ab/web-petting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ab/web-petting:v0.1.9
Branches Tags
ab/web-petting:master
ab/web-petting:v0.1.15 ab/web-petting:v0.1.14 ab/web-petting:v0.1.13 ab/web-petting:v0.1.12 ab/web-petting:v0.1.11 ab/web-petting:v0.1.10 ab/web-petting:v0.1.9 ab/web-petting:v0.1.8 ab/web-petting:v0.1.7 ab/web-petting:v0.1.6 ab/web-petting:v0.1.5 ab/web-petting:v0.1.4 ab/web-petting:v0.1.3 ab/web-petting:v0.1.2
...
compare: ab/web-petting:v0.1.12
Branches Tags
ab/web-petting:master
ab/web-petting:v0.1.15 ab/web-petting:v0.1.14 ab/web-petting:v0.1.13 ab/web-petting:v0.1.12 ab/web-petting:v0.1.11 ab/web-petting:v0.1.10 ab/web-petting:v0.1.9 ab/web-petting:v0.1.8 ab/web-petting:v0.1.7 ab/web-petting:v0.1.6 ab/web-petting:v0.1.5 ab/web-petting:v0.1.4 ab/web-petting:v0.1.3 ab/web-petting:v0.1.2

10 Commits
v0.1.9 ... v0.1.12

Author SHA1 Message Date
ab a65488c304 Added OIDC auth
Build and Publish / Build and Publish Docker Image (push) Successful in 1m49s
Details
2026-05-19 00:57:05 +03:00
ab 4d9d0a894c Added OIDC auth
Build and Publish / Build and Publish Docker Image (push) Successful in 2m53s
Details
2026-05-19 00:32:36 +03:00
ab fd1e78ba8c Added OIDC auth
Build and Publish / Build and Publish Docker Image (push) Successful in 1m49s
Details
2026-05-19 00:16:22 +03:00
ab 99e2cbc1f0 Added OIDC auth
Build and Publish / Build and Publish Docker Image (push) Successful in 1m51s
Details
2026-05-18 23:50:34 +03:00
ab 71f444b9aa Added claudflare Turnstile captcha support 2026-05-18 23:09:07 +03:00
ab a8de7cfa33 Added claudflare Turnstile captcha support
Build and Publish / Build and Publish Docker Image (push) Successful in 3m29s
Details
2026-05-18 22:30:36 +03:00
ab f7dcefeea6 Added claudflare Turnstile captcha support
Build and Publish / Build and Publish Docker Image (push) Successful in 7m6s
Details
2026-05-18 22:12:54 +03:00
ab 757ebea2ba Added claudflare Turnstile captcha support
Build and Publish / Build and Publish Docker Image (push) Successful in 1m56s
Details
2026-05-18 21:48:30 +03:00
ab 4d41513994 Added claudflare Turnstile captcha support 2026-05-18 21:48:02 +03:00
Ultradesu 43441ee430 Reworked calendar form
Build and Publish / Build and Publish Docker Image (push) Successful in 2m17s
Details
2026-05-18 17:07:43 +03:00
12 changed files with 1120 additions and 191 deletions
Expand all files Collapse all files
Cargo.lock
Generated
+109 -1
View File
@@ -29,6 +29,15 @@ dependencies = [
"zerocopy", "zerocopy",
] ]
[[package]]
name = "aho-corasick"
version = "1.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
dependencies = [
"memchr",
]
[[package]] [[package]]
name = "allocator-api2" name = "allocator-api2"
version = "0.2.21" version = "0.2.21"
@@ -1574,6 +1583,15 @@ version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
[[package]]
name = "matchers"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
dependencies = [
"regex-automata",
]
[[package]] [[package]]
name = "matchit" name = "matchit"
version = "0.8.4" version = "0.8.4"
@@ -1649,6 +1667,15 @@ dependencies = [
"version_check", "version_check",
] ]
[[package]]
name = "nu-ansi-term"
version = "0.50.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
dependencies = [
"windows-sys 0.61.2",
]
[[package]] [[package]]
name = "num-bigint-dig" name = "num-bigint-dig"
version = "0.8.6" version = "0.8.6"
@@ -2093,6 +2120,23 @@ dependencies = [
"bitflags", "bitflags",
] ]
[[package]]
name = "regex-automata"
version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f"
dependencies = [
"aho-corasick",
"memchr",
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.8.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
[[package]] [[package]]
name = "reqwest" name = "reqwest"
version = "0.12.28" version = "0.12.28"
@@ -2376,6 +2420,15 @@ dependencies = [
"digest", "digest",
] ]
[[package]]
name = "sharded-slab"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
dependencies = [
"lazy_static",
]
[[package]] [[package]]
name = "shlex" name = "shlex"
version = "1.3.0" version = "1.3.0"
@@ -2724,6 +2777,15 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "thread_local"
version = "1.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185"
dependencies = [
"cfg-if",
]
[[package]] [[package]]
name = "time" name = "time"
version = "0.3.47" version = "0.3.47"
@@ -3012,6 +3074,36 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
dependencies = [ dependencies = [
"once_cell", "once_cell",
"valuable",
]
[[package]]
name = "tracing-log"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
dependencies = [
"log",
"once_cell",
"tracing-core",
]
[[package]]
name = "tracing-subscriber"
version = "0.3.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
