ab/web-petting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ab/web-petting:v0.1.12
Branches Tags
ab/web-petting:master
ab/web-petting:v0.1.15 ab/web-petting:v0.1.14 ab/web-petting:v0.1.13 ab/web-petting:v0.1.12 ab/web-petting:v0.1.11 ab/web-petting:v0.1.10 ab/web-petting:v0.1.9 ab/web-petting:v0.1.8 ab/web-petting:v0.1.7 ab/web-petting:v0.1.6 ab/web-petting:v0.1.5 ab/web-petting:v0.1.4 ab/web-petting:v0.1.3 ab/web-petting:v0.1.2
...
compare: ab/web-petting:v0.1.15
Branches Tags
ab/web-petting:master
ab/web-petting:v0.1.15 ab/web-petting:v0.1.14 ab/web-petting:v0.1.13 ab/web-petting:v0.1.12 ab/web-petting:v0.1.11 ab/web-petting:v0.1.10 ab/web-petting:v0.1.9 ab/web-petting:v0.1.8 ab/web-petting:v0.1.7 ab/web-petting:v0.1.6 ab/web-petting:v0.1.5 ab/web-petting:v0.1.4 ab/web-petting:v0.1.3 ab/web-petting:v0.1.2

4 Commits
v0.1.12 ... v0.1.15

Author SHA1 Message Date
Ultradesu 91ca486e64 Added user/visits 'deleted' status, hide it in UI
Build and Publish / Build and Publish Docker Image (push) Successful in 1m22s
Details
2026-06-04 13:41:18 +03:00
Ultradesu 2389bca42b Fixed image transcoding. Paying attention to EXIF orientation data
Build and Publish / Build and Publish Docker Image (push) Successful in 1m24s
Details
2026-06-04 13:08:34 +03:00
Ultradesu 520960d009 Added image compression
Build and Publish / Build and Publish Docker Image (push) Successful in 1m59s
Details
2026-06-02 19:30:05 +03:00
Ultradesu 0cda791d44 Fixed OIDC small bug 2026-05-20 14:43:24 +03:00
9 changed files with 484 additions and 94 deletions
Expand all files Collapse all files
Cargo.lock
Generated
+125 -1
View File
@@ -332,12 +332,24 @@ version = "3.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb"
[[package]]
name = "bytemuck"
version = "1.25.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec"
[[package]]
name = "byteorder"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
[[package]]
name = "byteorder-lite"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"
[[package]]
name = "bytes"
version = "1.11.1"
@@ -630,6 +642,15 @@ version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "217698eaf96b4a3f0bc4f3662aaa55bdf913cd54d7204591faa790070c6d0853"
[[package]]
name = "crc32fast"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"
dependencies = [
"cfg-if",
]
[[package]]
name = "crossbeam-queue"
version = "0.3.12"
@@ -893,12 +914,31 @@ dependencies = [
"pin-project-lite",
]
[[package]]
name = "fdeflate"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e6853b52649d4ac5c0bd02320cddc5ba956bdb407c4b75a2c6b75bf51500f8c"
dependencies = [
"simd-adler32",
]
[[package]]
name = "find-msvc-tools"
version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
[[package]]
name = "flate2"
version = "1.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c"
dependencies = [
"crc32fast",
"miniz_oxide",
]
[[package]]
name = "flume"
version = "0.11.1"
@@ -1434,6 +1474,32 @@ dependencies = [
"icu_properties",
]
[[package]]
name = "image"
version = "0.25.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85ab80394333c02fe689eaf900ab500fbd0c2213da414687ebf995a65d5a6104"
dependencies = [
"bytemuck",
"byteorder-lite",
"image-webp",
"moxcms",
"num-traits",
"png",
"zune-core",
"zune-jpeg",
]
[[package]]
name = "image-webp"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "525e9ff3e1a4be2fbea1fdf0e98686a6d98b4d8f937e1bf7402245af1909e8c3"
dependencies = [
"byteorder-lite",
"quick-error",
]
[[package]]
name = "indexmap"
version = "2.14.0"
@@ -1637,6 +1703,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
dependencies = [
"adler2",
"simd-adler32",
]
[[package]]
@@ -1650,6 +1717,16 @@ dependencies = [
"windows-sys 0.61.2",
]
[[package]]
name = "moxcms"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bb85c154ba489f01b25c0d36ae69a87e4a1c73a72631fc6c0eb6dde34a73e44b"
dependencies = [
"num-traits",
"pxfm",
]
[[package]]
name = "multer"
version = "3.1.0"
@@ -1915,6 +1992,19 @@ version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
[[package]]
name = "png"
version = "0.18.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "60769b8b31b2a9f263dae2776c37b1b28ae246943cf719eb6946a1db05128a61"
dependencies = [
"bitflags",
"crc32fast",
"fdeflate",
"flate2",
"miniz_oxide",
]
[[package]]
name = "potential_utf"
version = "0.1.5"
@@ -1967,6 +2057,18 @@ dependencies = [
"unicode-ident",
]
[[package]]
name = "pxfm"
version = "0.1.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e0c5ccf5294c6ccd63a74f1565028353830a9c2f5eb0c682c355c471726a6e3f"
