⚡️ Implemented login management

2020-10-28 19:59:29 +01:00 · 2020-10-28 19:59:29 +01:00 · 6993a9f58b
parent 99bce4d1fc
commit 6993a9f58b
5 changed files with 421 additions and 183 deletions
--- a/templates/base.html
+++ b/templates/base.html
@ -1,92 +1,94 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>ShareDAV</title>
-    <style>
-        thead {
-            font-weight: bold;
-        }
-
-        input[type="submit"],
-        input[type="button"] {
-            padding: .5em;
-            border-radius: .5em;
-            border: 0;
-            background-color: #c4e1ff;
-            font-weight: bold;
-        }
-
-        input[type="submit"].delete {
-            background-color: #e56f83;
-        }
-
-        input[type="submit"] {
-            background-color: #a9ca97;
-        }
-
-        a:before {
-            content: "› ";
-            color: gray;
-        }
-
-        a, a:visited, a:hover, a:active, a:focus {
-            /* font-style: normal; */
-            text-decoration: none;
-            color: black;
-        }
-
-        #content {
-            float: right;
-            width: calc(100% - 20px);
-            /* background-color: #F0F0F0; */
-            /* border-radius: 1em; */
-            /* padding: 10px; */
-            /* height: calc(100vh - 40px);*/
-        }
-
-        #menu {
-            float: left;
-            width: 150px;
-            margin-left: -185px;
-            background-color: #CCCCCC;
-            border-radius: .5em;
-            padding: 10px;
-            height: calc(100vh - 40px);
-        }
-
-        #menu span {
-            display: block;
-            margin-bottom: .5em;
-        }
-
-        #menu hr {
-            border: 1px solid gray;
-        }
-
-        body {
-            font-family: sans-serif;
-            margin-left: 200px
-        }
-    </style>
-    {{ block "page-styles" . }}{{ end }}
-</head>
-<body>
-<div id="content">
-    {{ block "page-content" . }}{{ end }}
-</div>
-<div id="menu">
-    <span style="font-weight: bold;"><a href="./">ShareDAV</a></span>
-    {{ if .SessionUser }}
-        {{ if eq .SessionUser.Role "admin" }}
-            <hr/>
-            <span><a href="users">Users</a></span>
-            <span><a href="shares">Shares</a></span>
-        {{ end }}
-        <hr/>
-        <span><a href="logout">Logout</a></span>
-    {{ end }}
-</div>
-<div style="clear: both;"></div>
-</body>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>ShareDAV</title>
+    <style>
+        thead {
+            font-weight: bold;
+        }
+
+        input[type="submit"],
+        input[type="button"] {
+            padding: .5em;
+            border-radius: .5em;
+            border: 0;
+            background-color: #c4e1ff;
+            font-weight: bold;
+        }
+
+        input[type="submit"].delete {
+            background-color: #e56f83;
+        }
+
+        input[type="submit"] {
+            background-color: #a9ca97;
+        }
+
+        a:before {
+            content: "› ";
+            color: gray;
+        }
+
+        a, a:visited, a:hover, a:active, a:focus {
+            /* font-style: normal; */
+            text-decoration: none;
+            color: black;
+        }
+
+        #content {
+            float: right;
+            width: calc(100% - 20px);
+            /* background-color: #F0F0F0; */
+            /* border-radius: 1em; */
+            /* padding: 10px; */
+            /* height: calc(100vh - 40px);*/
+        }
+
+        #menu {
+            float: left;
+            width: 150px;
+            margin-left: -185px;
+            background-color: #CCCCCC;
+            border-radius: .5em;
+            padding: 10px;
+            height: calc(100vh - 40px);
+        }
+
+        #menu span {
+            display: block;
+            margin-bottom: .5em;
+        }
+
+        #menu hr {
+            border: 1px solid gray;
+        }
+
+        body {
+            font-family: sans-serif;
+            margin-left: 200px
+        }
+    </style>
+    {{ block "page-styles" . }}{{ end }}
+</head>
+<body>
+<div id="content">
+    {{ block "page-content" . }}{{ end }}
+</div>
+<div id="menu">
+    <span style="font-weight: bold;"><a href="./">ShareDAV</a></span>
+    {{ if .SessionUser }}
+        {{ if eq .SessionUser.Role "admin" }}
+            <hr/>
+            <span><a href="users">Users</a></span>
+            <span><a href="shares">Shares</a></span>
+        {{ end }}
+        <hr/>
+        <span><a href="my-shares">My Shares</a></span>
+        <hr/>
+        <span><a href="logout">Logout</a></span>
+    {{ end }}
+</div>
+<div style="clear: both;"></div>
+</body>
 </html>
--- a/templates/my-shares.html
+++ b/templates/my-shares.html
@ -0,0 +1,67 @@
+{{ define "page-styles"}}
+    <style>
+        div.share-user, div.share-login {
+            margin-left: 2em;
+            margin-top: .5em;
+            font-style: italic;
+        }
+
+        a.share-add-user, a.share-add-login {
+            margin-left: 2em;
+            margin-top: .5em;
+            font-style: italic;
+        }
+
+        div.share {
+            margin-bottom: 2em;
+        }
+
+        :target {
+            background-color: #c4e1ff;
+        }
+    </style>
+{{ end }}
+
+{{ define "page-content" }}
+    <div id="shares">
+        {{ range $share := .ShareInfos }}
+            <div id="share-{{$share.UUID}}" class="share">
+                UUID: {{ $share.UUID }} {{ if $share.IsAdmin }}
+                <form style="display: inline-block;" action="delete-share" method="post">
+                    <input type="hidden" name="share" value="{{ $share.UUID }}"/>
+                    <input type="submit" value="Delete" class="delete"/>
+                </form>{{ end }}
+                <br/>
+                Name: {{ $share.Name }}<br/>
+                <hr/>
+                {{ range $login := .Logins }}
+                    <div id="login-{{$share.UUID}}-{{$login.LoginName}}" class="share-login">
+                        Login {{ $login.LoginName }} {{ if $login.ReadOnly }}(ReadOnly){{ end }}
