From dbdd38694d9d38d54eb621e5f976f2852e2e7c43 Mon Sep 17 00:00:00 2001 From: Thomas Miceli Date: Sun, 16 Apr 2023 17:48:21 +0200 Subject: [PATCH 1/3] Change /admin route to /admin-panel (#1) --- internal/web/admin.go | 8 ++++---- internal/web/run.go | 2 +- internal/web/util.go | 2 +- templates/base/admin_header.html | 6 +++--- templates/base/base_header.html | 4 ++-- templates/pages/admin_gists.html | 2 +- templates/pages/admin_index.html | 4 ++-- templates/pages/admin_users.html | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/internal/web/admin.go b/internal/web/admin.go index c637511..3632252 100644 --- a/internal/web/admin.go +++ b/internal/web/admin.go @@ -101,7 +101,7 @@ func adminUserDelete(ctx echo.Context) error { } addFlash(ctx, "User has been deleted", "success") - return redirect(ctx, "/admin/users") + return redirect(ctx, "/admin-panel/users") } func adminGistDelete(ctx echo.Context) error { @@ -119,7 +119,7 @@ func adminGistDelete(ctx echo.Context) error { } addFlash(ctx, "Gist has been deleted", "success") - return redirect(ctx, "/admin/gists") + return redirect(ctx, "/admin-panel/gists") } func adminSyncReposFromFS(ctx echo.Context) error { @@ -148,7 +148,7 @@ func adminSyncReposFromFS(ctx echo.Context) error { } syncReposFromFS = false }() - return redirect(ctx, "/admin") + return redirect(ctx, "/admin-panel") } func adminSyncReposFromDB(ctx echo.Context) error { @@ -180,5 +180,5 @@ func adminSyncReposFromDB(ctx echo.Context) error { syncReposFromDB = false return }() - return redirect(ctx, "/admin") + return redirect(ctx, "/admin-panel") } diff --git a/internal/web/run.go b/internal/web/run.go index 1d66e64..5958179 100644 --- a/internal/web/run.go +++ b/internal/web/run.go @@ -173,7 +173,7 @@ func Start() { g1.POST("/settings/ssh-keys", sshKeysProcess, logged) g1.DELETE("/settings/ssh-keys/:id", sshKeysDelete, logged) - g2 := g1.Group("/admin") + g2 := g1.Group("/admin-panel") { g2.Use(adminPermission) g2.GET("", adminIndex) diff --git a/internal/web/util.go b/internal/web/util.go index d78a89d..714f959 100644 --- a/internal/web/util.go +++ b/internal/web/util.go @@ -148,7 +148,7 @@ func validateReservedKeywords(fl validator.FieldLevel) bool { name := fl.Field().String() restrictedNames := map[string]struct{}{} - for _, restrictedName := range []string{"assets", "register", "login", "logout", "config", "admin", "all"} { + for _, restrictedName := range []string{"assets", "register", "login", "logout", "config", "admin-panel", "all"} { restrictedNames[restrictedName] = struct{}{} } diff --git a/templates/base/admin_header.html b/templates/base/admin_header.html index d7be0b2..598a7cc 100644 --- a/templates/base/admin_header.html +++ b/templates/base/admin_header.html @@ -9,11 +9,11 @@
diff --git a/templates/base/base_header.html b/templates/base/base_header.html index 7abf7d5..47de0e8 100644 --- a/templates/base/base_header.html +++ b/templates/base/base_header.html @@ -53,7 +53,7 @@
{{ if .userLogged }} {{ if .userLogged.IsAdmin }} - + {{ end }} @@ -91,7 +91,7 @@ Settings {{ if .userLogged.IsAdmin }} - Admin + Admin {{ end }} {{ end }}
diff --git a/templates/pages/admin_gists.html b/templates/pages/admin_gists.html index 6750e04..9cfa5d5 100644 --- a/templates/pages/admin_gists.html +++ b/templates/pages/admin_gists.html @@ -28,7 +28,7 @@ {{ $gist.NbLikes }} {{ $gist.CreatedAt }} -
+ {{ $.csrfHtml }}
diff --git a/templates/pages/admin_index.html b/templates/pages/admin_index.html index 03fe60d..0ef7351 100644 --- a/templates/pages/admin_index.html +++ b/templates/pages/admin_index.html @@ -56,13 +56,13 @@ Actions
-
+ {{ .csrfHtml }}
-
+ {{ .csrfHtml }}