[[package]]
name = "quick-error"
version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
[[package]]
name = "quinn"
version = "0.11.9"
@@ -2455,6 +2557,12 @@ dependencies = [
"rand_core 0.6.4",
]
[[package]]
name = "simd-adler32"
version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "703d5c7ef118737c72f1af64ad2f6f8c5e1921f818cdcb97b8fe6fc69bf66214"
[[package]]
name = "siphasher"
version = "1.0.2"
@@ -3359,13 +3467,14 @@ dependencies = [
[[package]]
name = "web-petting"
version = "0.1.12"
version = "0.1.14"
dependencies = [
"base64",
"chrono",
"chrono-tz",
"cot",
"futures",
"image",
"multer",
"password-auth",
"reqwest",
@@ -3916,3 +4025,18 @@ name = "zmij"
version = "1.0.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
[[package]]
name = "zune-core"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb8a0807f7c01457d0379ba880ba6322660448ddebc890ce29bb64da71fb40f9"
[[package]]
name = "zune-jpeg"
version = "0.5.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "27bc9d5b815bc103f142aa054f561d9187d191692ec7c2d1e2b4737f8dbd7296"
dependencies = [
"zune-core",
]
Cargo.toml
+2 -1
View File
@@ -1,6 +1,6 @@
[package]
name = "web-petting"
version = "0.1.12"
version = "0.1.15"
edition = "2024"
[dependencies]
@@ -14,6 +14,7 @@ reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"
serde_json = "1"
multer = "3"
futures = "0.3"
image = { version = "0.25", default-features = false, features = ["jpeg", "png", "webp"] }
tokio = { version = "1", features = ["fs"] }
uuid = { version = "1", features = ["v4"] }
base64 = "0.22"
src/admin.rs
+273 -75
View File
@@ -6,7 +6,13 @@ use cot::request::extractors::Path;
use cot::response::{IntoResponse, Redirect, Response};
use cot::router::{Route, Router};
use cot::session::Session;
use image::ImageDecoder;
use image::ImageFormat;
use image::ImageReader;
use image::codecs::jpeg::JpegEncoder;
use image::imageops::FilterType;
use serde::Deserialize;
use std::io::Cursor;
use crate::i18n::{Lang, Translations};
use crate::models::{Client, Lead, Media, Setting, Testimonial, User, Visit};
@@ -14,6 +20,9 @@ use crate::telegram;
const SESSION_USER_ID: &str = "user_id";
const SESSION_USER_NAME: &str = "user_name";
const SESSION_OIDC_STATE: &str = "oidc_state";
const MAX_UPLOADED_IMAGE_DIMENSION: u32 = 1920;
const UPLOADED_IMAGE_JPEG_QUALITY: u8 = 82;
// ---------------------------------------------------------------------------
// Helpers
@@ -91,12 +100,71 @@ fn has_query_flag(request: &Request, flag: &str) -> bool {
fn get_query_param(request: &Request, key: &str) -> Option<String> {
let prefix = format!("{}=", key);
request.uri().query().and_then(|q| {
q.split('&').find_map(|p| {
p.strip_prefix(&prefix).map(|v| v.to_string())
})
q.split('&')
.find_map(|p| p.strip_prefix(&prefix).map(|v| v.to_string()))
})
}
fn image_format_from_ext(ext: &str) -> Option<ImageFormat> {
match ext {
"jpg" | "jpeg" => Some(ImageFormat::Jpeg),
"png" => Some(ImageFormat::Png),
"webp" => Some(ImageFormat::WebP),
_ => None,
}
}
fn transcode_uploaded_image(data: &[u8], ext: &str) -> cot::Result<Option<Vec<u8>>> {
let Some(format) = image_format_from_ext(ext) else {
return Ok(None);
};
let mut decoder = ImageReader::with_format(Cursor::new(data), format)
.into_decoder()
.map_err(|e| cot::Error::internal(e.to_string()))?;
let orientation = decoder
.orientation()
.map_err(|e| cot::Error::internal(e.to_string()))?;
let mut image = image::DynamicImage::from_decoder(decoder)
.map_err(|e| cot::Error::internal(e.to_string()))?;
image.apply_orientation(orientation);
let resized = image.resize(
MAX_UPLOADED_IMAGE_DIMENSION,
MAX_UPLOADED_IMAGE_DIMENSION,
FilterType::Lanczos3,
);
let rgb = resized.to_rgb8();
let mut encoded = Vec::new();
let mut encoder = JpegEncoder::new_with_quality(&mut encoded, UPLOADED_IMAGE_JPEG_QUALITY);
encoder
.encode_image(&rgb)
.map_err(|e| cot::Error::internal(e.to_string()))?;
Ok(Some(encoded))
}
async fn save_uploaded_image(
upload_dir: &str,
file_id: uuid::Uuid,
ext: &str,
data: &[u8],
) -> cot::Result<String> {
if let Some(encoded) = transcode_uploaded_image(data, ext)? {
let path = format!("{}/{}.jpg", upload_dir, file_id);
tokio::fs::write(&path, &encoded)
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
Ok(path)
} else {
let path = format!("{}/{}.{}", upload_dir, file_id, ext);
tokio::fs::write(&path, data)
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
Ok(path)
}
}
/// Soft pastel palette for client calendar colors.
