78 lines
2.4 KiB
Go
78 lines
2.4 KiB
Go
package app
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/yourorg/ntfywui/internal/store"
|
|
)
|
|
|
|
func (s *Server) handleTokens(w http.ResponseWriter, r *http.Request) {
|
|
admin, _ := s.currentAdmin(r)
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
users, err := s.ntfy.ListUsers(s.ntfyCtx(r))
|
|
if err != nil {
|
|
s.renderer.Render(w, "error.html", PageData{Title: "Fehler", Admin: admin.Username, Role: string(admin.Role), Error: err.Error()})
|
|
return
|
|
}
|
|
csrf, _ := s.csrfEnsure(w, r)
|
|
flash := s.popFlash(w, r)
|
|
s.renderer.Render(w, "tokens.html", PageData{
|
|
Title: "Tokens",
|
|
Admin: admin.Username,
|
|
Role: string(admin.Role),
|
|
CSRF: csrf,
|
|
Flash: flash,
|
|
Users: users,
|
|
})
|
|
case http.MethodPost:
|
|
if !roleAtLeast(admin.Role, store.RoleOperator) {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
_ = r.ParseForm()
|
|
action := r.Form.Get("action")
|
|
username := cleanUser(r.Form.Get("username"))
|
|
switch action {
|
|
case "add":
|
|
label := strings.TrimSpace(r.Form.Get("label"))
|
|
expires := strings.TrimSpace(r.Form.Get("expires"))
|
|
if username == "" {
|
|
s.setFlash(w, r, "Username erforderlich")
|
|
http.Redirect(w, r, s.abs("/tokens"), http.StatusFound)
|
|
return
|
|
}
|
|
tok, err := s.ntfy.TokenAdd(s.ntfyCtx(r), username, label, expires)
|
|
if err != nil {
|
|
s.setFlash(w, r, "Fehler: "+err.Error())
|
|
http.Redirect(w, r, s.abs("/tokens"), http.StatusFound)
|
|
return
|
|
}
|
|
s.auditEvent(r, "ntfy_token_add", username, map[string]string{"label": label, "expires": expires})
|
|
// Show token once
|
|
s.setFlash(w, r, "Token erstellt: "+tok)
|
|
http.Redirect(w, r, s.abs("/users/"+username), http.StatusFound)
|
|
case "remove":
|
|
token := strings.TrimSpace(r.Form.Get("token"))
|
|
if username == "" || token == "" {
|
|
s.setFlash(w, r, "Username und Token erforderlich")
|
|
http.Redirect(w, r, s.abs("/tokens"), http.StatusFound)
|
|
return
|
|
}
|
|
if err := s.ntfy.TokenRemove(s.ntfyCtx(r), username, token); err != nil {
|
|
s.setFlash(w, r, "Fehler: "+err.Error())
|
|
http.Redirect(w, r, s.abs("/users/"+username), http.StatusFound)
|
|
return
|
|
}
|
|
s.auditEvent(r, "ntfy_token_remove", username, nil)
|
|
s.setFlash(w, r, "Token entfernt")
|
|
http.Redirect(w, r, s.abs("/users/"+username), http.StatusFound)
|
|
default:
|
|
http.Error(w, "bad request", http.StatusBadRequest)
|
|
}
|
|
default:
|
|
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
|
}
|
|
}
|