dependencies = [
"matchers",
"nu-ansi-term",
"once_cell",
"regex-automata",
"sharded-slab",
"smallvec",
"thread_local",
"tracing",
"tracing-core",
"tracing-log",
] ]
[[package]] [[package]]
@@ -3090,6 +3182,12 @@ dependencies = [
"serde_derive", "serde_derive",
] ]
[[package]]
name = "urlencoding"
version = "2.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
[[package]] [[package]]
name = "utf8_iter" name = "utf8_iter"
version = "1.0.4" version = "1.0.4"
@@ -3113,6 +3211,12 @@ dependencies = [
"wasm-bindgen", "wasm-bindgen",
] ]
[[package]]
name = "valuable"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
[[package]] [[package]]
name = "vcpkg" name = "vcpkg"
version = "0.2.15" version = "0.2.15"
@@ -3255,8 +3359,9 @@ dependencies = [
[[package]] [[package]]
name = "web-petting" name = "web-petting"
version = "0.1.8" version = "0.1.12"
dependencies = [ dependencies = [
"base64",
"chrono", "chrono",
"chrono-tz", "chrono-tz",
"cot", "cot",
@@ -3268,6 +3373,9 @@ dependencies = [
"serde_html_form", "serde_html_form",
"serde_json", "serde_json",
"tokio", "tokio",
"tracing",
"tracing-subscriber",
"urlencoding",
"uuid", "uuid",
] ]
Cargo.toml
+4 -1
View File
@@ -1,6 +1,6 @@
[package] [package]
name = "web-petting" name = "web-petting"
version = "0.1.9" version = "0.1.12"
edition = "2024" edition = "2024"
[dependencies] [dependencies]
@@ -16,4 +16,7 @@ multer = "3"
futures = "0.3" futures = "0.3"
tokio = { version = "1", features = ["fs"] } tokio = { version = "1", features = ["fs"] }
uuid = { version = "1", features = ["v4"] } uuid = { version = "1", features = ["v4"] }
base64 = "0.22"
urlencoding = "2"
tracing = "0.1" tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
src/admin.rs
+409 -1
View File
@@ -88,6 +88,15 @@ fn has_query_flag(request: &Request, flag: &str) -> bool {
.unwrap_or(false) .unwrap_or(false)
} }
fn get_query_param(request: &Request, key: &str) -> Option<String> {
let prefix = format!("{}=", key);
request.uri().query().and_then(|q| {
q.split('&').find_map(|p| {
p.strip_prefix(&prefix).map(|v| v.to_string())
})
})
}
/// Soft pastel palette for client calendar colors. /// Soft pastel palette for client calendar colors.
const CLIENT_COLORS: &[&str] = &[ const CLIENT_COLORS: &[&str] = &[
"#7c6ed4", "#5b9bd5", "#4caf93", "#e0915e", "#d46c8e", "#8e6bbf", "#5cb8a5", "#c77c4f", "#7c6ed4", "#5b9bd5", "#4caf93", "#e0915e", "#d46c8e", "#8e6bbf", "#5cb8a5", "#c77c4f",
@@ -193,6 +202,9 @@ struct LoginTemplate<'a> {
t: &'a Translations, t: &'a Translations,
lang: Lang, lang: Lang,
error: Option<String>, error: Option<String>,
turnstile_site_key: String,
auth_password_enabled: bool,
auth_sso_enabled: bool,
} }
#[derive(Debug, Template)] #[derive(Debug, Template)]
@@ -254,6 +266,8 @@ struct SettingsTemplate<'a> {
admin_name: &'a str, admin_name: &'a str,
settings: Vec<Setting>, settings: Vec<Setting>,
saved: bool, saved: bool,
auth_password_checked: bool,
auth_sso_checked: bool,
} }
#[derive(Debug, Template)] #[derive(Debug, Template)]
@@ -274,6 +288,7 @@ struct ScheduleNewTemplate<'a> {
clients: Vec<Client>, clients: Vec<Client>,
users: Vec<User>, users: Vec<User>,
current_user_id: i64, current_user_id: i64,
timezone: String,
} }
#[derive(Debug, Template)] #[derive(Debug, Template)]
@@ -345,10 +360,55 @@ async fn login_page(request: Request, session: Session, db: Database) -> cot::Re
return Redirect::new(format!("/admin/setup?lang={}", lang.code())).into_response(); return Redirect::new(format!("/admin/setup?lang={}", lang.code())).into_response();
} }
let turnstile_site_key = crate::turnstile::get_site_key(&db).await?;
let settings = Setting::objects().all(&db).await?;
let get_val = |key: &str| -> String {
settings
.iter()
.find(|s| s.key == key)
.map(|s| s.value.clone())
.unwrap_or_default()
};
let password_setting = get_val("auth_password_enabled");
let sso_setting = get_val("auth_sso_enabled");
let oidc_configured = !get_val("oidc_issuer_url").trim().is_empty();
// Default: password enabled if setting was never saved
let auth_password_enabled = if password_setting.is_empty() {
true
} else {
password_setting == "true"
};
let auth_sso_enabled = sso_setting == "true" && oidc_configured;
// Fallback: if neither is enabled, show password form
let (auth_password_enabled, auth_sso_enabled) = if !auth_password_enabled && !auth_sso_enabled {
(true, false)
} else {
(auth_password_enabled, auth_sso_enabled)
};
let error = get_query_param(&request, "error").map(|code| {
let t = lang.t();
match code.as_str() {
"sso_group" => t.login_sso_error_group,
"sso_provider" => t.login_sso_error_provider,
"sso_disabled" => t.login_sso_error_user_disabled,
"sso" => t.login_sso_error,
_ => t.login_sso_error,
}
.to_string()
});
