feat(storage): add S3 backend support and advanced upload limits
- Introduce S3-compatible storage backend support using minio-go. - Add configuration options for local storage limits, box limits, and rate limiting. - Implement storage backend selection (local vs S3) for anonymous and registered users. - Add an `/admin/storage` management interface. - Update documentation and environment examples with the new configuration variables.
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"net/http"
|
||||
@@ -19,6 +20,8 @@ type adminPageData struct {
|
||||
Boxes []adminBoxView
|
||||
Users []adminUserView
|
||||
Settings services.UploadPolicySettings
|
||||
Storage []services.StorageBackendView
|
||||
UserEdit adminUserEditView
|
||||
Section string
|
||||
PageTitle string
|
||||
LastInviteURL string
|
||||
@@ -39,15 +42,40 @@ type adminBoxView struct {
|
||||
}
|
||||
|
||||
type adminUserView struct {
|
||||
ID string
|
||||
Username string
|
||||
Email string
|
||||
Role string
|
||||
Status string
|
||||
StorageUsed string
|
||||
StorageQuota string
|
||||
DailyUsed string
|
||||
CreatedAt string
|
||||
ID string
|
||||
Username string
|
||||
Email string
|
||||
Role string
|
||||
Status string
|
||||
StorageUsed string
|
||||
StorageQuota string
|
||||
DailyUsed string
|
||||
StorageBackend string
|
||||
CreatedAt string
|
||||
}
|
||||
|
||||
type adminUserEditView struct {
|
||||
ID string
|
||||
Username string
|
||||
Email string
|
||||
Role string
|
||||
Status string
|
||||
StorageUsed string
|
||||
DailyUsed string
|
||||
EffectiveStorage string
|
||||
EffectiveDaily string
|
||||
EffectiveMaxDays int
|
||||
EffectiveDailyBoxes int
|
||||
EffectiveActiveBoxes int
|
||||
EffectiveBackend string
|
||||
MaxUploadMB string
|
||||
DailyUploadMB string
|
||||
StorageQuotaMB string
|
||||
MaxDays string
|
||||
DailyBoxes string
|
||||
ActiveBoxes string
|
||||
ShortWindowRequests string
|
||||
StorageBackendID string
|
||||
}
|
||||
|
||||
func (a *App) AdminLogin(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -59,6 +87,10 @@ func (a *App) AdminLogin(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *App) AdminLoginPost(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.rateLimiter.Allow("admin-login:"+uploadClientIP(r), 10, time.Minute, time.Now().UTC()) {
|
||||
a.renderAdminLogin(w, r, http.StatusTooManyRequests, "Too many admin login attempts.")
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
a.renderAdminLogin(w, r, http.StatusBadRequest, "Unable to read login form.")
|
||||
return
|
||||
@@ -83,6 +115,9 @@ func (a *App) AdminLoginPost(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *App) AdminLogout(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
a.clearUserSessionCookie(w)
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: adminCookieName,
|
||||
@@ -176,20 +211,22 @@ func (a *App) AdminUsers(w http.ResponseWriter, r *http.Request) {
|
||||
for _, user := range users {
|
||||
storageUsed, _ := a.uploadService.UserActiveStorageUsed(user.ID)
|
||||
usage, _ := a.settingsService.UsageForUser(user.ID, time.Now().UTC())
|
||||
quotaMB := settings.DefaultUserStorageMB
|
||||
if user.StorageQuotaMB != nil {
|
||||
quotaMB = *user.StorageQuotaMB
|
||||
policy := a.settingsService.EffectivePolicyForUser(settings, user)
|
||||
quota := "unlimited"
|
||||
if policy.StorageQuotaSet {
|
||||
quota = formatMB(policy.StorageQuotaMB)
|
||||
}
|
||||
rows = append(rows, adminUserView{
|
||||
ID: user.ID,
|
||||
Username: user.Username,
|
||||
Email: user.Email,
|
||||
Role: user.Role,
|
||||
Status: user.Status,
|
||||
StorageUsed: services.FormatMegabytesFromBytes(storageUsed),
|
||||
StorageQuota: formatMB(quotaMB),
|
||||
DailyUsed: services.FormatMegabytesFromBytes(usage.UploadedBytes),
|
||||
CreatedAt: user.CreatedAt.Format("Jan 2 15:04"),
|
||||
ID: user.ID,
|
||||
Username: user.Username,
|
||||
Email: user.Email,
|
||||
