adyxax/tfstated
1
0
Fork 0
Code Issues Pull requests Releases Packages Activity

fix(webui): display user accounts menu entry to admin even on error pages

Browse source
This commit is contained in:
Julien Dessaux 2025-03-18 23:36:41 +01:00
parent 15e0a12f61
commit ef565022d8
Signed by: adyxax
GPG key ID: F92E51B86E07177E
10 changed files with 33 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/webui/accounts.go
View file

@ -20,7 +20,7 @@ func handleAccountsGET(db *database.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
accounts, err := db.LoadAccounts()
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
render(w, accountsTemplates, http.StatusOK, AccountsPage{

2
pkg/webui/admin.go
View file

@ -19,7 +19,7 @@ func adminMiddleware(db *database.DB, requireLogin func(http.Handler) http.Handl
return
}
if !account.(*model.Account).IsAdmin {
errorResponse(w, http.StatusForbidden, fmt.Errorf("Only administrators can perform this request."))
errorResponse(w, r, http.StatusForbidden, fmt.Errorf("Only administrators can perform this request."))
return
}
next.ServeHTTP(w, r)

6
pkg/webui/error.go
View file

@ -7,15 +7,15 @@ import (
var errorTemplates = template.Must(template.ParseFS(htmlFS, "html/base.html", "html/error.html"))
func errorResponse(w http.ResponseWriter, status int, err error) {
func errorResponse(w http.ResponseWriter, r *http.Request, status int, err error) {
type ErrorData struct {
Page
Page *Page
Err error
Status int
StatusText string
}
render(w, errorTemplates, status, &ErrorData{
Page: Page{Title: "Error", Section: "error"},
Page: makePage(r, &Page{Title: "Error", Section: "error"}),
Err: err,
Status: status,
StatusText: http.StatusText(status),

2
pkg/webui/index.go
View file

@ -28,7 +28,7 @@ func handleIndexGET() http.Handler {
if r.URL.Path == "/" {
http.Redirect(w, r, "/states", http.StatusFound)
} else {
errorResponse(w, http.StatusNotFound, fmt.Errorf("Page not found"))
errorResponse(w, r, http.StatusNotFound, fmt.Errorf("Page not found"))
}
})
}

12
pkg/webui/login.go
View file

@ -48,14 +48,14 @@ func handleLoginPOST(db *database.DB) http.Handler {
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
errorResponse(w, http.StatusBadRequest, err)
errorResponse(w, r, http.StatusBadRequest, err)
return
}
username := r.FormValue("username")
password := r.FormValue("password")
if username == "" || password == "" { // the webui cannot issue this
errorResponse(w, http.StatusBadRequest, fmt.Errorf("Forbidden"))
errorResponse(w, r, http.StatusBadRequest, fmt.Errorf("Forbidden"))
return
}
if ok := validUsername.MatchString(username); !ok {
@ -64,7 +64,7 @@ func handleLoginPOST(db *database.DB) http.Handler {
}
account, err := db.LoadAccountByUsername(username)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
if account == nil || !account.CheckPassword(password) {
@ -72,12 +72,12 @@ func handleLoginPOST(db *database.DB) http.Handler {
return
}
if err := db.TouchAccount(account); err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
sessionId, err := db.CreateSession(account)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
http.SetCookie(w, &http.Cookie{
@ -105,7 +105,7 @@ func loginMiddleware(db *database.DB, requireSession func(http.Handler) http.Han
}
account, err := db.LoadAccountById(session.(*model.Session).AccountId)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
if account == nil {

2
pkg/webui/logout.go
View file

@ -18,7 +18,7 @@ func handleLogoutGET(db *database.DB) http.Handler {
session := r.Context().Value(model.SessionContextKey{})
err := db.DeleteSession(session.(*model.Session))
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
unsetSesssionCookie(w)

