diff options
Diffstat (limited to 'server/src')
| -rw-r--r-- | server/src/routes/mod.rs | 7 | ||||
| -rw-r--r-- | server/src/routes/ui/account/admin.rs | 91 | ||||
| -rw-r--r-- | server/src/routes/ui/account/mod.rs | 5 | ||||
| -rw-r--r-- | server/src/routes/ui/home.rs | 10 | ||||
| -rw-r--r-- | server/src/routes/ui/layout.rs | 12 |
5 files changed, 118 insertions, 7 deletions
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs index 0b07728..b791c5a 100644 --- a/server/src/routes/mod.rs +++ b/server/src/routes/mod.rs @@ -4,11 +4,12 @@ use rocket::{catchers, config::SecretKey, routes, Build, Config, Rocket}; use stream::r_stream; use ui::{ account::{ + admin::{r_account_admin_dashboard, r_account_admin_invite, r_account_admin_remove_user}, r_account_login, r_account_login_post, r_account_logout, r_account_logout_post, r_account_register, r_account_register_post, }, error::r_catch, - home::r_home, + home::{r_home, r_home_unpriv}, node::{r_item_assets, r_library_node}, player::r_player, style::{r_assets_font, r_assets_js, r_assets_style}, @@ -42,6 +43,7 @@ pub fn build_rocket( "/", routes![ r_home, + r_home_unpriv, r_library_node, r_assets_style, r_assets_font, @@ -54,6 +56,9 @@ pub fn build_rocket( r_account_register_post, r_account_logout, r_account_logout_post, + r_account_admin_dashboard, + r_account_admin_invite, + r_account_admin_remove_user, r_item_assets, ], ) diff --git a/server/src/routes/ui/account/admin.rs b/server/src/routes/ui/account/admin.rs new file mode 100644 index 0000000..1fbd7dd --- /dev/null +++ b/server/src/routes/ui/account/admin.rs @@ -0,0 +1,91 @@ +use crate::{ + database::Database, + routes::ui::{ + account::session::Session, + error::MyResult, + layout::{DynLayoutPage, LayoutPage}, + }, + uri, +}; +use anyhow::anyhow; +use rand::Rng; +use rocket::{form::Form, get, post, FromForm, State}; + +#[get("/account/admin/dashboard")] +pub fn r_account_admin_dashboard( + session: Session, + database: &State<Database>, +) -> MyResult<DynLayoutPage<'static>> { + if !session.user.admin { + Err(anyhow!("you not admin"))? + } + + // TODO this doesnt scale + let users = database.users.iter().collect::<Result<Vec<_>, _>>()?; + + Ok(LayoutPage { + title: "Admin Dashboard".to_string(), + content: markup::new! { + h1 { "Admin Panel" } + h2 { "Invitations"} + form[method="POST", action=uri!(r_account_admin_invite())] { + input[type="submit", value="Generate new invite code"]; + } + h2 { "Users" } + @for (_, u) in &users { + form[method="POST", action=uri!(r_account_admin_remove_user())] { + span { @format!("{:?}", u.display_name) " (" @u.name ")" } + input[type="text", name="name", value=&u.name, hidden]; + input[type="submit", value="Remove(!)"]; + } + } + }, + }) +} + +#[post("/account/admin/generate_invite")] +pub fn r_account_admin_invite( + session: Session, + database: &State<Database>, +) -> MyResult<DynLayoutPage<'static>> { + if !session.user.admin { + Err(anyhow!("you not admin"))? + } + + let i = format!("{}", rand::thread_rng().gen::<u128>()); + database.invites.insert(&i, &())?; + + Ok(LayoutPage { + title: "Admin Dashboard".to_string(), + content: markup::new! { + pre { code { @i } } + }, + }) +} + +#[derive(FromForm)] +pub struct DeleteUser { + name: String, +} + +#[post("/account/admin/remove_user", data = "<form>")] +pub fn r_account_admin_remove_user( + session: Session, + database: &State<Database>, + form: Form<DeleteUser>, +) -> MyResult<DynLayoutPage<'static>> { + if !session.user.admin { + Err(anyhow!("you not admin"))? + } + database + .users + .remove(&form.name)? + .ok_or(anyhow!("user did not exist"))?; + + Ok(LayoutPage { + title: "User removed".to_string(), + content: markup::new! { + p { "User removed" } + }, + }) +} diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs index bdc6062..e39ef6c 100644 --- a/server/src/routes/ui/account/mod.rs +++ b/server/src/routes/ui/account/mod.rs @@ -1,3 +1,4 @@ +pub mod admin; pub mod session; use super::error::MyError; @@ -18,7 +19,7 @@ use rocket::{get, post, uri, FromForm, State}; #[derive(FromForm)] pub struct RegisterForm { - #[field(validate = len(8..32))] + #[field(validate = len(8..128))] pub invitation: String, #[field(validate = len(4..32))] pub username: String, @@ -108,7 +109,7 @@ pub fn r_account_register_post<'a>( Some(&User { display_name: form.username.clone(), name: form.username.clone(), - password: form.password.clone().into(), // TODO hash it + password: hash_password(&form.password), admin: false, }), ) diff --git a/server/src/routes/ui/home.rs b/server/src/routes/ui/home.rs index 6e4684c..b9e9289 100644 --- a/server/src/routes/ui/home.rs +++ b/server/src/routes/ui/home.rs @@ -15,3 +15,13 @@ pub async fn r_home(_sess: Session, library: &State<Library>) -> DynLayoutPage { }, } } + +#[get("/", rank = 2)] +pub async fn r_home_unpriv() -> DynLayoutPage<'static> { + LayoutPage { + title: "Home".to_string(), + content: markup::new! { + h1 { @CONF.brand } + }, + } +} diff --git a/server/src/routes/ui/layout.rs b/server/src/routes/ui/layout.rs index 614aa66..fe8f789 100644 --- a/server/src/routes/ui/layout.rs +++ b/server/src/routes/ui/layout.rs @@ -1,8 +1,7 @@ -use super::account::session::Session; use crate::{ routes::ui::account::{ - rocket_uri_macro_r_account_login, rocket_uri_macro_r_account_logout, - rocket_uri_macro_r_account_register, + admin::rocket_uri_macro_r_account_admin_dashboard, rocket_uri_macro_r_account_login, + rocket_uri_macro_r_account_logout, rocket_uri_macro_r_account_register, session::Session, }, uri, CONF, }; @@ -27,11 +26,16 @@ markup::define! { body { nav { h1 { a[href="/"] { @CONF.brand } } - a[href="/library"] { "My Library" } + @if let Some(_) = session { + a[href="/library"] { "My Library" } + } div.account { @if let Some(session) = session { span { "Logged in as " @session.user.display_name } + @if session.user.admin { + a[href=uri!(r_account_admin_dashboard())] { "Administration" } + } a[href=uri!(r_account_logout())] { "Log out" } } else { a[href=uri!(r_account_register())] { "Register" } |