Refactor manage function callbacks into their own separate functions

2025-09-13 09:26:23 -07:00 · 2024-02-06 21:46:42 -08:00 · 2024-02-06 21:46:42 -08:00 · 033a28936b
commit 033a28936b
parent 72a1795c11
5 changed files with 1661 additions and 1587 deletions
--- a/pkg/manage/actions.go
+++ b/pkg/manage/actions.go
@ -70,7 +70,7 @@ func getAction(id string, rank int) *Action {
 		return nil
 	}
 	if rank == NoPerms && action.Permissions > NoPerms {
-		return loginAction
+		return &loginAction
 	}
 	return action
 }
--- a/pkg/manage/actionsAdminPerm.go
+++ b/pkg/manage/actionsAdminPerm.go
--- a/pkg/manage/actionsJanitorPerm.go
+++ b/pkg/manage/actionsJanitorPerm.go
@ -19,223 +19,238 @@ import (

 // manage actions that require at least janitor-level permission go here

+func logoutCallback(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
+	if err = gcsql.EndStaffSession(writer, request); err != nil {
+		return "", err
+	}
+	http.Redirect(writer, request,
+		config.GetSystemCriticalConfig().WebRoot+"manage",
+		http.StatusSeeOther)
+	return "Logged out successfully", nil
+}
+
+func clearMySessionsCallback(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
+	session, err := request.Cookie("sessiondata")
+	if err != nil {
+		// doesn't have a login session cookie, return with no errors
+		if !wantsJSON {
+			http.Redirect(writer, request,
+				config.GetSystemCriticalConfig().WebRoot+"manage",
+				http.StatusSeeOther)
+			return
+		}
+		return "You are not logged in", nil
+	}
+
+	_, err = gcsql.GetStaffBySession(session.Value)
+	if err != nil {
+		// staff session doesn't exist, probably a stale cookie
+		if !wantsJSON {
+			http.Redirect(writer, request,
+				config.GetSystemCriticalConfig().WebRoot+"manage",
+				http.StatusSeeOther)
+			return
+		}
+		return "You are not logged in", err
+	}
+	if err = staff.ClearSessions(); err != nil && err != sql.ErrNoRows {
+		// something went wrong when trying to clean out sessions for this user
+		return nil, err
+	}
+	serverutil.DeleteCookie(writer, request, "sessiondata")
+	gcutil.LogAccess(request).
+		Str("clearSessions", staff.Username).
+		Send()
+	if !wantsJSON {
+		http.Redirect(writer, request,
+			config.GetSystemCriticalConfig().WebRoot+"manage",
+			http.StatusSeeOther)
+		return "", nil
+	}
+	return "Logged out successfully", nil
+}
+
+func recentPostsCallback(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv, errEv *zerolog.Event) (output interface{}, err error) {
+	limit := 20
+	limitStr := request.FormValue("limit")
+	if limitStr != "" {
+		limit, err = strconv.Atoi(limitStr)
+		if err != nil {
+			errEv.Err(err).Caller().Send()
+			return "", err
+		}
+	}
+	boardidStr := request.FormValue("boardid")
+	var recentposts []building.Post
+	var boardid int
+	if boardidStr != "" {
+		if boardid, err = strconv.Atoi(boardidStr); err != nil {
+			errEv.Err(err).Caller().Send()
+			return "", err
+		}
+	}
+	recentposts, err = building.GetRecentPosts(boardid, limit)
+	if err != nil {
+		errEv.Err(err).Caller().Send()
+		return "", err
+	}
+	if wantsJSON {
+		return recentposts, nil
+	}
+	manageRecentsBuffer := bytes.NewBufferString("")
+	if err = serverutil.MinifyTemplate(gctemplates.ManageRecentPosts, map[string]interface{}{
+		"recentposts": recentposts,
+		"allBoards":   gcsql.AllBoards,
+		"boardid":     boardid,
+		"limit":       limit,
+	}, manageRecentsBuffer, "text/html"); err != nil {
+		errEv.Err(err).Caller().Send()
+		return "", errors.New("Error executing ban management page template: " + err.Error())
+	}
+	return manageRecentsBuffer.String(), nil
+}
+
+func announcementsCallback(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
+	// return an array of announcements (with staff name instead of ID) and any errors
+	return getAllAnnouncements()
+}
+
+func staffCallback(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
+	var outputStr string
+	do := request.FormValue("do")
+	allStaff, err := getAllStaffNopass(true)
+	if wantsJSON {
+		if err != nil {
+			errEv.Err(err).Caller().Msg("Failed getting staff list")
+		}
+		return allStaff, err
+	}
+	if err != nil {
+		errEv.Err(err).Caller().Msg("Failed getting staff list")
+		err = errors.New("Error getting staff list: " + err.Error())
+		return "", err
+	}
+
+	updateUsername := request.FormValue("update")
+	username := request.FormValue("username")
+	password := request.FormValue("password")
+	passwordConfirm := request.FormValue("passwordconfirm")
+	if (do == "add" || do == "update") && password != passwordConfirm {
+		return "", ErrPasswordConfirm
+	}
+
+	rankStr := request.FormValue("rank")
+	var rank int
+	if rankStr != "" {
+		if rank, err = strconv.Atoi(rankStr); err != nil {
+			errEv.Err(err).Caller().
