rbac system first stage
This commit is contained in:
36
internal/handlers/admin_dashboard.go
Normal file
36
internal/handlers/admin_dashboard.go
Normal file
@@ -0,0 +1,36 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
"git.haelnorr.com/h/oslstats/internal/db"
|
||||
"git.haelnorr.com/h/oslstats/internal/view/page"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/uptrace/bun"
|
||||
)
|
||||
|
||||
func AdminDashboard(s *hws.Server, conn *bun.DB) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx, cancel := context.WithTimeout(r.Context(), 15*time.Second)
|
||||
defer cancel()
|
||||
|
||||
tx, err := conn.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
throwInternalServiceError(s, w, r, "Database error", errors.Wrap(err, "conn.BeginTx"))
|
||||
return
|
||||
}
|
||||
defer func() { _ = tx.Rollback() }()
|
||||
|
||||
users, err := db.GetUsers(ctx, tx, nil)
|
||||
if err != nil {
|
||||
throwInternalServiceError(s, w, r, "Database error", errors.Wrap(err, "db.GetUsers"))
|
||||
return
|
||||
}
|
||||
_ = tx.Commit()
|
||||
|
||||
renderSafely(page.AdminDashboard(users), s, r, w)
|
||||
})
|
||||
}
|
||||
44
internal/handlers/admin_users.go
Normal file
44
internal/handlers/admin_users.go
Normal file
@@ -0,0 +1,44 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
"git.haelnorr.com/h/oslstats/internal/db"
|
||||
"git.haelnorr.com/h/oslstats/internal/view/component/admin"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/uptrace/bun"
|
||||
)
|
||||
|
||||
// AdminUsersList shows all users
|
||||
func AdminUsersList(s *hws.Server, conn *bun.DB) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
tx, err := conn.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
throwInternalServiceError(s, w, r, "DB Transaction failed", errors.Wrap(err, "conn.BeginTx"))
|
||||
return
|
||||
}
|
||||
defer func() { _ = tx.Rollback() }()
|
||||
|
||||
// Get all users
|
||||
pageOpts, err := pageOptsFromForm(r)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "invalid form data", err)
|
||||
return
|
||||
}
|
||||
users, err := db.GetUsers(ctx, tx, pageOpts)
|
||||
if err != nil {
|
||||
throwInternalServiceError(s, w, r, "Failed to load users", errors.Wrap(err, "db.GetUsers"))
|
||||
return
|
||||
}
|
||||
|
||||
_ = tx.Commit()
|
||||
|
||||
renderSafely(admin.UserList(users), s, r, w)
|
||||
})
|
||||
}
|
||||
56
internal/handlers/auth_helpers.go
Normal file
56
internal/handlers/auth_helpers.go
Normal file
@@ -0,0 +1,56 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"git.haelnorr.com/h/oslstats/internal/db"
|
||||
"git.haelnorr.com/h/oslstats/internal/rbac"
|
||||
"git.haelnorr.com/h/oslstats/internal/roles"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/uptrace/bun"
|
||||
)
|
||||
|
||||
// shouldGrantAdmin checks if user's Discord ID is in admin list
|
||||
func shouldGrantAdmin(user *db.User, cfg *rbac.Config) bool {
|
||||
if cfg == nil || user == nil {
|
||||
return false
|
||||
}
|
||||
if user.DiscordID == cfg.AdminDiscordID {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// ensureUserHasAdminRole grants admin role if not already granted
|
||||
func ensureUserHasAdminRole(ctx context.Context, tx bun.Tx, user *db.User) error {
|
||||
if user == nil {
|
||||
return errors.New("user cannot be nil")
|
||||
}
|
||||
|
||||
// Check if user already has admin role
|
||||
hasAdmin, err := user.HasRole(ctx, tx, roles.Admin)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "user.HasRole")
|
||||
}
|
||||
|
||||
if hasAdmin {
|
||||
return nil // Already admin
|
||||
}
|
||||
|
||||
// Get admin role
|
||||
adminRole, err := db.GetRoleByName(ctx, tx, roles.Admin)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "db.GetRoleByName")
|
||||
}
|
||||
if adminRole == nil {
|
||||
return errors.New("admin role not found in database")
|
||||
}
|
||||
|
||||
// Grant admin role (nil grantedBy = system granted)
|
||||
err = db.AssignRole(ctx, tx, user.ID, adminRole.ID, nil)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "db.AssignRole")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -193,6 +193,15 @@ func login(
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "user.UpdateDiscordToken")
|
||||
}
|
||||
|
||||
// Check if user should be granted admin role (environment-based)
|
||||
if shouldGrantAdmin(user, cfg.RBAC) {
|
||||
err := ensureUserHasAdminRole(ctx, tx, user)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "ensureUserHasAdminRole")
|
||||
}
|
||||
}
|
||||
|
||||
err := auth.Login(w, r, user, true)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "auth.Login")
|
||||
|
||||
@@ -20,16 +20,13 @@ func throwError(
|
||||
err error,
|
||||
level hws.ErrorLevel,
|
||||
) {
|
||||
err = s.ThrowError(w, r, hws.HWSError{
|
||||