From dba3f4be448e447c0b20e4a78c52634c28f4cdb8 Mon Sep 17 00:00:00 2001 From: Thomas Miceli Date: Mon, 17 Apr 2023 00:17:06 +0200 Subject: [PATCH 2/3] Create admin settings and moved signup disable setting there --- config.yml | 3 -- internal/config/config.go | 10 +++--- internal/models/admin_setting.go | 56 ++++++++++++++++++++++++++++++++ internal/models/db.go | 7 ++-- internal/web/admin.go | 13 ++++++++ internal/web/auth.go | 3 +- internal/web/run.go | 8 ++++- public/admin.ts | 22 +++++++++++++ templates/pages/admin_index.html | 17 ++++++++++ vite.config.js | 4 +-- 10 files changed, 127 insertions(+), 16 deletions(-) create mode 100644 internal/models/admin_setting.go create mode 100644 public/admin.ts diff --git a/config.yml b/config.yml index 36e0740..b08cb4b 100644 --- a/config.yml +++ b/config.yml @@ -5,9 +5,6 @@ log-level: warn # If not set, uses the URL from the request external-url: -# Prevents the creation of new accounts (either `true` or `false`). Default: false -disable-signup: false - # Directory where Opengist will store its data. Default: ~/.opengist/ opengist-home: diff --git a/internal/config/config.go b/internal/config/config.go index f776e61..a058871 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -18,11 +18,10 @@ var C *config // Not using nested structs because the library // doesn't support dot notation in this case sadly type config struct { - LogLevel string `yaml:"log-level"` - ExternalUrl string `yaml:"external-url"` - DisableSignup bool `yaml:"disable-signup"` - OpengistHome string `yaml:"opengist-home"` - DBFilename string `yaml:"db-filename"` + LogLevel string `yaml:"log-level"` + ExternalUrl string `yaml:"external-url"` + OpengistHome string `yaml:"opengist-home"` + DBFilename string `yaml:"db-filename"` HttpHost string `yaml:"http.host"` HttpPort string `yaml:"http.port"` @@ -46,7 +45,6 @@ func configWithDefaults() (*config, error) { } c.LogLevel = "warn" - c.DisableSignup = false c.OpengistHome = filepath.Join(homeDir, ".opengist") c.DBFilename = "opengist.db" diff --git a/internal/models/admin_setting.go b/internal/models/admin_setting.go new file mode 100644 index 0000000..5fa7f6e --- /dev/null +++ b/internal/models/admin_setting.go @@ -0,0 +1,56 @@ +package models + +import ( + "errors" + "github.com/mattn/go-sqlite3" + "gorm.io/gorm/clause" +) + +type AdminSetting struct { + Key string `gorm:"uniqueIndex"` + Value string +} + +const ( + SettingDisableSignup = "disable-signup" +) + +func GetSetting(key string) (string, error) { + var setting AdminSetting + err := db.Where("key = ?", key).First(&setting).Error + return setting.Value, err +} + +func UpdateSetting(key string, value string) error { + return db.Clauses(clause.OnConflict{ + Columns: []clause.Column{{Name: "key"}}, // key colume + DoUpdates: clause.AssignmentColumns([]string{"value"}), + }).Create(&AdminSetting{ + Key: key, + Value: value, + }).Error +} + +func setSetting(key string, value string) error { + return db.Create(&AdminSetting{Key: key, Value: value}).Error +} + +func initAdminSettings(settings map[string]string) error { + for key, value := range settings { + if err := setSetting(key, value); err != nil { + if !isUniqueConstraintViolation(err) { + return err + } + } + } + + return nil +} + +func isUniqueConstraintViolation(err error) bool { + var sqliteErr sqlite3.Error + if errors.As(err, &sqliteErr) && sqliteErr.ExtendedCode == sqlite3.ErrConstraintUnique { + return true + } + return false +} diff --git a/internal/models/db.go b/internal/models/db.go index c6d76bf..6878055 100644 --- a/internal/models/db.go +++ b/internal/models/db.go @@ -17,11 +17,14 @@ func Setup(dbpath string) error { return err } - if err = db.AutoMigrate(&User{}, &SSHKey{}, &Gist{}); err != nil { + if err = db.AutoMigrate(&User{}, &SSHKey{}, &Gist{}, &AdminSetting{}); err != nil { return err } - return nil + // Default admin setting values + return initAdminSettings(map[string]string{ + SettingDisableSignup: "0", + }) } func CountAll(table interface{}) (int64, error) { diff --git a/internal/web/admin.go b/internal/web/admin.go index 3632252..664a635 100644 --- a/internal/web/admin.go +++ b/internal/web/admin.go @@ -182,3 +182,16 @@ func adminSyncReposFromDB(ctx echo.Context) error { }() return redirect(ctx, "/admin-panel") } + +func adminSetSetting(ctx echo.Context) error { + key := ctx.FormValue("key") + value := ctx.FormValue("value") + + if err := models.UpdateSetting(key, value); err != nil { + return errorRes(500, "Cannot