const CLIENT_COLORS: &[&str] = &[
"#7c6ed4", "#5b9bd5", "#4caf93", "#e0915e", "#d46c8e", "#8e6bbf", "#5cb8a5", "#c77c4f",
@@ -298,7 +366,7 @@ struct ScheduleEditTemplate<'a> {
lang: Lang,
admin_name: &'a str,
visit: Visit,
clients: Vec<Client>,
client: Client,
users: Vec<User>,
media: Vec<Media>,
}
@@ -581,31 +649,56 @@ fn decode_jwt_payload(token: &str) -> Option<serde_json::Value> {
serde_json::from_slice(&bytes).ok()
}
async fn oidc_start(request: Request, db: Database) -> cot::Result<Response> {
fn oidc_state_cookie(value: &str, max_age_seconds: u32) -> String {
format!(
"oidc_state={}; Path=/admin/oidc; HttpOnly; SameSite=Lax; Max-Age={}",
value, max_age_seconds,
)
}
fn get_cookie(request: &Request, name: &str) -> Option<String> {
let prefix = format!("{name}=");
request
.headers()
.get("cookie")
.and_then(|v| v.to_str().ok())
.and_then(|cookies| {
cookies.split(';').find_map(|part| {
let part = part.trim();
part.strip_prefix(&prefix).map(|v| v.to_string())
})
})
}
async fn oidc_start(request: Request, session: Session, db: Database) -> cot::Result<Response> {
let lang = detect_lang(&request);
let issuer_url = oidc_setting(&db, "oidc_issuer_url").await?;
let client_id = oidc_setting(&db, "oidc_client_id").await?;
let site_domain = oidc_setting(&db, "site_domain").await?;
if issuer_url.trim().is_empty() || client_id.trim().is_empty() {
return Redirect::new(format!("/admin/login?lang={}&error=sso_provider", lang.code()))
.into_response();
return Redirect::new(format!(
"/admin/login?lang={}&error=sso_provider",
lang.code()
))
.into_response();
}
let authorization_endpoint = match oidc_discover(&issuer_url, "authorization_endpoint").await {
Some(ep) => ep,
None => {
return Redirect::new(format!("/admin/login?lang={}&error=sso_provider", lang.code()))
.into_response();
return Redirect::new(format!(
"/admin/login?lang={}&error=sso_provider",
lang.code()
))
.into_response();
}
};
let state = rand_token();
session.insert(SESSION_OIDC_STATE, state.clone()).await?;
let redirect_uri = format!(
"{}/admin/oidc/callback",
site_domain.trim_end_matches('/')
);
let redirect_uri = format!("{}/admin/oidc/callback", site_domain.trim_end_matches('/'));
let redirect_url = format!(
"{}?response_type=code&client_id={}&redirect_uri={}&scope=openid+profile&state={}",
@@ -615,10 +708,7 @@ async fn oidc_start(request: Request, db: Database) -> cot::Result<Response> {
urlencoding::encode(&state),
);
let state_cookie = format!(
"oidc_state={}; Path=/admin/oidc; HttpOnly; Secure; SameSite=Lax; Max-Age=600",
state,
);
let state_cookie = oidc_state_cookie(&state, 600);
Redirect::new(redirect_url)
.into_response()?
@@ -630,18 +720,18 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
let lang = detect_lang(&request);
let fail = |code: &str| format!("/admin/login?lang={}&error={}", lang.code(), code);
// Read saved state from cookie
let saved_state = request
.headers()
.get("cookie")
.and_then(|v| v.to_str().ok())
.and_then(|cookies| {
cookies.split(';').find_map(|part| {
let part = part.trim();
part.strip_prefix("oidc_state=").map(|v| v.to_string())
})
})
.unwrap_or_default();
// Prefer the server-side session; keep the cookie as a compatibility
// fallback for flows started before this code was deployed.
let saved_state_from_session = session
.get::<String>(SESSION_OIDC_STATE)
.await
.ok()
.flatten();
let saved_state_from_cookie = get_cookie(&request, "oidc_state");
let saved_state = saved_state_from_session
.as_deref()
.or(saved_state_from_cookie.as_deref())
.unwrap_or("");
// Extract code and state from query string
let query_str = request.uri().query().unwrap_or("");
@@ -657,12 +747,20 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
if code.is_empty() || state.is_empty() || state != saved_state {
tracing::warn!(
"OIDC state mismatch: state={state:?}, saved={saved_state:?}, code_empty={}, state_empty={}",
code.is_empty(),
state.is_empty(),
target: "oidc",
has_session_state = saved_state_from_session.is_some(),
has_cookie_state = saved_state_from_cookie.is_some(),
code_empty = code.is_empty(),
state_empty = state.is_empty(),
"OIDC state mismatch",
);
return Redirect::new(fail("sso")).into_response();
let clear_cookie = oidc_state_cookie("", 0);
return Redirect::new(fail("sso"))
.into_response()?
