admin panel

author: metamuffin <metamuffin@disroot.org> 2023-01-22 14:56:46 +0100
committer: metamuffin <metamuffin@disroot.org> 2023-01-22 14:56:46 +0100
commit: a8402e7f17e978b839a605d4715ca51b4a76f1f3 (patch)
tree: ce411485725efc6d224a9dce917175af26934126 /server/src
parent: ed870d1fc04891e79ab1d40be473a07810a62e69 (diff)
download: jellything-a8402e7f17e978b839a605d4715ca51b4a76f1f3.tar
jellything-a8402e7f17e978b839a605d4715ca51b4a76f1f3.tar.bz2
jellything-a8402e7f17e978b839a605d4715ca51b4a76f1f3.tar.zst
5 files changed, 118 insertions, 7 deletions
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs
index 0b07728..b791c5a 100644
--- a/server/src/routes/mod.rs
+++ b/server/src/routes/mod.rs
@@ -4,11 +4,12 @@ use rocket::{catchers, config::SecretKey, routes, Build, Config, Rocket};
 use stream::r_stream;
 use ui::{
     account::{
+        admin::{r_account_admin_dashboard, r_account_admin_invite, r_account_admin_remove_user},
         r_account_login, r_account_login_post, r_account_logout, r_account_logout_post,
         r_account_register, r_account_register_post,
     },
     error::r_catch,
-    home::r_home,
+    home::{r_home, r_home_unpriv},
     node::{r_item_assets, r_library_node},
     player::r_player,
     style::{r_assets_font, r_assets_js, r_assets_style},
@@ -42,6 +43,7 @@ pub fn build_rocket(
             "/",
             routes![
                 r_home,
+                r_home_unpriv,
                 r_library_node,
                 r_assets_style,
                 r_assets_font,
@@ -54,6 +56,9 @@ pub fn build_rocket(
                 r_account_register_post,
                 r_account_logout,
                 r_account_logout_post,
+                r_account_admin_dashboard,
+                r_account_admin_invite,
+                r_account_admin_remove_user,
                 r_item_assets,
             ],
         )
diff --git a/server/src/routes/ui/account/admin.rs b/server/src/routes/ui/account/admin.rs
new file mode 100644
index 0000000..1fbd7dd
--- /dev/null
+++ b/server/src/routes/ui/account/admin.rs
@@ -0,0 +1,91 @@
+use crate::{
+    database::Database,
+    routes::ui::{
+        account::session::Session,
+        error::MyResult,
+        layout::{DynLayoutPage, LayoutPage},
+    },
+    uri,
+};
+use anyhow::anyhow;
+use rand::Rng;
+use rocket::{form::Form, get, post, FromForm, State};
+
+#[get("/account/admin/dashboard")]
+pub fn r_account_admin_dashboard(
+    session: Session,
+    database: &State<Database>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+
+    // TODO this doesnt scale
+    let users = database.users.iter().collect::<Result<Vec<_>, _>>()?;
+
+    Ok(LayoutPage {
+        title: "Admin Dashboard".to_string(),
+        content: markup::new! {
+            h1 { "Admin Panel" }
+            h2 { "Invitations"}
+            form[method="POST", action=uri!(r_account_admin_invite())] {
+                input[type="submit", value="Generate new invite code"];
+            }
+            h2 { "Users" }
+            @for (_, u) in &users {
+                form[method="POST", action=uri!(r_account_admin_remove_user())] {
+                    span { @format!("{:?}", u.display_name) " (" @u.name ")" }
+                    input[type="text", name="name", value=&u.name, hidden];
+                    input[type="submit", value="Remove(!)"];
+                }
+            }
+        },
+    })
+}
+
+#[post("/account/admin/generate_invite")]
+pub fn r_account_admin_invite(
+    session: Session,
+    database: &State<Database>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+
+    let i = format!("{}", rand::thread_rng().gen::<u128>());
+    database.invites.insert(&i, &())?;
+
+    Ok(LayoutPage {
+        title: "Admin Dashboard".to_string(),
+        content: markup::new! {
+            pre { code { @i } }
+        },
+    })
+}
+
+#[derive(FromForm)]
+pub struct DeleteUser {
+    name: String,
+}
+
+#[post("/account/admin/remove_user", data = "<form>")]
+pub fn r_account_admin_remove_user(
+    session: Session,
+    database: &State<Database>,
+    form: Form<DeleteUser>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+    database
+        .users
+        .remove(&form.name)?
+        .ok_or(anyhow!("user did not exist"))?;
+
+    Ok(LayoutPage {
+        title: "User removed".to_string(),
+        content: markup::new! {
+            p { "User removed" }
+        },
+    })
+}
diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs
index bdc6062..e39ef6c 100644
--- a/server/src/routes/ui/account/mod.rs
+++ b/server/src/routes/ui/account/mod.rs
@@ -1,3 +1,4 @@
+pub mod admin;
 pub mod session;
 
