TDvorak/PPve
1
0
Fork 0
mirror of https://github.com/Dvorinka/PPve.git synced 2026-06-04 04:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

ff

Browse Source
This commit is contained in:
Tomas Dvorak
2025-05-26 11:39:32 +02:00
parent d3581993a7
commit 4ec4444a51
4 changed files with 1157 additions and 1160 deletions
Download Patch File Download Diff File Expand all files Collapse all files
account.go → admin/account.go
+415 -415
View File
@@ -1,415 +1,415 @@
package main
import (
"crypto/rand"
"encoding/base64"
"encoding/json"
"net/http"
"time"
)
type User struct {
Username string `json:"username"`
Password string `json:"password"`
Role string `json:"role"`
}
type Session struct {
Token string
Username string
Role string
ExpiresAt time.Time
}
type LoginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
type LoginResponse struct {
Success bool `json:"success"`
Message string `json:"message"`
Token string `json:"token,omitempty"`
Role string `json:"role,omitempty"`
}
// In-memory storage (replace with database in production)
var (
users = map[string]User{
"admin": {
Username: "admin",
Password: "admin123", // In production, use hashed passwords
Role: "admin",
},
}
sessions = make(map[string]Session)
)
func generateToken() (string, error) {
bytes := make([]byte, 32)
if _, err := rand.Read(bytes); err != nil {
return "", err
}
return base64.URLEncoding.EncodeToString(bytes), nil
}
func handleLogin(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
if r.Method == "GET" {
// Serve login page
tmpl := `<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Přihlášení - Správa</title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
}
.login-container {
background: white;
padding: 2rem;
border-radius: 10px;
box-shadow: 0 15px 35px rgba(0, 0, 0, 0.1);
width: 100%;
max-width: 400px;
}
.login-header {
text-align: center;
margin-bottom: 2rem;
}
.login-header h1 {
color: #333;
font-size: 2rem;
margin-bottom: 0.5rem;
}
.login-header p {
color: #666;
font-size: 0.9rem;
}
.form-group {
margin-bottom: 1.5rem;
}
.form-group label {
display: block;
margin-bottom: 0.5rem;
color: #333;
font-weight: 500;
}
.form-group input {
width: 100%;
padding: 0.75rem;
border: 2px solid #e1e5e9;
border-radius: 5px;
font-size: 1rem;
transition: border-color 0.3s;
}
.form-group input:focus {
outline: none;
border-color: #667eea;
}
.login-button {
width: 100%;
padding: 0.75rem;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
color: white;
border: none;
border-radius: 5px;
font-size: 1rem;
font-weight: 500;
cursor: pointer;
transition: transform 0.2s;
}
.login-button:hover {
transform: translateY(-2px);
}
.login-button:disabled {
opacity: 0.6;
cursor: not-allowed;
transform: none;
}
.error-message {
background: #fee;
color: #c33;
padding: 0.75rem;
border-radius: 5px;
margin-bottom: 1rem;
display: none;
}
.loading {
display: none;
text-align: center;
margin-top: 1rem;
}
</style>
</head>
<body>
<div class="login-container">
<div class="login-header">
<h1>Přihlášení</h1>
<p>Administrátorské rozhraní</p>
</div>
<div class="error-message" id="errorMessage"></div>
<form id="loginForm">
<div class="form-group">
<label for="username">Uživatelské jméno</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Heslo</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit" class="login-button" id="loginButton">
Přihlásit se
</button>
</form>
<div class="loading" id="loading">
Přihlašování...