.with_header("set-cookie", clear_cookie)
.into_response();
}
let _ = session.remove::<String>(SESSION_OIDC_STATE).await;
let issuer_url = oidc_setting(&db, "oidc_issuer_url").await?;
let client_id = oidc_setting(&db, "oidc_client_id").await?;
@@ -678,10 +776,7 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
}
};
let redirect_uri = format!(
"{}/admin/oidc/callback",
site_domain.trim_end_matches('/')
);
let redirect_uri = format!("{}/admin/oidc/callback", site_domain.trim_end_matches('/'));
// Exchange code for tokens
let token_resp = reqwest::Client::new()
@@ -743,7 +838,11 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
// Check group membership
let allowed_groups = oidc_setting(&db, "oidc_allowed_groups").await?;
if !allowed_groups.trim().is_empty() {
let required: Vec<&str> = allowed_groups.split(',').map(|s| s.trim()).filter(|s| !s.is_empty()).collect();
let required: Vec<&str> = allowed_groups
.split(',')
.map(|s| s.trim())
.filter(|s| !s.is_empty())
.collect();
let user_groups: Vec<String> = claims
.get("groups")
.and_then(|v| v.as_array())
@@ -755,9 +854,9 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
})
.unwrap_or_default();
let has_group = required.iter().any(|r| {
user_groups.iter().any(|ug| ug.eq_ignore_ascii_case(r))
});
let has_group = required
.iter()
.any(|r| user_groups.iter().any(|ug| ug.eq_ignore_ascii_case(r)));
if !has_group {
tracing::warn!(
@@ -769,11 +868,15 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
// Find or create user
let login = preferred_username.clone();
let user = query!(User, $login == login).get(&db).await?;
let existing = query!(User, $login == login).get(&db).await?;
let user = match user {
Some(u) => u,
let user = match existing {
Some(u) => {
tracing::info!(target: "oidc", username = %u.login, "SSO login: existing user");
u
}
None => {
tracing::info!(target: "oidc", username = %preferred_username, "SSO login: creating new user");
let mut new_user = User {
id: Auto::auto(),
login: preferred_username.clone(),
@@ -786,24 +889,40 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
updated_at: now_utc(),
};
new_user.save(&db).await?;
new_user
// Re-query to get the DB-assigned id (Auto::auto() may not be
// populated in the struct after save)
let login2 = preferred_username.clone();
match query!(User, $login == login2).get(&db).await? {
Some(u) => {
tracing::info!(target: "oidc", username = %u.login, id = ?u.id, "SSO login: new user created and fetched");
u
}
None => {
tracing::error!(target: "oidc", username = %preferred_username, "SSO login: user not found after creation");
return Redirect::new(fail("sso")).into_response();
}
}
}
};
if user.status != "active" {
tracing::warn!(target: "oidc", username = %user.login, status = %user.status, "SSO login: user disabled");
return Redirect::new(fail("sso_disabled")).into_response();
}
let display = user
let session_name = user
.display_name
.as_deref()
.filter(|s| !s.is_empty())
.unwrap_or(&user.login)
.to_string();
tracing::info!(target: "oidc", username = %user.login, display_name = %session_name, "SSO login: session established");
session.insert(SESSION_USER_ID, user.id.unwrap()).await?;
session.insert(SESSION_USER_NAME, display).await?;
session.insert(SESSION_USER_NAME, session_name).await?;
// Clear the oidc_state cookie
let clear_cookie = "oidc_state=; Path=/admin/oidc; HttpOnly; Secure; SameSite=Lax; Max-Age=0";
let clear_cookie = oidc_state_cookie("", 0);
Redirect::new(format!("/admin/?lang={}", lang.code()))
.into_response()?
