annotate src/private/tools/private_users.html.luan @ 16:50a1fe272c10

more security
author Franklin Schmidt <fschmidt@gmail.com>
date Sun, 01 Oct 2023 21:36:34 -0600
parents 028e74c8889d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
1 local Luan = require "luan:Luan.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
2 local error = Luan.error
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
3 local pairs = Luan.pairs or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
4 local ipairs = Luan.ipairs or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
5 local stringify = Luan.stringify or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
6 local Io = require "luan:Io.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
7 local Http = require "luan:http/Http.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
8 local Shared = require "site:/lib/Shared.luan"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
9 local head = Shared.head or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
10 local header = Shared.private_header or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
11 local text_to_list = Shared.text_to_list or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
12 local config = Shared.config or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
13 local get_raw_config = Shared.get_raw_config or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
14 local save_raw_config = Shared.save_raw_config or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
15 local Logging = require "luan:logging/Logging.luan"
4
028e74c8889d add all_users
Franklin Schmidt <fschmidt@gmail.com>
parents: 0
diff changeset
16 local logger = Logging.logger "private_users.html"
0
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
17
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
18
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
19 local function response(content)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
20 %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
21 <!doctype html>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
22 <html>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
23 <head>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
24 <% head() %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
25 <title>Mercurial Private Users</title>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
26 </head>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
27 <body>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
28 <% header() %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
29 <div content>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
30 <h1>Private Users</h1>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
31 <%=content%>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
32 </div>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
33 </body>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
34 </html>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
35 <%
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
36 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
37
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
38 local function posted()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
39 local users = Http.request.parameters.users or error()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
40 users = text_to_list(users)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
41 if #users == 0 then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
42 return "Users cannot be empty"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
43 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
44 for _, user in ipairs(users) do
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
45 if config.users[user] == nil then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
46 return "user "..user.." is not a registered user"
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
47 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
48 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
49 local raw_config = get_raw_config()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
50 raw_config.private = users
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
51 save_raw_config(raw_config)
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
52 return nil
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
53 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
54
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
55 return function()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
56 Io.stdout = Http.response.text_writer()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
57 local error_msg = ""
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
58 if Http.request.method == "POST" then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
59 local error_msg = posted()
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
60 if error_msg == nil then
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
61 response([[<p>Private updated</p>]])
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
62 else
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
63 response([[<p error>]]..error_msg..[[</p>]])
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
64 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
65 return
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
66 end
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
67 %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
68 <!doctype html>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
69 <html>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
70 <head>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
71 <% head() %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
72 <title>Mercurial Private Users</title>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
73 </head>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
74 <body>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
75 <% header() %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
76 <div content>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
77 <h1>Private Users</h1>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
78 <form method=post>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
79 <p>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
80 <label prompt>Users (one per line)</label>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
81 <textarea name=users>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
82 <% for user in pairs(config.private or {}) do %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
83 <%=user%>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
84 <% end %>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
85 </textarea>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
86 <label prompt>Users who can access /private/</label>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
87 </p>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
88 <p>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
89 <input type=submit value="Update Private">
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
90 </p>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
91 </form>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
92 </div>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
93 </body>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
94 </html>
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
95 <%
Vadim Filimonov <fffilimonov@yandex.ru>
parents:
diff changeset
96 end