</div>
</div>
<script>
document.getElementById('loginForm').addEventListener('submit', async function(e) {
e.preventDefault();
const username = document.getElementById('username').value;
const password = document.getElementById('password').value;
const errorDiv = document.getElementById('errorMessage');
const loginButton = document.getElementById('loginButton');
const loading = document.getElementById('loading');
// Reset error
errorDiv.style.display = 'none';
loginButton.disabled = true;
loading.style.display = 'block';
try {
const response = await fetch('/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
username: username,
password: password
})
});
const data = await response.json();
if (data.success) {
localStorage.setItem('authToken', data.token);
localStorage.setItem('userRole', data.role);
window.location.href = '/admin';
} else {
errorDiv.textContent = data.message;
errorDiv.style.display = 'block';
}
} catch (error) {
errorDiv.textContent = 'Chyba při přihlašování. Zkuste to znovu.';
errorDiv.style.display = 'block';
} finally {
loginButton.disabled = false;
loading.style.display = 'none';
}
});
</script>
</body>
</html>`
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(tmpl))
return
}
if r.Method != "POST" {
w.WriteHeader(http.StatusMethodNotAllowed)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Method not allowed",
})
return
}
var loginReq LoginRequest
if err := json.NewDecoder(r.Body).Decode(&loginReq); err != nil {
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Invalid request format",
})
return
}
// Check credentials
user, exists := users[loginReq.Username]
if !exists || user.Password != loginReq.Password {
w.WriteHeader(http.StatusUnauthorized)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Neplatné přihlašovací údaje",
})
return
}
// Generate session token
token, err := generateToken()
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Chyba při vytváření relace",
})
return
}
// Store session
sessions[token] = Session{
Token: token,
Username: user.Username,
Role: user.Role,
ExpiresAt: time.Now().Add(24 * time.Hour),
}
json.NewEncoder(w).Encode(LoginResponse{
Success: true,
Message: "Přihlášení úspěšné",
Token: token,
Role: user.Role,
})
}
func handleLogout(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
token := r.Header.Get("Authorization")
if token == "" {
// Try to get from cookie
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token != "" {
delete(sessions, token)
}
json.NewEncoder(w).Encode(map[string]interface{}{
"success": true,
"message": "Odhlášení úspěšné",
})
}
func requireAuth(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
if token == "" {
// Try to get from cookie
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token == "" {
http.Redirect(w, r, "/login", http.StatusFound)
return
}
session, exists := sessions[token]
if !exists || time.Now().After(session.ExpiresAt) {
if exists {
delete(sessions, token)
}
http.Redirect(w, r, "/login", http.StatusFound)
return
}
// Extend session
session.ExpiresAt = time.Now().Add(24 * time.Hour)
sessions[token] = session
next(w, r)
}
}
func requireAdminAuth(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
if token == "" {
// Try to get from cookie
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token == "" {
http.Redirect(w, r, "/login", http.StatusFound)
return
}
session, exists := sessions[token]
if !exists || time.Now().After(session.ExpiresAt) || session.Role != "admin" {
if exists {
delete(sessions, token)
}
http.Redirect(w, r, "/login", http.StatusFound)
return
}
// Extend session
session.ExpiresAt = time.Now().Add(24 * time.Hour)
sessions[token] = session
next(w, r)
}
}
func getCurrentUser(r *http.Request) *Session {
token := r.Header.Get("Authorization")
if token == "" {
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token == "" {
return nil
}
session, exists := sessions[token]
if !exists || time.Now().After(session.ExpiresAt) {
return nil
}
return &session
}
package admin
import (
"crypto/rand"
"encoding/base64"
"encoding/json"
"net/http"
"time"
)
type User struct {
Username string `json:"username"`
Password string `json:"password"`
Role string `json:"role"`
}
type Session struct {
Token string
Username string
Role string
ExpiresAt time.Time
}
type LoginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
type LoginResponse struct {
