`user := getUserLogged(ctx)`

			`dto := new(db.UserDTO)`
			`if err := ctx.Bind(dto); err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`return errorRes(400, tr(ctx, "error.cannot-bind-data"), err)`
Create/change account password (#156) 2023-11-20 17:03:28 +00:00			`}`
			`dto.Username = user.Username`

			`if err := ctx.Validate(dto); err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, utils.ValidationMessages(&err, getData(ctx, "locale").(*i18n.Locale)), "error")`
Create/change account password (#156) 2023-11-20 17:03:28 +00:00			`return html(ctx, "settings.html")`
			`}`

Reset a user password using CLI (#226) 2024-02-24 17:45:36 +00:00			`password, err := utils.Argon2id.Hash(dto.Password)`
Create/change account password (#156) 2023-11-20 17:03:28 +00:00			`if err != nil {`
			`return errorRes(500, "Cannot hash password", err)`
			`}`
			`user.Password = password`

			`if err = user.Update(); err != nil {`
			`return errorRes(500, "Cannot update password", err)`
			`}`

Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.user.password-updated"), "success")`
Create/change account password (#156) 2023-11-20 17:03:28 +00:00			`return redirect(ctx, "/settings")`
			`}`
Change username setting (#190) 2024-01-01 22:45:19 +00:00
			`func usernameProcess(ctx echo.Context) error {`
			`user := getUserLogged(ctx)`

			`dto := new(db.UserDTO)`
			`if err := ctx.Bind(dto); err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`return errorRes(400, tr(ctx, "error.cannot-bind-data"), err)`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`}`
			`dto.Password = user.Password`

			`if err := ctx.Validate(dto); err != nil {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, utils.ValidationMessages(&err, getData(ctx, "locale").(*i18n.Locale)), "error")`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`return redirect(ctx, "/settings")`
			`}`

			`if exists, err := db.UserExists(dto.Username); err != nil \|\| exists {`
Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.auth.username-exists"), "error")`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`return redirect(ctx, "/settings")`
			`}`

Move Git hook logic to Opengist (#213) 2024-01-23 19:24:01 +00:00			`sourceDir := filepath.Join(config.GetHomeDir(), git.ReposDirectory, strings.ToLower(user.Username))`
			`destinationDir := filepath.Join(config.GetHomeDir(), git.ReposDirectory, strings.ToLower(dto.Username))`
Fix directory renaming on username change (#205) * src/dest dirs have to be lowercase * if the src dir doesn't exist, don't rename 2024-01-05 21:56:04 +00:00
			`if _, err := os.Stat(sourceDir); !os.IsNotExist(err) {`
			`err := os.Rename(sourceDir, destinationDir)`
			`if err != nil {`
			`return errorRes(500, "Cannot rename user directory", err)`
			`}`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`}`

			`user.Username = dto.Username`

			`if err := user.Update(); err != nil {`
			`return errorRes(500, "Cannot update username", err)`
			`}`

Add translation strings (#269) 2024-05-04 22:24:25 +00:00			`addFlash(ctx, tr(ctx, "flash.user.username-updated"), "success")`
Change username setting (#190) 2024-01-01 22:45:19 +00:00			`return redirect(ctx, "/settings")`
			`}`