func UserForm(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
err := req.ParseForm()
if err != nil {
context.Set(req, "error", err)
return
}
username := args.Vars["username"]
var u *quimby.User
if username == "new-user" {
u = quimby.NewUser(req.PostFormValue("username"), quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
u.Password = req.PostFormValue("password")
pw := req.PostFormValue("password_confirm")
if pw != u.Password {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
} else {
u = quimby.NewUser(username, quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
if err := u.Fetch(); err != nil {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
}
u.Permission = req.PostFormValue("permission")
qrData, err := u.Save()
if err != nil {
context.Set(req, "error", err)
return
}
if username == "new-user" {
qr := qrPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
Links: []link{
{"quimby", "/"},
{"admin", "/admin.html"},
},
},
QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
}
templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
} else {
w.Header().Set("Location", "/admin.html")
w.WriteHeader(http.StatusFound)
}
}
func UserTFAPage(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
if err := u.Fetch(); err != nil {
context.Set(req, "error", err)
return
}
qrData, err := u.UpdateTFA()
if err != nil {
context.Set(req, "error", err)
return
}
if _, err := u.Save(); err != nil {
context.Set(req, "error", err)
return
}
qr := qrPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
Links: []link{
{"quimby", "/"},
{"admin", "/admin.html"},
},
},
QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
}
templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
}
func UserChangePasswordPage(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB))
if err := u.Fetch(); err != nil {
context.Set(req, "error", err)
return
}
if err := req.ParseForm(); err != nil {
context.Set(req, "error", err)
return
}
u.Password = req.PostFormValue("password")
pw := req.PostFormValue("password_confirm")
if pw != u.Password {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
if _, err := u.Save(); err != nil {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
w.Header().Set("Location", "/admin.html")
w.WriteHeader(http.StatusFound)
}
func UpdateUserPermission(w http.ResponseWriter, req *http.Request) {
args := GetArgs(req)
username := args.Vars["username"]
u := quimby.NewUser("", quimby.UserDB(args.DB))
dec := json.NewDecoder(req.Body)
if err := dec.Decode(&u); err != nil {
context.Set(req, "error", err)
return
}
savedU := quimby.NewUser(username, quimby.UserDB(DB))
if err := savedU.Fetch(); err != nil {
context.Set(req, "error", err)
return
}
savedU.Permission = u.Permission
_, err := savedU.Save()
context.Set(req, "error", err)
}
func Bootstrap() {
var b bootstrap
db := getDB(&b)
saveQuimbyUser(db)
u := quimby.NewUser("", quimby.UserDB(db))
AddUser(u)
addCert(&b, db)
addIP(&b)
writeEnv(&b)
}
func DeleteUserPage(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB))
if err := u.Delete(); err != nil {
context.Set(req, "error", err)
return
}
w.Header().Set("Location", "/admin.html")
w.WriteHeader(http.StatusFound)
}
func saveQuimbyUser(db *bolt.DB) {
u := quimby.NewUser(
"quimby",
quimby.UserDB(db),
quimby.UserPassword(randString(16)),
quimby.UserPermission("write"),
)
if _, err := u.Save(); err != nil {
log.Fatal(err)
}
}
func doUser(f userNeeder) {
db := getDB()
u := quimby.NewUser(
*userName,
quimby.UserDB(db),
quimby.UserPassword(*userPW),
quimby.UserPermission(*userPerm),
)
f(u)
defer db.Close()
}
func LoginForm(w http.ResponseWriter, req *http.Request) {
