From a8402e7f17e978b839a605d4715ca51b4a76f1f3 Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Sun, 22 Jan 2023 14:56:46 +0100
Subject: admin panel

---
 server/src/routes/ui/account/admin.rs | 91 +++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 server/src/routes/ui/account/admin.rs

(limited to 'server/src/routes/ui/account/admin.rs')

diff --git a/server/src/routes/ui/account/admin.rs b/server/src/routes/ui/account/admin.rs
new file mode 100644
index 0000000..1fbd7dd
--- /dev/null
+++ b/server/src/routes/ui/account/admin.rs
@@ -0,0 +1,91 @@
+use crate::{
+    database::Database,
+    routes::ui::{
+        account::session::Session,
+        error::MyResult,
+        layout::{DynLayoutPage, LayoutPage},
+    },
+    uri,
+};
+use anyhow::anyhow;
+use rand::Rng;
+use rocket::{form::Form, get, post, FromForm, State};
+
+#[get("/account/admin/dashboard")]
+pub fn r_account_admin_dashboard(
+    session: Session,
+    database: &State<Database>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+
+    // TODO this doesnt scale
+    let users = database.users.iter().collect::<Result<Vec<_>, _>>()?;
+
+    Ok(LayoutPage {
+        title: "Admin Dashboard".to_string(),
+        content: markup::new! {
+            h1 { "Admin Panel" }
+            h2 { "Invitations"}
+            form[method="POST", action=uri!(r_account_admin_invite())] {
+                input[type="submit", value="Generate new invite code"];
+            }
+            h2 { "Users" }
+            @for (_, u) in &users {
+                form[method="POST", action=uri!(r_account_admin_remove_user())] {
+                    span { @format!("{:?}", u.display_name) " (" @u.name ")" }
+                    input[type="text", name="name", value=&u.name, hidden];
+                    input[type="submit", value="Remove(!)"];
+                }
+            }
+        },
+    })
+}
+
+#[post("/account/admin/generate_invite")]
+pub fn r_account_admin_invite(
+    session: Session,
+    database: &State<Database>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+
+    let i = format!("{}", rand::thread_rng().gen::<u128>());
+    database.invites.insert(&i, &())?;
+
+    Ok(LayoutPage {
+        title: "Admin Dashboard".to_string(),
+        content: markup::new! {
+            pre { code { @i } }
+        },
+    })
+}
+
+#[derive(FromForm)]
+pub struct DeleteUser {
+    name: String,
+}
+
+#[post("/account/admin/remove_user", data = "<form>")]
+pub fn r_account_admin_remove_user(
+    session: Session,
+    database: &State<Database>,
+    form: Form<DeleteUser>,
+) -> MyResult<DynLayoutPage<'static>> {
+    if !session.user.admin {
+        Err(anyhow!("you not admin"))?
+    }
+    database
+        .users
+        .remove(&form.name)?
+        .ok_or(anyhow!("user did not exist"))?;
+
+    Ok(LayoutPage {
+        title: "User removed".to_string(),
+        content: markup::new! {
+            p { "User removed" }
+        },
+    })
+}
-- 
cgit v1.2.3-70-g09d2