78 lines
2.3 KiB
Go
78 lines
2.3 KiB
Go
// setup_handler.go — public landing page for the user-setup link
|
|
// emitted by the admin's "+ Add user" / "Regenerate setup link" flow.
|
|
//
|
|
// Routes (wired in server.go):
|
|
//
|
|
// GET /setup → handleUISetupGet
|
|
// POST /setup → handleUISetupPost (lands in Task D2)
|
|
//
|
|
// The token in the querystring (`?token=<raw>`) is the credential.
|
|
// Auth middleware does not run on these routes.
|
|
package http
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"log/slog"
|
|
stdhttp "net/http"
|
|
"time"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/ui"
|
|
)
|
|
|
|
type setupPage struct {
|
|
Username string
|
|
Token string // round-tripped to the POST form
|
|
Error string // displayed when password validation fails or token is invalid
|
|
}
|
|
|
|
// hashSetupToken is the canonical hashing for setup tokens. Must
|
|
// match what the admin handler uses when SetSetupToken is called,
|
|
// so the digest at rest matches what GET /setup hashes.
|
|
func hashSetupToken(raw string) string {
|
|
h := sha256.Sum256([]byte(raw))
|
|
return hex.EncodeToString(h[:])
|
|
}
|
|
|
|
func (s *Server) handleUISetupGet(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
raw := r.URL.Query().Get("token")
|
|
if raw == "" {
|
|
s.renderSetupExpired(w, r)
|
|
return
|
|
}
|
|
tok, err := s.deps.Store.LookupSetupToken(r.Context(), hashSetupToken(raw))
|
|
if err != nil {
|
|
s.renderSetupExpired(w, r)
|
|
return
|
|
}
|
|
if tok.ExpiresAt.Before(time.Now().UTC()) {
|
|
s.renderSetupExpired(w, r)
|
|
return
|
|
}
|
|
u, err := s.deps.Store.GetUserByID(r.Context(), tok.UserID)
|
|
if err != nil {
|
|
s.renderSetupExpired(w, r)
|
|
return
|
|
}
|
|
view := s.baseView(r, nil)
|
|
view.Title = "Set your password · restic-manager"
|
|
view.Page = setupPage{Username: u.Username, Token: raw}
|
|
if err := s.deps.UI.Render(w, "setup", view); err != nil {
|
|
slog.Error("ui setup: render", "err", err)
|
|
}
|
|
}
|
|
|
|
func (s *Server) renderSetupExpired(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
w.WriteHeader(stdhttp.StatusGone)
|
|
view := s.baseView(r, nil)
|
|
view.Title = "Link expired · restic-manager"
|
|
view.Page = setupPage{Error: "expired"}
|
|
_ = s.deps.UI.Render(w, "setup", view)
|
|
_ = ui.User{} // keep ui import alive
|
|
}
|
|
|
|
// handleUISetupPost is a stub — full implementation lands in Task D2.
|
|
func (s *Server) handleUISetupPost(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
stdhttp.Error(w, "not implemented", stdhttp.StatusNotImplemented)
|
|
}
|