Success bool `json:"success"`
Message string `json:"message"`
Token string `json:"token,omitempty"`
Role string `json:"role,omitempty"`
}
// In-memory storage (replace with database in production)
var (
users = map[string]User{
"admin": {
Username: "admin",
Password: "admin123", // In production, use hashed passwords
Role: "admin",
},
}
sessions = make(map[string]Session)
)
func generateToken() (string, error) {
bytes := make([]byte, 32)
if _, err := rand.Read(bytes); err != nil {
return "", err
}
return base64.URLEncoding.EncodeToString(bytes), nil
}
func HandleLogin(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
if r.Method == "GET" {
// Serve login page
tmpl := `<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Přihlášení - Správa</title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
}
.login-container {
background: white;
padding: 2rem;
border-radius: 10px;
box-shadow: 0 15px 35px rgba(0, 0, 0, 0.1);
width: 100%;
max-width: 400px;
}
.login-header {
text-align: center;
margin-bottom: 2rem;
}
.login-header h1 {
color: #333;
font-size: 2rem;
margin-bottom: 0.5rem;
}
.login-header p {
color: #666;
font-size: 0.9rem;
}
.form-group {
margin-bottom: 1.5rem;
}
.form-group label {
display: block;
margin-bottom: 0.5rem;
color: #333;
font-weight: 500;
}
.form-group input {
width: 100%;
padding: 0.75rem;
border: 2px solid #e1e5e9;
border-radius: 5px;
font-size: 1rem;
transition: border-color 0.3s;
}
.form-group input:focus {
outline: none;
border-color: #667eea;
}
.login-button {
width: 100%;
padding: 0.75rem;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
color: white;
border: none;
border-radius: 5px;
font-size: 1rem;
font-weight: 500;
cursor: pointer;
transition: transform 0.2s;
}
.login-button:hover {
transform: translateY(-2px);
}
.login-button:disabled {
opacity: 0.6;
cursor: not-allowed;
transform: none;
}
.error-message {
background: #fee;
color: #c33;
padding: 0.75rem;
border-radius: 5px;
margin-bottom: 1rem;
display: none;
}
.loading {
display: none;
text-align: center;
margin-top: 1rem;
}
</style>
</head>
<body>
<div class="login-container">
<div class="login-header">
<h1>Přihlášení</h1>
<p>Administrátorské rozhraní</p>
</div>
<div class="error-message" id="errorMessage"></div>
<form id="loginForm">
<div class="form-group">
<label for="username">Uživatelské jméno</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Heslo</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit" class="login-button" id="loginButton">
Přihlásit se
</button>
</form>
<div class="loading" id="loading">
Přihlašování...
</div>
</div>
<script>
document.getElementById('loginForm').addEventListener('submit', async function(e) {
e.preventDefault();
const username = document.getElementById('username').value;
const password = document.getElementById('password').value;
const errorDiv = document.getElementById('errorMessage');
const loginButton = document.getElementById('loginButton');
const loading = document.getElementById('loading');
// Reset error
errorDiv.style.display = 'none';
loginButton.disabled = true;
loading.style.display = 'block';
try {
const response = await fetch('/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
username: username,
password: password
})
});
const data = await response.json();
if (data.success) {
localStorage.setItem('authToken', data.token);
localStorage.setItem('userRole', data.role);
window.location.href = '/admin';
} else {
errorDiv.textContent = data.message;
errorDiv.style.display = 'block';
}
} catch (error) {
errorDiv.textContent = 'Chyba při přihlašování. Zkuste to znovu.';
errorDiv.style.display = 'block';
} finally {
loginButton.disabled = false;
loading.style.display = 'none';
}
});
</script>
</body>
</html>`
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(tmpl))
return
}
if r.Method != "POST" {
w.WriteHeader(http.StatusMethodNotAllowed)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Method not allowed",
})
return
}
var loginReq LoginRequest
if err := json.NewDecoder(r.Body).Decode(&loginReq); err != nil {
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Invalid request format",
})
return
}
// Check credentials
user, exists := users[loginReq.Username]
if !exists || user.Password != loginReq.Password {
w.WriteHeader(http.StatusUnauthorized)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Neplatné přihlašovací údaje",
