From 29173aff3bd7a5bc08874ce0420540a423849789 Mon Sep 17 00:00:00 2001 From: Blog Manager Robot Date: Sat, 29 Oct 2022 19:25:04 +0000 Subject: [PATCH] Chained stuff to DRY --- Web/lib/MJB/Web.pm | 64 ++++--- Web/lib/MJB/Web/Controller/Dashboard.pm | 233 +++--------------------- 2 files changed, 59 insertions(+), 238 deletions(-) diff --git a/Web/lib/MJB/Web.pm b/Web/lib/MJB/Web.pm index 4fea1b6..5f215e0 100644 --- a/Web/lib/MJB/Web.pm +++ b/Web/lib/MJB/Web.pm @@ -70,6 +70,19 @@ sub startup ($self) { return undef; }); + # Create a router chain for the dashboard blog display that verifies access to + # the blog and loads it. + my $blog = $auth->under( '/dashboard/blog/:id' => sub ( $c ) { + my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); + + if ( $blog->person->id ne $c->stash->{person}->id ) { + $c->redirect_to( $c->url_for( 'show_dashboard' ) ); + return undef; + } + + return 1; + }); + # Create a router chain that ensures the request is from an admin user. my $admin = $auth->under( '/' => sub ($c) { @@ -113,32 +126,31 @@ sub startup ($self) { $auth->get ( '/password' )->to('UserSettings#change_password' )->name('show_change_password' ); $auth->post( '/password' )->to('UserSettings#do_change_password' )->name('do_change_password' ); - # Dashboard - $auth->get ( '/dashboard' )->to('Dashboard#index' )->name('show_dashboard' ); - $auth->get ( '/dashboard/blog/:id' )->to('Dashboard#blog' )->name('show_dashboard_blog' ); - $auth->get ( '/dashboard/blog/:id/posts' )->to('Dashboard#blog_posts' )->name('show_dashboard_blog_posts' ); - $auth->get ( '/dashboard/blog/:id/post/*mdfile' )->to('Dashboard#blog_post' )->name('show_dashboard_blog_post' ); - $auth->post( '/dashboard/blog/:id/post/*mdfile' )->to('Dashboard#do_blog_post' )->name('do_dashboard_blog_post' ); - $auth->get ( '/dashboard/blog/:id/post' )->to('Dashboard#blog_post_create' )->name('show_dashboard_blog_post_create' ); - $auth->post( '/dashboard/blog/:id/post' )->to('Dashboard#do_blog_post_create' )->name('do_dashboard_blog_post_create' ); - $auth->get ( '/dashboard/blog/:id/settings' )->to('Dashboard#blog_settings' )->name('show_dashboard_blog_settings' ); - $auth->post( '/dashboard/blog/:id/settings' )->to('Dashboard#do_blog_settings' )->name('do_dashboard_blog_settings' ); - $auth->get ( '/dashboard/blog/:id/config' )->to('Dashboard#blog_config' )->name('show_dashboard_blog_config' ); - $auth->post( '/dashboard/blog/:id/config' )->to('Dashboard#do_blog_config' )->name('do_dashboard_blog_config' ); - $auth->get ( '/dashboard/blog/:id/builds' )->to('Dashboard#blog_builds' )->name('show_dashboard_blog_builds' ); - $auth->get ( '/dashboard/blog/:id/media' )->to('Dashboard#blog_media' )->name('show_dashboard_blog_media' ); - $auth->post( '/dashboard/blog/:id/media' )->to('Dashboard#do_blog_media' )->name('do_dashboard_blog_media' ); - $auth->post( '/dashboard/blog/:id/media/*file' )->to('Dashboard#do_blog_media_remove' )->name('do_dashboard_blog_media_remove' ); - $auth->get ( '/dashboard/blog/:id/history' )->to('Dashboard#blog_history' )->name('show_dashboard_blog_history' ); - $auth->post( '/dashboard/blog/:id/history' )->to('Dashboard#do_blog_history' )->name('do_dashboard_blog_history' ); - - $auth->get ( '/dashboard/blog/:id/pages' )->to('Dashboard#blog_pages' )->name('show_dashboard_blog_pages' ); - $auth->get ( '/dashboard/blog/:id/page' )->to('Dashboard#blog_page' )->name('show_dashboard_blog_page' ); - $auth->post( '/dashboard/blog/:id/page' )->to('Dashboard#do_blog_page' )->name('do_dashboard_blog_page' ); - $auth->get ( '/dashboard/blog/:id/page/edit' )->to('Dashboard#blog_page_edit' )->name('show_dashboard_blog_page_edit' ); - $auth->post( '/dashboard/blog/:id/page/edit' )->to('Dashboard#do_blog_page_edit' )->name('do_dashboard_blog_page_edit' ); - - # Blog Management + # Dashboard / Blog Management + $auth->get ( '/dashboard' )->to('Dashboard#index' )->name('show_dashboard' ); + $blog->get ( '/' )->to('Dashboard#blog' )->name('show_dashboard_blog' ); + $blog->get ( '/posts' )->to('Dashboard#blog_posts' )->name('show_dashboard_blog_posts' ); + $blog->get ( '/post/*mdfile' )->to('Dashboard#blog_post' )->name('show_dashboard_blog_post' ); + $blog->post( '/post/*mdfile' )->to('Dashboard#do_blog_post' )->name('do_dashboard_blog_post' ); + $blog->get ( '/post' )->to('Dashboard#blog_post_create' )->name('show_dashboard_blog_post_create' ); + $blog->post( '/post' )->to('Dashboard#do_blog_post_create' )->name('do_dashboard_blog_post_create' ); + $blog->get ( '/settings' )->to('Dashboard#blog_settings' )->name('show_dashboard_blog_settings' ); + $blog->post( '/settings' )->to('Dashboard#do_blog_settings' )->name('do_dashboard_blog_settings' ); + $blog->get ( '/config' )->to('Dashboard#blog_config' )->name('show_dashboard_blog_config' ); + $blog->post( '/config' )->to('Dashboard#do_blog_config' )->name('do_dashboard_blog_config' ); + $blog->get ( '/builds' )->to('Dashboard#blog_builds' )->name('show_dashboard_blog_builds' ); + $blog->get ( '/media' )->to('Dashboard#blog_media' )->name('show_dashboard_blog_media' ); + $blog->post( '/media' )->to('Dashboard#do_blog_media' )->name('do_dashboard_blog_media' ); + $blog->post( '/media/*file' )->to('Dashboard#do_blog_media_remove' )->name('do_dashboard_blog_media_remove' ); + $blog->get ( '/history' )->to('Dashboard#blog_history' )->name('show_dashboard_blog_history' ); + $blog->post( '/history' )->to('Dashboard#do_blog_history' )->name('do_dashboard_blog_history' ); + $blog->get ( '/pages' )->to('Dashboard#blog_pages' )->name('show_dashboard_blog_pages' ); + $blog->get ( '/page' )->to('Dashboard#blog_page' )->name('show_dashboard_blog_page' ); + $blog->post( '/page' )->to('Dashboard#do_blog_page' )->name('do_dashboard_blog_page' ); + $blog->get ( '/page/edit' )->to('Dashboard#blog_page_edit' )->name('show_dashboard_blog_page_edit' ); + $blog->post( '/page/edit' )->to('Dashboard#do_blog_page_edit' )->name('do_dashboard_blog_page_edit' ); + + # Blog Creation $auth->get ( '/blog' )->to('Blog#create' )->name('show_blog_create' ); $auth->post( '/blog' )->to('Blog#do_create' )->name('do_blog_create' ); $auth->get ( '/blog/:id/settings' )->to('Blog#settings' )->name('show_blog_settings' ); diff --git a/Web/lib/MJB/Web/Controller/Dashboard.pm b/Web/lib/MJB/Web/Controller/Dashboard.pm index 93549b5..4598488 100644 --- a/Web/lib/MJB/Web/Controller/Dashboard.pm +++ b/Web/lib/MJB/Web/Controller/Dashboard.pm @@ -9,62 +9,26 @@ sub index ($c) { } sub blog ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; } # TODO: There is a lot of repetition here, check out making a chain # like the auth ones, but for loading up the blog and ensuring # the user has access to it? sub blog_posts ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $blog_posts = $c->stash->{blog_posts} = [ map { $_->read } @{$c->jekyll($blog->domain->name)->list_posts} ]; } sub blog_post ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $post = $c->stash->{post} = $c->jekyll($blog->domain->name)->get_post( $c->param('mdfile') ); } sub