Role: user.Role,
|
||||
Status: user.Status,
|
||||
StorageUsed: services.FormatMegabytesFromBytes(storageUsed),
|
||||
StorageQuota: quota,
|
||||
DailyUsed: services.FormatMegabytesFromBytes(usage.UploadedBytes),
|
||||
StorageBackend: policy.StorageBackendID,
|
||||
CreatedAt: user.CreatedAt.Format("Jan 2 15:04"),
|
||||
})
|
||||
}
|
||||
a.renderPage(w, r, http.StatusOK, "admin_users.html", web.PageData{
|
||||
@@ -206,6 +243,45 @@ func (a *App) AdminUsers(w http.ResponseWriter, r *http.Request) {
|
||||
})
|
||||
}
|
||||
|
||||
func (a *App) AdminEditUser(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) {
|
||||
return
|
||||
}
|
||||
user, err := a.authService.UserByID(r.PathValue("userID"))
|
||||
if err != nil {
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
settings, err := a.settingsService.UploadPolicy()
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load settings", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
storage, err := a.storageBackendViews()
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load storage", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
edit, err := a.adminUserEdit(user, settings)
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load user policy", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
a.renderPage(w, r, http.StatusOK, "admin_user_edit.html", web.PageData{
|
||||
Title: "Edit user",
|
||||
Description: "Edit a Warpbox user.",
|
||||
CurrentUser: a.currentPublicUser(r),
|
||||
Data: adminPageData{
|
||||
UserEdit: edit,
|
||||
Storage: storage,
|
||||
Section: "users",
|
||||
PageTitle: "Edit user",
|
||||
LastInviteURL: r.URL.Query().Get("invite"),
|
||||
Error: r.URL.Query().Get("error"),
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func (a *App) AdminSettings(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) {
|
||||
return
|
||||
@@ -215,12 +291,18 @@ func (a *App) AdminSettings(w http.ResponseWriter, r *http.Request) {
|
||||
http.Error(w, "unable to load settings", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
storage, err := a.storageBackendViews()
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load storage", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
a.renderPage(w, r, http.StatusOK, "admin_settings.html", web.PageData{
|
||||
Title: "Admin settings",
|
||||
Description: "Manage Warpbox upload policy.",
|
||||
CurrentUser: a.currentPublicUser(r),
|
||||
Data: adminPageData{
|
||||
Settings: settings,
|
||||
Storage: storage,
|
||||
Section: "settings",
|
||||
PageTitle: "Settings",
|
||||
},
|
||||
@@ -228,18 +310,55 @@ func (a *App) AdminSettings(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *App) AdminSettingsPost(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/settings", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
settings := services.UploadPolicySettings{
|
||||
AnonymousUploadsEnabled: r.FormValue("anonymous_uploads_enabled") == "on",
|
||||
UsageRetentionDays: parsePositiveInt(r.FormValue("usage_retention_days")),
|
||||
settings, err := a.settingsService.UploadPolicy()
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load settings", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
settings.AnonymousUploadsEnabled = r.FormValue("anonymous_uploads_enabled") == "on"
|
||||
if value := parsePositiveInt(r.FormValue("usage_retention_days")); value > 0 {
|
||||
settings.UsageRetentionDays = value
|
||||
}
|
||||
if value := parsePositiveFloat(r.FormValue("local_storage_max_gb")); value > 0 {
|
||||
settings.LocalStorageMaxGB = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("anonymous_max_days")); value > 0 {
|
||||
settings.AnonymousMaxDays = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("user_max_days")); value > 0 {
|
||||
settings.UserMaxDays = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("anonymous_daily_boxes")); value > 0 {
|
||||
