Restrict to only admin users.

admin/handlers.go

@@ -6,10 +6,14 @@ import (
   "fmt"
   "github.com/gofiber/fiber/v2"
   "zedshaw.games/webapp/data"
+  "zedshaw.games/webapp/api"
   . "zedshaw.games/webapp/common"
 )
 
 func GetApiTableIndex(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   var tables []string
 
   for k := range maps.Keys(data.Models()) {
@@ -20,6 +24,9 @@ func GetApiTableIndex(c *fiber.Ctx) error {
 }
 
 func GetApiSelectAll(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
   if table == "" { return c.Redirect("/admin/table/") }
   type_is := data.Models()[table]
@@ -29,14 +36,12 @@ func GetApiSelectAll(c *fiber.Ctx) error {
 
   search := c.Query("search", "")
   var result []any
-  var err error
 
   if search == "" {
     result, err = SelectTable(table, type_is, 20, uint64(page));
     if err != nil { return IfErrNil(err, c) }
   } else {
     // NOTE: need a 404 here when there's no result? or empty list?
-    fmt.Println("---------------- SEARCH", search)
     result, err = SearchTable(search, table, type_is, 20, uint64(page));
     if err != nil { return IfErrNil(err, c) }
   }
@@ -45,10 +50,16 @@ func GetApiSelectAll(c *fiber.Ctx) error {
 }
 
 func GetPageSelectAll(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   return c.Render("admin/table/contents", fiber.Map{"Table": c.Params("table")})
 }
 
 func GetApiSelectOne(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
   id, err := c.ParamsInt("id", -1)
   if err != nil || id < 0 { return IfErrNil(err, c) }
@@ -62,6 +73,9 @@ func GetApiSelectOne(c *fiber.Ctx) error {
 }
 
 func GetPageSelectOne(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
   id, err := c.ParamsInt("id", -1)
   if err != nil || id < 0 { return IfErrNil(err, c) }
@@ -73,6 +87,9 @@ func GetPageSelectOne(c *fiber.Ctx) error {
 }
 
 func PostApiUpdate(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
   typeOf := data.Models()[table]
   obj, err := ReflectOnPost(typeOf, c)
@@ -85,11 +102,17 @@ func PostApiUpdate(c *fiber.Ctx) error {
 }
 
 func GetPageInsert(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
   return c.Render("admin/table/new", fiber.Map{ "Table": table })
 }
 
 func GetApiInsert(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
   typeOf := data.Models()[table]
   result := reflect.New(typeOf)
@@ -97,6 +120,9 @@ func GetApiInsert(c *fiber.Ctx) error {
 }
 
 func PostApiInsert(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
 
   typeOf := data.Models()[table]
@@ -110,6 +136,9 @@ func PostApiInsert(c *fiber.Ctx) error {
 }
 
 func DeleteApi(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
   table := c.Params("table")
 
   id, err := c.ParamsInt("id", -1)
@@ -121,8 +150,15 @@ func DeleteApi(c *fiber.Ctx) error {
   return c.JSON(fiber.Map{})
 }
 
+func GetPageAdminIndex(c *fiber.Ctx) error {
+  _, err := api.CheckAuthed(c, true)
+  if err != nil { return c.Redirect("/") }
+
+  return c.Render("admin/table/index", fiber.Map{})
+}
+
 func Setup(app *fiber.App) {
-  app.Get("/admin/table/", Page("admin/table/index"))
+  app.Get("/admin/table/", GetPageAdminIndex)
   app.Get("/api/admin/table/", GetApiTableIndex)
 
   app.Get("/api/admin/table/:table/", GetApiSelectAll)