aboutsummaryrefslogtreecommitdiff
path: root/server/src/routes/ui/account/admin.rs
blob: ce388d470bd0a1bb8a42075a288be4041650f37e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/*
    This file is part of jellything (https://codeberg.org/metamuffin/jellything)
    which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
    Copyright (C) 2023 metamuffin <metamuffin.org>
*/
use crate::{
    database::Database,
    routes::ui::{
        account::session::Session,
        error::MyResult,
        layout::{DynLayoutPage, LayoutPage},
    },
    uri,
};
use anyhow::anyhow;
use rand::Rng;
use rocket::{form::Form, get, post, FromForm, State};

#[get("/account/admin/dashboard")]
pub fn r_account_admin_dashboard(
    session: Session,
    database: &State<Database>,
) -> MyResult<DynLayoutPage<'static>> {
    if !session.user.admin {
        Err(anyhow!("you not admin"))?
    }

    // TODO this doesnt scale
    let users = database.users.iter().collect::<Result<Vec<_>, _>>()?;
    let invites = database.invites.iter().collect::<Result<Vec<_>, _>>()?;

    Ok(LayoutPage {
        title: "Admin Dashboard".to_string(),
        content: markup::new! {
            h1 { "Admin Panel" }
            h2 { "Invitations"}
            form[method="POST", action=uri!(r_account_admin_invite())] {
                input[type="submit", value="Generate new invite code"];
            }
            ul { @for t in &invites {
                li {
                    form[method="POST", action=uri!(r_account_admin_remove_invite())] {
                        span { @t.0 }
                        input[type="text", name="invite", value=&t.0, hidden];
                        input[type="submit", value="Invalidate"];
                    }
                }
            }}
            h2 { "Users" }
            ul { @for (_, u) in &users {
                li { form[method="POST", action=uri!(r_account_admin_remove_user())] {
                    span { @format!("{:?}", u.display_name) " (" @u.name ")" }
                    input[type="text", name="name", value=&u.name, hidden];
                    input[type="submit", value="Remove(!)"];
                }}
            }}
        },
    })
}

#[post("/account/admin/generate_invite")]
pub fn r_account_admin_invite(
    session: Session,
    database: &State<Database>,
) -> MyResult<DynLayoutPage<'static>> {
    if !session.user.admin {
        Err(anyhow!("you not admin"))?
    }

    let i = format!("{}", rand::thread_rng().gen::<u128>());
    database.invites.insert(&i, &())?;

    Ok(LayoutPage {
        title: "Admin Dashboard".to_string(),
        content: markup::new! {
            pre { code { @i } }
        },
    })
}

#[derive(FromForm)]
pub struct DeleteUser {
    name: String,
}

#[post("/account/admin/remove_user", data = "<form>")]
pub fn r_account_admin_remove_user(
    session: Session,
    database: &State<Database>,
    form: Form<DeleteUser>,
) -> MyResult<DynLayoutPage<'static>> {
    if !session.user.admin {
        Err(anyhow!("you not admin"))?
    }
    database
        .users
        .remove(&form.name)?
        .ok_or(anyhow!("user did not exist"))?;

    Ok(LayoutPage {
        title: "User removed".to_string(),
        content: markup::new! {
            p { "User removed" }
            a[href=uri!(r_account_admin_dashboard())] {"Back"}
        },
    })
}

#[derive(FromForm)]
pub struct DeleteInvite {
    invite: String,
}

#[post("/account/admin/remove_invite", data = "<form>")]
pub fn r_account_admin_remove_invite(
    session: Session,
    database: &State<Database>,
    form: Form<DeleteInvite>,
) -> MyResult<DynLayoutPage<'static>> {
    if !session.user.admin {
        Err(anyhow!("you not admin"))?
    }
    database
        .invites
        .remove(&form.invite)?
        .ok_or(anyhow!("invite did not exist"))?;

    Ok(LayoutPage {
        title: "Invite invalidated".to_string(),
        content: markup::new! {
            p { "Invite invalidated" }
            a[href=uri!(r_account_admin_dashboard())] {"Back"}
        },
    })
}