kato/WarpBox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6b9f6ac291e05d43a61d1ab5915ede970adaad5b
WarpBox/templates/admin_users.html
Daniel Legt cb026d4fd1 feat(security): use bcrypt hashes and safe paths for boxes 
- Replace legacy salted password hashing with bcrypt and store hash alg
- Accept existing bcrypt hashes while keeping legacy verification fallback
- Validate box IDs and use SafeChildPath for box/file operations to prevent traversal
- Refactor download flow to share zip writer logic and correctly handle one-time deletes and optional renew-on-download only after a successful zip writefeat(security): use bcrypt hashes and safe paths for boxes

- Replace legacy salted password hashing with bcrypt and store hash alg
- Accept existing bcrypt hashes while keeping legacy verification fallback
- Validate box IDs and use SafeChildPath for box/file operations to prevent traversal
- Refactor download flow to share zip writer logic and correctly handle one-time deletes and optional renew-on-download only after a successful zip write
2026-04-28 21:42:36 +03:00

95 lines
4.5 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WarpBox Admin Users</title>
<link rel="icon" type="image/png" href="/static/WarpBoxLogo.png">
<link rel="stylesheet" href="/static/css/app.css">
<link rel="stylesheet" href="/static/css/window.css">
<link rel="stylesheet" href="/static/css/admin.css">
</head>
<body>
<main>
<section class="win98-window admin-window" aria-labelledby="admin-users-title">
<header class="win98-titlebar">
<div class="win98-titlebar-label">
<img class="win98-titlebar-icon" src="/static/WarpBoxLogo.png" alt="" aria-hidden="true">
<h1 id="admin-users-title">Users</h1>
</div>
</header>
<div class="win98-panel admin-panel">
<nav class="admin-nav">
<a class="win98-button" href="/admin">Admin</a>
<a class="win98-button" href="/admin/boxes">Boxes</a>
<a class="win98-button" href="/admin/tags">Tags</a>
<a class="win98-button" href="/admin/settings">Settings</a>
<span class="admin-spacer"></span>
<span>{{ .CurrentUser }}</span>
</nav>
{{ if .Error }}
<p class="admin-error">{{ .Error }}</p>
{{ end }}
<form class="admin-form win98-panel" action="/admin/users" method="post">
<input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
<label class="admin-form-row">
<span>Username</span>
<input name="username" required>
</label>
<label class="admin-form-row">
<span>Email</span>
<input name="email" type="email">
</label>
<label class="admin-form-row">
<span>Password</span>
<input name="password" type="password" autocomplete="new-password" required>
</label>
<div class="admin-checks">
{{ range .Tags }}
<label>
<input type="checkbox" name="tag_ids" value="{{ .ID }}">
<span>{{ .Name }}</span>
</label>
{{ end }}
</div>
<button class="win98-button" type="submit">Create User</button>
</form>
<table class="admin-table">
<thead>
<tr>
<th>Username</th>
<th>Email</th>
<th>Tags</th>
<th>Created</th>
<th>Status</th>
<th>Action</th>
</tr>
</thead>
<tbody>
{{ range .Users }}
<tr>
<td>{{ .Username }}</td>
<td>{{ .Email }}</td>
<td>{{ .Tags }}</td>
<td>{{ .CreatedAt }}</td>
<td>{{ if .Disabled }}Disabled{{ else }}Active{{ end }}</td>
<td>
<form action="/admin/users" method="post">
<input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">
<input type="hidden" name="action" value="toggle_disabled">
<input type="hidden" name="user_id" value="{{ .ID }}">
<button class="win98-button" type="submit" {{ if .IsCurrent }}disabled{{ end }}>{{ if .Disabled }}Enable{{ else }}Disable{{ end }}</button>
</form>
</td>
</tr>
{{ else }}
<tr><td colspan="6">No users found.</td></tr>
{{ end }}
</tbody>
</table>
</div>
</section>
</main>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink