adyxax/tfstated
1
0
Fork 0
Code Issues 43 Pull requests Releases Packages Wiki Activity Actions

feat(webui): add accounts username and isAdmin flag edition for admins
All checks were successful
main / main (push) Successful in 1m44s
Details
main / deploy (push) Has been skipped
Details
main / publish (push) Has been skipped
Details

Browse source 
Closes #43
This commit is contained in:
Julien Dessaux 2025-05-03 09:48:53 +02:00
parent 4f68621bad
commit 373f567773
Signed by: adyxax
GPG key ID: F92E51B86E07177E
6 changed files with 111 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

104
pkg/database/accounts.go
View file

@ -234,48 +234,74 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) {
return &account, nil
}
func (db *DB) SaveAccount(account *model.Account) error {
_, err := db.Exec(
`UPDATE accounts
SET username = ?,
salt = ?,
password_hash = ?,
is_admin = ?,
password_reset = ?
WHERE id = ?`,
account.Username,
account.Salt,
account.PasswordHash,
account.IsAdmin,
account.PasswordReset,
account.Id)
if err != nil {
return fmt.Errorf("failed to update account id %s: %w", account.Id, err)
}
return nil
func (db *DB) SaveAccount(account *model.Account) (bool, error) {
ret := false
return ret, db.WithTransaction(func(tx *sql.Tx) error {
_, err := tx.ExecContext(db.ctx,
`UPDATE accounts
SET username = ?,
salt = ?,
password_hash = ?,
is_admin = ?,
password_reset = ?
WHERE id = ?`,
account.Username,
account.Salt,
account.PasswordHash,
account.IsAdmin,
account.PasswordReset,
account.Id)
if err != nil {
var sqliteErr sqlite3.Error
if errors.As(err, &sqliteErr) {
if sqliteErr.Code == sqlite3.ErrNo(sqlite3.ErrConstraint) {
return nil
}
}
return fmt.Errorf("failed to update account id %s: %w", account.Id, err)
}
data, err := json.Marshal(account)
if err != nil {
return fmt.Errorf("failed to marshal account %s: %w", account.Username, err)
}
_, err = tx.ExecContext(db.ctx,
`UPDATE sessions
SET data = jsonb_replace(data,
'$.account', jsonb(:data))
WHERE data->'account'->>'id' = :id`,
sql.Named("data", data),
sql.Named("id", account.Id))
if err != nil {
return fmt.Errorf("failed to update account settings for user account %s: %w", account.Username, err)
}
ret = true
return nil
})
}
func (db *DB) SaveAccountSettings(account *model.Account, settings *model.Settings) error {
data, err := json.Marshal(settings)
if err != nil {
return fmt.Errorf("failed to marshal settings for user accont %s: %w", account.Username, err)
}
_, err = db.Exec(`UPDATE accounts SET settings = ? WHERE id = ?`, data, account.Id)
if err != nil {
return fmt.Errorf("failed to update account settings for user account %s: %w", account.Username, err)
}
_, err = db.Exec(
`UPDATE sessions
SET data = jsonb_replace(data,
'$.settings', jsonb(:data),
'$.account.settings', jsonb(:data))
WHERE data->'account'->>'id' = :id`,
sql.Named("data", data),
sql.Named("id", account.Id))
if err != nil {
return fmt.Errorf("failed to update account settings for user account %s: %w", account.Username, err)
}
return nil
return db.WithTransaction(func(tx *sql.Tx) error {
data, err := json.Marshal(settings)
if err != nil {
return fmt.Errorf("failed to marshal settings for user account %s: %w", account.Username, err)
}
_, err = tx.ExecContext(db.ctx, `UPDATE accounts SET settings = ? WHERE id = ?`, data, account.Id)
if err != nil {
return fmt.Errorf("failed to update account settings for user account %s: %w", account.Username, err)
}
_, err = tx.ExecContext(db.ctx,
`UPDATE sessions
SET data = jsonb_replace(data,
'$.settings', jsonb(:data),
'$.account.settings', jsonb(:data))
WHERE data->'account'->>'id' = :id`,
sql.Named("data", data),
sql.Named("id", account.Id))
if err != nil {
return fmt.Errorf("failed to update account settings for user account %s: %w", account.Username, err)
}
return nil
})
}
func (db *DB) TouchAccount(account *model.Account) error {

2
pkg/webui/accounts.go
View file

@ -51,7 +51,7 @@ func handleAccountsPOST(db *database.DB) http.Handler {
return
}
accountUsername := r.FormValue("username")
isAdmin := r.FormValue("isAdmin")
isAdmin := r.FormValue("is-admin")
page := AccountsPage{
Page: makePage(r, &Page{Title: "New Account", Section: "accounts"}),
Accounts: accounts,