settings.AnonymousDailyBoxes = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("user_daily_boxes")); value > 0 {
|
||||
settings.UserDailyBoxes = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("anonymous_active_boxes")); value > 0 {
|
||||
settings.AnonymousActiveBoxes = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("user_active_boxes")); value > 0 {
|
||||
settings.UserActiveBoxes = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("short_window_requests")); value > 0 {
|
||||
settings.ShortWindowRequests = value
|
||||
}
|
||||
if value := parsePositiveInt(r.FormValue("short_window_seconds")); value > 0 {
|
||||
settings.ShortWindowSeconds = value
|
||||
}
|
||||
if value := r.FormValue("anonymous_storage_backend"); value != "" {
|
||||
settings.AnonymousStorageBackend = value
|
||||
}
|
||||
if value := r.FormValue("user_storage_backend"); value != "" {
|
||||
settings.UserStorageBackend = value
|
||||
}
|
||||
var err error
|
||||
if settings.AnonymousMaxUploadMB, err = services.ParseMegabytesValue(r.FormValue("anonymous_max_upload_mb")); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
@@ -260,6 +379,14 @@ func (a *App) AdminSettingsPost(w http.ResponseWriter, r *http.Request) {
|
||||
http.Error(w, "usage retention days must be positive", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if _, err := a.uploadService.Storage().BackendConfig(settings.AnonymousStorageBackend); err != nil {
|
||||
http.Error(w, "anonymous storage backend not found", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if _, err := a.uploadService.Storage().BackendConfig(settings.UserStorageBackend); err != nil {
|
||||
http.Error(w, "user storage backend not found", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if err := a.settingsService.UpdateUploadPolicy(settings); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
@@ -267,10 +394,127 @@ func (a *App) AdminSettingsPost(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "/admin/settings", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminUpdateUserQuota(w http.ResponseWriter, r *http.Request) {
|
||||
func (a *App) AdminStorage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) {
|
||||
return
|
||||
}
|
||||
settings, err := a.settingsService.UploadPolicy()
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load settings", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
views, err := a.storageBackendViews()
|
||||
if err != nil {
|
||||
http.Error(w, "unable to load storage", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
a.renderPage(w, r, http.StatusOK, "admin_storage.html", web.PageData{
|
||||
Title: "Admin storage",
|
||||
Description: "Manage Warpbox storage backends.",
|
||||
CurrentUser: a.currentPublicUser(r),
|
||||
Data: adminPageData{
|
||||
Settings: settings,
|
||||
Storage: views,
|
||||
Section: "storage",
|
||||
PageTitle: "Storage",
|
||||
Error: r.URL.Query().Get("error"),
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func (a *App) AdminCreateS3Storage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
_, err := a.uploadService.Storage().CreateS3Backend(services.StorageBackendConfig{
|
||||
Provider: r.FormValue("provider"),
|
||||
Name: r.FormValue("name"),
|
||||
Endpoint: r.FormValue("endpoint"),
|
||||
Region: r.FormValue("region"),
|
||||
Bucket: r.FormValue("bucket"),
|
||||
AccessKey: r.FormValue("access_key"),
|
||||
SecretKey: r.FormValue("secret_key"),
|
||||
UseSSL: r.FormValue("use_ssl") == "on",
|
||||
PathStyle: r.FormValue("path_style") == "on",
|
||||
})
|
||||
if err != nil {
|
||||
http.Redirect(w, r, "/admin/storage?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminEditStorage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
_, err := a.uploadService.Storage().UpdateS3Backend(r.PathValue("backendID"), services.StorageBackendConfig{
|
||||
Provider: r.FormValue("provider"),
|
||||
Name: r.FormValue("name"),
|
||||
Endpoint: r.FormValue("endpoint"),
|
||||
