package controllers import ( "errors" "fmt" "strconv" "git.readonly.ch/bouzoure/popvaud-people/helpers" "git.readonly.ch/bouzoure/popvaud-people/models" "github.com/go-playground/validator" "github.com/gofiber/fiber/v2" "gorm.io/gorm" ) type UserValidation struct { Email string `validate:"required,min=6,max=100,email"` Name string `validate:"required,min=2,max=100"` Password string `validate:"required,min=10,max=100"` } func Users(c *fiber.Ctx) error { db, err := helpers.GetDatabase() if err != nil { return err } var users []models.User result := db.Order("name collate nocase asc").Find(&users) if result.Error != nil && !errors.Is(result.Error, gorm.ErrRecordNotFound) { return err } return c.Render("users", fiber.Map{ "PageTitle": "Utilisateurs", "Users": users, }) } func UserShow(c *fiber.Ctx) error { id := c.Params("id") db, err := helpers.GetDatabase() if err != nil { return err } var user models.User result := db.Find(&user, "id = ?", id) if errors.Is(result.Error, gorm.ErrRecordNotFound) { return fiber.NewError(fiber.StatusNotFound, "Not found") } if result.Error != nil { return result.Error } title := fmt.Sprintf( "%s | Utilisateurs", user.Name, ) return c.Render("user", fiber.Map{ "PageTitle": title, "User": user, }) } func UserAdd(c *fiber.Ctx) error { var user models.User var errors []string db, err := helpers.GetDatabase() if err != nil { return err } if c.Method() == "POST" { data := UserValidation{ Email: c.FormValue("email"), Name: c.FormValue("name"), Password: c.FormValue("password"), } validate := validator.New() validErrs := validate.Struct(data) if validErrs != nil { for _, validErr := range validErrs.(validator.ValidationErrors) { switch validErr.Field() { case "Email": errors = append(errors, "L'adresse email doit être valide") case "Name": errors = append(errors, "Le nom doit contenir entre 2 et 100 caractères") case "Password": errors = append(errors, "Le mot de passe doit contenir entre 10 et 100 caractères") } } } user.Name = data.Name user.Email = data.Email passwordHash, err := helpers.HashPassword(data.Password) if err != nil { return err } user.Password = passwordHash user.SkipWelcome = false user.IsAdmin = (c.FormValue("is_admin") == "on") if len(errors) == 0 { result := db.Create(&user) if result.Error != nil { return result.Error } else { c.Redirect(fmt.Sprintf( "/admin/users/%d", user.ID, )) } } } return c.Render("user_form", fiber.Map{ "PageTitle": "Ajouter un utilisateur", "User": user, "Errors": errors, }) } func UserEdit(c *fiber.Ctx) error { id := c.Params("id") db, err := helpers.GetDatabase() if err != nil { return err } var user models.User result := db.Find(&user, "id = ?", id) if errors.Is(result.Error, gorm.ErrRecordNotFound) { return fiber.NewError(fiber.StatusNotFound, "Not found") } if result.Error != nil { return result.Error } title := fmt.Sprintf( "%s | Modifier utilisateur", user.Name, ) var errors []string if c.Method() == "POST" { data := UserValidation{ Email: c.FormValue("email"), Name: c.FormValue("name"), Password: c.FormValue("password"), } validate := validator.New() validErrs := validate.Struct(data) if validErrs != nil { for _, validErr := range validErrs.(validator.ValidationErrors) { switch validErr.Field() { case "Email": errors = append(errors, "L'adresse email doit être valide") case "Name": errors = append(errors, "Le nom doit contenir entre 2 et 100 caractères") case "Password": if len(data.Password) > 0 { errors = append(errors, "Le mot de passe doit contenir entre 10 et 100 caractères") } } } } user.Name = data.Name user.Email = data.Email if len(data.Password) > 0 { passwordHash, err := helpers.HashPassword(data.Password) if err != nil { return err } user.Password = passwordHash user.SkipWelcome = false } if c.FormValue("reset_totp") == "on" { user.TotpSecret.Valid = false } user.IsAdmin = (c.FormValue("is_admin") == "on") var users []models.User result := db.Find(&users, "is_admin = ?", true) if result.Error != nil { return result.Error } if !user.IsAdmin && result.RowsAffected < 2 { errors = append(errors, "Il doit y avoir au moins un administrateur") } if len(errors) == 0 { result2 := db.Save(&user) if result2.Error != nil { return result2.Error } else { c.Redirect(fmt.Sprintf( "/admin/users/%d", user.ID, )) } } } return c.Render("user_form", fiber.Map{ "PageTitle": title, "User": user, "Errors": errors, }) } func UserDelete(c *fiber.Ctx) error { id := c.Params("id") sess, err := helpers.GetSessionStore(c) if err != nil { return err } deleteUser, err := strconv.ParseUint(id, 10, 0) if err != nil { return err } currentUser := sess.Get("userid") if deleteUser == uint64(currentUser.(uint)) { return fiber.NewError(fiber.StatusForbidden, "Forbidden") } db, err := helpers.GetDatabase() if err != nil { return err } var user models.User result := db.Find(&user, "id = ?", id) if result.Error != nil { return result.Error } user.Name = "Disabled Account" user.Email = "disabled-account@invlalid.tld" user.Password = "" user.TotpSecret.Valid = false user.IsAdmin = false user.SkipWelcome = false result2 := db.Save(&user) if result2.Error != nil { return result2.Error } result3 := db.Delete(&models.User{}, id) if result3.Error != nil { return result3.Error } return c.Redirect("/admin/users") }