+                        <form style="display: inline-block;" action="share-delete-login" method="post">
+                            <input type="hidden" name="share" value="{{ $share.UUID }}"/>
+                            <input type="hidden" name="login" value="{{ $login.LoginName }}"/>
+                            <input type="submit" value="Delete" class="delete"/>
+                        </form>
+                    </div>
+                {{ end }}
+                <a href="share-add-login?share={{ $share.UUID }}" class="share-add-login">Add Login</a>
+                <hr/>
+                {{ if $share.IsAdmin }}
+                    {{ range $user := .Users }}
+                        <div id="user-{{$share.UUID}}-{{$user.Username}}" class="share-user">
+                            User {{ $user.Username }} ({{ $user.Role }})
+                            <form style="display: inline-block;" action="share-delete-user" method="post">
+                                <input type="hidden" name="source" value="my-shares"/>
+                                <input type="hidden" name="share" value="{{ $share.UUID }}"/>
+                                <input type="hidden" name="user" value="{{ $user.Username }}"/>
+                                <input type="submit" value="Delete" class="delete"/>
+                            </form>
+                        </div>
+                    {{ end }}
+                {{ end }}
+                <a href="share-add-user?share={{ $share.UUID }}" class="share-add-user">Add User</a>
+            </div>
+        {{ end }}
+        <a href="create-share" class="create-share">Create Share</a>
+    </div>
+{{ end }}
--- a/templates/share-add-login.html
+++ b/templates/share-add-login.html
@ -0,0 +1,15 @@
+{{ define "page-content" }}
+    <form method="post">
+        <input name="share" type="hidden" value="{{ .ShareId }}"/>
+        <label>
+            Login: <input name="login" placeholder="Login name"/>
+        </label>
+        <label>
+            Password: <input type="password" name="password" placeholder="Password"/>
+        </label>
+        <label>
+            ReadOnly: <input type="checkbox" name="readonly"/>
+        </label>
+        <input type="submit" value="Add Login"/>
+    </form>
+{{ end }}
--- a/templates/shares.html
+++ b/templates/shares.html
@ -1,47 +1,52 @@
-{{ define "page-styles"}}
-    <style>
-        div.share-user {
-            margin-left: 2em;
-            margin-top: .5em;
-            font-style: italic;
-        }
-        a.share-add-user {
-            margin-left: 2em;
-            margin-top: .5em;
-            font-style: italic;
-        }
-        div.share {
-            margin-bottom: 2em;
-        }
-        :target {
-            background-color: #c4e1ff;
-        }
-    </style>
-{{ end }}
-
-{{ define "page-content" }}
-    <div id="shares">
-        {{ range $share := .ShareInfos }}
-        <div id="share-{{$share.UUID}}" class="share">
-            UUID: {{ $share.UUID }} <form style="display: inline-block;" action="delete-share" method="post">
-                <input type="hidden" name="share" value="{{ $share.UUID }}"/>
-                <input type="submit" value="Delete" class="delete"/>
-            </form>
-            <br/>
-            Name: {{ $share.Name }}<br/>
-            {{ range $user := .Users }}
-            <div id="user-{{$share.UUID}}-{{$user.Username}}" class="share-user">
-                User {{ $user.Username }} ({{ $user.Role }})
-                <form style="display: inline-block;" action="share-delete-user" method="post">
-                    <input type="hidden" name="share" value="{{ $share.UUID }}"/>
-                    <input type="hidden" name="user" value="{{ $user.Username }}"/>
-                    <input type="submit" value="Delete" class="delete"/>
-                </form>
-            </div>
-            {{ end }}
-            <a href="share-add-user?share={{ $share.UUID }}" class="share-add-user">Add User</a>
-        </div>
-        {{ end }}
-        <a href="create-share" class="create-share">Create Share</a>
-    </div>
+{{ define "page-styles"}}
+    <style>
+        div.share-user {
+            margin-left: 2em;
+            margin-top: .5em;
+            font-style: italic;
+        }
+
+        a.share-add-user {
+            margin-left: 2em;
+            margin-top: .5em;
+            font-style: italic;
+        }
+
+        div.share {
+            margin-bottom: 2em;
+        }
+
+        :target {
+            background-color: #c4e1ff;
+        }
+    </style>
+{{ end }}
+
+{{ define "page-content" }}
+    <div id="shares">
+        {{ range $share := .ShareInfos }}
+            <div id="share-{{$share.UUID}}" class="share">
+                UUID: {{ $share.UUID }}
+                <form style="display: inline-block;" action="delete-share" method="post">
+                    <input type="hidden" name="share" value="{{ $share.UUID }}"/>
+                    <input type="submit" value="Delete" class="delete"/>
+                </form>
+                <br/>
+                Name: {{ $share.Name }}<br/>
+                {{ range $user := .Users }}
+                    <div id="user-{{$share.UUID}}-{{$user.Username}}" class="share-user">
+                        User {{ $user.Username }} ({{ $user.Role }})
+                        <form style="display: inline-block;" action="share-delete-user" method="post">
+                            <input type="hidden" name="source" value="shares"/>
+                            <input type="hidden" name="share" value="{{ $share.UUID }}"/>
+                            <input type="hidden" name="user" value="{{ $user.Username }}"/>
+                            <input type="submit" value="Delete" class="delete"/>
+                        </form>
+                    </div>
+                {{ end }}
+                <a href="share-add-user?share={{ $share.UUID }}" class="share-add-user">Add User</a>
+            </div>
+        {{ end }}
+        <a href="create-share" class="create-share">Create Share</a>
+    </div>
 {{ end }}
--- a/webadmin.go
+++ b/webadmin.go
@ -42,15 +42,18 @@ import (
 )