let body = LoginTemplate { let body = LoginTemplate {
t: lang.t(), t: lang.t(),
lang, lang,
error: None, error,
turnstile_site_key,
auth_password_enabled,
auth_sso_enabled,
} }
.render()?; .render()?;
html_response(body, lang) html_response(body, lang)
@@ -424,11 +484,27 @@ async fn setup_submit(request: Request, session: Session, db: Database) -> cot::
struct LoginForm { struct LoginForm {
login: String, login: String,
password: String, password: String,
#[serde(default, rename = "cf-turnstile-response")]
cf_turnstile_response: Option<String>,
} }
async fn login_submit(request: Request, session: Session, db: Database) -> cot::Result<Response> { async fn login_submit(request: Request, session: Session, db: Database) -> cot::Result<Response> {
let (lang, form): (_, LoginForm) = parse_form_from_request(request).await?; let (lang, form): (_, LoginForm) = parse_form_from_request(request).await?;
if !crate::turnstile::verify(&db, form.cf_turnstile_response.as_deref()).await? {
let turnstile_site_key = crate::turnstile::get_site_key(&db).await?;
let body = LoginTemplate {
t: lang.t(),
lang,
error: Some(lang.t().login_error.to_string()),
turnstile_site_key,
auth_password_enabled: true,
auth_sso_enabled: false,
}
.render()?;
return html_response(body, lang);
}
let login = form.login.clone(); let login = form.login.clone();
let user = query!(User, $login == login && $status == "active") let user = query!(User, $login == login && $status == "active")
.get(&db) .get(&db)
@@ -447,10 +523,14 @@ async fn login_submit(request: Request, session: Session, db: Database) -> cot::
} }
} }
let turnstile_site_key = crate::turnstile::get_site_key(&db).await?;
let body = LoginTemplate { let body = LoginTemplate {
t: lang.t(), t: lang.t(),
lang, lang,
error: Some(lang.t().login_error.to_string()), error: Some(lang.t().login_error.to_string()),
turnstile_site_key,
auth_password_enabled: true,
auth_sso_enabled: false,
} }
.render()?; .render()?;
html_response(body, lang) html_response(body, lang)
@@ -462,6 +542,274 @@ async fn logout(request: Request, session: Session) -> cot::Result<Response> {
Redirect::new(format!("/admin/login?lang={}", lang.code())).into_response() Redirect::new(format!("/admin/login?lang={}", lang.code())).into_response()
} }
// ---------------------------------------------------------------------------
// OIDC Handlers
// ---------------------------------------------------------------------------
/// Read an OIDC-related setting from the DB, returning empty string if absent.
async fn oidc_setting(db: &Database, name: &str) -> cot::Result<String> {
let k = name.to_string();
Ok(query!(Setting, $key == k)
.get(db)
.await?
.map(|s| s.value)
.unwrap_or_default())
}
/// Fetch the OpenID Connect discovery document and extract a field.
async fn oidc_discover(issuer_url: &str, field: &str) -> Option<String> {
let url = format!(
"{}/.well-known/openid-configuration",
issuer_url.trim_end_matches('/')
);
let resp = reqwest::Client::new().get(&url).send().await.ok()?;
let json: serde_json::Value = resp.json().await.ok()?;
json.get(field)?.as_str().map(|s| s.to_string())
}
/// Decode the payload of a JWT (base64url, no signature verification).
fn decode_jwt_payload(token: &str) -> Option<serde_json::Value> {
use base64::Engine;
let parts: Vec<&str> = token.split('.').collect();
if parts.len() != 3 {
return None;
}
let payload = parts[1];
let bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD
.decode(payload)
.ok()?;
serde_json::from_slice(&bytes).ok()
}
async fn oidc_start(request: Request, db: Database) -> cot::Result<Response> {
let lang = detect_lang(&request);
let issuer_url = oidc_setting(&db, "oidc_issuer_url").await?;
let client_id = oidc_setting(&db, "oidc_client_id").await?;
let site_domain = oidc_setting(&db, "site_domain").await?;
if issuer_url.trim().is_empty() || client_id.trim().is_empty() {
return Redirect::new(format!("/admin/login?lang={}&error=sso_provider", lang.code()))
.into_response();
}
let authorization_endpoint = match oidc_discover(&issuer_url, "authorization_endpoint").await {
Some(ep) => ep,
None => {
return Redirect::new(format!("/admin/login?lang={}&error=sso_provider", lang.code()))
.into_response();
}
};
let state = rand_token();
let redirect_uri = format!(
"{}/admin/oidc/callback",
site_domain.trim_end_matches('/')
);
let redirect_url = format!(
"{}?response_type=code&client_id={}&redirect_uri={}&scope=openid+profile&state={}",
authorization_endpoint,
urlencoding::encode(&client_id),
urlencoding::encode(&redirect_uri),
urlencoding::encode(&state),
);
let state_cookie = format!(
"oidc_state={}; Path=/admin/oidc; HttpOnly; Secure; SameSite=Lax; Max-Age=600",
state,
);
Redirect::new(redirect_url)
.into_response()?