Region: r.FormValue("region"),
|
||||
Bucket: r.FormValue("bucket"),
|
||||
AccessKey: r.FormValue("access_key"),
|
||||
SecretKey: r.FormValue("secret_key"),
|
||||
UseSSL: r.FormValue("use_ssl") == "on",
|
||||
PathStyle: r.FormValue("path_style") == "on",
|
||||
})
|
||||
if err != nil {
|
||||
http.Redirect(w, r, "/admin/storage?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminTestStorage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if _, err := a.uploadService.Storage().TestBackend(r.PathValue("backendID")); err != nil {
|
||||
http.Redirect(w, r, "/admin/storage?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminDisableStorage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
id := r.PathValue("backendID")
|
||||
inUse, _ := a.storageBackendInUse(id)
|
||||
if err := a.uploadService.Storage().DisableBackend(id, inUse); err != nil {
|
||||
http.Redirect(w, r, "/admin/storage?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminDeleteStorage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
id := r.PathValue("backendID")
|
||||
inUse, _ := a.storageBackendInUse(id)
|
||||
if err := a.uploadService.Storage().DeleteBackend(id, inUse); err != nil {
|
||||
http.Redirect(w, r, "/admin/storage?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/storage", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminUpdateUserQuota(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/users", http.StatusSeeOther)
|
||||
return
|
||||
@@ -291,9 +535,99 @@ func (a *App) AdminUpdateUserQuota(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "/admin/users", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminUpdateUserPolicy(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/users", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
policy := services.UserPolicy{
|
||||
MaxUploadMB: optionalMB(r.FormValue("max_upload_mb")),
|
||||
DailyUploadMB: optionalMB(r.FormValue("daily_upload_mb")),
|
||||
StorageQuotaMB: optionalMBAllowZero(r.FormValue("storage_quota_mb")),
|
||||
MaxDays: optionalInt(r.FormValue("max_days")),
|
||||
DailyBoxes: optionalInt(r.FormValue("daily_boxes")),
|
||||
ActiveBoxes: optionalInt(r.FormValue("active_boxes")),
|
||||
ShortWindowRequests: optionalInt(r.FormValue("short_window_requests")),
|
||||
}
|
||||
if backendID := r.FormValue("storage_backend_id"); backendID != "" {
|
||||
if _, err := a.uploadService.Storage().BackendConfig(backendID); err != nil {
|
||||
http.Error(w, "storage backend not found", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
policy.StorageBackendID = &backendID
|
||||
}
|
||||
if err := a.authService.SetUserPolicy(r.PathValue("userID"), policy); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/users", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminUpdateUser(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/users/"+r.PathValue("userID")+"/edit", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
policy := services.UserPolicy{
|
||||
MaxUploadMB: optionalMB(r.FormValue("max_upload_mb")),
|
||||
DailyUploadMB: optionalMB(r.FormValue("daily_upload_mb")),
|
||||
StorageQuotaMB: optionalMBAllowZero(r.FormValue("storage_quota_mb")),
|
||||
MaxDays: optionalInt(r.FormValue("max_days")),
|
||||
DailyBoxes: optionalInt(r.FormValue("daily_boxes")),
|
||||
ActiveBoxes: optionalInt(r.FormValue("active_boxes")),
|
||||
ShortWindowRequests: optionalInt(r.FormValue("short_window_requests")),
|
||||
}
|
||||
if backendID := r.FormValue("storage_backend_id"); backendID != "" {
|
||||
if _, err := a.uploadService.Storage().BackendConfig(backendID); err != nil {
|
||||
http.Redirect(w, r, "/admin/users/"+r.PathValue("userID")+"/edit?error="+url.QueryEscape("storage backend not found"), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
policy.StorageBackendID = &backendID
|
||||
}
|
||||
if _, err := a.authService.UpdateUserAdminFields(
|
||||
r.PathValue("userID"),
|
||||
r.FormValue("username"),
