admin.go (view raw)
1package main
2
3// Commands for administering your instance
4// reset user password -> generate link
5// delete user
6
7// Run some scripts to setup your instance
8
9import (
10 "flag"
11 "fmt"
12 "golang.org/x/crypto/bcrypt"
13 "golang.org/x/crypto/ssh/terminal"
14 "io/ioutil"
15 "log"
16 "os"
17 "path"
18 "path/filepath"
19 "syscall"
20)
21
22// TODO improve cli
23func runAdminCommand() {
24 args := flag.Args() // again?
25 if len(args) < 3 {
26 fmt.Println("Expected subcommand with parameter activate-user|delete-user|make-admin|rename-user")
27 os.Exit(1)
28 }
29 var err error
30 switch args[1] {
31 case "activate-user":
32 username := args[2]
33 err = activateUser(username)
34 case "delete-user":
35 username := args[2]
36 // TODO add confirmation
37 err = deleteUser(username)
38 case "make-admin":
39 username := args[2]
40 err = makeAdmin(username)
41 case "rename-user":
42 username := args[2]
43 newUsername := args[3]
44 err = renameUser(username, newUsername)
45 case "set-password": // TODO FIX -- broken atm
46 username := args[2]
47 fmt.Print("Enter New Password: ")
48 bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
49 if err != nil {
50 log.Fatal(err)
51 }
52 err = setPassword(username, bytePassword)
53 }
54 if err != nil {
55 log.Fatal(err)
56 }
57 // reset password
58
59}
60
61func makeAdmin(username string) error {
62 _, err := DB.Exec("UPDATE user SET admin = true WHERE username = $1", username)
63 if err != nil {
64 return err
65 }
66 log.Println("Made admin user", username)
67 return nil
68}
69
70func setPassword(username string, newPass []byte) error { // TODO rm code dup
71 hashedPassword, err := bcrypt.GenerateFromPassword(newPass, 8)
72 if err != nil {
73 return err
74 }
75 _, err = DB.Exec("UPDATE user SET password_hash = ? WHERE username = ?", hashedPassword, username)
76 if err != nil {
77 return err
78 }
79 return nil
80}
81
82func activateUser(username string) error {
83 // Not ideal here
84 row := DB.QueryRow("SELECT email FROM user where username = ?", username)
85 var email string
86 err := row.Scan(&email)
87 if err != nil {
88 return err
89 }
90 _, err = DB.Exec("UPDATE user SET active = true WHERE username = ?", username)
91 if err != nil {
92 // TODO verify 1 row updated
93 return err
94 }
95 log.Println("Activated user", username)
96 baseIndex := `# Welcome to Flounder!
97## About
98Welcome to an ultra-lightweight platform for making and sharing small websites. You can get started by editing this page -- remove this content and replace it with whatever you like! It will be live at <your-name>.flounder.online. You can go there right now to see what this page currently looks like. Here is a link to a page which will give you more information about using flounder:
99=> //admin.flounder.online
100
101And here's a guide to the text format that Flounder uses to create pages, Gemini. These pages are converted into HTML so they can be displayed in a web browser.
102=> //admin.flounder.online/gemini_text_guide.gmi
103
104Have fun!`
105 // Redundant filepath.Clean call just in case.
106 username = filepath.Clean(username)
107 os.Mkdir(path.Join(c.FilesDirectory, username), os.ModePerm)
108 ioutil.WriteFile(path.Join(c.FilesDirectory, username, "index.gmi"), []byte(baseIndex), 0644)
109 os.Mkdir(path.Join(c.FilesDirectory, username), os.ModePerm)
110 if c.SMTPUsername != "" {
111 SendEmail(email, "Welcome to Flounder!", fmt.Sprintf(`
112Hi %s, Welcome to Flounder! You can now log into your account at
113https://flounder.online/login -- For more information about
114Flounder, check out https://admin.flounder.online/
115
116Let me know if you have any questions, and have fun!`, username))
117 }
118 return nil
119}
120
121func renameUser(oldUsername string, newUsername string) error {
122 err := isOkUsername(newUsername)
123 if err != nil {
124 return err
125 }
126 res, err := DB.Exec("UPDATE user set username = ? WHERE username = ?", newUsername, oldUsername)
127 if err != nil {
128 return err
129 }
130 rowsAffected, err := res.RowsAffected()
131 if rowsAffected != 1 {
132 return fmt.Errorf("No User updated %s %s", oldUsername, newUsername)
133 } else if err != nil {
134 return err
135 }
136 userFolder := path.Join(c.FilesDirectory, oldUsername)
137 newUserFolder := path.Join(c.FilesDirectory, newUsername)
138 err = os.Rename(userFolder, newUserFolder)
139 if err != nil {
140 // This would be bad. User in broken, insecure state.
141 // TODO some sort of better handling?
142 return err
143 }
144 log.Printf("Changed username from %s to %s", oldUsername, newUsername)
145 return nil
146}
147
148func deleteUser(username string) error {
149 _, err := DB.Exec("DELETE FROM user WHERE username = $1", username)
150 if err != nil {
151 return err
152 }
153 username = filepath.Clean(username)
154 err = os.RemoveAll(path.Join(c.FilesDirectory, username))
155 if err != nil {
156 // bad state
157 return err
158 }
159 log.Println("Deleted user", username)
160 return nil
161}