Create invitations for closed registrations (#233)

2025-06-13 05:47:12 +02:00 · 2024-04-02 21:27:15 +02:00
parent 3f5f4e01f1
commit ef004675a5
14 changed files with 301 additions and 21 deletions
--- a/internal/web/admin.go
+++ b/internal/web/admin.go
@ -8,6 +8,7 @@ import (
 	"github.com/thomiceli/opengist/internal/git"
 	"runtime"
 	"strconv"
+	"time"
 )

 func adminIndex(ctx echo.Context) error {
@ -179,3 +180,59 @@ func adminSetConfig(ctx echo.Context) error {
 		"success": true,
 	})
 }
+
+func adminInvitations(ctx echo.Context) error {
+	setData(ctx, "title", "Invitations")
+	setData(ctx, "htmlTitle", "Invitations - Admin panel")
+	setData(ctx, "adminHeaderPage", "invitations")
+
+	var invitations []*db.Invitation
+	var err error
+	if invitations, err = db.GetAllInvitations(); err != nil {
+		return errorRes(500, "Cannot get invites", err)
+	}
+
+	setData(ctx, "invitations", invitations)
+	return html(ctx, "admin_invitations.html")
+}
+
+func adminInvitationsCreate(ctx echo.Context) error {
+	code := ctx.FormValue("code")
+	nbMax, err := strconv.ParseUint(ctx.FormValue("nbMax"), 10, 64)
+	if err != nil {
+		nbMax = 10
+	}
+
+	expiresAtUnix, err := strconv.ParseInt(ctx.FormValue("expiredAtUnix"), 10, 64)
+	if err != nil {
+		expiresAtUnix = time.Now().Unix() + 604800 // 1 week
+	}
+
+	invitation := &db.Invitation{
+		Code:      code,
+		ExpiresAt: expiresAtUnix,
+		NbMax:     uint(nbMax),
+	}
+
+	if err := invitation.Create(); err != nil {
+		return errorRes(500, "Cannot create invitation", err)
+	}
+
+	addFlash(ctx, "Invitation has been created", "success")
+	return redirect(ctx, "/admin-panel/invitations")
+}
+
+func adminInvitationsDelete(ctx echo.Context) error {
+	id, _ := strconv.ParseUint(ctx.Param("id"), 10, 64)
+	invitation, err := db.GetInvitationByID(uint(id))
+	if err != nil {
+		return errorRes(500, "Cannot retrieve invitation", err)
+	}
+
+	if err := invitation.Delete(); err != nil {
+		return errorRes(500, "Cannot delete this invitation", err)
+	}
+
+	addFlash(ctx, "Invitation has been deleted", "success")
+	return redirect(ctx, "/admin-panel/invitations")
+}
--- a/internal/web/auth.go
+++ b/internal/web/auth.go
@ -36,15 +36,38 @@ const (
 var title = cases.Title(language.English)

 func register(ctx echo.Context) error {
+	disableSignup := getData(ctx, "DisableSignup")
+	disableForm := getData(ctx, "DisableLoginForm")
+
+	code := ctx.QueryParam("code")
+	if code != "" {
+		if invitation, err := db.GetInvitationByCode(code); err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+			return errorRes(500, "Cannot check for invitation code", err)
+		} else if invitation != nil && invitation.IsUsable() {
+			disableSignup = false
+		}
+	}
+
 	setData(ctx, "title", tr(ctx, "auth.new-account"))
 	setData(ctx, "htmlTitle", "New account")
-	setData(ctx, "disableForm", getData(ctx, "DisableLoginForm"))
+	setData(ctx, "disableForm", disableForm)
+	setData(ctx, "disableSignup", disableSignup)
 	setData(ctx, "isLoginPage", false)
 	return html(ctx, "auth_form.html")
 }

 func processRegister(ctx echo.Context) error {
-	if getData(ctx, "DisableSignup") == true {
+	disableSignup := getData(ctx, "DisableSignup")
+
+	code := ctx.QueryParam("code")
+	invitation, err := db.GetInvitationByCode(code)
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		return errorRes(500, "Cannot check for invitation code", err)
+	} else if invitation != nil && invitation.IsUsable() {
+		disableSignup = false
+	}
+
+	if disableSignup == true {
 		return errorRes(403, "Signing up is disabled", nil)
 	}

@ -90,6 +113,10 @@ func processRegister(ctx echo.Context) error {
 		}
 	}

+	if err := invitation.Use(); err != nil {
+		return errorRes(500, "Cannot use invitation", err)
+	}
+
 	sess.Values["user"] = user.ID
 	saveSession(sess, ctx)

--- a/internal/web/gist.go
+++ b/internal/web/gist.go
@ -74,21 +74,7 @@ func gistInit(next echo.HandlerFunc) echo.HandlerFunc {
 			}
 		}

-		httpProtocol := "http"
-		if ctx.Request().TLS != nil || ctx.Request().Header.Get("X-Forwarded-Proto") == "https" {
-			httpProtocol = "https"
-		}
-		setData(ctx, "httpProtocol", strings.ToUpper(httpProtocol))
-
-		var baseHttpUrl string
-		// if a custom external url is set, use it
-		if config.C.ExternalUrl != "" {
-			baseHttpUrl = config.C.ExternalUrl
-		} else {
-			baseHttpUrl = httpProtocol + "://" + ctx.Request().Host
-		}
-
-		setData(ctx, "baseHttpUrl", baseHttpUrl)
+		baseHttpUrl := getData(ctx, "baseHttpUrl").(string)

 		if config.C.HttpGit {
 			setData(ctx, "httpCloneUrl", baseHttpUrl+"/"+userName+"/"+gistName+".git")
--- a/internal/web/server.go
+++ b/internal/web/server.go
@ -271,6 +271,9 @@ func NewServer(isDev bool) *Server {
 			g2.POST("/users/:user/delete", adminUserDelete)
 			g2.GET("/gists", adminGists)
 			g2.POST("/gists/:gist/delete", adminGistDelete)
+			g2.GET("/invitations", adminInvitations)
+			g2.POST("/invitations", adminInvitationsCreate)
+			g2.POST("/invitations/:id/delete", adminInvitationsDelete)
 			g2.POST("/sync-fs", adminSyncReposFromFS)
 			g2.POST("/sync-db", adminSyncReposFromDB)
 			g2.POST("/gc-repos", adminGcRepos)
@ -381,6 +384,22 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc {
 		setData(ctx, "giteaOauth", config.C.GiteaClientKey != "" && config.C.GiteaSecret != "")
 		setData(ctx, "oidcOauth", config.C.OIDCClientKey != "" && config.C.OIDCSecret != "" && config.C.OIDCDiscoveryUrl != "")

+		httpProtocol := "http"
+		if ctx.Request().TLS != nil || ctx.Request().Header.Get("X-Forwarded-Proto") == "https" {
+			httpProtocol = "https"
+		}
+		setData(ctx, "httpProtocol", strings.ToUpper(httpProtocol))
+
+		var baseHttpUrl string
+		// if a custom external url is set, use it
+		if config.C.ExternalUrl != "" {
+			baseHttpUrl = config.C.ExternalUrl
+		} else {
+			baseHttpUrl = httpProtocol + "://" + ctx.Request().Host
+		}
+
+		setData(ctx, "baseHttpUrl", baseHttpUrl)
+
 		return next(ctx)
 	}
 }