2 files changed, 94 insertions, 2 deletions

diff --git a/server/src/routes/ui/account/admin.rs b/server/src/routes/ui/account/admin.rs
new file mode 100644
index 0000000..1fbd7dd
--- /dev/null
+++ b/server/src/routes/ui/account/admin.rs
@@ -0,0 +1,91 @@
+use crate::{
+    database::Database,
+    routes::ui::{
+        account::session::Session,
+        error::MyResult,
+        layout::{DynLayoutPage, LayoutPage},
+    },
+    uri,
+};
+use anyhow::anyhow;
+use rand::Rng;
+use rocket::{form::Form, get, post, FromForm, State};
+
+#[get("/account/admin/dashboard")]
+pub fn r_account_admin_dashboard(
+    session: Session,
+    database: &State<Database>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+
+    // TODO this doesnt scale
+    let users = database.users.iter().collect::<Result<Vec<_>, _>>()?;
+
+    Ok(LayoutPage {
+        title: "Admin Dashboard".to_string(),
+        content: markup::new! {
+            h1 { "Admin Panel" }
+            h2 { "Invitations"}
+            form[method="POST", action=uri!(r_account_admin_invite())] {
+                input[type="submit", value="Generate new invite code"];
+            }
+            h2 { "Users" }
+            @for (_, u) in &users {
+                form[method="POST", action=uri!(r_account_admin_remove_user())] {
+                    span { @format!("{:?}", u.display_name) " (" @u.name ")" }
+                    input[type="text", name="name", value=&u.name, hidden];
+                    input[type="submit", value="Remove(!)"];
+                }
+            }
+        },
+    })
+}
+
+#[post("/account/admin/generate_invite")]
+pub fn r_account_admin_invite(
+    session: Session,
+    database: &State<Database>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+
+    let i = format!("{}", rand::thread_rng().gen::<u128>());
+    database.invites.insert(&i, &())?;
+
+    Ok(LayoutPage {
+        title: "Admin Dashboard".to_string(),
+        content: markup::new! {
+            pre { code { @i } }
+        },
+    })
+}
+
+#[derive(FromForm)]
+pub struct DeleteUser {
+    name: String,
+}
+
+#[post("/account/admin/remove_user", data = "<form>")]
+pub fn r_account_admin_remove_user(
+    session: Session,
+    database: &State<Database>,
+    form: Form<DeleteUser>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+    database
+        .users
+        .remove(&form.name)?
+        .ok_or(anyhow!("user did not exist"))?;
+
+    Ok(LayoutPage {
+        title: "User removed".to_string(),
+        content: markup::new! {
+            p { "User removed" }
+        },
+    })
+}
diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs
index bdc6062..e39ef6c 100644
--- a/server/src/routes/ui/account/mod.rs
+++ b/server/src/routes/ui/account/mod.rs
@@ -1,3 +1,4 @@
+pub mod admin;
 pub mod session;
 
 use super::error::MyError;
@@ -18,7 +19,7 @@ use rocket::{get, post, uri, FromForm, State};
 
 #[derive(FromForm)]
 pub struct RegisterForm {
-    #[field(validate = len(8..32))]
+    #[field(validate = len(8..128))]
     pub invitation: String,
     #[field(validate = len(4..32))]
     pub username: String,
@@ -108,7 +109,7 @@ pub fn r_account_register_post<'a>(
             Some(&User {
                 display_name: form.username.clone(),
                 name: form.username.clone(),
-                password: form.password.clone().into(), // TODO hash it
+                password: hash_password(&form.password),
                 admin: false,
             }),
         )