+				Str("rank", rankStr).Send()
+			return "", err
+		}
+	}
+
+	if do == "add" {
+		if staff.Rank < 3 {
+			writer.WriteHeader(http.StatusUnauthorized)
+			errEv.Err(ErrInsufficientPermission).Caller().
+				Int("rank", staff.Rank).Send()
+			return "", ErrInsufficientPermission
+		}
+		if _, err = gcsql.NewStaff(username, password, rank); err != nil {
+			errEv.Caller().
+				Str("newStaff", username).
+				Str("newPass", password).
+				Int("newRank", rank).
+				Msg("Error creating new staff account")
+			return "", fmt.Errorf("Error creating new staff account %q by %q: %s",
+				username, staff.Username, err.Error())
+		}
+	} else if do == "del" && username != "" {
+		if staff.Rank < 3 {
+			writer.WriteHeader(http.StatusUnauthorized)
+			errEv.Err(ErrInsufficientPermission).Caller().
+				Int("rank", staff.Rank).Send()
+			return "", ErrInsufficientPermission
+		}
+		if err = gcsql.DeactivateStaff(username); err != nil {
+			errEv.Err(err).Caller().
+				Str("delStaff", username).
+				Msg("Error deleting staff account")
+			return "", fmt.Errorf("Error deleting staff account %q by %q: %s",
+				username, staff.Username, err.Error())
+		}
+	} else if do == "update" && updateUsername != "" {
+		if staff.Username != updateUsername && staff.Rank < 3 {
+			writer.WriteHeader(http.StatusUnauthorized)
+			errEv.Err(ErrInsufficientPermission).Caller().
+				Int("rank", staff.Rank).Send()
+			return "", ErrInsufficientPermission
+		}
+		if err = gcsql.UpdatePassword(updateUsername, password); err != nil {
+			errEv.Err(err).Caller().
+				Str("updateStaff", username).
