go-ssb-room/web/handlers/admin/invites.go

142 lines
3.5 KiB
Go

// SPDX-FileCopyrightText: 2021 The NGI Pointer Secure-Scuttlebutt Team of 2020/2021
//
// SPDX-License-Identifier: MIT
package admin
import (
"errors"
"fmt"
"net/http"
"strconv"
"github.com/gorilla/csrf"
"go.mindeco.de/http/render"
"github.com/ssb-ngi-pointer/go-ssb-room/v2/roomdb"
"github.com/ssb-ngi-pointer/go-ssb-room/v2/web"
weberrors "github.com/ssb-ngi-pointer/go-ssb-room/v2/web/errors"
"github.com/ssb-ngi-pointer/go-ssb-room/v2/web/members"
"github.com/ssb-ngi-pointer/go-ssb-room/v2/web/router"
)
type invitesHandler struct {
r *render.Renderer
flashes *weberrors.FlashHelper
urlTo web.URLMaker
db roomdb.InvitesService
config roomdb.RoomConfig
}
func (h invitesHandler) overview(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
lst, err := h.db.List(req.Context())
if err != nil {
return nil, err
}
// Reverse the slice to provide recent-to-oldest results
for i, j := 0, len(lst)-1; i < j; i, j = i+1, j-1 {
lst[i], lst[j] = lst[j], lst[i]
}
pageData, err := paginate(lst, len(lst), req.URL.Query())
if err != nil {
return nil, err
}
pageData[csrf.TemplateTag] = csrf.TemplateField(req)
pageData["Flashes"], err = h.flashes.GetAll(rw, req)
if err != nil {
return nil, err
}
return pageData, nil
}
func (h invitesHandler) create(w http.ResponseWriter, req *http.Request) (interface{}, error) {
if req.Method != "POST" {
return nil, weberrors.ErrBadRequest{Where: "HTTP Method", Details: fmt.Errorf("expected POST not %s", req.Method)}
}
if err := req.ParseForm(); err != nil {
return nil, weberrors.ErrBadRequest{Where: "Form data", Details: err}
}
ctx := req.Context()
member, err := members.CheckAllowed(ctx, h.config, members.ActionInviteMember)
if err != nil {
return nil, err
}
token, err := h.db.Create(ctx, member.ID)
if err != nil {
return nil, err
}
facadeURL := h.urlTo(router.CompleteInviteFacade, "token", token)
return map[string]interface{}{
"FacadeURL": facadeURL.String(),
}, nil
}
func (h invitesHandler) revokeConfirm(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
id, err := strconv.ParseInt(req.URL.Query().Get("id"), 10, 64)
if err != nil {
err = weberrors.ErrBadRequest{Where: "ID", Details: err}
return nil, err
}
invite, err := h.db.GetByID(req.Context(), id)
if err != nil {
if errors.Is(err, roomdb.ErrNotFound) {
return nil, weberrors.ErrNotFound{What: "invite"}
}
return nil, err
}
return map[string]interface{}{
"Invite": invite,
csrf.TemplateTag: csrf.TemplateField(req),
}, nil
}
const redirectToInvites = "/admin/invites"
func (h invitesHandler) revoke(rw http.ResponseWriter, req *http.Request) {
// always redirect
defer http.Redirect(rw, req, redirectToInvites, http.StatusSeeOther)
ctx := req.Context()
if _, err := members.CheckAllowed(ctx, h.config, members.ActionInviteMember); err != nil {
h.flashes.AddError(rw, req, err)
return
}
err := req.ParseForm()
if err != nil {
err = weberrors.ErrBadRequest{Where: "Form data", Details: err}
h.flashes.AddError(rw, req, err)
return
}
id, err := strconv.ParseInt(req.FormValue("id"), 10, 64)
if err != nil {
err = weberrors.ErrBadRequest{Where: "ID", Details: err}
h.flashes.AddError(rw, req, err)
return
}
err = h.db.Revoke(ctx, id)
if err != nil {
if errors.Is(err, roomdb.ErrNotFound) {
err = weberrors.ErrNotFound{What: "invite"}
}
h.flashes.AddError(rw, req, err)
} else {
h.flashes.AddMessage(rw, req, "InviteRevoked")
}
}