 use super::error::MyError;
@@ -18,7 +19,7 @@ use rocket::{get, post, uri, FromForm, State};
 
 #[derive(FromForm)]
 pub struct RegisterForm {
-    #[field(validate = len(8..32))]
+    #[field(validate = len(8..128))]
     pub invitation: String,
     #[field(validate = len(4..32))]
     pub username: String,
@@ -108,7 +109,7 @@ pub fn r_account_register_post<'a>(
             Some(&User {
                 display_name: form.username.clone(),
                 name: form.username.clone(),
-                password: form.password.clone().into(), // TODO hash it
+                password: hash_password(&form.password),
                 admin: false,
             }),
         )
diff --git a/server/src/routes/ui/home.rs b/server/src/routes/ui/home.rs
index 6e4684c..b9e9289 100644
--- a/server/src/routes/ui/home.rs
+++ b/server/src/routes/ui/home.rs
@@ -15,3 +15,13 @@ pub async fn r_home(_sess: Session, library: &State<Library>) -> DynLayoutPage {
         },
     }
 }
+
+#[get("/", rank = 2)]
+pub async fn r_home_unpriv() -> DynLayoutPage<'static> {
+    LayoutPage {
+        title: "Home".to_string(),
+        content: markup::new! {
+            h1 { @CONF.brand }
+        },
+    }
+}
diff --git a/server/src/routes/ui/layout.rs b/server/src/routes/ui/layout.rs
index 614aa66..fe8f789 100644
--- a/server/src/routes/ui/layout.rs
+++ b/server/src/routes/ui/layout.rs
@@ -1,8 +1,7 @@
-use super::account::session::Session;
 use crate::{
     routes::ui::account::{
-        rocket_uri_macro_r_account_login, rocket_uri_macro_r_account_logout,
-        rocket_uri_macro_r_account_register,
+        admin::rocket_uri_macro_r_account_admin_dashboard, rocket_uri_macro_r_account_login,
+        rocket_uri_macro_r_account_logout, rocket_uri_macro_r_account_register, session::Session,
     },
     uri, CONF,
 };
@@ -27,11 +26,16 @@ markup::define! {
             body {
                 nav {
                     h1 { a[href="/"] { @CONF.brand } }
-                    a[href="/library"] { "My Library" }
+                    @if let Some(_) = session {
+                        a[href="/library"] { "My Library" }
+                    }
 
                     div.account {
                         @if let Some(session) = session {
                             span { "Logged in as " @session.user.display_name }
+                            @if session.user.admin {
+                                a[href=uri!(r_account_admin_dashboard())] { "Administration" }
+                            }
                             a[href=uri!(r_account_logout())] { "Log out" }
                         } else {
                             a[href=uri!(r_account_register())] { "Register" }
author	metamuffin <metamuffin@disroot.org>	2023-01-22 14:56:46 +0100
committer	metamuffin <metamuffin@disroot.org>	2023-01-22 14:56:46 +0100
commit	a8402e7f17e978b839a605d4715ca51b4a76f1f3 (patch)
tree	ce411485725efc6d224a9dce917175af26934126 /server/src
parent	ed870d1fc04891e79ab1d40be473a07810a62e69 (diff)
download	jellything-a8402e7f17e978b839a605d4715ca51b4a76f1f3.tar jellything-a8402e7f17e978b839a605d4715ca51b4a76f1f3.tar.bz2 jellything-a8402e7f17e978b839a605d4715ca51b4a76f1f3.tar.zst