.with_header("set-cookie", clear_cookie)
@@ -824,8 +943,10 @@ async fn admin_index(request: Request, session: Session, db: Database) -> cot::R
let tz = crate::tz::load_tz(&db).await;
let today = crate::tz::today_in_tz(tz);
let all_visits = Visit::objects().all(&db).await?;
let clients = Client::objects().all(&db).await?;
let mut all_visits = Visit::objects().all(&db).await?;
all_visits.retain(|v| v.status != "deleted");
let mut clients = Client::objects().all(&db).await?;
clients.retain(|c| c.status != "deleted");
let mut today_visits: Vec<TodayVisit> = all_visits
.iter()
@@ -848,9 +969,7 @@ async fn admin_index(request: Request, session: Session, db: Database) -> cot::R
let mut all_feedbacks: Vec<RecentFeedback> = all_visits
.iter()
.filter(|v| {
v.user_id.primary_key().unwrap() == user_id && v.client_feedback.is_some()
})
.filter(|v| v.user_id.primary_key().unwrap() == user_id && v.client_feedback.is_some())
.map(|v| {
let cid: i64 = v.client_id.primary_key().unwrap();
let client_name = clients
@@ -929,11 +1048,12 @@ async fn clients_page(request: Request, session: Session, db: Database) -> cot::
Err(resp) => return Ok(resp),
};
let show_all = has_query_flag(&request, "all");
let clients = if show_all {
let mut clients = if show_all {
Client::objects().all(&db).await?
} else {
query!(Client, $status == "active").all(&db).await?
};
clients.retain(|c| c.status != "deleted");
let body = ClientsTemplate {
t: lang.t(),
lang,
@@ -1347,6 +1467,24 @@ async fn client_activate(
Redirect::new(format!("/admin/clients?lang={}", lang.code())).into_response()
}
async fn client_delete(
request: Request,
session: Session,
db: Database,
Path(client_id): Path<i64>,
) -> cot::Result<Response> {
let lang = detect_lang(&request);
if let Err(resp) = require_auth(&session, lang).await {
return Ok(resp);
}
if let Some(mut client) = query!(Client, $id == client_id).get(&db).await? {
client.status = "deleted".to_string();
client.updated_at = now_utc();
client.save(&db).await?;
}
Redirect::new(format!("/admin/clients?lang={}", lang.code())).into_response()
}
async fn user_archive(
request: Request,
session: Session,
@@ -1564,12 +1702,18 @@ async fn schedule_events(
let mut events = Vec::new();
for v in &visits {
if v.status == "deleted" {
continue;
}
if v.visit_date < start_date || v.visit_date > end_date {
continue;
}
let client_id_val: i64 = v.client_id.primary_key().unwrap();
let user_id_val: i64 = v.user_id.primary_key().unwrap();
let client = clients.iter().find(|c| c.id.unwrap() == client_id_val);
if client.map(|c| c.status.as_str()) == Some("deleted") {
continue;
}
let user = users.iter().find(|u| u.id.unwrap() == user_id_val);
let client_name = client.map(|c| c.name.as_str()).unwrap_or("?");
let client_phone = client.and_then(|c| c.phone.as_deref()).unwrap_or("");
@@ -1693,7 +1837,16 @@ async fn schedule_edit_page(
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
};
let clients = query!(Client, $status == "active").all(&db).await?;
if visit.status == "deleted" {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
let client_id: i64 = visit.client_id.primary_key().unwrap();
let client = match query!(Client, $id == client_id).get(&db).await? {
Some(c) => c,
None => {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
};
let users = query!(User, $status == "active").all(&db).await?;
let mut visit_media = Media::objects().all(&db).await?;
visit_media.retain(|m| {
@@ -1709,7 +1862,7 @@ async fn schedule_edit_page(
lang,
admin_name: &admin_name,
visit,
clients,
client,
users,
media: visit_media,
}
@@ -1719,7 +1872,6 @@ async fn schedule_edit_page(
#[derive(Deserialize)]
struct EditVisitForm {
client_id: i64,
user_id: i64,
visit_date: String,
time_start: String,
@@ -1740,7 +1892,9 @@ async fn schedule_edit_submit(
return Ok(resp);
}
if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? {
visit.client_id = ForeignKey::PrimaryKey(Auto::fixed(form.client_id));
if visit.status == "deleted" {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
visit.user_id = ForeignKey::PrimaryKey(Auto::fixed(form.user_id));
if let Ok(d) = chrono::NaiveDate::parse_from_str(&form.visit_date, "%Y-%m-%d") {
visit.visit_date = d;
@@ -1766,7 +1920,11 @@ async fn visit_delete(
if let Err(resp) = require_auth(&session, lang).await {
return Ok(resp);
}