.with_header("set-cookie", state_cookie)
.into_response()
}
async fn oidc_callback(request: Request, session: Session, db: Database) -> cot::Result<Response> {
let lang = detect_lang(&request);
let fail = |code: &str| format!("/admin/login?lang={}&error={}", lang.code(), code);
// Read saved state from cookie
let saved_state = request
.headers()
.get("cookie")
.and_then(|v| v.to_str().ok())
.and_then(|cookies| {
cookies.split(';').find_map(|part| {
let part = part.trim();
part.strip_prefix("oidc_state=").map(|v| v.to_string())
})
})
.unwrap_or_default();
// Extract code and state from query string
let query_str = request.uri().query().unwrap_or("");
let mut code = String::new();
let mut state = String::new();
for pair in query_str.split('&') {
if let Some(v) = pair.strip_prefix("code=") {
code = v.to_string();
} else if let Some(v) = pair.strip_prefix("state=") {
state = v.to_string();
}
}
if code.is_empty() || state.is_empty() || state != saved_state {
tracing::warn!(
"OIDC state mismatch: state={state:?}, saved={saved_state:?}, code_empty={}, state_empty={}",
code.is_empty(),
state.is_empty(),
);
return Redirect::new(fail("sso")).into_response();
}
let issuer_url = oidc_setting(&db, "oidc_issuer_url").await?;
let client_id = oidc_setting(&db, "oidc_client_id").await?;
let client_secret = oidc_setting(&db, "oidc_client_secret").await?;
let site_domain = oidc_setting(&db, "site_domain").await?;
// Get token endpoint from discovery
let token_endpoint = match oidc_discover(&issuer_url, "token_endpoint").await {
Some(ep) => ep,
None => {
tracing::warn!("OIDC discovery failed for issuer_url={issuer_url:?}");
return Redirect::new(fail("sso_provider")).into_response();
}
};
let redirect_uri = format!(
"{}/admin/oidc/callback",
site_domain.trim_end_matches('/')
);
// Exchange code for tokens
let token_resp = reqwest::Client::new()
.post(&token_endpoint)
.form(&[
("grant_type", "authorization_code"),
("code", &code),
("redirect_uri", &redirect_uri),
("client_id", &client_id),
("client_secret", &client_secret),
])
.send()
.await;
let token_json: serde_json::Value = match token_resp {
Ok(resp) => match resp.json().await {
Ok(v) => v,
Err(e) => {
tracing::warn!("OIDC token response parse error: {e}");
return Redirect::new(fail("sso_provider")).into_response();
}
},
Err(e) => {
tracing::warn!("OIDC token request failed: {e}");
return Redirect::new(fail("sso_provider")).into_response();
}
};
let id_token = match token_json.get("id_token").and_then(|v| v.as_str()) {
Some(t) => t,
None => {
tracing::warn!("OIDC no id_token in response: {token_json}");
return Redirect::new(fail("sso_provider")).into_response();
}
};
// Decode JWT payload (no signature verification — token obtained directly from provider over TLS)
let claims = match decode_jwt_payload(id_token) {
Some(c) => c,
None => {
tracing::warn!("OIDC JWT decode failed");
return Redirect::new(fail("sso_provider")).into_response();
}
};
let preferred_username = match claims.get("preferred_username").and_then(|v| v.as_str()) {
Some(u) => u.to_string(),
None => {
tracing::warn!("OIDC no preferred_username in claims: {claims}");
return Redirect::new(fail("sso")).into_response();
}
};
let display_name = claims
.get("name")
.and_then(|v| v.as_str())
.map(|s| s.to_string());
// Check group membership
let allowed_groups = oidc_setting(&db, "oidc_allowed_groups").await?;
if !allowed_groups.trim().is_empty() {
let required: Vec<&str> = allowed_groups.split(',').map(|s| s.trim()).filter(|s| !s.is_empty()).collect();
let user_groups: Vec<String> = claims
.get("groups")
.and_then(|v| v.as_array())
.map(|arr| {
arr.iter()
.filter_map(|g| g.as_str())
.map(|g| g.trim_start_matches('/').to_string())
.collect()
})
.unwrap_or_default();
let has_group = required.iter().any(|r| {
user_groups.iter().any(|ug| ug.eq_ignore_ascii_case(r))
});
if !has_group {
tracing::warn!(
"OIDC group check failed: user={preferred_username}, user_groups={user_groups:?}, required={required:?}"
);
return Redirect::new(fail("sso_group")).into_response();
}
}
// Find or create user
let login = preferred_username.clone();
let user = query!(User, $login == login).get(&db).await?;
let user = match user {
Some(u) => u,
None => {
let mut new_user = User {
id: Auto::auto(),
login: preferred_username.clone(),
password_hash: String::new(),
display_name: display_name.clone(),
telegram_chat_id: None,
telegram_notifications: Some(false),
status: "active".to_string(),
created_at: now_utc(),
updated_at: now_utc(),
};
new_user.save(&db).await?;
new_user
}
};
if user.status != "active" {
return Redirect::new(fail("sso_disabled")).into_response();
}
let display = user
.display_name
.as_deref()
.unwrap_or(&user.login)
.to_string();
session.insert(SESSION_USER_ID, user.id.unwrap()).await?;
session.insert(SESSION_USER_NAME, display).await?;
// Clear the oidc_state cookie
let clear_cookie = "oidc_state=; Path=/admin/oidc; HttpOnly; Secure; SameSite=Lax; Max-Age=0";
Redirect::new(format!("/admin/?lang={}", lang.code()))
.into_response()?
