diff options
-rw-r--r-- | err.go | 1 | ||||
-rw-r--r-- | index.go | 4 | ||||
-rw-r--r-- | main.go | 6 | ||||
-rwxr-xr-x | scripts/lint.sh | 2 | ||||
-rw-r--r-- | sql/schema.sql | 4 | ||||
-rw-r--r-- | state.go | 160 | ||||
-rw-r--r-- | tmpl/staff.html | 13 |
7 files changed, 187 insertions, 3 deletions
@@ -45,4 +45,5 @@ var ( errContextCancelled = errors.New("context cancelled") errCannotReceiveMessage = errors.New("cannot receive message") errNoSuchCourse = errors.New("no such course") + errInvalidState = errors.New("invalid state") ) @@ -112,9 +112,11 @@ func handleIndex(w http.ResponseWriter, req *http.Request) { w, "staff", struct { - Name string + Name string + State uint32 }{ userName, + state, }, ) if err != nil { @@ -119,6 +119,7 @@ func main() { http.HandleFunc("/export", handleExport) http.HandleFunc("/auth", handleAuth) http.HandleFunc("/ws", handleWs) + http.HandleFunc("/state/{s}", handleState) var l net.Listener @@ -176,6 +177,11 @@ func main() { log.Fatal(err) } + log.Println("Loading state") + if err := loadState(); err != nil { + log.Fatal(err) + } + log.Println("Setting up courses") err = setupCourses() if err != nil { diff --git a/scripts/lint.sh b/scripts/lint.sh index 73e9878..5988eb6 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -1,3 +1,3 @@ #!/bin/sh set -e -golangci-lint run --color=always --enable-all --disable=wsl,funlen,exportloopref,gomnd,execinquery,godox,lll,gochecknoglobals,depguard,cyclop,gosmopolitan,nlreturn,varnamelen,nestif,musttag,mnd,tagliatelle,gocognit,gocyclo,maintidx,dogsled,unparam,nonamedreturns +golangci-lint run --color=always --enable-all --disable=wsl,funlen,exportloopref,gomnd,execinquery,godox,lll,gochecknoglobals,depguard,cyclop,gosmopolitan,nlreturn,varnamelen,nestif,musttag,mnd,tagliatelle,gocognit,gocyclo,maintidx,dogsled,unparam,nonamedreturns,godot diff --git a/sql/schema.sql b/sql/schema.sql index 3248f14..51a455b 100644 --- a/sql/schema.sql +++ b/sql/schema.sql @@ -24,3 +24,7 @@ CREATE TABLE choices ( FOREIGN KEY(courseid) REFERENCES courses(id), UNIQUE (userid, courseid) ); +CREATE TABLE misc ( + key TEXT PRIMARY KEY NOT NULL, + value INTEGER NOT NULL +); diff --git a/state.go b/state.go new file mode 100644 index 0000000..48b8907 --- /dev/null +++ b/state.go @@ -0,0 +1,160 @@ +/* + * Handle the unified global state + * + * Copyright (C) 2024 Runxi Yu <https://runxiyu.org> + * SPDX-License-Identifier: AGPL-3.0-or-later + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +package main + +import ( + "context" + "errors" + "fmt" + "net/http" + "strconv" + "sync/atomic" + + "github.com/jackc/pgx/v5" +) + +/* + * 0: Student access is disabled + * 1: Student have read-only access + * 2: Student can choose courses + */ +var state uint32 /* atomic */ + +func loadState() error { + var _state uint32 + err := db.QueryRow( + context.Background(), + "SELECT value FROM misc WHERE key = 'state'", + ).Scan(&_state) + if err != nil { + if errors.Is(err, pgx.ErrNoRows) { + _state = 0 + _, err := db.Exec( + context.Background(), + "INSERT INTO misc(key, value) VALUES ('state', $1)", + _state, + ) + if err != nil { + return fmt.Errorf("%w: %w", errUnexpectedDBError, err) + } + } else { + return fmt.Errorf("%w: %w", errUnexpectedDBError, err) + } + } + atomic.StoreUint32(&state, _state) + return nil +} + +func saveStateValue(ctx context.Context, newState uint32) error { + _, err := db.Exec( + ctx, + "UPDATE misc SET value = $1 WHERE key = 'state'", + newState, + ) + if err != nil { + return fmt.Errorf("%w: %w", errUnexpectedDBError, err) + } + return nil +} + +func setState(ctx context.Context, newState uint32) error { + if newState > 2 { + return fmt.Errorf("%w: %d", errInvalidState, newState) + } + err := saveStateValue(ctx, newState) + if err != nil { + return err + } + atomic.StoreUint32(&state, newState) + return nil +} + +func handleState(w http.ResponseWriter, req *http.Request) { + sessionCookie, err := req.Cookie("session") + if errors.Is(err, http.ErrNoCookie) { + wstr( + w, + http.StatusUnauthorized, + "No session cookie, which is required for this endpoint", + ) + return + } else if err != nil { + wstr(w, http.StatusBadRequest, "Error: Unable to check cookie.") + return + } + + var userID, userName, userDepartment string + err = db.QueryRow( + req.Context(), + "SELECT id, name, department FROM users WHERE session = $1", + sessionCookie.Value, + ).Scan(&userID, &userName, &userDepartment) + if err != nil { + if errors.Is(err, pgx.ErrNoRows) { + wstr( + w, + http.StatusForbidden, + "Invalid session cookie", + ) + return + } + wstr( + w, + http.StatusInternalServerError, + fmt.Sprintf( + "Error: Unexpected database error: %s", + err, + ), + ) + return + } + + if userDepartment != staffDepartment { + wstr( + w, + http.StatusForbidden, + "You are not authorized to view this page", + ) + return + } + + basePath := req.PathValue("s") + newState, err := strconv.ParseUint(basePath, 10, 32) + if err != nil { + wstr( + w, + http.StatusBadRequest, + "State must be an unsigned 32-bit integer", + ) + return + } + err = setState(req.Context(), uint32(newState)) + if err != nil { + wstr( + w, + http.StatusInternalServerError, + "Failed setting state, please return to previous page; are you sure it's within limits?", + ) + return + } + + http.Redirect(w, req, "/", http.StatusSeeOther) +} diff --git a/tmpl/staff.html b/tmpl/staff.html index 4b77b00..12cc3f0 100644 --- a/tmpl/staff.html +++ b/tmpl/staff.html @@ -48,7 +48,18 @@ </p> </div> <div class="reading-width"> - <a href="./export" class="btn-primary btn">Export all choices as a spreadsheet</a> + <p><a href="./export" class="btn-primary btn">Export all choices as a spreadsheet</a></p> + {{- if ge .State 1 }} + <p><a href="./state/0" class="btn-danger btn">Disable student access</a></p> + {{- if ge .State 2 }} + <p><a href="./state/1" class="btn-danger btn">Stop course selections</a></p> + {{- else }} + <p><a href="./state/2" class="btn-primary btn">Start course selections</a></p> + {{- end }} + {{- else }} + <p><a href="./state/1" class="btn-primary btn">Enable student access</a></p> + {{- end }} + </p> </div> </body> </html> |