set setting", err) + } + + return ctx.JSON(200, map[string]interface{}{ + "success": true, + }) +} diff --git a/internal/web/auth.go b/internal/web/auth.go index d284024..a35b6de 100644 --- a/internal/web/auth.go +++ b/internal/web/auth.go @@ -5,7 +5,6 @@ import ( "github.com/labstack/echo/v4" "github.com/rs/zerolog/log" "gorm.io/gorm" - "opengist/internal/config" "opengist/internal/models" ) @@ -16,7 +15,7 @@ func register(ctx echo.Context) error { } func processRegister(ctx echo.Context) error { - if config.C.DisableSignup { + if getData(ctx, "signupDisabled") == true { return errorRes(403, "Signing up is disabled", nil) } diff --git a/internal/web/run.go b/internal/web/run.go index 5958179..632ace6 100644 --- a/internal/web/run.go +++ b/internal/web/run.go @@ -183,6 +183,7 @@ func Start() { g2.POST("/gists/:gist/delete", adminGistDelete) g2.POST("/sync-fs", adminSyncReposFromFS) g2.POST("/sync-db", adminSyncReposFromDB) + g2.PUT("/set-setting", adminSetSetting) } g1.GET("/all", allGists) @@ -236,7 +237,12 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc { ctxValue := context.WithValue(ctx.Request().Context(), "data", echo.Map{}) ctx.SetRequest(ctx.Request().WithContext(ctxValue)) setData(ctx, "loadStartTime", time.Now()) - setData(ctx, "signupDisabled", config.C.DisableSignup) + + disableSignup, err := models.GetSetting(models.SettingDisableSignup) + if err != nil { + return errorRes(500, "Cannot read setting from database", err) + } + setData(ctx, "signupDisabled", disableSignup == "1") return next(ctx) } diff --git a/public/admin.ts b/public/admin.ts new file mode 100644 index 0000000..635ea42 --- /dev/null +++ b/public/admin.ts @@ -0,0 +1,22 @@ +document.addEventListener('DOMContentLoaded', () => { + registerDomSetting(document.getElementById('disable-signup') as HTMLInputElement); +}); + +const setSetting = (key: string, value: string) => { + const data = new URLSearchParams(); + data.append('key', key); + data.append('value', value); + data.append('_csrf', ((document.getElementsByName('_csrf')[0] as HTMLInputElement).value)); + fetch('/admin-panel/set-setting', { + method: 'PUT', + credentials: 'same-origin', + body: data, + }); +}; + +const registerDomSetting = (el: HTMLInputElement) => { + el.addEventListener('change', () => { + setSetting(el.id, el.checked ? '1' : '0'); + }); +}; + diff --git a/templates/pages/admin_index.html b/templates/pages/admin_index.html index 0ef7351..9ecbd47 100644 --- a/templates/pages/admin_index.html +++ b/templates/pages/admin_index.html @@ -71,7 +71,24 @@
+ +
+
+
+ Settings +
+ {{ .csrfHtml }} +
+
+ + +
+
+
+
+ + {{ template "admin_footer" .}} {{ template "footer" .}} diff --git a/vite.config.js b/vite.config.js index 9680146..454e890 100644 --- a/vite.config.js +++ b/vite.config.js @@ -9,7 +9,7 @@ export default defineConfig({ assetsDir: 'assets', manifest: true, rollupOptions: { - input: ['./public/main.ts', './public/editor.ts'] + input: ['./public/main.ts', './public/editor.ts', './public/admin.ts'] } } -}) \ No newline at end of file +}) From 8534a4880be9bbc4097e2abc6d5d5cb64eeba601 Mon Sep 17 00:00:00 2001 From: Thomas Miceli Date: Mon, 17 Apr 2023 00:35:04 +0200 Subject: [PATCH 3/3] Fix admin panel url --- internal/web/admin.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/web/admin.go b/internal/web/admin.go index 664a635..88b62b0 100644 --- a/internal/web/admin.go +++ b/internal/web/admin.go @@ -64,7 +64,7 @@ func adminUsers(ctx echo.Context) error { return errorRes(500, "Cannot get users", err) } - if err = paginate(ctx, data, pageInt, 10, "data", "admin/users", 1); err != nil { + if err = paginate(ctx, data, pageInt, 10, "data", "admin-panel/users", 1); err != nil { return errorRes(404, "Page not found", nil) } @@ -82,7 +82,7 @@ func adminGists(ctx echo.Context) error { return errorRes(500, "Cannot get gists", err) } - if err = paginate(ctx, data, pageInt, 10, "data", "admin/gists", 1); err != nil { + if err = paginate(ctx, data, pageInt, 10, "data", "admin-panel/gists", 1); err != nil { return errorRes(404, "Page not found", nil) }