.with_header("set-cookie", clear_cookie)
.into_response()
}
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
// GET Handlers (protected) // GET Handlers (protected)
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
@@ -718,12 +1066,24 @@ async fn settings_page(request: Request, session: Session, db: Database) -> cot:
Err(resp) => return Ok(resp), Err(resp) => return Ok(resp),
}; };
let settings = Setting::objects().all(&db).await?; let settings = Setting::objects().all(&db).await?;
let auth_password_checked = settings
.iter()
.find(|s| s.key == "auth_password_enabled")
.map(|s| s.value == "true")
.unwrap_or(true);
let auth_sso_checked = settings
.iter()
.find(|s| s.key == "auth_sso_enabled")
.map(|s| s.value == "true")
.unwrap_or(false);
let body = SettingsTemplate { let body = SettingsTemplate {
t: lang.t(), t: lang.t(),
lang, lang,
admin_name: &admin_name, admin_name: &admin_name,
settings, settings,
saved: false, saved: false,
auth_password_checked,
auth_sso_checked,
} }
.render()?; .render()?;
html_response(body, lang) html_response(body, lang)
@@ -797,6 +1157,16 @@ struct SettingsForm {
timezone: String, timezone: String,
site_domain: String, site_domain: String,
seo_keywords: String, seo_keywords: String,
turnstile_site_key: String,
turnstile_secret_key: String,
oidc_issuer_url: String,
oidc_client_id: String,
oidc_client_secret: String,
oidc_allowed_groups: String,
#[serde(default)]
auth_password_enabled: Option<String>,
#[serde(default)]
auth_sso_enabled: Option<String>,
} }
async fn save_settings(request: Request, session: Session, db: Database) -> cot::Result<Response> { async fn save_settings(request: Request, session: Session, db: Database) -> cot::Result<Response> {
@@ -813,6 +1183,28 @@ async fn save_settings(request: Request, session: Session, db: Database) -> cot:
("timezone", form.timezone), ("timezone", form.timezone),
("site_domain", form.site_domain), ("site_domain", form.site_domain),
("seo_keywords", form.seo_keywords), ("seo_keywords", form.seo_keywords),
("turnstile_site_key", form.turnstile_site_key),
("turnstile_secret_key", form.turnstile_secret_key),
("oidc_issuer_url", form.oidc_issuer_url),
("oidc_client_id", form.oidc_client_id),
("oidc_client_secret", form.oidc_client_secret),
("oidc_allowed_groups", form.oidc_allowed_groups),
(
"auth_password_enabled",
if form.auth_password_enabled.is_some() {
"true".to_string()
} else {
"false".to_string()
},
),
(
"auth_sso_enabled",
if form.auth_sso_enabled.is_some() {
"true".to_string()
} else {
"false".to_string()
},
),
] { ] {
let k = key.to_string(); let k = key.to_string();
let existing = query!(Setting, $key == k).get(&db).await?; let existing = query!(Setting, $key == k).get(&db).await?;
@@ -835,12 +1227,24 @@ async fn save_settings(request: Request, session: Session, db: Database) -> cot:
} }
let settings = Setting::objects().all(&db).await?; let settings = Setting::objects().all(&db).await?;
let auth_password_checked = settings
.iter()
.find(|s| s.key == "auth_password_enabled")
.map(|s| s.value == "true")
.unwrap_or(true);
let auth_sso_checked = settings
.iter()
.find(|s| s.key == "auth_sso_enabled")
.map(|s| s.value == "true")
.unwrap_or(false);
let rendered = SettingsTemplate { let rendered = SettingsTemplate {
t: lang.t(), t: lang.t(),
lang, lang,
admin_name: &admin_name, admin_name: &admin_name,
settings, settings,
saved: true, saved: true,
auth_password_checked,
auth_sso_checked,
} }
.render()?; .render()?;
html_response(rendered, lang) html_response(rendered, lang)
@@ -1110,6 +1514,7 @@ async fn schedule_new_page(
let current_user_id = get_admin_id(&session).await.unwrap_or(0); let current_user_id = get_admin_id(&session).await.unwrap_or(0);
let clients = query!(Client, $status == "active").all(&db).await?; let clients = query!(Client, $status == "active").all(&db).await?;
let users = query!(User, $status == "active").all(&db).await?; let users = query!(User, $status == "active").all(&db).await?;
let tz = crate::tz::load_tz(&db).await;
let body = ScheduleNewTemplate { let body = ScheduleNewTemplate {
t: lang.t(), t: lang.t(),
lang, lang,
@@ -1117,6 +1522,7 @@ async fn schedule_new_page(
clients, clients,
users, users,
current_user_id, current_user_id,
timezone: tz.to_string(),
} }
.render()?; .render()?;
html_response(body, lang) html_response(body, lang)
@@ -2029,6 +2435,8 @@ pub fn admin_router() -> Router {
Route::with_handler_and_name("/logout", logout, "admin-logout"), Route::with_handler_and_name("/logout", logout, "admin-logout"),
Route::with_handler_and_name("/setup", setup_page, "admin-setup"), Route::with_handler_and_name("/setup", setup_page, "admin-setup"),
Route::with_handler_and_name("/setup/submit", setup_submit, "admin-setup-submit"), Route::with_handler_and_name("/setup/submit", setup_submit, "admin-setup-submit"),