+				Msg("Error updating password")
+			return "", err
+		}
+	}
+	if do == "add" || do == "del" {
+		allStaff, err = getAllStaffNopass(true)
+		if err != nil {
+			errEv.Err(err).Caller().Msg("Error getting updated staff list")
+			err = errors.New("Error getting updated staff list: " + err.Error())
+			return "", err
+		}
+	}
+
+	staffBuffer := bytes.NewBufferString("")
+	if err = serverutil.MinifyTemplate(gctemplates.ManageStaff, map[string]interface{}{
+		"do":             do,
+		"updateUsername": updateUsername,
+		"allstaff":       allStaff,
+		"currentStaff":   staff,
+	}, staffBuffer, "text/html"); err != nil {
+		errEv.Err(err).Str("template", "manage_staff.html").Send()
+		return "", errors.New("Error executing staff management page template: " + err.Error())
+	}
+	outputStr += staffBuffer.String()
+	return outputStr, nil
+}
+
 func registerJanitorPages() {
 	actions = append(actions,
 		Action{
 			ID:          "logout",
 			Title:       "Logout",
 			Permissions: JanitorPerms,
-			Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
-				if err = gcsql.EndStaffSession(writer, request); err != nil {
-					return "", err
-				}
-				http.Redirect(writer, request,
-					config.GetSystemCriticalConfig().WebRoot+"manage",
-					http.StatusSeeOther)
-				return "Logged out successfully", nil
-			}},
+			Callback:    logoutCallback,
+		},
 		Action{
 			ID:          "clearmysessions",
 			Title:       "Log me out everywhere",
 			Permissions: JanitorPerms,
 			JSONoutput:  OptionalJSON,
-			Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
-				session, err := request.Cookie("sessiondata")
-				if err != nil {
-					// doesn't have a login session cookie, return with no errors
-					if !wantsJSON {
-						http.Redirect(writer, request,
-							config.GetSystemCriticalConfig().WebRoot+"manage",
-							http.StatusSeeOther)
-						return
-					}
-					return "You are not logged in", nil
-				}
-
-				_, err = gcsql.GetStaffBySession(session.Value)
-				if err != nil {
-					// staff session doesn't exist, probably a stale cookie
-					if !wantsJSON {
-						http.Redirect(writer, request,
-							config.GetSystemCriticalConfig().WebRoot+"manage",
-							http.StatusSeeOther)
-						return
-					}
-					return "You are not logged in", err
-				}
-				if err = staff.ClearSessions(); err != nil && err != sql.ErrNoRows {
-					// something went wrong when trying to clean out sessions for this user
-					return nil, err
-				}
-				serverutil.DeleteCookie(writer, request, "sessiondata")
-				gcutil.LogAccess(request).
-					Str("clearSessions", staff.Username).
-					Send()
-				if !wantsJSON {
-					http.Redirect(writer, request,
-						config.GetSystemCriticalConfig().WebRoot+"manage",
-						http.StatusSeeOther)
-					return "", nil
-				}
-				return "Logged out successfully", nil
-			}},
+			Callback:    clearMySessionsCallback,
+		},
 		Action{
 			ID:          "recentposts",
 			Title:       "Recent posts",
 			Permissions: JanitorPerms,
 			JSONoutput:  OptionalJSON,
-			Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv, errEv *zerolog.Event) (output interface{}, err error) {
-				limit := 20
-				limitStr := request.FormValue("limit")
-				if limitStr != "" {
-					limit, err = strconv.Atoi(limitStr)
-					if err != nil {
-						errEv.Err(err).Caller().Send()
-						return "", err
-					}
-				}
-				boardidStr := request.FormValue("boardid")
-				var recentposts []building.Post
-				var boardid int
-				if boardidStr != "" {
-					if boardid, err = strconv.Atoi(boardidStr); err != nil {
-						errEv.Err(err).Caller().Send()
-						return "", err
-					}
-				}
-				recentposts, err = building.GetRecentPosts(boardid, limit)
-				if err != nil {
-					errEv.Err(err).Caller().Send()
-					return "", err
-				}
-				if wantsJSON {
-					return recentposts, nil
-				}
-				manageRecentsBuffer := bytes.NewBufferString("")
-				if err = serverutil.MinifyTemplate(gctemplates.ManageRecentPosts, map[string]interface{}{
-					"recentposts": recentposts,
-					"allBoards":   gcsql.AllBoards,
-					"boardid":     boardid,
-					"limit":       limit,
-				}, manageRecentsBuffer, "text/html"); err != nil {
-					errEv.Err(err).Caller().Send()
-					return "", errors.New("Error executing ban management page template: " + err.Error())
-				}
-				return manageRecentsBuffer.String(), nil
-			}},
+			Callback:    recentPostsCallback,
+		},
 		Action{
 			ID:          "announcements",
 			Title:       "Announcements",
 			Permissions: JanitorPerms,
 			JSONoutput:  AlwaysJSON,
-			Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
-				// return an array of announcements (with staff name instead of ID) and any errors
-				return getAllAnnouncements()
-			}},
+			Callback:    announcementsCallback,
+		},
 		Action{
 			ID:          "staff",
 			Title:       "Staff",
 			Permissions: JanitorPerms,
 			JSONoutput:  OptionalJSON,
-			Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv *zerolog.Event, errEv *zerolog.Event) (output interface{}, err error) {
-				var outputStr string
-				do := request.FormValue("do")
-				allStaff, err := getAllStaffNopass(true)
-				if wantsJSON {
-					if err != nil {
-						errEv.Err(err).Caller().Msg("Failed getting staff list")
-					}
-					return allStaff, err
-				}
-				if err != nil {
-					errEv.Err(err).Caller().Msg("Failed getting staff list")
-					err = errors.New("Error getting staff list: " + err.Error())
-					return "", err
-				}
-
-				updateUsername := request.FormValue("update")
-				username := request.FormValue("username")
-				password := request.FormValue("password")
-				passwordConfirm := request.FormValue("passwordconfirm")
-				if (do == "add" || do == "update") && password != passwordConfirm {
-					return "", ErrPasswordConfirm
-				}
-
-				rankStr := request.FormValue("rank")
-				var rank int
-				if rankStr != "" {
-					if rank, err = strconv.Atoi(rankStr); err != nil {
-						errEv.Err(err).Caller().
