aboutsummaryrefslogtreecommitdiff
path: root/pkg/view
diff options
context:
space:
mode:
authorGabriel Arakaki Giovanini <mail@gabrielgio.me>2023-09-12 18:37:30 +0200
committerGabriel Arakaki Giovanini <mail@gabrielgio.me>2023-09-12 18:40:00 +0200
commitae10e121875982d6956d6bff453544cc59a75616 (patch)
tree9b6508c9b2a105ce3027bb24342916050e2f50cc /pkg/view
parentd33ba9ee675eedf47ce4a7977d116bf81dda5b2e (diff)
downloadlens-ae10e121875982d6956d6bff453544cc59a75616.tar.gz
lens-ae10e121875982d6956d6bff453544cc59a75616.tar.bz2
lens-ae10e121875982d6956d6bff453544cc59a75616.zip
feat: Add admin control
Now only admins can access settings.
Diffstat (limited to 'pkg/view')
-rw-r--r--pkg/view/album.go10
-rw-r--r--pkg/view/auth.go13
-rw-r--r--pkg/view/filesystem.go10
-rw-r--r--pkg/view/media.go14
-rw-r--r--pkg/view/settings.go33
-rw-r--r--pkg/view/view.go17
6 files changed, 64 insertions, 33 deletions
diff --git a/pkg/view/album.go b/pkg/view/album.go
index b19e381..e0ee405 100644
--- a/pkg/view/album.go
+++ b/pkg/view/album.go
@@ -30,10 +30,10 @@ func NewAlbumView(
func (self *AlbumView) Index(w http.ResponseWriter, r *http.Request) error {
p := getPagination(r)
- token := ext.GetTokenFromCtx(r)
+ user := ext.GetUserFromCtx(r)
// TODO: optmize call, GetPathFromUserID may no be necessary
- userPath, err := self.userRepository.GetPathFromUserID(r.Context(), token.UserID)
+ userPath, err := self.userRepository.GetPathFromUserID(r.Context(), user.ID)
if err != nil {
return err
}
@@ -91,12 +91,12 @@ func (self *AlbumView) Index(w http.ResponseWriter, r *http.Request) error {
Settings: settings,
}
- templates.WritePageTemplate(w, page)
+ templates.WritePageTemplate(w, page, user.IsAdmin)
return nil
}
func (self *AlbumView) SetMyselfIn(r *ext.Router) {
- r.GET("/album/", self.Index)
- r.POST("/album/", self.Index)
+ r.GET("/album", self.Index)
+ r.POST("/album", self.Index)
}
diff --git a/pkg/view/auth.go b/pkg/view/auth.go
index 8d87035..318d0a3 100644
--- a/pkg/view/auth.go
+++ b/pkg/view/auth.go
@@ -20,8 +20,8 @@ func NewAuthView(userController *service.AuthController) *AuthView {
}
}
-func (v *AuthView) LoginView(w http.ResponseWriter, _ *http.Request) error {
- templates.WritePageTemplate(w, &templates.LoginPage{})
+func (v *AuthView) LoginView(w http.ResponseWriter, r *http.Request) error {
+ templates.WritePageTemplate(w, &templates.LoginPage{}, false)
return nil
}
@@ -46,12 +46,15 @@ func (v *AuthView) Login(w http.ResponseWriter, r *http.Request) error {
)
auth, err := v.userController.Login(r.Context(), username, password)
+ if err != nil {
+ return err
+ }
if errors.Is(err, service.InvalidLogin) {
templates.WritePageTemplate(w, &templates.LoginPage{
Username: r.FormValue("username"),
Err: err.Error(),
- })
+ }, false)
return nil
}
@@ -82,8 +85,8 @@ func Index(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
}
-func (v *AuthView) InitialRegisterView(w http.ResponseWriter, _ *http.Request) error {
- templates.WritePageTemplate(w, &templates.RegisterPage{})
+func (v *AuthView) InitialRegisterView(w http.ResponseWriter, r *http.Request) error {
+ templates.WritePageTemplate(w, &templates.RegisterPage{}, false)
return nil
}
diff --git a/pkg/view/filesystem.go b/pkg/view/filesystem.go
index 24f0ce6..9071ec0 100644
--- a/pkg/view/filesystem.go
+++ b/pkg/view/filesystem.go
@@ -34,10 +34,10 @@ func NewFileSystemView(
func (self *FileSystemView) Index(w http.ResponseWriter, r *http.Request) error {
var (
pathValue = r.FormValue("path")
- token = ext.GetTokenFromCtx(r)
+ user = ext.GetUserFromCtx(r)
)
- page, err := self.fsService.GetPage(r.Context(), token.UserID, pathValue)
+ page, err := self.fsService.GetPage(r.Context(), user.ID, pathValue)
if err != nil {
return err
}
@@ -51,7 +51,7 @@ func (self *FileSystemView) Index(w http.ResponseWriter, r *http.Request) error
Page: page,
ShowMode: settings.ShowMode,
ShowOwner: settings.ShowOwner,
- })
+ }, user.IsAdmin)
return nil
}
@@ -59,6 +59,6 @@ func (self *FileSystemView) Index(w http.ResponseWriter, r *http.Request) error