35
pkg/webui/accountsId.go
View file

@ -87,25 +87,54 @@ func handleAccountsIdPOST(db *database.DB) http.Handler {
if page == nil {
return
}
session := r.Context().Value(model.SessionContextKey{}).(*model.Session)
action := r.FormValue("action")
switch action {
case "delete":
errorResponse(w, r, http.StatusNotImplemented, nil)
return
case "edit":
errorResponse(w, r, http.StatusNotImplemented, nil)
return
page.Username = r.FormValue("username")
isAdmin := r.FormValue("is-admin")
if ok := validUsername.MatchString(page.Username); !ok {
page.UsernameInvalid = true
render(w, accountsIdTemplates, http.StatusBadRequest, page)
return
}
if page.Account.Id != session.Data.Account.Id {
page.Account.IsAdmin = isAdmin == "1"
}
prev := page.Account.Username
page.Account.Username = page.Username
success, err := db.SaveAccount(page.Account)
if err != nil {
errorResponse(w, r, http.StatusInternalServerError,
fmt.Errorf("failed to save account: %w", err))
return
}
if !success {
page.Account.Username = prev
page.UsernameDuplicate = true
render(w, accountsIdTemplates, http.StatusBadRequest, page)
return
}
case "reset-password":
if err := page.Account.ResetPassword(); err != nil {
errorResponse(w, r, http.StatusNotImplemented,
fmt.Errorf("failed to reset password: %w", err))
return
}
if err := db.SaveAccount(page.Account); err != nil {
success, err := db.SaveAccount(page.Account)
if err != nil {
errorResponse(w, r, http.StatusInternalServerError,
fmt.Errorf("failed to save account: %w", err))
return
}
if !success {
errorResponse(w, r, http.StatusInternalServerError,
fmt.Errorf("failed to save account: table constraint error"))
return
}
if err := db.DeleteSessions(page.Account); err != nil {
errorResponse(w, r, http.StatusInternalServerError,
fmt.Errorf("failed to save account: %w", err))

8
pkg/webui/accountsIdResetPassword.go
View file

@ -81,11 +81,17 @@ func handleAccountsIdResetPasswordPOST(db *database.DB) http.Handler {
return
}
account.SetPassword(password)
if err := db.SaveAccount(account); err != nil {
success, err := db.SaveAccount(account)
if err != nil {
errorResponse(w, r, http.StatusInternalServerError,
fmt.Errorf("failed to save account: %w", err))
return
}
if !success {
errorResponse(w, r, http.StatusInternalServerError,
fmt.Errorf("failed to save account: table constraint error"))
return
}
render(w, accountsIdResetPasswordTemplates, http.StatusOK,
AccountsIdResetPasswordPage{
Account: account,

6
pkg/webui/html/accounts.html
View file

@ -8,7 +8,7 @@
</p>
</div>
{{ if .Page.Session.Data.Account.IsAdmin }}
<form action="/accounts" enctype="multipart/form-data" method="post">
<form action="/accounts" method="post">
<input name="csrf_token" type="hidden" value="{{ .Page.Session.Data.CsrfToken }}">
<fieldset>
<legend>New User Account</legend>
@ -21,11 +21,11 @@
type="text"
value="{{ .Username }}">
<label for="is-admin">Is Admin</label>
<input {{ if .IsAdmin }} checked{{ end }}
<input {{ if .IsAdmin }}checked{{ end }}
id="is-admin"
name="is-admin"
type="checkbox"
value="{{ .IsAdmin }}" />
value="1" />
</div>
{{ if .UsernameDuplicate }}
<span class="error">This username already exist.</span>

6
pkg/webui/html/accountsId.html
View file

@ -1,5 +1,5 @@
{{ define "main" }}
<h1>User Account</h1>
<h1>{{ .Account.Username }}</h1>
{{ if ne .Account.PasswordReset nil }}
<h2>Password Reset</h2>
<article>
@ -37,14 +37,14 @@
id="username"
name="username"
type="text"
value="{{ .Username }}">
value="{{ if eq .Username "" }}{{ .Account.Username }}{{ else }}{{ .Username }}{{ end }}">
<label for="is-admin">Is Admin</label>
<input {{ if .Account.IsAdmin }}checked{{ end }}
{{ if eq .Page.Session.Data.Account.Id.String .Account.Id.String }}disabled{{ end }}
id="is-admin"
name="is-admin"
type="checkbox"
value="{{ .IsAdmin }}" />
value="1" />
</div>
{{ if .UsernameDuplicate }}
<span class="error">This username already exist.</span>