})
return
}
// Generate session token
token, err := generateToken()
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
json.NewEncoder(w).Encode(LoginResponse{
Success: false,
Message: "Chyba při vytváření relace",
})
return
}
// Store session
sessions[token] = Session{
Token: token,
Username: user.Username,
Role: user.Role,
ExpiresAt: time.Now().Add(24 * time.Hour),
}
json.NewEncoder(w).Encode(LoginResponse{
Success: true,
Message: "Přihlášení úspěšné",
Token: token,
Role: user.Role,
})
}
func HandleLogout(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
token := r.Header.Get("Authorization")
if token == "" {
// Try to get from cookie
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token != "" {
delete(sessions, token)
}
json.NewEncoder(w).Encode(map[string]interface{}{
"success": true,
"message": "Odhlášení úspěšné",
})
}
func RequireAuth(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
if token == "" {
// Try to get from cookie
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token == "" {
http.Redirect(w, r, "/login", http.StatusFound)
return
}
session, exists := sessions[token]
if !exists || time.Now().After(session.ExpiresAt) {
if exists {
delete(sessions, token)
}
http.Redirect(w, r, "/login", http.StatusFound)
return
}
// Extend session
session.ExpiresAt = time.Now().Add(24 * time.Hour)
sessions[token] = session
next(w, r)
}
}
func RequireAdminAuth(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
if token == "" {
// Try to get from cookie
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token == "" {
http.Redirect(w, r, "/login", http.StatusFound)
return
}
session, exists := sessions[token]
if !exists || time.Now().After(session.ExpiresAt) || session.Role != "admin" {
if exists {
delete(sessions, token)
}
http.Redirect(w, r, "/login", http.StatusFound)
return
}
// Extend session
session.ExpiresAt = time.Now().Add(24 * time.Hour)
sessions[token] = session
next(w, r)
}
}
func GetCurrentUser(r *http.Request) *Session {
token := r.Header.Get("Authorization")
if token == "" {
if cookie, err := r.Cookie("authToken"); err == nil {
token = cookie.Value
}
}
if token == "" {
return nil
}
session, exists := sessions[token]
if !exists || time.Now().After(session.ExpiresAt) {
return nil
}
return &session
}
admin.go → admin/admin.go
+733 -733
View File
File diff suppressed because it is too large Load Diff
go.sum
-4
View File
@@ -1,7 +1,5 @@
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/richardlehane/mscfb v1.0.4 h1:WULscsljNPConisD5hR0+OyZjwK46Pfyr6mPu5ZawpM=
@@ -25,8 +23,6 @@ golang.org/x/image v0.25.0 h1:Y6uW6rH1y5y/LK1J8BPWZtr6yZ7hrsy6hFrXjgsc2fQ=
golang.org/x/image v0.25.0/go.mod h1:tCAmOEGthTtkalusGp1g3xa2gke8J6c2N565dTyl9Rs=
golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
main.go
+9 -8
View File
@@ -15,6 +15,7 @@ import (
"time"
"gopkg.in/gomail.v2"
"ppve/admin" // Import the local admin package
)
type TripEntry struct {
@@ -81,26 +82,26 @@ func main() {
http.Redirect(w, r, "http://webportal:8080/", http.StatusFound)
}))
// Authentication routes
http.HandleFunc("/login", enableCORS(handleLogin))
http.HandleFunc("/logout", enableCORS(handleLogout))
http.HandleFunc("/login", enableCORS(admin.HandleLogin))
http.HandleFunc("/logout", enableCORS(admin.HandleLogout))
// Admin routes (protected)
http.HandleFunc("/admin", enableCORS(requireAdminAuth(handleAdmin)))
http.HandleFunc("/admin/cards", enableCORS(requireAdminAuth(handleAdminCards)))
http.HandleFunc("/admin", enableCORS(admin.RequireAdminAuth(admin.HandleAdmin)))
http.HandleFunc("/admin/cards", enableCORS(admin.RequireAdminAuth(admin.HandleAdminCards)))
http.HandleFunc("/admin/cards/", enableCORS(requireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
http.HandleFunc("/admin/cards/", enableCORS(admin.RequireAdminAuth(func(w http.ResponseWriter, r *http.Request) {
path := r.URL.Path
if strings.HasSuffix(path, "/toggle") {
handleAdminCardToggle(w, r)
admin.HandleAdminCardToggle(w, r)
} else if r.Method == "DELETE" {
handleAdminCardDelete(w, r)
admin.HandleAdminCardDelete(w, r)
} else {
w.WriteHeader(http.StatusNotFound)
}
})))
// Public API to get cards for homepage
http.HandleFunc("/api/cards", enableCORS(handleGetCards))
http.HandleFunc("/api/cards", enableCORS(admin.HandleGetCards))
port := os.Getenv("PORT")
if port == "" {