github
/
statping
mirror of https://github.com/statping/statping
1
0
Fork 0
Code Issues Releases Wiki Activity

non-admin user permissions - http fixes

pull/116/head
Hunter Long 2018-12-17 21:25:33 -08:00
parent 894e1e4430
commit 2ff197115a
14 changed files with 83 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
handlers/dashboard.go
View File

@ -17,6 +17,7 @@ package handlers
import (
"bytes"
"fmt"
"github.com/hunterlong/statping/core"
"github.com/hunterlong/statping/core/notifier"
"github.com/hunterlong/statping/source"
@ -27,7 +28,7 @@ import (
)
func dashboardHandler(w http.ResponseWriter, r *http.Request) {
if !IsFullAuthenticated(r) {
if !IsUser(r) {
err := core.ErrorResponse{}
ExecuteResponse(w, r, "login.gohtml", err, nil)
} else {
@ -47,7 +48,9 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
if auth {
session.Values["authenticated"] = true
session.Values["user_id"] = user.Id
session.Values["admin"] = user.Admin.Bool
session.Save(r, w)
utils.Log(1, fmt.Sprintf("User %v logged in from IP %v", user.Username, r.RemoteAddr))
http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
} else {
err := core.ErrorResponse{Error: "Incorrect login information submitted, try again."}
@ -58,12 +61,14 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
func logoutHandler(w http.ResponseWriter, r *http.Request) {
session, _ := sessionStore.Get(r, cookieKey)
session.Values["authenticated"] = false
session.Values["admin"] = false
session.Values["user_id"] = 0
session.Save(r, w)
http.Redirect(w, r, "/", http.StatusSeeOther)
}
func helpHandler(w http.ResponseWriter, r *http.Request) {
if !IsFullAuthenticated(r) {
if !IsUser(r) {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}

20
handlers/handlers.go
View File

@ -136,6 +136,23 @@ func IsFullAuthenticated(r *http.Request) bool {
return true
}
}
return IsAdmin(r)
}
// IsAdmin returns true if the user session is an administrator
func IsAdmin(r *http.Request) bool {
session, err := sessionStore.Get(r, cookieKey)
if err != nil {
return false
}
if session.Values["admin"] == nil {
return false
}
return session.Values["admin"].(bool)
}
// IsUser returns true if the user is registered
func IsUser(r *http.Request) bool {
session, err := sessionStore.Get(r, cookieKey)
if err != nil {
return false
@ -160,6 +177,9 @@ var handlerFuncs = func(w http.ResponseWriter, r *http.Request) template.FuncMap
"Auth": func() bool {
return IsFullAuthenticated(r)
},
"IsUser": func() bool {
return IsUser(r)
},
"VERSION": func() string {
return core.VERSION
},

2
handlers/messages.go
View File

@ -26,7 +26,7 @@ import (
)
func messagesHandler(w http.ResponseWriter, r *http.Request) {
if !IsFullAuthenticated(r) {
if !IsUser(r) {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}

2
handlers/services.go
View File

@ -47,7 +47,7 @@ func renderServiceChartsHandler(w http.ResponseWriter, r *http.Request) {
}
func servicesHandler(w http.ResponseWriter, r *http.Request) {
if !IsFullAuthenticated(r) {
if !IsUser(r) {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}

2
handlers/users.go
View File

@ -28,7 +28,7 @@ import (
)
func usersHandler(w http.ResponseWriter, r *http.Request) {
if !IsFullAuthenticated(r) {
if !IsUser(r) {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}

2
notifiers/line_notify.go
View File

@ -61,7 +61,7 @@ func (u *lineNotifier) Send(msg interface{}) error {
message := msg.(string)
v := url.Values{}
v.Set("message", message)
headers := []string{fmt.Sprintf("Authorization=Bearer %v", u.GetValue("api_secret"))}
headers := []string{fmt.Sprintf("Authorization=Bearer %v", u.ApiSecret)}
_, _, err := utils.HttpRequest("https://notify-api.line.me/api/notify", "POST", "application/x-www-form-urlencoded", headers, strings.NewReader(v.Encode()), time.Duration(10*time.Second))
return err
}

2
source/tmpl/help.gohtml
View File

@ -1,7 +1,7 @@
{{define "title"}}Statping | Help{{end}}
{{define "content"}}
<div class="container col-md-7 col-sm-12 mt-md-5 bg-light">
{{if Auth}}
{{if IsUser}}
{{template "nav"}}
{{end}}
<div class="col-12">