 type webAdminHandler struct {
-	router          chi.Router
-	tplError        *template.Template
-	tplConfirm      *template.Template
-	tplLogin        *template.Template
-	tplIndex        *template.Template
-	tplUsers        *template.Template
-	tplShares       *template.Template
-	tplShareAddUser *template.Template
-	tplCreateShare  *template.Template
+	router           chi.Router
+	shareStore       ShareStore
+	tplError         *template.Template
+	tplConfirm       *template.Template
+	tplLogin         *template.Template
+	tplIndex         *template.Template
+	tplUsers         *template.Template
+	tplShares        *template.Template
+	tplMyShares      *template.Template
+	tplShareAddUser  *template.Template
+	tplShareAddLogin *template.Template
+	tplCreateShare   *template.Template
 }

 type sessionContext struct {
@ -93,14 +96,17 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 	}

 	h := &webAdminHandler{
-		tplError:        loadTemplate("error"),
-		tplConfirm:      loadTemplate("confirm"),
-		tplLogin:        loadSingleTemplate("login"),
-		tplIndex:        loadTemplate("index"),
-		tplUsers:        loadTemplate("users"),
-		tplShares:       loadTemplate("shares"),
-		tplShareAddUser: loadTemplate("share-add-user"),
-		tplCreateShare:  loadTemplate("create-share"),
+		shareStore:       app.shareStore,
+		tplError:         loadTemplate("error"),
+		tplConfirm:       loadTemplate("confirm"),
+		tplLogin:         loadSingleTemplate("login"),
+		tplIndex:         loadTemplate("index"),
+		tplUsers:         loadTemplate("users"),
+		tplShares:        loadTemplate("shares"),
+		tplMyShares:      loadTemplate("my-shares"),
+		tplShareAddUser:  loadTemplate("share-add-user"),
+		tplShareAddLogin: loadTemplate("share-add-login"),
+		tplCreateShare:   loadTemplate("create-share"),
 	}

