1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
//! Admin dashboard for Kittybox and its related API routes.
// This needs to be rewritten to have proper authentication.
//
// The cookies will be shared with the login system, and should check
// if the login is the same as the website owner. If it is, the admin
// dashboard and API should be available.
//
// Alternatively, the API could check for an access token with _some
// kind_ of privileged scope, like `kittybox:admin` (namespaced to
// prevent collisions with future well-known scopes).
use std::collections::HashSet;
use axum::extract::Host;
use axum::response::{Response, IntoResponse};
use axum::{Extension, Form};
use axum_extra::extract::CookieJar;
use hyper::StatusCode;
use crate::database::settings::{SiteName, Setting};
use crate::database::{Storage, StorageError};
use crate::indieauth::backend::AuthBackend;
#[derive(serde::Deserialize)]
struct NameChange {
name: String
}
#[derive(serde::Deserialize)]
struct PasswordChange {
old_password: String,
new_password: String
}
static SESSION_STORE: std::sync::LazyLock<tokio::sync::RwLock<HashSet<uuid::Uuid>>> = std::sync::LazyLock::new(|| Default::default());
async fn set_name<D: Storage + 'static>(
Host(host): Host,
Extension(db): Extension<D>,
Form(NameChange { name }): Form<NameChange>
) -> Result<(), StorageError> {
db.set_setting::<SiteName>(&host, name).await
}
async fn get_name<D: Storage + 'static>(Host(host): Host, Extension(db): Extension<D>) -> Result<String, StorageError> {
db.get_setting::<SiteName>(&host).await.map(|name| name.as_ref().to_owned())
}
async fn change_password<A: AuthBackend>(
Host(host): Host,
Extension(auth): Extension<A>,
Form(PasswordChange { old_password, new_password }): Form<PasswordChange>
) -> StatusCode {
let website = url::Url::parse(&format!("https://{host}/")).unwrap();
if auth.verify_password(&website, old_password).await.is_ok() {
if let Err(err) = auth.enroll_password(&website, new_password).await {
tracing::error!("Error changing password: {}", err);
StatusCode::INTERNAL_SERVER_ERROR
} else {
StatusCode::OK
}
} else {
StatusCode::BAD_REQUEST
}
}
impl axum::response::IntoResponse for StorageError {
fn into_response(self) -> axum::response::Response {
let code = match self.kind() {
crate::database::ErrorKind::Backend => StatusCode::INTERNAL_SERVER_ERROR,
crate::database::ErrorKind::PermissionDenied => StatusCode::FORBIDDEN,
crate::database::ErrorKind::JsonParsing => StatusCode::BAD_REQUEST,
crate::database::ErrorKind::NotFound => StatusCode::NOT_FOUND,
crate::database::ErrorKind::BadRequest => StatusCode::BAD_REQUEST,
crate::database::ErrorKind::Conflict => StatusCode::CONFLICT,
crate::database::ErrorKind::Other => StatusCode::INTERNAL_SERVER_ERROR,
};
(code, self.to_string()).into_response()
}
}
async fn dashboard<D: Storage + 'static, A: AuthBackend>(
Host(host): Host,
cookies: CookieJar,
Extension(db): Extension<D>,
Extension(auth): Extension<A>
) -> axum::response::Response {
let page = kittybox_frontend_renderer::admin::AdminHome {};
(page.to_string().into_response())
}
pub fn router<D: Storage + 'static, A: AuthBackend>(db: D, auth: A) -> axum::Router {
axum::Router::new()
.nest("/.kittybox/admin", axum::Router::new()
// routes go here
.route(
"/",
axum::routing::get(dashboard::<D, A>)
)
.route(
"/api/settings/name",
axum::routing::post(set_name::<D>)
.get(get_name::<D>)
)
.route("/api/settings/password", axum::routing::post(change_password::<A>))
.layer(Extension(db))
.layer(Extension(auth))
)
}
|