query!(Visit, $id == visit_id).delete(&db).await?;
if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? {
visit.status = "deleted".to_string();
visit.updated_at = now_utc();
visit.save(&db).await?;
}
Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response()
}
@@ -1781,6 +1939,9 @@ async fn visit_set_done(
return Ok(resp);
}
if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? {
if visit.status == "deleted" {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
visit.status = "completed".to_string();
visit.updated_at = now_utc();
visit.save(&db).await?;
@@ -1799,6 +1960,9 @@ async fn visit_set_cancel(
return Ok(resp);
}
if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? {
if visit.status == "deleted" {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
visit.status = "cancelled".to_string();
visit.updated_at = now_utc();
visit.save(&db).await?;
@@ -1828,16 +1992,40 @@ async fn media_page(request: Request, session: Session, db: Database) -> cot::Re
})
.unwrap_or(0);
let clients_all = Client::objects().all(&db).await?;
let visits_all = Visit::objects().all(&db).await?;
let mut media_list = Media::objects().all(&db).await?;
media_list.retain(|m| m.status == "active");
media_list.retain(|m| {
if m.status != "active" {
return false;
}
let cid: i64 = m.client_id.primary_key().unwrap();
if clients_all
.iter()
.find(|c| c.id.unwrap() == cid)
.map(|c| c.status.as_str())
== Some("deleted")
{
return false;
}
if let Some(fk) = &m.visit_id {
let vid: i64 = fk.primary_key().unwrap();
if visits_all
.iter()
.find(|v| v.id.unwrap() == vid)
.map(|v| v.status.as_str())
== Some("deleted")
{
return false;
}
}
true
});
if filter_client_id > 0 {
media_list.retain(|m| m.client_id.primary_key().unwrap() == filter_client_id);
}
media_list.sort_by(|a, b| b.created_at.cmp(&a.created_at));
let clients_all = Client::objects().all(&db).await?;
let visits_all = Visit::objects().all(&db).await?;
let items: Vec<MediaItem> = media_list
.into_iter()
.map(|m| {
@@ -1891,6 +2079,9 @@ async fn media_upload_page(
Some(v) => v,
None => return Redirect::new(format!("/admin/?lang={}", lang.code())).into_response(),
};
if visit.status == "deleted" {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
let cid: i64 = visit.client_id.primary_key().unwrap();
let client = query!(Client, $id == cid).get(&db).await?;
let client_name = client.map(|c| c.name).unwrap_or_default();
@@ -1939,6 +2130,9 @@ async fn media_upload_submit(
Some(v) => v,
None => return Redirect::new(format!("/admin/?lang={}", lang.code())).into_response(),
};
if visit.status == "deleted" {
return Redirect::new(format!("/admin/schedule?lang={}", lang.code())).into_response();
}
let client_id: i64 = visit.client_id.primary_key().unwrap();
let bytes = request.into_body().into_bytes().await?;
@@ -1988,7 +2182,6 @@ async fn media_upload_submit(
};
let file_id = uuid::Uuid::new_v4();
let file_path = format!("{}/{}.{}", upload_dir, file_id, ext);
let data = field
.bytes()
@@ -1997,9 +2190,15 @@ async fn media_upload_submit(
if data.is_empty() {
continue;
}
tokio::fs::write(&file_path, &data)
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
let file_path = if file_type == "photo" {
save_uploaded_image(&upload_dir, file_id, &ext, &data).await?
} else {
let path = format!("{}/{}.{}", upload_dir, file_id, ext);
tokio::fs::write(&path, &data)
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
path
};
saved_files.push((file_path, file_type.to_string()));
}
@@ -2209,10 +2408,7 @@ async fn testimonial_add(
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
let file_id = uuid::Uuid::new_v4();
let path = format!("{}/{}.{}", upload_dir, file_id, ext);
tokio::fs::write(&path, &data)
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
let path = save_uploaded_image(upload_dir, file_id, &ext, &data).await?;
image_path = Some(path);
}
_ => {}
@@ -2360,10 +2556,7 @@ async fn testimonial_edit(
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
let file_id = uuid::Uuid::new_v4();
let path = format!("{}/{}.{}", upload_dir, file_id, ext);
tokio::fs::write(&path, &data)
.await
.map_err(|e| cot::Error::internal(e.to_string()))?;
let path = save_uploaded_image(upload_dir, file_id, &ext, &data).await?;
new_image_path = Some(path);
}
_ => {}
@@ -2475,6 +2668,11 @@ pub fn admin_router() -> Router {
client_activate,
