all repos — flounder @ 23270a1690d48c2b996eef52a942779dbe4c7dfe

A small site builder for the Gemini protocol

admin.go (view raw)

  1package main
  2
  3// Commands for administering your instance
  4// reset user password -> generate link
  5// delete user
  6
  7// Run some scripts to setup your instance
  8
  9import (
 10	"flag"
 11	"fmt"
 12	"golang.org/x/crypto/bcrypt"
 13	"golang.org/x/crypto/ssh/terminal"
 14	"io/ioutil"
 15	"log"
 16	"os"
 17	"path"
 18	"path/filepath"
 19	"syscall"
 20)
 21
 22// TODO improve cli
 23func runAdminCommand() {
 24	args := flag.Args() // again?
 25	if len(args) < 3 {
 26		fmt.Println("Expected subcommand with parameter activate-user|delete-user|make-admin|rename-user")
 27		os.Exit(1)
 28	}
 29	var err error
 30	switch args[1] {
 31	case "activate-user":
 32		username := args[2]
 33		err = activateUser(username)
 34	case "delete-user":
 35		username := args[2]
 36		// TODO add confirmation
 37		err = deleteUser(username)
 38	case "make-admin":
 39		username := args[2]
 40		err = makeAdmin(username)
 41	case "rename-user":
 42		username := args[2]
 43		newUsername := args[3]
 44		err = renameUser(username, newUsername)
 45	case "set-password":
 46		username := args[2]
 47		fmt.Print("Enter New Password: ")
 48		bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
 49		if err != nil {
 50			log.Fatal(err)
 51		}
 52		err = setPassword(username, bytePassword)
 53	}
 54	if err != nil {
 55		log.Fatal(err)
 56	}
 57	// reset password
 58
 59}
 60
 61func makeAdmin(username string) error {
 62	_, err := DB.Exec("UPDATE user SET admin = true WHERE username = $1", username)
 63	if err != nil {
 64		return err
 65	}
 66	log.Println("Made admin user", username)
 67	return nil
 68}
 69
 70func setPassword(username string, newPass []byte) error { // TODO rm code dup
 71	hashedPassword, err := bcrypt.GenerateFromPassword(newPass, 8)
 72	if err != nil {
 73		return err
 74	}
 75	_, err = DB.Exec("UPDATE user SET password_hash = ? WHERE username = ?", hashedPassword, username)
 76	if err != nil {
 77		return err
 78	}
 79	return nil
 80}
 81
 82func activateUser(username string) error {
 83	// Not ideal here
 84	row := DB.QueryRow("SELECT email FROM user where username = ?", username)
 85	var email string
 86	err := row.Scan(&email)
 87	if err != nil {
 88		return err
 89	}
 90	_, err = DB.Exec("UPDATE user SET active = true WHERE username = ?", username)
 91	if err != nil {
 92		// TODO verify 1 row updated
 93		return err
 94	}
 95	log.Println("Activated user", username)
 96	baseIndex := `# Welcome to Flounder!
 97## About
 98Welcome to an ultra-lightweight platform for making and sharing small websites. You can get started by editing this page -- remove this content and replace it with whatever you like! It will be live at <your-name>.flounder.online. You can go there right now to see what this page currently looks like. Here is a link to a page which will give you more information about using Flounder:
 99=> //admin.flounder.online
100
101And here's a guide to the text format that Flounder uses to create pages. These pages are converted into HTML so they can be displayed in a web browser.
102=> //admin.flounder.online/gemini_text_guide.gmi
103
104Have fun!`
105	// Redundant filepath.Clean call just in case.
106	username = filepath.Clean(username)
107	os.Mkdir(path.Join(c.FilesDirectory, username), os.ModePerm)
108	ioutil.WriteFile(path.Join(c.FilesDirectory, username, "index.gmi"), []byte(baseIndex), 0644)
109	os.Mkdir(path.Join(c.FilesDirectory, username), os.ModePerm)
110	if c.SMTPUsername != "" {
111		SendEmail(email, "Welcome to Flounder!", fmt.Sprintf(`
112Hi %s, Welcome to Flounder! You can now log into your account at
113https://flounder.online/login -- For more information about
114Flounder, check out https://admin.flounder.online/
115
116Let me know if you have any questions, and have fun!`, username))
117	}
118	return nil
119}
120
121func renameUser(oldUsername string, newUsername string) error {
122	err := isOkUsername(newUsername)
123	if err != nil {
124		return err
125	}
126	res, err := DB.Exec("UPDATE user set username = ? WHERE username = ?", newUsername, oldUsername)
127	if err != nil {
128		return err
129	}
130	rowsAffected, err := res.RowsAffected()
131	if rowsAffected != 1 {
132		return fmt.Errorf("No User updated %s %s", oldUsername, newUsername)
133	} else if err != nil {
134		return err
135	}
136	userFolder := path.Join(c.FilesDirectory, oldUsername)
137	newUserFolder := path.Join(c.FilesDirectory, newUsername)
138	err = os.Rename(userFolder, newUserFolder)
139	if err != nil {
140		// This would be bad. User in broken, insecure state.
141		// TODO some sort of better handling?
142		return err
143	}
144	log.Printf("Changed username from %s to %s", oldUsername, newUsername)
145	return nil
146}
147
148func deleteUser(username string) error {
149	_, err := DB.Exec("DELETE FROM user WHERE username = $1", username)
150	if err != nil {
151		return err
152	}
153	username = filepath.Clean(username)
154	err = os.RemoveAll(path.Join(c.FilesDirectory, username))
155	if err != nil {
156		// bad state
157		return err
158	}
159	log.Println("Deleted user", username)
160	return nil
161}