-							Str("rank", rankStr).Send()
-						return "", err
-					}
-				}
-
-				if do == "add" {
-					if staff.Rank < 3 {
-						writer.WriteHeader(http.StatusUnauthorized)
-						errEv.Err(ErrInsufficientPermission).Caller().
-							Int("rank", staff.Rank).Send()
-						return "", ErrInsufficientPermission
-					}
-					if _, err = gcsql.NewStaff(username, password, rank); err != nil {
-						errEv.Caller().
-							Str("newStaff", username).
-							Str("newPass", password).
-							Int("newRank", rank).
-							Msg("Error creating new staff account")
-						return "", fmt.Errorf("Error creating new staff account %q by %q: %s",
-							username, staff.Username, err.Error())
-					}
-				} else if do == "del" && username != "" {
-					if staff.Rank < 3 {
-						writer.WriteHeader(http.StatusUnauthorized)
-						errEv.Err(ErrInsufficientPermission).Caller().
-							Int("rank", staff.Rank).Send()
-						return "", ErrInsufficientPermission
-					}
-					if err = gcsql.DeactivateStaff(username); err != nil {
-						errEv.Err(err).Caller().
-							Str("delStaff", username).
-							Msg("Error deleting staff account")
-						return "", fmt.Errorf("Error deleting staff account %q by %q: %s",
-							username, staff.Username, err.Error())
-					}
-				} else if do == "update" && updateUsername != "" {
-					if staff.Username != updateUsername && staff.Rank < 3 {
-						writer.WriteHeader(http.StatusUnauthorized)
-						errEv.Err(ErrInsufficientPermission).Caller().
-							Int("rank", staff.Rank).Send()
-						return "", ErrInsufficientPermission
-					}
-					if err = gcsql.UpdatePassword(updateUsername, password); err != nil {
-						errEv.Err(err).Caller().
-							Str("updateStaff", username).
-							Msg("Error updating password")
-						return "", err
-					}
-				}
-				if do == "add" || do == "del" {
-					allStaff, err = getAllStaffNopass(true)
-					if err != nil {
-						errEv.Err(err).Caller().Msg("Error getting updated staff list")
-						err = errors.New("Error getting updated staff list: " + err.Error())
-						return "", err
-					}
-				}
-
-				staffBuffer := bytes.NewBufferString("")
-				if err = serverutil.MinifyTemplate(gctemplates.ManageStaff, map[string]interface{}{
-					"do":             do,
-					"updateUsername": updateUsername,
-					"allstaff":       allStaff,
-					"currentStaff":   staff,
-				}, staffBuffer, "text/html"); err != nil {
-					errEv.Err(err).Str("template", "manage_staff.html").Send()
-					return "", errors.New("Error executing staff management page template: " + err.Error())
-				}
-				outputStr += staffBuffer.String()
-				return outputStr, nil
-			}},
+			Callback:    staffCallback,
+		},
 	)
 }
--- a/pkg/manage/actionsModPerm.go
+++ b/pkg/manage/actionsModPerm.go
--- a/pkg/manage/actionsNoPerm.go
+++ b/pkg/manage/actionsNoPerm.go
@ -15,53 +15,55 @@ import (
 )

 var (
-	loginAction = &Action{
+	loginAction = Action{
 		ID:          "login",
 		Title:       "Login",
 		Permissions: NoPerms,
-		Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv, errEv *zerolog.Event) (output interface{}, err error) {
-			systemCritical := config.GetSystemCriticalConfig()
-			if staff.Rank > 0 {
-				http.Redirect(writer, request, path.Join(systemCritical.WebRoot, "manage"), http.StatusFound)
-			}
-			username := request.FormValue("username")