Route::with_handler_and_name("/oidc/start", oidc_start, "admin-oidc-start"),
Route::with_handler_and_name("/oidc/callback", oidc_callback, "admin-oidc-callback"),
// Protected // Protected
Route::with_handler_and_name("", admin_index, "admin-index-bare"), Route::with_handler_and_name("", admin_index, "admin-index-bare"),
Route::with_handler_and_name("/", admin_index, "admin-index"), Route::with_handler_and_name("/", admin_index, "admin-index"),
src/i18n.rs
+56 -2
View File
@@ -135,6 +135,19 @@ pub struct Translations {
pub settings_timezone: &'static str, pub settings_timezone: &'static str,
pub settings_site_domain: &'static str, pub settings_site_domain: &'static str,
pub settings_seo_keywords: &'static str, pub settings_seo_keywords: &'static str,
pub settings_turnstile_site_key: &'static str,
pub settings_turnstile_secret_key: &'static str,
pub settings_oidc_issuer_url: &'static str,
pub settings_oidc_client_id: &'static str,
pub settings_oidc_client_secret: &'static str,
pub settings_oidc_allowed_groups: &'static str,
pub settings_auth_password_enabled: &'static str,
pub settings_auth_sso_enabled: &'static str,
pub settings_section_advanced: &'static str,
pub settings_section_notifications: &'static str,
pub settings_section_captcha: &'static str,
pub settings_section_oidc: &'static str,
pub settings_section_general: &'static str,
pub landing_contact_label: &'static str, pub landing_contact_label: &'static str,
pub landing_pricing_title: &'static str, pub landing_pricing_title: &'static str,
@@ -149,6 +162,11 @@ pub struct Translations {
pub login_title: &'static str, pub login_title: &'static str,
pub login_button: &'static str, pub login_button: &'static str,
pub login_error: &'static str, pub login_error: &'static str,
pub login_sso_button: &'static str,
pub login_sso_error: &'static str,
pub login_sso_error_group: &'static str,
pub login_sso_error_provider: &'static str,
pub login_sso_error_user_disabled: &'static str,
pub logout: &'static str, pub logout: &'static str,
pub setup_title: &'static str, pub setup_title: &'static str,
pub setup_description: &'static str, pub setup_description: &'static str,
@@ -348,6 +366,19 @@ static RU: Translations = Translations {
settings_timezone: "Часовой пояс (например Asia/Vladivostok)", settings_timezone: "Часовой пояс (например Asia/Vladivostok)",
settings_site_domain: "Домен сайта (например https://example.com)", settings_site_domain: "Домен сайта (например https://example.com)",
settings_seo_keywords: "SEO-ключевые слова (через запятую, отображаются на сайте и в мета-теге keywords)", settings_seo_keywords: "SEO-ключевые слова (через запятую, отображаются на сайте и в мета-теге keywords)",
settings_turnstile_site_key: "Cloudflare Turnstile — Site Key (ключ виджета)",
settings_turnstile_secret_key: "Cloudflare Turnstile — Secret Key (секретный ключ)",
settings_oidc_issuer_url: "OIDC — URL провайдера (Issuer URL)",
settings_oidc_client_id: "OIDC — Client ID",
settings_oidc_client_secret: "OIDC — Client Secret",
settings_oidc_allowed_groups: "OIDC — Разрешённые группы (через запятую, пусто = все)",
settings_auth_password_enabled: "Вход по логину и паролю",
settings_auth_sso_enabled: "Вход через SSO (OIDC)",
settings_section_advanced: "Расширенные настройки",
settings_section_notifications: "Уведомления",
settings_section_captcha: "Защита от ботов",
settings_section_oidc: "Единый вход (SSO / OIDC)",
settings_section_general: "Сайт",
landing_contact_label: "Или свяжитесь с нами напрямую", landing_contact_label: "Или свяжитесь с нами напрямую",
landing_pricing_title: "Стоимость", landing_pricing_title: "Стоимость",
@@ -382,6 +413,11 @@ static RU: Translations = Translations {
login_title: "Вход в систему", login_title: "Вход в систему",
login_button: "Войти", login_button: "Войти",
login_error: "Неверный логин или пароль.", login_error: "Неверный логин или пароль.",
login_sso_button: "Войти через SSO",
login_sso_error: "Ошибка SSO-авторизации.",
login_sso_error_group: "У вас нет доступа: вы не состоите в разрешённой группе.",
login_sso_error_provider: "Не удалось связаться с провайдером авторизации.",
login_sso_error_user_disabled: "Ваша учётная запись отключена.",
logout: "Выйти", logout: "Выйти",
setup_title: "Создание администратора", setup_title: "Создание администратора",
setup_description: "В системе нет ни одного администратора. Создайте первого для начала работы.", setup_description: "В системе нет ни одного администратора. Создайте первого для начала работы.",
@@ -400,7 +436,7 @@ static RU: Translations = Translations {
schedule_new_title: "Запланировать визиты", schedule_new_title: "Запланировать визиты",
schedule_client: "Клиент", schedule_client: "Клиент",
schedule_admin: "Исполнитель", schedule_admin: "Исполнитель",