func (self *FileSystemView) SetMyselfIn(r *ext.Router) {
r.GET("/", self.Index)
r.POST("/", self.Index)
- r.GET("/fs/", self.Index)
- r.POST("/fs/", self.Index)
+ r.GET("/fs", self.Index)
+ r.POST("/fs", self.Index)
}
diff --git a/pkg/view/media.go b/pkg/view/media.go
index 3041998..8a10fe0 100644
--- a/pkg/view/media.go
+++ b/pkg/view/media.go
@@ -71,9 +71,9 @@ func NewMediaView(
func (self *MediaView) Index(w http.ResponseWriter, r *http.Request) error {
p := getPagination(r)
- token := ext.GetTokenFromCtx(r)
+ user := ext.GetUserFromCtx(r)
- userPath, err := self.userRepository.GetPathFromUserID(r.Context(), token.UserID)
+ userPath, err := self.userRepository.GetPathFromUserID(r.Context(), user.ID)
if err != nil {
return err
}
@@ -98,7 +98,7 @@ func (self *MediaView) Index(w http.ResponseWriter, r *http.Request) error {
Settings: settings,
}
- templates.WritePageTemplate(w, page)
+ templates.WritePageTemplate(w, page, user.IsAdmin)
return nil
}
@@ -132,9 +132,9 @@ func (self *MediaView) GetThumbnail(w http.ResponseWriter, r *http.Request) erro
}
func (self *MediaView) SetMyselfIn(r *ext.Router) {
- r.GET("/media/", self.Index)
- r.POST("/media/", self.Index)
+ r.GET("/media", self.Index)
+ r.POST("/media", self.Index)
- r.GET("/media/image/", self.GetImage)
- r.GET("/media/thumbnail/", self.GetThumbnail)
+ r.GET("/media/image", self.GetImage)
+ r.GET("/media/thumbnail", self.GetThumbnail)
}
diff --git a/pkg/view/settings.go b/pkg/view/settings.go
index bf2dca6..cdd7baa 100644
--- a/pkg/view/settings.go
+++ b/pkg/view/settings.go
@@ -39,23 +39,28 @@ func (self *SettingsView) Index(w http.ResponseWriter, r *http.Request) error {
return err
}
+ user := ext.GetUserFromCtx(r)
+
templates.WritePageTemplate(w, &templates.SettingsPage{
Settings: s,
Users: users,
- })
+ }, user.IsAdmin)
return nil
}
func (self *SettingsView) User(w http.ResponseWriter, r *http.Request) error {
- id := r.FormValue("userId")
+ var (
+ id = r.URL.Query().Get("userId")
+ user = ext.GetUserFromCtx(r)
+ )
idValue, err := ParseUint(id)
if err != nil {
return err
}
if idValue == nil {
- templates.WritePageTemplate(w, &templates.UserPage{})
+ templates.WritePageTemplate(w, &templates.UserPage{}, user.IsAdmin)
} else {
user, err := self.userController.Get(r.Context(), *idValue)
if err != nil {
@@ -67,7 +72,7 @@ func (self *SettingsView) User(w http.ResponseWriter, r *http.Request) error {
Username: user.Username,
Path: user.Path,
IsAdmin: user.IsAdmin,
- })
+ }, user.IsAdmin)
}
return nil
@@ -87,7 +92,15 @@ func (self *SettingsView) UpsertUser(w http.ResponseWriter, r *http.Request) err
return err
}
- err = self.userController.Upsert(r.Context(), idValue, username, "", password, isAdmin, path)
+ err = self.userController.Upsert(
+ r.Context(),
+ idValue,
+ username,
+ "",
+ password,
+ isAdmin,
+ path,
+ )
if err != nil {
return err
}
@@ -137,12 +150,12 @@ func (self *SettingsView) Save(w http.ResponseWriter, r *http.Request) error {
}
func (self *SettingsView) SetMyselfIn(r *ext.Router) {
- r.GET("/settings/", self.Index)
- r.POST("/settings/", self.Save)
+ r.GET("/settings", Protect(self.Index))
+ r.POST("/settings", Protect(self.Save))
- r.GET("/users/", self.User)
- r.GET("/users/delete", self.Delete)
- r.POST("/users/", self.UpsertUser)
+ r.GET("/users", Protect(self.User))
+ r.GET("/users/delete", Protect(self.Delete))
+ r.POST("/users", Protect(self.UpsertUser))
}
func ParseUint(id string) (*uint, error) {
diff --git a/pkg/view/view.go b/pkg/view/view.go
index 663738b..f8dfa16 100644
--- a/pkg/view/view.go
+++ b/pkg/view/view.go
@@ -1,7 +1,22 @@
package view
-import "git.sr.ht/~gabrielgio/img/pkg/ext"
+import (
+ "net/http"
+
+ "git.sr.ht/~gabrielgio/img/pkg/ext"
+)
type View interface {
SetMyselfIn(r *ext.Router)
}
+
+func Protect(next ext.ErrorRequestHandler) ext.ErrorRequestHandler {
+ return func(w http.ResponseWriter, r *http.Request) error {
+ user := ext.GetUserFromCtx(r)
+ if !user.IsAdmin {
+ http.NotFound(w, r)
+ return nil
+ }
+ return next(w, r)
+ }
+}