6
pkg/webui/sessions.go
View file

@ -17,7 +17,7 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie(cookieName)
if err != nil && !errors.Is(err, http.ErrNoCookie) {
errorResponse(w, http.StatusInternalServerError, fmt.Errorf("failed to get request cookie \"%s\": %w", cookieName, err))
errorResponse(w, r, http.StatusInternalServerError, fmt.Errorf("failed to get request cookie \"%s\": %w", cookieName, err))
return
}
if err == nil {
@ -26,14 +26,14 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
} else {
session, err := db.LoadSessionById(cookie.Value)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
if session == nil {
unsetSesssionCookie(w)
} else if !session.IsExpired() {
if err := db.TouchSession(cookie.Value); err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
ctx := context.WithValue(r.Context(), model.SessionContextKey{}, session)

4
pkg/webui/settings.go
View file

@ -28,7 +28,7 @@ func handleSettingsGET(db *database.DB) http.Handler {
func handleSettingsPOST(db *database.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
errorResponse(w, http.StatusBadRequest, err)
errorResponse(w, r, http.StatusBadRequest, err)
return
}
darkMode := r.FormValue("dark-mode")
@ -38,7 +38,7 @@ func handleSettingsPOST(db *database.DB) http.Handler {
account := r.Context().Value(model.AccountContextKey{}).(*model.Account)
err := db.SaveAccountSettings(account, &settings)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
render(w, settingsTemplates, http.StatusOK, SettingsPage{

20
pkg/webui/states.go
View file

@ -29,7 +29,7 @@ func handleStatesGET(db *database.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
states, err := db.LoadStates()
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
render(w, statesTemplates, http.StatusOK, StatesPage{
@ -43,12 +43,12 @@ func handleStatesPOST(db *database.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// file upload limit of 20MB
if err := r.ParseMultipartForm(20 << 20); err != nil {
errorResponse(w, http.StatusBadRequest, err)
errorResponse(w, r, http.StatusBadRequest, err)
return
}
file, _, err := r.FormFile("file")
if err != nil {
errorResponse(w, http.StatusBadRequest, err)
errorResponse(w, r, http.StatusBadRequest, err)
return
}
defer file.Close()
@ -65,18 +65,18 @@ func handleStatesPOST(db *database.DB) http.Handler {
}
data, err := io.ReadAll(file)
if err != nil {
errorResponse(w, http.StatusBadRequest, fmt.Errorf("failed to read uploaded file: %w", err))
errorResponse(w, r, http.StatusBadRequest, fmt.Errorf("failed to read uploaded file: %w", err))
return
}
fileType := http.DetectContentType(data)
if fileType != "text/plain; charset=utf-8" {
errorResponse(w, http.StatusBadRequest, fmt.Errorf("invalid file type: expected \"text/plain; charset=utf-8\" but got \"%s\"", fileType))
errorResponse(w, r, http.StatusBadRequest, fmt.Errorf("invalid file type: expected \"text/plain; charset=utf-8\" but got \"%s\"", fileType))
return
}
account := r.Context().Value(model.AccountContextKey{}).(*model.Account)
version, err := db.CreateState(statePath, account.Id, data)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
if version == nil {
@ -103,22 +103,22 @@ func handleStatesIdGET(db *database.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var stateId uuid.UUID
if err := stateId.Parse(r.PathValue("id")); err != nil {
errorResponse(w, http.StatusBadRequest, err)
errorResponse(w, r, http.StatusBadRequest, err)
return
}
state, err := db.LoadStateById(stateId)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
versions, err := db.LoadVersionsByState(state)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
usernames, err := db.LoadAccountUsernames()
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
render(w, statesIdTemplate, http.StatusOK, StatesData{

10
pkg/webui/versions.go
View file

@ -23,26 +23,26 @@ func handleVersionsGET(db *database.DB) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
var versionId uuid.UUID
if err := versionId.Parse(r.PathValue("id")); err != nil {
errorResponse(w, http.StatusBadRequest, err)
errorResponse(w, r, http.StatusBadRequest, err)
return
}
version, err := db.LoadVersionById(versionId)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
if version == nil {
errorResponse(w, http.StatusNotFound, err)
errorResponse(w, r, http.StatusNotFound, err)
return
}
state, err := db.LoadStateById(version.StateId)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
account, err := db.LoadAccountById(version.AccountId)
if err != nil {
errorResponse(w, http.StatusInternalServerError, err)
errorResponse(w, r, http.StatusInternalServerError, err)
return
}
versionData := string(version.Data[:])