http: GET /setup landing page with expiry handling

2026-05-05 09:27:53 +01:00
parent cbdd94ca12
commit 8d4c4426b0
5 changed files with 214 additions and 1 deletions
@@ -0,0 +1,77 @@
+// setup_handler.go — public landing page for the user-setup link
+// emitted by the admin's "+ Add user" / "Regenerate setup link" flow.
+//
+// Routes (wired in server.go):
+//
+//	GET  /setup   → handleUISetupGet
+//	POST /setup   → handleUISetupPost  (lands in Task D2)
+//
+// The token in the querystring (`?token=<raw>`) is the credential.
+// Auth middleware does not run on these routes.
+package http
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"log/slog"
+	stdhttp "net/http"
+	"time"
+
+	"gitea.dcglab.co.uk/steve/restic-manager/internal/server/ui"
+)
+
+type setupPage struct {
+	Username string
+	Token    string // round-tripped to the POST form
+	Error    string // displayed when password validation fails or token is invalid
+}
+
+// hashSetupToken is the canonical hashing for setup tokens. Must
+// match what the admin handler uses when SetSetupToken is called,
+// so the digest at rest matches what GET /setup hashes.
+func hashSetupToken(raw string) string {
+	h := sha256.Sum256([]byte(raw))
+	return hex.EncodeToString(h[:])
+}
+
+func (s *Server) handleUISetupGet(w stdhttp.ResponseWriter, r *stdhttp.Request) {
+	raw := r.URL.Query().Get("token")
+	if raw == "" {
+		s.renderSetupExpired(w, r)
+		return
+	}
+	tok, err := s.deps.Store.LookupSetupToken(r.Context(), hashSetupToken(raw))
+	if err != nil {
+		s.renderSetupExpired(w, r)
+		return
+	}
+	if tok.ExpiresAt.Before(time.Now().UTC()) {
+		s.renderSetupExpired(w, r)
+		return
+	}
+	u, err := s.deps.Store.GetUserByID(r.Context(), tok.UserID)
+	if err != nil {
+		s.renderSetupExpired(w, r)
+		return
+	}
+	view := s.baseView(r, nil)
+	view.Title = "Set your password · restic-manager"
+	view.Page = setupPage{Username: u.Username, Token: raw}
+	if err := s.deps.UI.Render(w, "setup", view); err != nil {
+		slog.Error("ui setup: render", "err", err)
+	}
+}
+
+func (s *Server) renderSetupExpired(w stdhttp.ResponseWriter, r *stdhttp.Request) {
+	w.WriteHeader(stdhttp.StatusGone)
+	view := s.baseView(r, nil)
+	view.Title = "Link expired · restic-manager"
+	view.Page = setupPage{Error: "expired"}
+	_ = s.deps.UI.Render(w, "setup", view)
+	_ = ui.User{} // keep ui import alive
+}
+
+// handleUISetupPost is a stub — full implementation lands in Task D2.
+func (s *Server) handleUISetupPost(w stdhttp.ResponseWriter, r *stdhttp.Request) {
+	stdhttp.Error(w, "not implemented", stdhttp.StatusNotImplemented)
+}