-			password := request.FormValue("password")
-			redirectAction := request.FormValue("action")
-			if redirectAction == "" || redirectAction == "logout" {
-				redirectAction = "dashboard"
-			}
-
-			if username == "" || password == "" {
-				//assume that they haven't logged in
-				manageLoginBuffer := bytes.NewBufferString("")
-				if err = serverutil.MinifyTemplate(gctemplates.ManageLogin, map[string]interface{}{
-					"siteConfig":  config.GetSiteConfig(),
-					"sections":    gcsql.AllSections,
-					"boards":      gcsql.AllBoards,
-					"boardConfig": config.GetBoardConfig(""),
-					"redirect":    redirectAction,
-				}, manageLoginBuffer, "text/html"); err != nil {
-					errEv.Err(err).Str("template", "manage_login.html").Send()
-					return "", errors.New("Error executing staff login page template: " + err.Error())
-				}
-				output = manageLoginBuffer.String()
-			} else {
-				key := gcutil.Md5Sum(request.RemoteAddr + username + password + systemCritical.RandomSeed + gcutil.RandomString(3))[0:10]
-				if err = createSession(key, username, password, request, writer); err != nil {
-					if errors.Is(err, ErrBadCredentials) {
-						writer.WriteHeader(http.StatusUnauthorized)
-					}
-					return "", err
-				}
-				http.Redirect(writer, request, path.Join(systemCritical.WebRoot, "manage/"+request.FormValue("redirect")), http.StatusFound)
-			}
-			return
-		},
+		Callback:    loginCallback,
 	}
 )

+func loginCallback(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool, infoEv, errEv *zerolog.Event) (output interface{}, err error) {
+	systemCritical := config.GetSystemCriticalConfig()
+	if staff.Rank > 0 {
+		http.Redirect(writer, request, path.Join(systemCritical.WebRoot, "manage"), http.StatusFound)
+	}
+	username := request.FormValue("username")
+	password := request.FormValue("password")
+	redirectAction := request.FormValue("action")
+	if redirectAction == "" || redirectAction == "logout" {
+		redirectAction = "dashboard"
+	}
+
+	if username == "" || password == "" {
+		//assume that they haven't logged in
+		manageLoginBuffer := bytes.NewBufferString("")
+		if err = serverutil.MinifyTemplate(gctemplates.ManageLogin, map[string]interface{}{
+			"siteConfig":  config.GetSiteConfig(),
+			"sections":    gcsql.AllSections,
+			"boards":      gcsql.AllBoards,
+			"boardConfig": config.GetBoardConfig(""),
+			"redirect":    redirectAction,
+		}, manageLoginBuffer, "text/html"); err != nil {
+			errEv.Err(err).Str("template", "manage_login.html").Send()
+			return "", errors.New("Error executing staff login page template: " + err.Error())
+		}
+		output = manageLoginBuffer.String()
+	} else {
+		key := gcutil.Md5Sum(request.RemoteAddr + username + password + systemCritical.RandomSeed + gcutil.RandomString(3))[0:10]
+		if err = createSession(key, username, password, request, writer); err != nil {
+			if errors.Is(err, ErrBadCredentials) {
+				writer.WriteHeader(http.StatusUnauthorized)
+			}
+			return "", err
+		}
+		http.Redirect(writer, request, path.Join(systemCritical.WebRoot, "manage/"+request.FormValue("redirect")), http.StatusFound)
+	}
+	return
+}
+
 func registerNoPermPages() {
-	actions = append(actions, *loginAction,
+	actions = append(actions, loginAction,
 		Action{
 			ID:          "staffinfo",
 			Permissions: NoPerms,