view src/private/tools/private_users.html.luan @ 16:50a1fe272c10

more security
author Franklin Schmidt <fschmidt@gmail.com>
date Sun, 01 Oct 2023 21:36:34 -0600
parents 028e74c8889d
children
line wrap: on
line source

local Luan = require "luan:Luan.luan"
local error = Luan.error
local pairs = Luan.pairs or error()
local ipairs = Luan.ipairs or error()
local stringify = Luan.stringify or error()
local Io = require "luan:Io.luan"
local Http = require "luan:http/Http.luan"
local Shared = require "site:/lib/Shared.luan"
local head = Shared.head or error()
local header = Shared.private_header or error()
local text_to_list = Shared.text_to_list or error()
local config = Shared.config or error()
local get_raw_config = Shared.get_raw_config or error()
local save_raw_config = Shared.save_raw_config or error()
local Logging = require "luan:logging/Logging.luan"
local logger = Logging.logger "private_users.html"


local function response(content)
%>
<!doctype html>
<html>
	<head>
<%		head() %>
		<title>Mercurial Private Users</title>
	</head>
	<body>
<%		header() %>
		<div content>
			<h1>Private Users</h1>
			<%=content%>
		</div>
	</body>
</html>
<%
end

local function posted()
	local users = Http.request.parameters.users or error()
	users = text_to_list(users)
	if #users == 0 then
		return "Users cannot be empty"
	end
	for _, user in ipairs(users) do
		if config.users[user] == nil then
			return "user "..user.." is not a registered user"
		end
	end
	local raw_config = get_raw_config()
	raw_config.private = users
	save_raw_config(raw_config)
	return nil
end

return function()
	Io.stdout = Http.response.text_writer()
	local error_msg = ""
	if Http.request.method == "POST" then
		local error_msg = posted()
		if error_msg == nil then
			response([[<p>Private updated</p>]])
		else
			response([[<p error>]]..error_msg..[[</p>]])
		end
		return
	end
%>
<!doctype html>
<html>
	<head>
<%		head() %>
		<title>Mercurial Private Users</title>
	</head>
	<body>
<%		header() %>
		<div content>
			<h1>Private Users</h1>
			<form method=post>
				<p>
					<label prompt>Users (one per line)</label>
					<textarea name=users>
<%	for user in pairs(config.private or {}) do %>
<%=user%>
<%	end %>
</textarea>
					<label prompt>Users who can access /private/</label>
				</p>
				<p>
					<input type=submit value="Update Private">
				</p>
			</form>
		</div>
	</body>
</html>
<%
end