|
||||
r.FormValue("email"),
|
||||
r.FormValue("role"),
|
||||
r.FormValue("status"),
|
||||
policy,
|
||||
); err != nil {
|
||||
http.Redirect(w, r, "/admin/users/"+r.PathValue("userID")+"/edit?error="+url.QueryEscape(err.Error()), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/users/"+r.PathValue("userID")+"/edit", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminUpdateUserStorage(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Redirect(w, r, "/admin/users", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
if backendID := r.FormValue("storage_backend_id"); backendID != "" {
|
||||
if _, err := a.uploadService.Storage().BackendConfig(backendID); err != nil {
|
||||
http.Error(w, "storage backend not found", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
}
|
||||
if err := a.authService.SetUserStorageBackend(r.PathValue("userID"), r.FormValue("storage_backend_id")); err != nil {
|
||||
http.Error(w, "unable to update user storage", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/users", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminCreateInvite(w http.ResponseWriter, r *http.Request) {
|
||||
admin, ok := a.requireAdminUser(w, r)
|
||||
if !ok {
|
||||
if !ok || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
if err := r.ParseForm(); err != nil {
|
||||
@@ -310,7 +644,7 @@ func (a *App) AdminCreateInvite(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *App) AdminDisableUser(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
disabled := r.URL.Query().Get("disabled") != "false"
|
||||
@@ -323,7 +657,7 @@ func (a *App) AdminDisableUser(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (a *App) AdminResetUser(w http.ResponseWriter, r *http.Request) {
|
||||
admin, ok := a.requireAdminUser(w, r)
|
||||
if !ok {
|
||||
if !ok || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
result, err := a.authService.CreatePasswordResetInvite(r.PathValue("userID"), admin.ID)
|
||||
@@ -331,11 +665,15 @@ func (a *App) AdminResetUser(w http.ResponseWriter, r *http.Request) {
|
||||
http.Error(w, "unable to create reset link", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if r.URL.Query().Get("next") == "edit" {
|
||||
http.Redirect(w, r, "/admin/users/"+r.PathValue("userID")+"/edit?invite="+url.QueryEscape(result.URL), http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, "/admin/users?invite="+url.QueryEscape(result.URL), http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) AdminDeleteBox(w http.ResponseWriter, r *http.Request) {
|
||||
if !a.requireAdmin(w, r) {
|
||||
if !a.requireAdmin(w, r) || !a.validateCSRF(w, r) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -471,6 +809,161 @@ func parsePositiveInt(value string) int {
|
||||
return parsed
|
||||
}
|
||||
|
||||
func parsePositiveFloat(value string) float64 {
|
||||
parsed, err := strconv.ParseFloat(value, 64)
|
||||
if err != nil {
|
||||
return 0
|
||||
}
|
||||
return parsed
|
||||
}
|
||||
|
||||
func optionalMB(value string) *float64 {
|
||||
if value == "" {
|
||||
return nil
|
||||
}
|
||||
parsed, err := services.ParseMegabytesValue(value)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
return &parsed
|
||||
}
|
||||
|
||||
func optionalMBAllowZero(value string) *float64 {
|
||||
if value == "" {
|
||||
return nil
|
||||
}
|
||||
parsed, err := strconv.ParseFloat(value, 64)
|
||||
if err != nil || parsed < 0 {
|
||||
return nil
|
||||
}
|
||||
return &parsed
|
||||
}
|
||||
|
||||
func optionalInt(value string) *int {
|
||||
if value == "" {
|
||||
return nil
|
||||
}
|
||||
parsed, err := strconv.Atoi(value)
|
||||
if err != nil || parsed <= 0 {
|
||||
return nil
|
||||
}
|
||||
return &parsed
|
||||
}
|
||||
|
||||
func formatMB(value float64) string {
|
||||
return strconv.FormatFloat(value, 'f', -1, 64) + " MB"
|
||||
}
|
||||
|
||||
func (a *App) storageBackendViews() ([]services.StorageBackendView, error) {
|
||||