"admin-client-activate",
),
Route::with_handler_and_name(
"/clients/{client_id}/delete",
client_delete,
"admin-client-delete",
),
Route::with_handler_and_name("/schedule", schedule_page, "admin-schedule"),
Route::with_handler_and_name("/schedule/new", schedule_new_page, "admin-schedule-new"),
Route::with_handler_and_name("/schedule/events", schedule_events, "admin-schedule-events"),
src/i18n.rs
+14
View File
@@ -103,8 +103,11 @@ pub struct Translations {
pub clients_media_link: &'static str,
pub clients_add_title: &'static str,
pub clients_add_button: &'static str,
pub clients_delete: &'static str,
pub clients_delete_confirm: &'static str,
pub client_status_active: &'static str,
pub client_status_archived: &'static str,
pub client_status_deleted: &'static str,
// Users
pub users_title: &'static str,
@@ -256,6 +259,7 @@ pub struct Translations {
pub visit_status_scheduled: &'static str,
pub visit_status_completed: &'static str,
pub visit_status_cancelled: &'static str,
pub visit_status_deleted: &'static str,
pub schedule_mark_done: &'static str,
pub schedule_cancel: &'static str,
pub schedule_edit_title: &'static str,
@@ -336,8 +340,11 @@ static RU: Translations = Translations {
clients_media_link: "Медиа",
clients_add_title: "Добавить клиента",
clients_add_button: "Добавить",
clients_delete: "Удалить клиента",
clients_delete_confirm: "Точно удалить этого клиента?",
client_status_active: "Активный",
client_status_archived: "Архив",
client_status_deleted: "Удалён",
users_title: "Администраторы",
users_login: "Логин",
@@ -453,6 +460,7 @@ static RU: Translations = Translations {
visit_status_scheduled: "Запланирован",
visit_status_completed: "Выполнен",
visit_status_cancelled: "Отменён",
visit_status_deleted: "Удалён",
schedule_mark_done: "Выполнен",
schedule_cancel: "Отменить",
schedule_edit_title: "Редактировать визит",
@@ -557,8 +565,11 @@ static EN: Translations = Translations {
clients_media_link: "Media",
clients_add_title: "Add Client",
clients_add_button: "Add",
clients_delete: "Delete client",
clients_delete_confirm: "Are you sure you want to delete this client?",
client_status_active: "Active",
client_status_archived: "Archived",
client_status_deleted: "Deleted",
users_title: "Administrators",
users_login: "Login",
@@ -674,6 +685,7 @@ static EN: Translations = Translations {
visit_status_scheduled: "Scheduled",
visit_status_completed: "Completed",
visit_status_cancelled: "Cancelled",
visit_status_deleted: "Deleted",
schedule_mark_done: "Done",
schedule_cancel: "Cancel",
schedule_edit_title: "Edit Visit",
@@ -760,6 +772,7 @@ impl Translations {
"scheduled" => self.visit_status_scheduled,
"completed" => self.visit_status_completed,
"cancelled" => self.visit_status_cancelled,
"deleted" => self.visit_status_deleted,
_ => "?",
}
}
@@ -768,6 +781,7 @@ impl Translations {
match status {
"active" => self.client_status_active,
"archived" => self.client_status_archived,
"deleted" => self.client_status_deleted,
_ => "?",
}
}
src/main.rs
+20 -2
View File
@@ -51,14 +51,32 @@ impl App for PublicApp {
struct PettingProject;
fn parse_bool_env(name: &str) -> Option<bool> {
let value = std::env::var(name).ok()?;
match value.trim().to_ascii_lowercase().as_str() {
"1" | "true" | "yes" | "on" => Some(true),
"0" | "false" | "no" | "off" => Some(false),
_ => None,
}
}
fn debug_enabled(config_name: &str) -> bool {
parse_bool_env("WEB_PETTING_DEBUG").unwrap_or_else(|| {
matches!(
config_name,
"dev" | "development" | "debug" | "local" | "test"
)
})
}
impl Project for PettingProject {
fn cli_metadata(&self) -> CliMetadata {
cot::cli::metadata!()
}
fn config(&self, _config_name: &str) -> cot::Result<ProjectConfig> {
fn config(&self, config_name: &str) -> cot::Result<ProjectConfig> {
Ok(ProjectConfig::builder()
.debug(true)
.debug(debug_enabled(config_name))
.database(
DatabaseConfig::builder()
.url("sqlite://db.sqlite3?mode=rwc")
src/models.rs
+3 -1
View File
@@ -43,6 +43,7 @@ pub enum VisitStatus {
Scheduled,
Completed,
Cancelled,
Deleted,
}
impl VisitStatus {
@@ -51,6 +52,7 @@ impl VisitStatus {
Self::Scheduled => "scheduled",
Self::Completed => "completed",
Self::Cancelled => "cancelled",
Self::Deleted => "deleted",
}
}
}
@@ -146,7 +148,7 @@ pub struct Visit {
pub public_notes: Option<String>,
/// Feedback text from client via portal.
