website/pkg/controller/admin/add_user.go

package admin

import (
	"net/http"
	"net/mail"
	"strings"

	"code.nonshy.com/nonshy/website/pkg/models"
	"code.nonshy.com/nonshy/website/pkg/session"
	"code.nonshy.com/nonshy/website/pkg/templates"
)

// Manually create new user accounts.
func AddUser() http.HandlerFunc {
	tmpl := templates.Must("admin/add_user.html")
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.Method == http.MethodPost {
			var (
				email    = strings.TrimSpace(strings.ToLower(r.PostFormValue("email")))
				username = strings.TrimSpace(strings.ToLower(r.PostFormValue("username")))
				password = r.PostFormValue("password")
			)

			// Validate the email.
			if _, err := mail.ParseAddress(email); err != nil {
				session.FlashError(w, r, "The email address you entered is not valid: %s", err)
				templates.Redirect(w, r.URL.Path)
				return
			}

			// Password check.
			if len(password) < 3 {
				session.FlashError(w, r, "The password is required to be 3+ characters long.")
				templates.Redirect(w, r.URL.Path)
				return
			}

			// Validate the username is OK: well formatted, not reserved, not existing.
			if err := models.IsValidUsername(username); err != nil {
				session.FlashError(w, r, err.Error())
				templates.Redirect(w, r.URL.Path)
				return
			}

			// Create the user.
			if _, err := models.CreateUser(username, email, password); err != nil {
				session.FlashError(w, r, "Couldn't create the user: %s", err)
				templates.Redirect(w, r.URL.Path)
				return
			}

			session.Flash(w, r, "Created the username %s with password: %s", username, password)
			templates.Redirect(w, r.URL.Path)
			return
		}

		if err := tmpl.Execute(w, r, nil); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
	})
}
Various tweaks and improvements * Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page. 2024-06-15 22:05:50 +00:00			`package admin`

			`import (`
			`"net/http"`
			`"net/mail"`
			`"strings"`

			`"code.nonshy.com/nonshy/website/pkg/models"`
			`"code.nonshy.com/nonshy/website/pkg/session"`
			`"code.nonshy.com/nonshy/website/pkg/templates"`
			`)`

			`// Manually create new user accounts.`
			`func AddUser() http.HandlerFunc {`
			`tmpl := templates.Must("admin/add_user.html")`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method == http.MethodPost {`
			`var (`
			`email = strings.TrimSpace(strings.ToLower(r.PostFormValue("email")))`
			`username = strings.TrimSpace(strings.ToLower(r.PostFormValue("username")))`
			`password = r.PostFormValue("password")`
			`)`

			`// Validate the email.`
			`if _, err := mail.ParseAddress(email); err != nil {`
			`session.FlashError(w, r, "The email address you entered is not valid: %s", err)`
			`templates.Redirect(w, r.URL.Path)`
			`return`
			`}`

			`// Password check.`
			`if len(password) < 3 {`
			`session.FlashError(w, r, "The password is required to be 3+ characters long.")`
			`templates.Redirect(w, r.URL.Path)`
			`return`
			`}`

			`// Validate the username is OK: well formatted, not reserved, not existing.`
			`if err := models.IsValidUsername(username); err != nil {`
			`session.FlashError(w, r, err.Error())`
			`templates.Redirect(w, r.URL.Path)`
			`return`
			`}`

			`// Create the user.`
			`if _, err := models.CreateUser(username, email, password); err != nil {`
			`session.FlashError(w, r, "Couldn't create the user: %s", err)`
			`templates.Redirect(w, r.URL.Path)`
			`return`
			`}`

			`session.Flash(w, r, "Created the username %s with password: %s", username, password)`
			`templates.Redirect(w, r.URL.Path)`
			`return`
			`}`

			`if err := tmpl.Execute(w, r, nil); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`})`
			`}`