6
source/tmpl/messages.gohtml
View File

@ -21,10 +21,10 @@
<td>{{if .Service}}<a href="/service/{{.Service.Id}}">{{.Service.Name}}</a>{{end}}</td>
<td>{{.StartOn}}</td>
<td class="text-right">
<div class="btn-group">
{{if Auth}}<div class="btn-group">
<a href="/message/{{.Id}}" class="btn btn-outline-secondary"><i class="fas fa-exclamation-triangle"></i> Edit</a>
<a href="/api/messages/{{.Id}}" class="ajax_delete btn btn-danger" data-method="DELETE" data-obj="message_{{.Id}}" data-id="{{.Id}}"><i class="fas fa-times"></i></a>
</div>
</div>{{end}}
</td>
</tr>
{{end}}
@ -32,10 +32,12 @@
</table>
</div>
{{end}}
{{if Auth}}
<div class="col-12">
<h3>Create Message</h3>
{{template "form_message" NewMessage}}
</div>
{{end}}
</div>
{{end}}
{{define "extra_css"}}

3
source/tmpl/nav.gohtml
View File

@ -1,4 +1,5 @@
{{define "nav"}}
{{$isAdmin := Auth}}
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<a class="navbar-brand" href="/">Statping</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarText" aria-controls="navbarText" aria-expanded="false" aria-label="Toggle navigation">
@ -19,12 +20,14 @@
<li class="nav-item{{ if eq URL "/messages" }} active{{ end }}">
<a class="nav-link" href="/messages">Messages</a>
</li>
{{ if $isAdmin }}
<li class="nav-item{{ if eq URL "/settings" }} active{{ end }}">
<a class="nav-link" href="/settings">Settings</a>
</li>
<li class="nav-item{{ if eq URL "/logs" }} active{{ end }}">
<a class="nav-link" href="/logs">Logs</a>
</li>
{{end}}
<li class="nav-item{{ if eq URL "/help" }} active{{ end }}">
<a class="nav-link" href="/help">Help</a>
</li>

47
source/tmpl/service.gohtml
View File

@ -2,9 +2,10 @@
{{define "description"}}{{$s := .Service}}{{if $s.Online }}{{.Service.Name}} is currently online and responding within {{$s.AvgTime}} milliseconds with {{$s.TotalUptime}}% total uptime on {{$s.Domain}}.{{else}}{{.Service.Name}} is currently offline on {{$s.Domain}}. Notify the admin to let them know their service is offline.{{end}}{{end}}
{{ define "content" }}
{{$s := .Service}}
{{$isAdmin := Auth}}
<div class="container col-md-7 col-sm-12 mt-md-5 bg-light">
{{if Auth}}
{{if IsUser}}
{{template "nav"}}
{{end}}
@ -43,16 +44,16 @@
{{if $s.ActiveMessages}}
<div class="col-12 mb-5">
{{range $s.ActiveMessages}}
<div class="alert alert-warning" role="alert">
<h3>{{.Title}}</h3>
<span class="mb-3">{{safe .Description}}</span>
<div class="d-block mt-2 mb-4">
<span class="float-left small">Starts at {{.StartOn}}</span>
<span class="float-right small">Ends on {{.EndOn}}</span>
{{range $s.ActiveMessages}}
<div class="alert alert-warning" role="alert">
<h3>{{.Title}}</h3>
<span class="mb-3">{{safe .Description}}</span>
<div class="d-block mt-2 mb-4">
<span class="float-left small">Starts at {{.StartOn}}</span>
<span class="float-right small">Ends on {{.EndOn}}</span>
</div>
</div>
</div>
{{end}}
{{end}}
</div>
{{end}}
@ -74,15 +75,16 @@
<div class="col-12 small text-center mt-3 text-muted">{{$s.DowntimeText}}</div>
{{end}}
{{if Auth}}
{{if IsUser}}
{{$failures := $s.LimitedFailures 16}}
<nav class="nav nav-pills flex-column flex-sm-row mt-3" id="service_tabs" role="serviceLists">
<a class="flex-sm-fill text-sm-center nav-link active" id="edit-tab" data-toggle="tab" href="#edit" role="tab" aria-controls="edit" aria-selected="false">Edit Service</a>
<a class="flex-sm-fill text-sm-center nav-link{{ if not $failures }} disabled{{end}}" id="failures-tab" data-toggle="tab" href="#failures" role="tab" aria-controls="failures" aria-selected="true">Failures</a>
<a class="flex-sm-fill text-sm-center nav-link" id="checkins-tab" data-toggle="tab" href="#checkins" role="tab" aria-controls="checkins" aria-selected="false">Checkins</a>
<a class="flex-sm-fill text-sm-center nav-link" id="response-tab" data-toggle="tab" href="#response" role="tab" aria-controls="response" aria-selected="false">Response</a>
{{if $isAdmin}}<a class="flex-sm-fill text-sm-center nav-link active" id="edit-tab" data-toggle="tab" href="#edit" role="tab" aria-controls="edit" aria-selected="false">Edit Service</a>{{end}}
<a class="flex-sm-fill text-sm-center nav-link{{ if not $failures }} disabled{{end}}" id="failures-tab" data-toggle="tab" href="#failures" role="tab" aria-controls="failures" aria-selected="true">Failures</a>
{{if $isAdmin}}<a class="flex-sm-fill text-sm-center nav-link" id="checkins-tab" data-toggle="tab" href="#checkins" role="tab" aria-controls="checkins" aria-selected="false">Checkins</a>{{end}}
<a class="flex-sm-fill text-sm-center nav-link{{if not $isAdmin}} active{{end}}" id="response-tab" data-toggle="tab" href="#response" role="tab" aria-controls="response" aria-selected="false">Response</a>
</nav>
<div class="tab-content" id="myTabContent">
{{if $isAdmin}}
<div class="tab-pane fade" id="failures" role="serviceLists" aria-labelledby="failures-tab">
{{ if $failures }}
<div class="list-group mt-3 mb-4">
@ -98,6 +100,8 @@
</div>
{{ end }}
</div>
{{end}}
{{if $isAdmin}}
<div class="tab-pane fade" id="checkins" role="serviceLists" aria-labelledby="checkins-tab">
{{if $s.AllCheckins}}
<table class="table">
@ -135,8 +139,9 @@
</tbody>
</table>
{{end}}
{{template "form_checkin" $s}}
{{if $isAdmin}}
{{template "form_checkin" $s}}
{{end}}
{{$failures := $s.LimitedCheckinFailures 16}}
{{ if $failures }}
<div class="list-group mt-3 mb-4">
@ -152,7 +157,8 @@
</div>
{{ end }}
</div>
<div class="tab-pane fade" id="response" role="serviceLists" aria-labelledby="response-tab">
{{ end }}
<div class="tab-pane fade{{if not $isAdmin}} show active{{end}}" id="response" role="serviceLists" aria-labelledby="response-tab">
<div class="col-12 mt-4{{if ne $s.Type "http"}} d-none{{end}}">
<h3>Last Response</h3>
<textarea rows="8" class="form-control" readonly>{{ $s.LastResponse }}</textarea>
@ -164,14 +170,15 @@
</div>
</div>
</div>
{{if $isAdmin}}
<div class="tab-pane fade show active" id="edit" role="serviceLists" aria-labelledby="edit-tab">
{{template "form_service" $s}}
</div>
</div>
{{end}}
</div>
{{end}}
</div>
</div>
{{end}}
{{define "extra_css"}}
<link rel="stylesheet" href="/css/flatpickr.min.css">