 	r := chi.NewRouter()
@ -231,6 +237,54 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 			"ShareInfos": shareInfos,
 		})
 	})
+	ar.Get("/my-shares", func(w http.ResponseWriter, r *http.Request) {
+		sessionContext := h.buildSessionContext(w, r)
+
+		shares, err := app.shareStore.FindSharesByUser(sessionContext.user.Username)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		type shareInfo struct {
+			Share
+			IsAdmin bool
+			Logins  []Login
+			Users   []ShareUser
+		}
+
+		shareInfos := make([]shareInfo, len(shares))
+		for i := range shares {
+			shareInfos[i].Share = shares[i].Share
+
+			shareRole, err := app.shareStore.GetShareAccess(shares[i].Share, sessionContext.user.Username)
+			if err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			shareInfos[i].IsAdmin = sessionContext.user.Role == GlobalRoleAdmin ||
+				shareRole == ShareRoleAdmin
+
+			if shareInfos[i].IsAdmin {
+				users, err := app.shareStore.GetShareUsers(shares[i].Share)
+				if err != nil {
+					http.Error(w, err.Error(), http.StatusInternalServerError)
+					return
+				}
+				shareInfos[i].Users = users
+			}
+
+			logins, err := app.shareStore.GetShareLogins(shares[i].Share, sessionContext.user.Username)
+			if err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			shareInfos[i].Logins = logins
+		}
+		sessionContext.RenderPage(h.tplMyShares, map[string]interface{}{
+			"ShareInfos": shareInfos,
+		})
+	})
 	ar.Route("/share-add-user", func(r chi.Router) {
 		r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 			sessionContext := h.buildSessionContext(w, r)
@ -241,12 +295,9 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 				return
 			}

-			if sessionContext.user.Role != GlobalRoleAdmin {
-				shareRole, err := app.shareStore.GetShareAccess(share, sessionContext.user.Username)
-				if err != nil || shareRole != ShareRoleAdmin {
-					sessionContext.Unauthorized()
-					return
-				}
+			if !sessionContext.IsAdmin(share) {
+				sessionContext.Unauthorized()
+				return
 			}

 			users, err := app.userStore.GetUsers()
@ -271,12 +322,9 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 				return
 			}

-			if sessionContext.user.Role != GlobalRoleAdmin {
-				shareRole, err := app.shareStore.GetShareAccess(share, sessionContext.user.Username)
-				if err != nil || shareRole != ShareRoleAdmin {
-					sessionContext.Unauthorized()
-					return
-				}
+			if !sessionContext.IsAdmin(share) {
+				sessionContext.Unauthorized()
+				return
 			}

 			user, err := app.userStore.GetUser(r.FormValue("user"))
@ -300,6 +348,94 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 	ar.Post("/share-delete-user", func(w http.ResponseWriter, r *http.Request) {
 		sessionContext := h.buildSessionContext(w, r)

+		returnURL := r.FormValue("source")
+
+		share, err := app.shareStore.GetShare(r.FormValue("share"))
+		if err != nil {
+			sessionContext.RenderError(template.HTML("Internal error: "+err.Error()), "")
+			return
+		}
+
+		if !sessionContext.IsAdmin(share) {
+			sessionContext.Unauthorized()
+			return
+		}
+
+		username := r.FormValue("user")
+
+		message := fmt.Sprintf(`You are about to delete the user &quot;%s&quot; from the share %s.<br/>
+This will irrevocably also remove all logins of that user.<br/><br/>
+Are you sure you want to continue?`, username, share.Name)
+		if confirmStatus := sessionContext.RequestConfirmation(template.HTML(message), "share-delete-user"); confirmStatus == confirmRequested {
+			// We have already rendered. Nothing to do.
+			return
+		} else if confirmStatus == confirmAccepted {
+			err = app.shareStore.RemoveUserFromShare(share, username)
+			if err != nil {
+				sessionContext.RenderError(template.HTML("Cannot remove user from share: "+err.Error()), returnURL)
+				return
+			}
+		}
+
+		http.Redirect(w, r, returnURL, http.StatusFound)
+	})
+	ar.Route("/share-add-login", func(r chi.Router) {
+		r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+			sessionContext := h.buildSessionContext(w, r)
+
+			share, err := app.shareStore.GetShare(r.URL.Query().Get("share"))
+			if err != nil {
+				sessionContext.RenderError(template.HTML("Internal error: "+err.Error()), "")
+				return
+			}
+
+			if !sessionContext.IsAdmin(share) {
+				sessionContext.Unauthorized()
+				return
+			}
+
+			sessionContext.RenderPage(h.tplShareAddLogin, map[string]interface{}{
+				"ShareId": share.UUID,
+			})
+		})
+		r.Post("/", func(w http.ResponseWriter, r *http.Request) {
+			sessionContext := h.buildSessionContext(w, r)
+
+			returnURL := "share-add-login?share=" + r.FormValue("share")
+
+			share, err := app.shareStore.GetShare(r.FormValue("share"))
+			if err != nil {
+				sessionContext.RenderError(template.HTML("Internal error: "+err.Error()), returnURL)
+				return
+			}
+
+			if !sessionContext.IsAdmin(share) {
+				sessionContext.Unauthorized()
+				return
+			}
+
+			pwHash, err := bcrypt.GenerateFromPassword([]byte(r.FormValue("password")), bcrypt.DefaultCost)
+			if err != nil {
+				sessionContext.RenderError(template.HTML("Internal error: "+err.Error()), returnURL)
+				return
+			}
+
+			err = app.shareStore.AddLogin(share, sessionContext.user.Username, Login{
+				LoginName: r.FormValue("login"),
+				Password:  string(pwHash),
+				ReadOnly:  r.FormValue("readonly") == "on",
+			})
+			if err != nil {
+				sessionContext.RenderError(template.HTML("Cannot add login: "+err.Error()), returnURL)
+				return
+			}
+
+			sessionContext.Redirect("my-shares")
+		})
+	})
+	ar.Post("/share-delete-login", func(w http.ResponseWriter, r *http.Request) {
+		sessionContext := h.buildSessionContext(w, r)
+
 		returnURL := "shares"