configs, err := a.uploadService.Storage().ListBackendConfigs()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
views := make([]services.StorageBackendView, 0, len(configs))
|
||||
for _, cfg := range configs {
|
||||
var usage int64
|
||||
if backend, err := a.uploadService.Storage().BackendConfig(cfg.ID); err == nil && backend.Enabled {
|
||||
if concrete, err := a.uploadService.Storage().Backend(cfg.ID); err == nil {
|
||||
usage, _ = concrete.Usage(context.Background())
|
||||
}
|
||||
}
|
||||
inUse, _ := a.storageBackendInUse(cfg.ID)
|
||||
views = append(views, services.StorageBackendView{
|
||||
Config: cfg,
|
||||
UsageBytes: usage,
|
||||
UsageLabel: services.FormatMegabytesFromBytes(usage),
|
||||
InUse: inUse,
|
||||
})
|
||||
}
|
||||
return views, nil
|
||||
}
|
||||
|
||||
func (a *App) adminUserEdit(user services.User, settings services.UploadPolicySettings) (adminUserEditView, error) {
|
||||
storageUsed, err := a.uploadService.UserActiveStorageUsed(user.ID)
|
||||
if err != nil {
|
||||
return adminUserEditView{}, err
|
||||
}
|
||||
usage, err := a.settingsService.UsageForUser(user.ID, time.Now().UTC())
|
||||
if err != nil {
|
||||
return adminUserEditView{}, err
|
||||
}
|
||||
effective := a.settingsService.EffectivePolicyForUser(settings, user)
|
||||
view := adminUserEditView{
|
||||
ID: user.ID,
|
||||
Username: user.Username,
|
||||
Email: user.Email,
|
||||
Role: user.Role,
|
||||
Status: user.Status,
|
||||
StorageUsed: services.FormatMegabytesFromBytes(storageUsed),
|
||||
DailyUsed: services.FormatMegabytesFromBytes(usage.UploadedBytes),
|
||||
EffectiveDaily: services.FormatMegabytesLabel(effective.DailyUploadMB),
|
||||
EffectiveMaxDays: effective.MaxDays,
|
||||
EffectiveDailyBoxes: effective.DailyBoxes,
|
||||
EffectiveActiveBoxes: effective.ActiveBoxes,
|
||||
EffectiveBackend: effective.StorageBackendID,
|
||||
MaxUploadMB: floatPtrString(user.Policy.MaxUploadMB),
|
||||
DailyUploadMB: floatPtrString(user.Policy.DailyUploadMB),
|
||||
StorageQuotaMB: floatPtrString(user.Policy.StorageQuotaMB),
|
||||
MaxDays: intPtrString(user.Policy.MaxDays),
|
||||
DailyBoxes: intPtrString(user.Policy.DailyBoxes),
|
||||
ActiveBoxes: intPtrString(user.Policy.ActiveBoxes),
|
||||
ShortWindowRequests: intPtrString(user.Policy.ShortWindowRequests),
|
||||
StorageBackendID: stringPtrString(user.Policy.StorageBackendID),
|
||||
}
|
||||
if effective.StorageQuotaSet {
|
||||
view.EffectiveStorage = services.FormatMegabytesLabel(effective.StorageQuotaMB)
|
||||
} else {
|
||||
view.EffectiveStorage = "unlimited"
|
||||
}
|
||||
return view, nil
|
||||
}
|
||||
|
||||
func (a *App) storageBackendInUse(id string) (bool, error) {
|
||||
settings, err := a.settingsService.UploadPolicy()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if settings.AnonymousStorageBackend == id || settings.UserStorageBackend == id {
|
||||
return true, nil
|
||||
}
|
||||
boxes, err := a.uploadService.ListBoxes(0)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
for _, box := range boxes {
|
||||
if a.uploadService.BoxStorageBackendID(box) == id {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
users, err := a.authService.ListUsers()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
for _, user := range users {
|
||||
if user.Policy.StorageBackendID != nil && *user.Policy.StorageBackendID == id {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
}
|
||||
|
||||
func floatPtrString(value *float64) string {
|
||||
if value == nil {
|
||||
return ""
|
||||
}
|
||||
return strconv.FormatFloat(*value, 'f', -1, 64)
|
||||
}
|
||||
|
||||
func intPtrString(value *int) string {
|
||||
if value == nil {
|
||||
return ""
|
||||
}
|
||||
return strconv.Itoa(*value)
|
||||
}
|
||||
|
||||
func stringPtrString(value *string) string {
|
||||
if value == nil {
|
||||
return ""
|
||||
}
|
||||
return *value
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user