fix(users): update user stomped on admin

2024-03-10 21:48:43 -04:00 · 2024-03-10 21:48:43 -04:00 · 8e81acd381
parent 6c6a6dd329
commit 8e81acd381
6 changed files with 36 additions and 33 deletions
--- a/api/app-routes.go
+++ b/api/app-routes.go
@ -879,6 +879,7 @@ func (api *API) appEditSettings(c *gin.Context) {

 	newUserSettings := database.UpdateUserParams{
 		UserID: auth.UserName,
+		Admin:  auth.IsAdmin,
 	}

 	// Set New Password
--- a/api/auth.go
+++ b/api/auth.go
@ -43,7 +43,7 @@ func (api *API) authorizeCredentials(username string, password string) (auth *au
 		return
 	}

-	// Update Auth Cache
+	// Update auth cache
 	api.userAuthCache[user.ID] = *user.AuthHash

 	return &authData{
@ -413,30 +413,6 @@ func (api *API) getUserAuthHash(username string) (string, error) {
 	return api.userAuthCache[username], nil
 }

-func (api *API) rotateUserAuthHash(username string) error {
-	// Generate Auth Hash
-	rawAuthHash, err := utils.GenerateToken(64)
-	if err != nil {
-		log.Error("Failed to generate user token: ", err)
-		return err
-	}
-
-	// Update User
-	authHash := fmt.Sprintf("%x", rawAuthHash)
-	if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
-		UserID:   username,
-		AuthHash: &authHash,
-	}); err != nil {
-		log.Error("UpdateUser DB Error: ", err)
-		return err
-	}
-
-	// Update Cache
-	api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash)
-
-	return nil
-}
-
 func (api *API) rotateAllAuthHashes() error {
 	// Do Transaction
 	tx, err := api.db.DB.Begin()
@ -467,6 +443,7 @@ func (api *API) rotateAllAuthHashes() error {
 		if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
 			UserID:   user.ID,
 			AuthHash: &authHash,
+			Admin:    user.Admin,
 		}); err != nil {
 			return err
 		}
--- a/assets/style.css
+++ b/assets/style.css
--- a/database/query.sql
+++ b/database/query.sql
@ -369,7 +369,8 @@ UPDATE users
 SET
    pass = COALESCE($password, pass),
    auth_hash = COALESCE($auth_hash, auth_hash),
-    time_offset = COALESCE($time_offset, time_offset)
+    time_offset = COALESCE($time_offset, time_offset),
+    admin = COALESCE($admin, admin)
 WHERE id = $user_id
 RETURNING *;

--- a/database/query.sql.go
+++ b/database/query.sql.go
@ -1251,8 +1251,9 @@ UPDATE users
 SET
    pass = COALESCE(?1, pass),
    auth_hash = COALESCE(?2, auth_hash),
-    time_offset = COALESCE(?3, time_offset)
-WHERE id = ?4
+    time_offset = COALESCE(?3, time_offset),
+    admin = COALESCE(?4, admin)
+WHERE id = ?5
 RETURNING id, pass, auth_hash, admin, time_offset, created_at
 `

@ -1260,6 +1261,7 @@ type UpdateUserParams struct {
 	Password   *string `json:"-"`
 	AuthHash   *string `json:"auth_hash"`
 	TimeOffset *string `json:"time_offset"`
+	Admin      bool    `json:"-"`
 	UserID     string  `json:"user_id"`
 }

@ -1268,6 +1270,7 @@ func (q *Queries) UpdateUser(ctx context.Context, arg UpdateUserParams) (User, e
 		arg.Password,
 		arg.AuthHash,
 		arg.TimeOffset,
+		arg.Admin,
 		arg.UserID,
 	)
 	var i User
--- a/templates/pages/admin-users.tmpl
+++ b/templates/pages/admin-users.tmpl
@ -2,13 +2,32 @@
 {{ define "title" }}Admin - Users{{ end }}
 {{ define "header" }}<a class="whitespace-pre" href="../admin">Admin - Users</a>{{ end }}
 {{ define "content" }}
-<div class="overflow-x-auto">
-  <div class="inline-block min-w-full overflow-hidden rounded shadow">
+<div class="relative h-full overflow-x-auto">
+  <input type="checkbox" id="add-button" class="hidden peer/add" />
+  <div class="absolute top-10 left-10 p-3 transition-all duration-200 bg-gray-200 rounded shadow-lg shadow-gray-500 dark:shadow-gray-900 dark:bg-gray-600 hidden peer-checked/add:block">
+    <form method="POST"
+          action="./users"
+          class="flex flex-col gap-2 text-black dark:text-white text-sm">
+      <input type="text"
+             id="username"
+             name="username"
+             placeholder="User"
+             class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
+      <input type="password"
+             id="password"
+             name="password"
+             placeholder="Password"
+             class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
+      <button class="font-medium px-2 py-1 text-white bg-gray-500 dark:text-gray-800 hover:bg-gray-800 dark:hover:bg-gray-100"
+              type="submit">Create</button>
+    </form>
+  </div>
+  <div class="min-w-full overflow-hidden rounded shadow">
    <table class="min-w-full leading-normal bg-white dark:bg-gray-700 text-sm">
      <thead class="text-gray-800 dark:text-gray-400">
        <tr>
          <th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 w-12">
-            {{ template "svg/add" }}
+            <label class="cursor-pointer" for="add-button">{{ template "svg/add" }}</label>
          </th>
          <th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800">User</th>
          <th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 text-center">
@ -25,7 +44,9 @@
        {{ end }}
        {{ range $user := .Data }}
        <tr>
-          <td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400">{{ template "svg/delete" }}</td>
+          <td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400 cursor-pointer">
+            {{ template "svg/delete" }}
+          </td>
          <td class="p-3 border-b border-gray-200">
            <p>{{ $user.ID }}</p>
          </td>