From a186d514af2e3bd22fcea591f0c31abb900f5731 Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Sun, 21 Apr 2024 16:16:29 +0000 Subject: [PATCH] Refactor admin settings page and add user signup functionality --- src/routes/settings/admin/+page.server.ts | 12 ++++ src/routes/settings/admin/+page.svelte | 80 +++++++++++++++++++++++ src/routes/signup/+page.server.ts | 46 ++++++++++--- 3 files changed, 129 insertions(+), 9 deletions(-) create mode 100644 src/routes/settings/admin/+page.server.ts create mode 100644 src/routes/settings/admin/+page.svelte diff --git a/src/routes/settings/admin/+page.server.ts b/src/routes/settings/admin/+page.server.ts new file mode 100644 index 0000000..3837865 --- /dev/null +++ b/src/routes/settings/admin/+page.server.ts @@ -0,0 +1,12 @@ +import { error, redirect, type Actions } from "@sveltejs/kit"; +import type { PageServerLoad } from "./$types"; + +export const load: PageServerLoad = async (event) => { + if (!event.locals.user) { + return redirect(302, "/login"); + } else { + if (event.locals.user.role !== "admin") { + return redirect(302, "/settings"); + } + } +}; diff --git a/src/routes/settings/admin/+page.svelte b/src/routes/settings/admin/+page.svelte new file mode 100644 index 0000000..fabd082 --- /dev/null +++ b/src/routes/settings/admin/+page.svelte @@ -0,0 +1,80 @@ + + +

Admin Settings

+ +

Add User

+
+
+ +
+ +
+ +
+ +
+ +
+ +
+
+ +{#if errors.message} +
+ {errors.message} +
+{/if} diff --git a/src/routes/signup/+page.server.ts b/src/routes/signup/+page.server.ts index 691db63..298c418 100644 --- a/src/routes/signup/+page.server.ts +++ b/src/routes/signup/+page.server.ts @@ -1,6 +1,6 @@ // routes/signup/+page.server.ts import { lucia } from "$lib/server/auth"; -import { fail, redirect } from "@sveltejs/kit"; +import { error, fail, redirect } from "@sveltejs/kit"; import { generateId } from "lucia"; import { Argon2id } from "oslo/password"; import { db } from "$lib/db/db.server"; @@ -17,6 +17,7 @@ export const actions: Actions = { const password = formData.get("password"); const firstName = formData.get("first_name"); const lastName = formData.get("last_name"); + let role: string = ""; // username must be between 4 ~ 31 characters, and only consists of lowercase letters, 0-9, -, and _ // keep in mind some database (e.g. mysql) are case insensitive @@ -27,6 +28,15 @@ export const actions: Actions = { }); } + if (!event.locals.user) { + role = "user"; + } + + if (event.locals.user && event.locals.user.role === "admin") { + const isAdmin = formData.get("role") === "on"; + role = isAdmin ? "admin" : "user"; + } + if ( typeof username !== "string" || username.length < 3 || @@ -91,18 +101,36 @@ export const actions: Actions = { last_name: lastName, hashed_password: hashedPassword, signup_date: new Date(), - role: "user", + role: role, last_login: new Date(), } as DatabaseUser) .execute(); - const session = await lucia.createSession(userId, {}); - const sessionCookie = lucia.createSessionCookie(session.id); - event.cookies.set(sessionCookie.name, sessionCookie.value, { - path: ".", - ...sessionCookie.attributes, - }); + if (!event.locals.user) { + const session = await lucia.createSession(userId, {}); + const sessionCookie = lucia.createSessionCookie(session.id); + event.cookies.set(sessionCookie.name, sessionCookie.value, { + path: ".", + ...sessionCookie.attributes, + }); - redirect(302, "/"); + redirect(302, "/"); + } else { + if (event.locals.user && event.locals.user.role !== "admin") { + return error(403, { + message: "You are not authorized to add users", + }); + } + + return { + status: 200, + headers: { + "content-type": "application/json", + }, + body: JSON.stringify({ + message: "User created", + }), + }; + } }, };