s.ThrowError(w, r, hws.HWSError{
|
||||
StatusCode: statusCode,
|
||||
Message: msg,
|
||||
Error: err,
|
||||
Level: level,
|
||||
RenderErrorPage: true, // throw* family always renders error pages
|
||||
})
|
||||
if err != nil {
|
||||
s.ThrowFatal(w, err)
|
||||
}
|
||||
}
|
||||
|
||||
// throwInternalServiceError handles 500 errors (server failures)
|
||||
|
||||
68
internal/handlers/page_opt_helpers.go
Normal file
68
internal/handlers/page_opt_helpers.go
Normal file
@@ -0,0 +1,68 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
"git.haelnorr.com/h/oslstats/internal/db"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/uptrace/bun"
|
||||
)
|
||||
|
||||
func pageOptsFromForm(r *http.Request) (*db.PageOpts, error) {
|
||||
var pageNum, perPage int
|
||||
var order bun.Order
|
||||
var orderBy string
|
||||
var err error
|
||||
|
||||
if pageStr := r.FormValue("page"); pageStr != "" {
|
||||
pageNum, err = strconv.Atoi(pageStr)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "invalid page number")
|
||||
}
|
||||
}
|
||||
if perPageStr := r.FormValue("per_page"); perPageStr != "" {
|
||||
perPage, err = strconv.Atoi(perPageStr)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "invalid per_page number")
|
||||
}
|
||||
}
|
||||
order = bun.Order(r.FormValue("order"))
|
||||
orderBy = r.FormValue("order_by")
|
||||
|
||||
pageOpts := &db.PageOpts{
|
||||
Page: pageNum,
|
||||
PerPage: perPage,
|
||||
Order: order,
|
||||
OrderBy: orderBy,
|
||||
}
|
||||
return pageOpts, nil
|
||||
}
|
||||
|
||||
func pageOptsFromQuery(r *http.Request) (*db.PageOpts, error) {
|
||||
var pageNum, perPage int
|
||||
var order bun.Order
|
||||
var orderBy string
|
||||
var err error
|
||||
if pageStr := r.URL.Query().Get("page"); pageStr != "" {
|
||||
pageNum, err = strconv.Atoi(pageStr)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "invalid page number")
|
||||
}
|
||||
}
|
||||
if perPageStr := r.URL.Query().Get("per_page"); perPageStr != "" {
|
||||
perPage, err = strconv.Atoi(perPageStr)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "invalid per_page number")
|
||||
}
|
||||
}
|
||||
order = bun.Order(r.URL.Query().Get("order"))
|
||||
orderBy = r.URL.Query().Get("order_by")
|
||||
pageOpts := &db.PageOpts{
|
||||
Page: pageNum,
|
||||
PerPage: perPage,
|
||||
Order: order,
|
||||
OrderBy: orderBy,
|
||||
}
|
||||
return pageOpts, nil
|
||||
}
|
||||
@@ -2,9 +2,7 @@ package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
@@ -27,30 +25,10 @@ func SeasonsPage(
|
||||
return
|
||||
}
|
||||
defer tx.Rollback()
|
||||
var pageNum, perPage int
|
||||
var order bun.Order
|
||||
var orderBy string
|
||||
if pageStr := r.URL.Query().Get("page"); pageStr != "" {
|
||||
pageNum, err = strconv.Atoi(pageStr)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "Invalid page number", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
if perPageStr := r.URL.Query().Get("per_page"); perPageStr != "" {
|
||||
perPage, err = strconv.Atoi(perPageStr)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "Invalid per_page number", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
order = bun.Order(r.URL.Query().Get("order"))
|
||||
orderBy = r.URL.Query().Get("order_by")
|
||||
pageOpts := &db.PageOpts{
|
||||
Page: pageNum,
|
||||
PerPage: perPage,
|
||||
Order: order,
|
||||
OrderBy: orderBy,
|
||||
pageOpts, err := pageOptsFromQuery(r)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "invalid query", err)
|
||||
return
|
||||
}
|
||||
seasons, err := db.ListSeasons(ctx, tx, pageOpts)
|
||||
if err != nil {
|
||||
@@ -76,36 +54,11 @@ func SeasonsList(
|
||||
return
|
||||
}
|
||||
|
||||
// Extract pagination/sort params from form
|
||||
var pageNum, perPage int
|
||||
var order bun.Order
|
||||
var orderBy string
|
||||
var err error
|
||||
|
||||
if pageStr := r.FormValue("page"); pageStr != "" {
|
||||
pageNum, err = strconv.Atoi(pageStr)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "Invalid page number", err)
|
||||
return
|
||||
}
|
||||
pageOpts, err := pageOptsFromForm(r)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "invalid form data", err)
|
||||
return
|
||||
}
|
||||
if perPageStr := r.FormValue("per_page"); perPageStr != "" {
|
||||
perPage, err = strconv.Atoi(perPageStr)
|
||||
if err != nil {
|
||||
throwBadRequest(s, w, r, "Invalid per_page number", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
order = bun.Order(r.FormValue("order"))
|
||||
orderBy = r.FormValue("order_by")
|
||||
|
||||
pageOpts := &db.PageOpts{
|
||||
Page: pageNum,
|
||||
PerPage: perPage,
|
||||
Order: order,
|
||||
OrderBy: orderBy,
|
||||
}
|
||||
fmt.Println(pageOpts)
|
||||
|
||||
// Database query
|
||||
tx, err := conn.BeginTx(ctx, nil)
|
||||
|
||||
Reference in New Issue
Block a user