Refactor admin settings page, clear all sessions, and add user signup functionality

2025-08-03 20:25:18 +02:00 · 2024-04-21 16:31:55 +00:00 · 2024-04-21 16:31:55 +00:00 · 29e9b308ba
commit 29e9b308ba
parent a186d514af
4 changed files with 58 additions and 12 deletions
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@ -19,7 +19,6 @@
  let isServerSetup = data.isServerSetup;

  onMount(() => {
-    console.log("isServerSetup", isServerSetup);
    if (!isServerSetup && $page.url.pathname !== "/setup") {
      goto("/setup");
    }
--- a/src/routes/settings/admin/+page.server.ts
+++ b/src/routes/settings/admin/+page.server.ts
@ -1,5 +1,7 @@
-import { error, redirect, type Actions } from "@sveltejs/kit";
+import { error, redirect, type Actions, type Handle } from "@sveltejs/kit";
 import type { PageServerLoad } from "./$types";
+import { db } from "$lib/db/db.server";
+import { sessionTable } from "$lib/db/schema";

 export const load: PageServerLoad = async (event) => {
  if (!event.locals.user) {
@ -10,3 +12,25 @@ export const load: PageServerLoad = async (event) => {
    }
  }
 };
+
+export const actions: Actions = {
+  clearAllSessions: async (event) => {
+    if (event.locals.user && event.locals.user.role !== "admin") {
+      return error(403, {
+        message: "You are not authorized to perform this action",
+      });
+    } else {
+      console.log("ALL SESSIONS CLEARED");
+      await db.delete(sessionTable).execute();
+      return {
+        status: 200,
+        headers: {
+          "content-type": "application/json",
+        },
+        body: JSON.stringify({
+          message: "Cleared all sessions",
+        }),
+      };
+    }
+  },
+};
--- a/src/routes/settings/admin/+page.svelte
+++ b/src/routes/settings/admin/+page.svelte
@ -4,6 +4,10 @@
  import { type SubmitFunction } from "@sveltejs/kit";
  let errors: { message?: string } = {};
  let message: { message?: string } = {};
+  let username: string = "";
+  let first_name: string = "";
+  let last_name: string = "";
+  let password: string = "";
  const addUser: SubmitFunction = async ({ formData, action, cancel }) => {
    const response = await fetch(action, {
      method: "POST",
@ -13,8 +17,11 @@
    if (response.ok) {
      console.log("User Added Successfully!");
      errors = {};
+      username = "";
+      first_name = "";
+      last_name = "";
+      password = "";
      cancel();
-      window.location.reload();
      return;
    }

@ -41,18 +48,21 @@
    <input
      name="username"
      id="username"
+      bind:value={username}
      class="block mb-2 input input-bordered w-full max-w-xs"
    /><br />
    <label for="first_name">First Name</label>
    <input
      name="first_name"
      id="first_name"
+      bind:value={first_name}
      class="block mb-2 input input-bordered w-full max-w-xs"
    /><br />
    <label for="last_name">Last Name</label>
    <input
      name="last_name"
      id="last_name"
+      bind:value={last_name}
      class="block mb-2 input input-bordered w-full max-w-xs"
    /><br />
    <label for="password">Password</label>
@ -60,6 +70,7 @@
      type="password"
      name="password"
      id="password"
+      bind:value={password}
      class="block mb-2 input input-bordered w-full max-w-xs"
    /><br />
    <label for="role">Admin User?</label>
@ -78,3 +89,14 @@
    {errors.message}
  </div>
 {/if}
+
+<h2 class="text-center font-extrabold text-2xl">Session Managment</h2>
+<div class="flex justify-center items-center">
+  <form use:enhance method="POST" action="?/clearAllSessions">
+    <input
+      type="submit"
+      class="btn btn-warning"
+      value="Clear All Users Sessions"
+    />
+  </form>
+</div>
--- a/src/routes/signup/+page.server.ts
+++ b/src/routes/signup/+page.server.ts
@ -23,7 +23,7 @@ export const actions: Actions = {

    // check all to make sure all fields are provided
    if (!username || !password || !firstName || !lastName) {
-      return fail(400, {
+      return error(400, {
        message: "All fields are required",
      });
    }
@ -43,7 +43,7 @@ export const actions: Actions = {
      username.length > 31 ||
      !/^[a-z0-9_-]+$/.test(username)
    ) {
-      return fail(400, {
+      return error(400, {
        message: "Invalid username",
      });
    }
@ -52,7 +52,7 @@ export const actions: Actions = {
      password.length < 6 ||
      password.length > 255
    ) {
-      return fail(400, {
+      return error(400, {
        message: "Invalid password",
      });
    }
@ -62,7 +62,7 @@ export const actions: Actions = {
      firstName.length < 1 ||
      firstName.length > 255
    ) {
-      return fail(400, {
+      return error(400, {
        message: "Invalid first name",
      });
    }
@ -72,14 +72,11 @@ export const actions: Actions = {
      lastName.length < 1 ||
      lastName.length > 255
    ) {
-      return fail(400, {
+      return error(400, {
        message: "Invalid last name",
      });
    }

-    const userId = generateId(15);
-    const hashedPassword = await new Argon2id().hash(password);
-
    const usernameTaken = await db
      .select()
      .from(userTable)
@ -88,10 +85,14 @@ export const actions: Actions = {
      .then((results) => results[0] as unknown as DatabaseUser | undefined);

    if (usernameTaken) {
-      return fail(400, {
+      return error(400, {
        message: "Username already taken",
      });
    }
+
+    const userId = generateId(15);
+    const hashedPassword = await new Argon2id().hash(password);
+
    await db
      .insert(userTable)
      .values({