 		share, err := app.shareStore.GetShare(r.FormValue("share"))
@ -308,21 +444,27 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 			return
 		}

-		if sessionContext.user.Role != GlobalRoleAdmin {
-			shareRole, err := app.shareStore.GetShareAccess(share, sessionContext.user.Username)
-			if err != nil || shareRole != ShareRoleAdmin {
-				sessionContext.Unauthorized()
+		if !sessionContext.IsAdmin(share) {
+			sessionContext.Unauthorized()
+			return
+		}
+
+		loginName := r.FormValue("login")
+
+		message := fmt.Sprintf(`You are about to delete the login &quot;%s&quot;.<br/><br/>
+Are you sure you want to continue?`, loginName)
+		if confirmStatus := sessionContext.RequestConfirmation(template.HTML(message), "share-delete-login"); confirmStatus == confirmRequested {
+			// We have already rendered. Nothing to do.
+			return
+		} else if confirmStatus == confirmAccepted {
+			err = app.shareStore.RemoveLogin(share, sessionContext.user.Username, loginName)
+			if err != nil {
+				sessionContext.RenderError(template.HTML("Cannot remove login from share: "+err.Error()), returnURL)
 				return
 			}
 		}

-		err = app.shareStore.RemoveUserFromShare(share, r.FormValue("user"))
-		if err != nil {
-			sessionContext.RenderError(template.HTML("Cannot remove user from share: "+err.Error()), returnURL)
-			return
-		}
-
-		http.Redirect(w, r, "shares", http.StatusFound)
+		http.Redirect(w, r, "my-shares", http.StatusFound)
 	})
 	ar.Route("/create-share", func(r chi.Router) {
 		r.Get("/", func(w http.ResponseWriter, r *http.Request) {
@ -358,12 +500,9 @@ func newWebAdminHandler(app *app) *webAdminHandler {
 			return
 		}

-		if sessionContext.user.Role != GlobalRoleAdmin {
-			shareRole, err := app.shareStore.GetShareAccess(share, sessionContext.user.Username)
-			if err != nil || shareRole != ShareRoleAdmin {
-				sessionContext.Unauthorized()
-				return
-			}
+		if !sessionContext.IsAdmin(share) {
+			sessionContext.Unauthorized()
+			return
 		}

 		message := fmt.Sprintf(`You are about to delete the share %s (%s).<br/>
@ -429,6 +568,16 @@ func (s *sessionContext) RenderError(msg template.HTML, returnURL string) {
 	s.RenderPage(s.h.tplError, model)
 }

+func (s *sessionContext) IsAdmin(share Share) bool {
+	if s.user.Role != GlobalRoleAdmin {
+		shareRole, err := s.h.shareStore.GetShareAccess(share, s.user.Username)
+		if err != nil || shareRole != ShareRoleAdmin {
+			return false
+		}
+	}
+	return true
+}
+
 func (s *sessionContext) Unauthorized() {
 	http.Error(s.w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 }