schedule_default_time: "Время по умолчанию", schedule_default_time: "Время",
schedule_time_start: "С", schedule_time_start: "С",
schedule_time_end: "До", schedule_time_end: "До",
schedule_pick_dates: "Добавить дату", schedule_pick_dates: "Добавить дату",
@@ -551,6 +587,19 @@ static EN: Translations = Translations {
settings_timezone: "Timezone (e.g. Asia/Vladivostok)", settings_timezone: "Timezone (e.g. Asia/Vladivostok)",
settings_site_domain: "Site domain (e.g. https://example.com)", settings_site_domain: "Site domain (e.g. https://example.com)",
settings_seo_keywords: "SEO keywords (comma-separated, shown on site and in keywords meta tag)", settings_seo_keywords: "SEO keywords (comma-separated, shown on site and in keywords meta tag)",
settings_turnstile_site_key: "Cloudflare Turnstile — Site Key",
settings_turnstile_secret_key: "Cloudflare Turnstile — Secret Key",
settings_oidc_issuer_url: "OIDC — Issuer URL",
settings_oidc_client_id: "OIDC — Client ID",
settings_oidc_client_secret: "OIDC — Client Secret",
settings_oidc_allowed_groups: "OIDC — Allowed groups (comma-separated, empty = all)",
settings_auth_password_enabled: "Password login",
settings_auth_sso_enabled: "SSO login (OIDC)",
settings_section_advanced: "Advanced settings",
settings_section_notifications: "Notifications",
settings_section_captcha: "Bot protection",
settings_section_oidc: "Single Sign-On (SSO / OIDC)",
settings_section_general: "Site",
landing_contact_label: "Or contact us directly", landing_contact_label: "Or contact us directly",
landing_pricing_title: "Pricing", landing_pricing_title: "Pricing",
@@ -585,6 +634,11 @@ static EN: Translations = Translations {
login_title: "Sign In", login_title: "Sign In",
login_button: "Sign In", login_button: "Sign In",
login_error: "Invalid login or password.", login_error: "Invalid login or password.",
login_sso_button: "Sign in with SSO",
login_sso_error: "SSO authentication failed.",
login_sso_error_group: "Access denied: you are not a member of an allowed group.",
login_sso_error_provider: "Could not reach the authentication provider.",
login_sso_error_user_disabled: "Your account is disabled.",
logout: "Sign Out", logout: "Sign Out",
setup_title: "Create Administrator", setup_title: "Create Administrator",
setup_description: "There are no administrators yet. Create the first one to get started.", setup_description: "There are no administrators yet. Create the first one to get started.",
@@ -603,7 +657,7 @@ static EN: Translations = Translations {
schedule_new_title: "Plan Visits", schedule_new_title: "Plan Visits",
schedule_client: "Client", schedule_client: "Client",
schedule_admin: "Assigned to", schedule_admin: "Assigned to",
schedule_default_time: "Default Time", schedule_default_time: "Time",
schedule_time_start: "From", schedule_time_start: "From",
schedule_time_end: "To", schedule_time_end: "To",
schedule_pick_dates: "Add date", schedule_pick_dates: "Add date",
src/main.rs
+11 -2
View File
@@ -4,12 +4,15 @@ mod migrations;
pub mod models; pub mod models;
mod public; mod public;
mod telegram; mod telegram;
mod turnstile;
mod tz; mod tz;
use tracing_subscriber;
use cot::cli::CliMetadata; use cot::cli::CliMetadata;
use cot::config::{ use cot::config::{
DatabaseConfig, MiddlewareConfig, ProjectConfig, SessionMiddlewareConfig, SessionStoreConfig, DatabaseConfig, MiddlewareConfig, ProjectConfig, SameSite, SessionMiddlewareConfig,
SessionStoreTypeConfig, SessionStoreConfig, SessionStoreTypeConfig,
}; };
use cot::db::migrations::SyncDynMigration; use cot::db::migrations::SyncDynMigration;
use cot::middleware::SessionMiddleware; use cot::middleware::SessionMiddleware;
@@ -66,6 +69,7 @@ impl Project for PettingProject {
.session( .session(
SessionMiddlewareConfig::builder() SessionMiddlewareConfig::builder()
.secure(false) .secure(false)
.same_site(SameSite::Lax)
.store( .store(
SessionStoreConfig::builder() SessionStoreConfig::builder()
.store_type(SessionStoreTypeConfig::Database) .store_type(SessionStoreTypeConfig::Database)
@@ -97,5 +101,10 @@ impl Project for PettingProject {
#[cot::main] #[cot::main]
fn main() -> impl Project { fn main() -> impl Project {
let filter = tracing_subscriber::EnvFilter::try_from_default_env()
.unwrap_or_else(|_| tracing_subscriber::EnvFilter::new("info"));
let _ = tracing_subscriber::fmt()
.with_env_filter(filter)
.try_init();
PettingProject PettingProject
} }
src/public.rs
+23
View File
@@ -76,6 +76,7 @@ struct LandingTemplate<'a> {
testimonials: Vec<Testimonial>, testimonials: Vec<Testimonial>,
site_domain: String, site_domain: String,
review_count: usize, review_count: usize,
turnstile_site_key: String,
} }
#[derive(Debug, Template)] #[derive(Debug, Template)]
@@ -138,6 +139,7 @@ async fn landing_page(request: Request, db: Database) -> cot::Result<Response> {
.await? .await?
