admin.go

package handler

import (
	"fmt"
	"net/http"
	"net/url"
	"strconv"
	"time"

	"github.com/dchest/authcookie"
	"github.com/drone/drone/pkg/database"
	"github.com/drone/drone/pkg/mail"
	. "github.com/drone/drone/pkg/model"
)

// Display a list of ALL users in the system
func AdminUserList(w http.ResponseWriter, r *http.Request, u *User) error {
	users, err := database.ListUsers()
	if err != nil {
		return err
	}

	data := struct {
		User  *User
		Users []*User
	}{u, users}

	return RenderTemplate(w, "admin_users.html", &data)
}

// Invite a user to join the system
func AdminUserAdd(w http.ResponseWriter, r *http.Request, u *User) error {
	return RenderTemplate(w, "admin_users_add.html", &struct{ User *User }{u})
}

func UserInvite(w http.ResponseWriter, r *http.Request) error {
	// generate the password reset token
	email := r.FormValue("email")
	token := authcookie.New(email, time.Now().Add(12*time.Hour), secret)

	// get settings
	hostname := database.SettingsMust().URL().String()
	emailEnabled := database.SettingsMust().SmtpServer != ""

	if !emailEnabled {
		// Email is not enabled, so must let the user know the signup link
		link := fmt.Sprintf("%v/register?token=%v", hostname, token)
		return RenderText(w, link, http.StatusOK)
	}

	// send data to template
	data := struct {
		Host  string
		Email string
		Token string
	}{hostname, email, token}

	// send the email message async
	go mail.SendActivation(email, data)

	return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}

// Invite a user to join the system
func AdminUserInvite(w http.ResponseWriter, r *http.Request, u *User) error {
	return UserInvite(w, r)
}

// Form to edit a user
func AdminUserEdit(w http.ResponseWriter, r *http.Request, u *User) error {
	idstr := r.FormValue("id")
	id, err := strconv.Atoi(idstr)
	if err != nil {
		return err
	}

	// get the user from the database
	user, err := database.GetUser(int64(id))
	if err != nil {
		return err
	}

	data := struct {
		User     *User
		EditUser *User
	}{u, user}

	return RenderTemplate(w, "admin_users_edit.html", &data)
}

func AdminUserUpdate(w http.ResponseWriter, r *http.Request, u *User) error {
	// get the ID from the URL parameter
	idstr := r.FormValue("id")
	id, err := strconv.Atoi(idstr)
	if err != nil {
		return err
	}

	// get the user from the database
	user, err := database.GetUser(int64(id))
	if err != nil {
		return err
	}

	// update if user is administrator or not
	switch r.FormValue("Admin") {
	case "true":
		user.Admin = true
	case "false":
		user.Admin = false
	}

	// saving user
	if err := database.SaveUser(user); err != nil {
		return err
	}

	return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}

func AdminUserDelete(w http.ResponseWriter, r *http.Request, u *User) error {
	// get the ID from the URL parameter
	idstr := r.FormValue("id")
	id, err := strconv.Atoi(idstr)
	if err != nil {
		return err
	}

	// cannot delete self
	if u.ID == int64(id) {
		return RenderForbidden(w)
	}

	// delete the user
	if err := database.DeleteUser(int64(id)); err != nil {
		return err
	}

	http.Redirect(w, r, "/account/admin/users", http.StatusSeeOther)
	return nil
}

// Return an HTML form for the User to update the site settings.
func AdminSettings(w http.ResponseWriter, r *http.Request, u *User) error {
	// get settings from database
	settings := database.SettingsMust()

	data := struct {
		User     *User
		Settings *Settings
	}{u, settings}

	return RenderTemplate(w, "admin_settings.html", &data)
}

func AdminSettingsUpdate(w http.ResponseWriter, r *http.Request, u *User) error {
	// get settings from database
	settings := database.SettingsMust()

	// update smtp settings
	settings.Domain = r.FormValue("Domain")
	settings.Scheme = r.FormValue("Scheme")

	// update bitbucket settings
	settings.BitbucketKey = r.FormValue("BitbucketKey")
	settings.BitbucketSecret = r.FormValue("BitbucketSecret")

	// update github settings
	settings.GitHubKey = r.FormValue("GitHubKey")
	settings.GitHubSecret = r.FormValue("GitHubSecret")
	settings.GitHubDomain = r.FormValue("GitHubDomain")
	settings.GitHubApiUrl = r.FormValue("GitHubApiUrl")

	// update gitlab settings
	settings.GitlabApiUrl = r.FormValue("GitlabApiUrl")
	glUrl, err := url.Parse(settings.GitlabApiUrl)
	if err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	}
	settings.GitlabDomain = glUrl.Host

	// update smtp settings
	settings.SmtpServer = r.FormValue("SmtpServer")
	settings.SmtpPort = r.FormValue("SmtpPort")
	settings.SmtpAddress = r.FormValue("SmtpAddress")
	settings.SmtpUsername = r.FormValue("SmtpUsername")
	settings.SmtpPassword = r.FormValue("SmtpPassword")

	settings.OpenInvitations = (r.FormValue("OpenInvitations") == "on")

	// validate user input
	if err := settings.Validate(); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	}

	// persist changes
	if err := database.SaveSettings(settings); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	}

	// make sure the mail package is updated with the
	// latest client information.
	//mail.SetClient(&mail.SMTPClient{
	//	Host: settings.SmtpServer,
	//	Port: settings.SmtpPort,
	//	User: settings.SmtpUsername,
	//	Pass: settings.SmtpPassword,
	//	From: settings.SmtpAddress,
	//})

	return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}

func Install(w http.ResponseWriter, r *http.Request) error {
	// we can only perform the inital installation if no
	// users exist in the system
	if users, err := database.ListUsers(); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	} else if len(users) != 0 {
		// if users exist in the systsem
		// we should render a NotFound page
		return RenderNotFound(w)
	}

	return RenderTemplate(w, "install.html", true)
}

func InstallPost(w http.ResponseWriter, r *http.Request) error {
	// we can only perform the inital installation if no
	// users exist in the system
	if users, err := database.ListUsers(); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	} else if len(users) != 0 {
		// if users exist in the systsem
		// we should render a NotFound page
		return RenderNotFound(w)
	}

	// set the email and name
	user := NewUser(r.FormValue("name"), r.FormValue("email"))
	user.Admin = true

	// set the new password
	if err := user.SetPassword(r.FormValue("password")); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	}

	// verify fields are correct
	if err := user.Validate(); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	}

	// save to the database
	if err := database.SaveUser(user); err != nil {
		return RenderError(w, err, http.StatusBadRequest)
	}

	// update settings
	settings := Settings{}
	settings.Domain = r.FormValue("Domain")
	settings.Scheme = r.FormValue("Scheme")
	settings.GitHubApiUrl = "https://api.github.com"
	settings.GitHubDomain = "github.com"
	settings.GitlabApiUrl = "https://gitlab.com"
	settings.GitlabDomain = "gitlab.com"
	database.SaveSettings(&settings)

	// add the user to the session object
	// so that he/she is loggedin
	SetCookie(w, r, "_sess", user.Email)

	// send the user to the settings page
	// to complete the configuration.
	http.Redirect(w, r, "/account/admin/settings", http.StatusSeeOther)
	return nil
}