11
source/tmpl/services.gohtml
View File

@ -22,7 +22,7 @@
<td class="text-right">
<div class="btn-group">
<a href="/service/{{.Id}}" class="btn btn-outline-secondary"><i class="fas fa-chart-area"></i> View</a>
<a href="/api/services/{{.Id}}" class="ajax_delete btn btn-danger" data-method="DELETE" data-obj="service_{{.Id}}" data-id="{{.Id}}"><i class="fas fa-times"></i></a>
{{if Auth}}<a href="/api/services/{{.Id}}" class="ajax_delete btn btn-danger" data-method="DELETE" data-obj="service_{{.Id}}" data-id="{{.Id}}"><i class="fas fa-times"></i></a>{{end}}
</div>
</td>
</tr>
@ -30,11 +30,10 @@
</tbody>
</table>
{{end}}
<h3>Create Service</h3>
{{template "form_service" NewService}}
{{if Auth}}
<h3>Create Service</h3>
{{template "form_service" NewService}}
{{end}}
</div>
</div>
{{end}}

13
source/tmpl/users.gohtml
View File

@ -16,20 +16,19 @@
<tr id="user_{{.Id}}">
<td>{{.Username}}</td>
<td class="text-right">
<div class="btn-group">
{{if Auth}}<div class="btn-group">
<a href="/user/{{.Id}}" class="btn btn-outline-secondary"><i class="fas fa-user-edit"></i> Edit</a>
<a href="/api/users/{{.Id}}" class="ajax_delete btn btn-danger" data-method="DELETE" data-obj="user_{{.Id}}" data-id="{{.Id}}"><i class="fas fa-times"></i></a>
</div>
</div>{{end}}
</td>
</tr>
{{end}}
</tbody>
</table>
<h3>Create User</h3>
{{template "form_user" NewUser}}
{{if Auth}}
<h3>Create User</h3>
{{template "form_user" NewUser}}
{{end}}
</div>
</div>
{{end}}

6
utils/utils.go
View File

@ -248,7 +248,11 @@ func HttpRequest(url, method string, content interface{}, headers []string, body
r := new(http.Request)
for _, h := range headers {
keyVal := strings.Split(h, "=")
r.Header.Add(keyVal[0], keyVal[1])
if len(keyVal) == 2 {
if keyVal[0] != "" && keyVal[1] != "" {
r.Header.Add(keyVal[0], keyVal[1])
}
}
}
if r, err = http.NewRequest(method, url, body); err != nil {
return nil, nil, err

2
version.txt
View File

@ -1 +1 @@
0.80.2
0.80.3