user := quimby.NewUser("", quimby.UserDB(handlers.DB), quimby.UserTFA(handlers.TFA))
user.Username = req.PostFormValue("username")
user.Password = req.PostFormValue("password")
user.TFA = req.PostFormValue("tfa")
if err := handlers.DoLogin(user, w, req); err != nil {
w.Header().Set("Location", "/login.html?error=invalidlogin")
} else {
w.Header().Set("Location", "/index.html")
}
w.WriteHeader(http.StatusFound)
}
func Login(w http.ResponseWriter, r *http.Request) {
user := quimby.NewUser("", quimby.UserDB(DB), quimby.UserTFA(TFA))
dec := json.NewDecoder(r.Body)
err := dec.Decode(user)
if err != nil {
http.Error(w, "bad request", http.StatusBadRequest)
return
}
if err := DoLogin(user, w, r); err != nil {
http.Error(w, "bad request", http.StatusBadRequest)
}
}
func UserEditPage(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
username := args.Vars["username"]
page := editUserPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
},
Permissions: []string{"read", "write", "admin"},
}
if username == "new-user" {
page.Links = []link{
{"quimby", "/"},
{"admin", "/admin.html"},
{"new user", "/admin/users/new-user"},
}
page.Actions = []action{
{Name: "cancel", URI: template.URL("/admin.html"), Method: "get"},
}
page.End = 0
} else {
u := quimby.NewUser(username, quimby.UserDB(args.DB))
if err := u.Fetch(); err != nil {
context.Set(req, "error", err)
return
}
q := url.Values{}
q.Add("resource", fmt.Sprintf("/admin/users/%s", username))
q.Add("name", username)
page.EditUser = u
page.Links = []link{
{"quimby", "/"},
{"admin", "/admin.html"},
{u.Username, fmt.Sprintf("/admin/users/%s", u.Username)},
}
page.Actions = []action{
{Name: "cancel", URI: template.URL("/admin.html"), Method: "get"},
{Name: "delete", URI: template.URL(fmt.Sprintf("/admin/confirmation?%s", q.Encode())), Method: "get"},
{Name: "update-password", URI: template.URL(fmt.Sprintf("/admin/users/%s/password", username)), Method: "get"},
{Name: "update-tfa", URI: template.URL(fmt.Sprintf("/admin/users/%s/tfa", username)), Method: "post"},
}
page.End = 3
}
if username == "new-user" {
templates["new-user.html"].template.ExecuteTemplate(w, "base", page)
} else {
templates["edit-user.html"].template.ExecuteTemplate(w, "base", page)
}
}
func GetUser(w http.ResponseWriter, req *http.Request) {
args := GetArgs(req)
u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB))
err := u.Fetch()
if err != nil {
context.Set(req, "error", err)
return // err
}
u.HashedPassword = []byte{}
u.TFAData = []byte{}
u.TFA = ""
enc := json.NewEncoder(w)
enc.Encode(u)
}
func AddUser(w http.ResponseWriter, req *http.Request) {
args := GetArgs(req)
u := quimby.NewUser("", quimby.UserDB(args.DB), quimby.UserTFA(TFA))
dec := json.NewDecoder(req.Body)
if err := dec.Decode(&u); err != nil {
context.Set(req, "error", err)
return
}
qr, err := u.Save()
if err != nil {
context.Set(req, "error", err)
return
}
str := base64.StdEncoding.EncodeToString(qr)
w.Header().Set("Content-Type", "image/png")
w.Write([]byte(str))
}
func UserPasswordPage(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
u := quimby.NewUser(args.Vars["username"])
page := editUserPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
Links: []link{
{"quimby", "/"},
{"admin", "/admin.html"},
{u.Username, fmt.Sprintf("/admin/users/%s", u.Username)},
},
},
EditUser: u,
Actions: []action{
{Name: "cancel", URI: template.URL(fmt.Sprintf("/admin/users/%s", u.Username)), Method: "get"},
},
}
templates["password.html"].template.ExecuteTemplate(w, "base", page)
}
func DeleteUser(w http.ResponseWriter, req *http.Request) {
args := GetArgs(req)
username := args.Vars["username"]
u := quimby.NewUser(username, quimby.UserDB(args.DB))
context.Set(req, "error", u.Delete())
}