pub client_feedback: Option<String>,
/// scheduled | completed | cancelled
/// scheduled | completed | cancelled | deleted
pub status: String,
pub created_at: chrono::NaiveDateTime,
pub updated_at: chrono::NaiveDateTime,
src/public.rs
+26 -4
View File
@@ -240,7 +240,8 @@ async fn client_portal(
.unwrap_or(false);
let client = match query!(Client, $media_token == token).get(&db).await? {
Some(c) => c,
Some(c) if c.status != "deleted" => c,
Some(_) => return Html::new("404").into_response(),
None => return Html::new("404").into_response(),
};
@@ -249,7 +250,11 @@ async fn client_portal(
let today = crate::tz::today_in_tz(tz);
let mut visits = Visit::objects().all(&db).await?;
visits.retain(|v| v.client_id.primary_key().unwrap() == client_id && v.status != "cancelled");
visits.retain(|v| {
v.client_id.primary_key().unwrap() == client_id
&& v.status != "cancelled"
&& v.status != "deleted"
});
visits.sort_by(|a, b| {
a.visit_date
.cmp(&b.visit_date)
@@ -327,7 +332,8 @@ async fn submit_feedback(
// Verify token matches visit's client
let token_clone = token.clone();
let client = match query!(Client, $media_token == token).get(&db).await? {
Some(c) => c,
Some(c) if c.status != "deleted" => c,
Some(_) => return Html::new("404").into_response(),
None => return Html::new("404").into_response(),
};
let client_id = client.id.unwrap();
@@ -346,6 +352,14 @@ async fn submit_feedback(
}
if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? {
if visit.status == "deleted" {
return Redirect::new(format!(
"/client/{}?lang={}",
token_clone,
lang.code()
))
.into_response();
}
if visit.client_id.primary_key().unwrap() == client_id {
visit.client_feedback = Some(form.feedback);
visit.updated_at = now_utc();
@@ -369,7 +383,8 @@ async fn portal_media(
) -> cot::Result<Response> {
// Verify token
let client = match query!(Client, $media_token == token).get(&db).await? {
Some(c) => c,
Some(c) if c.status != "deleted" => c,
Some(_) => return Html::new("404").into_response(),
None => return Html::new("404").into_response(),
};
let client_id = client.id.unwrap();
@@ -378,6 +393,13 @@ async fn portal_media(
Some(m) if m.client_id.primary_key().unwrap() == client_id && m.status == "active" => m,
_ => return Html::new("404").into_response(),
};
if let Some(fk) = &media.visit_id {
let visit_id: i64 = fk.primary_key().unwrap();
match query!(Visit, $id == visit_id).get(&db).await? {
Some(v) if v.status != "deleted" => {}
_ => return Html::new("404").into_response(),
}
}
match tokio::fs::read(&media.file_path).await {
Ok(data) => {
templates/admin/client_form.html
+6 -1
View File
@@ -76,11 +76,16 @@
<form method="post" action="/admin/clients/{{ client_id }}/archive">
<button type="submit" class="button is-warning is-outlined is-fullwidth">{{ t.action_archive }}</button>
</form>
{% else %}
{% else if client_status == "archived" %}
<form method="post" action="/admin/clients/{{ client_id }}/activate">
<button type="submit" class="button is-success is-outlined is-fullwidth">{{ t.action_activate }}</button>
</form>
{% endif %}
{% if client_status != "deleted" %}
<form method="post" action="/admin/clients/{{ client_id }}/delete" onsubmit="return confirm('{{ t.clients_delete_confirm }}');" style="margin-top:0.75rem;">
<button type="submit" class="button is-danger is-outlined is-fullwidth">{{ t.clients_delete }}</button>
</form>
{% endif %}
{% endif %}
</div>
{% endblock %}
templates/admin/schedule_edit.html
+15 -9
View File
@@ -14,15 +14,7 @@
<div class="field">
<label class="label">{{ t.schedule_client }}</label>
<div class="control">
<div class="select is-fullwidth">
<select name="client_id" required>
{% for c in &clients %}
<option value="{{ c.id }}" {% if c.id.unwrap() == visit.client_id.primary_key().unwrap() %}selected{% endif %}>
{{ c.name }}{% if let Some(p) = c.phone.as_deref() %} ({{ p }}){% endif %}
</option>
{% endfor %}
</select>
</div>
<input class="input" type="text" value="{{ client.name }}{% if let Some(p) = client.phone.as_deref() %} ({{ p }}){% endif %}" readonly>
</div>
</div>
@@ -132,6 +124,9 @@
{% if let Some(cap) = m.caption.as_deref() %}
<div class="media-cap">{{ cap }}</div>
{% endif %}
<div class="visit-media-delete">
<button type="submit" form="visit-media-delete-{{ m.id.unwrap() }}" class="button is-small is-danger is-outlined">{{ t.media_delete }}</button>
</div>
</div>
{% endfor %}
</div>
@@ -141,6 +136,9 @@
<button type="submit" class="button is-primary is-fullwidth">{{ t.schedule_save }}</button>
</form>
{% for m in &media %}
<form id="visit-media-delete-{{ m.id.unwrap() }}" method="post" action="/admin/media/{{ m.id }}/delete" onsubmit="return confirm('{{ t.media_delete_confirm }}');"></form>
{% endfor %}
<hr style="margin:1rem 0;">
<form method="post" action="/admin/schedule/{{ visit.id }}/delete" onsubmit="return confirm('{{ t.schedule_delete_confirm }}');">
@@ -254,6 +252,14 @@
overflow: hidden;
text-overflow: ellipsis;
}
.visit-media-delete {
padding: 0.25rem 0.4rem 0.4rem;
}
.visit-media-delete .button {
width: 100%;
font-size: 0.68rem;
min-height: 1.65rem;
}
.upload-modal-bg {
display: none;
position: fixed;