do_blog_post ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $title = $c->stash->{form_title} = $c->param('postTitle'); my $date = $c->stash->{form_date} = $c->param('postDate'); @@ -90,18 +54,7 @@ sub do_blog_post ( $c ) { } sub blog_post_create ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } - - + my $blog = $c->stash->{blog}; } sub _make_slug ( $date, $title ) { @@ -121,16 +74,7 @@ sub _make_slug ( $date, $title ) { } sub do_blog_post_create ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $title = $c->stash->{form_title} = $c->param('postTitle'); my $date = $c->stash->{form_date} = $c->param('postDate'); @@ -159,16 +103,7 @@ sub do_blog_post_create ( $c ) { } sub blog_settings ($c) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $data = $c->jekyll($blog->domain->name)->config->data; @@ -178,16 +113,7 @@ sub blog_settings ($c) { } sub do_blog_settings ($c) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $jekyll = $c->jekyll($blog->domain->name); @@ -206,16 +132,7 @@ sub do_blog_settings ($c) { } sub blog_config ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $jekyll = $c->jekyll($blog->domain->name); my $config = $jekyll->config; @@ -224,16 +141,7 @@ sub blog_config ( $c ) { } sub do_blog_config ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $jekyll = $c->jekyll($blog->domain->name); my $config = $jekyll->config; @@ -249,45 +157,18 @@ sub do_blog_config ( $c ) { } sub blog_builds ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; } sub blog_media ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $media_files = $c->stash->{media_files} = $c->jekyll($blog->domain->name)->list_media; } sub do_blog_media_remove( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $jekyll = $c->jekyll($blog->domain->name); my $media_file = Mojo::File->new( $jekyll->repo_path . "/assets/media/" . $c->param('file') ); @@ -308,16 +189,7 @@ sub do_blog_media_remove( $c ) { } sub do_blog_media ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $jekyll = $c->jekyll($blog->domain->name); @@ -345,31 +217,13 @@ sub do_blog_media ( $c ) { } sub blog_history ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $history = $c->stash->{history} = $c->jekyll($blog->domain->name)->history; } sub do_blog_history ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $commit = $c->param('commit_hash'); @@ -388,31 +242,13 @@ sub do_blog_history ( $c ) { } sub blog_pages ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $blog_pages = $c->stash->{blog_pages} = [ map { $_->read } @{$c->jekyll($blog->domain->name)->list_pages} ]; } sub blog_page_edit ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; # This is a dumb-expensive way of loading the file. TODO, fix this. my $blog_pages = $c->stash->{blog_pages} = [ map { $_->read } @{$c->jekyll($blog->domain->name)->list_pages} ]; @@ -424,16 +260,7 @@ sub blog_page_edit ( $c ) { } sub do_blog_page_edit ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $jekyll = $c->jekyll($blog->domain->name); @@ -462,29 +289,11 @@ sub do_blog_page_edit ( $c ) { } sub blog_page ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; } sub do_blog_page ( $c ) { - my $blog = $c->stash->{blog} = $c->db->blog( $c->param('id') ); - - if ( $blog->person->id ne $c->stash->{person}->id ) { - $c->render( - text => "Error: This blog isn't owned by you.", - status => 404, - format => 'txt', - ); - return; - } + my $blog = $c->stash->{blog}; my $path = $c->param('pagePath'); my $content = $c->param('pageContent');