.map(|s| s.value) .map(|s| s.value)
.unwrap_or_default(); .unwrap_or_default();
let turnstile_site_key = crate::turnstile::get_site_key(&db).await?;
let mut testimonials = Testimonial::objects().all(&db).await?; let mut testimonials = Testimonial::objects().all(&db).await?;
testimonials.retain(|t| t.status == "active"); testimonials.retain(|t| t.status == "active");
testimonials.sort_by(|a, b| a.sort_order.cmp(&b.sort_order)); testimonials.sort_by(|a, b| a.sort_order.cmp(&b.sort_order));
@@ -151,6 +153,7 @@ async fn landing_page(request: Request, db: Database) -> cot::Result<Response> {
testimonials, testimonials,
site_domain, site_domain,
review_count, review_count,
turnstile_site_key,
} }
.render()?; .render()?;
html_response(body, lang) html_response(body, lang)
@@ -161,6 +164,8 @@ struct LeadForm {
name: String, name: String,
phone: Option<String>, phone: Option<String>,
comment: Option<String>, comment: Option<String>,
#[serde(default, rename = "cf-turnstile-response")]
cf_turnstile_response: Option<String>,
} }
async fn submit_lead(request: Request, db: Database) -> cot::Result<Response> { async fn submit_lead(request: Request, db: Database) -> cot::Result<Response> {
@@ -170,6 +175,10 @@ async fn submit_lead(request: Request, db: Database) -> cot::Result<Response> {
let form: LeadForm = let form: LeadForm =
serde_html_form::from_bytes(&bytes).map_err(|e| cot::Error::internal(e.to_string()))?; serde_html_form::from_bytes(&bytes).map_err(|e| cot::Error::internal(e.to_string()))?;
if !crate::turnstile::verify(&db, form.cf_turnstile_response.as_deref()).await? {
return Redirect::new(format!("/?lang={}", lang.code())).into_response();
}
let mut lead = Lead { let mut lead = Lead {
id: Auto::auto(), id: Auto::auto(),
name: form.name, name: form.name,
@@ -215,6 +224,7 @@ struct ClientPortalTemplate<'a> {
upcoming: Vec<PortalVisit>, upcoming: Vec<PortalVisit>,
past: Vec<PortalVisit>, past: Vec<PortalVisit>,
feedback_sent: bool, feedback_sent: bool,
turnstile_site_key: String,
} }
async fn client_portal( async fn client_portal(
@@ -286,6 +296,7 @@ async fn client_portal(
} }
past.reverse(); // newest first past.reverse(); // newest first
let turnstile_site_key = crate::turnstile::get_site_key(&db).await?;
let body = ClientPortalTemplate { let body = ClientPortalTemplate {
t: lang.t(), t: lang.t(),
lang, lang,
@@ -293,6 +304,7 @@ async fn client_portal(
upcoming, upcoming,
past, past,
feedback_sent, feedback_sent,
turnstile_site_key,
} }
.render()?; .render()?;
html_response(body, lang) html_response(body, lang)
@@ -301,6 +313,8 @@ async fn client_portal(
#[derive(Deserialize)] #[derive(Deserialize)]
struct FeedbackForm { struct FeedbackForm {
feedback: String, feedback: String,
#[serde(default, rename = "cf-turnstile-response")]
cf_turnstile_response: Option<String>,
} }
async fn submit_feedback( async fn submit_feedback(
@@ -322,6 +336,15 @@ async fn submit_feedback(
let form: FeedbackForm = let form: FeedbackForm =
serde_html_form::from_bytes(&bytes).map_err(|e| cot::Error::internal(e.to_string()))?; serde_html_form::from_bytes(&bytes).map_err(|e| cot::Error::internal(e.to_string()))?;
if !crate::turnstile::verify(&db, form.cf_turnstile_response.as_deref()).await? {
return Redirect::new(format!(
"/client/{}?lang={}",
token_clone,
lang.code()
))
.into_response();
}
if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? { if let Some(mut visit) = query!(Visit, $id == visit_id).get(&db).await? {
if visit.client_id.primary_key().unwrap() == client_id { if visit.client_id.primary_key().unwrap() == client_id {
visit.client_feedback = Some(form.feedback); visit.client_feedback = Some(form.feedback);
src/turnstile.rs
+48
View File
@@ -0,0 +1,48 @@
use cot::db::{Database, query};
use crate::models::Setting;
/// Read `turnstile_site_key` from Settings. Returns empty string if not configured.
pub async fn get_site_key(db: &Database) -> cot::Result<String> {
let key = "turnstile_site_key".to_string();
Ok(query!(Setting, $key == key)
.get(db)
.await?
.map(|s| s.value)
.unwrap_or_default())
}
/// Verify a Turnstile token against Cloudflare.
/// Returns `true` if verification succeeds, or if no secret key is configured (passthrough).
pub async fn verify(db: &Database, token: Option<&str>) -> cot::Result<bool> {
let secret_key_name = "turnstile_secret_key".to_string();
let secret_key = query!(Setting, $key == secret_key_name)
.get(db)
.await?
.map(|s| s.value)
.filter(|s| !s.is_empty());
let Some(secret) = secret_key else {
return Ok(true);
};
let token = token.unwrap_or("");
let client = reqwest::Client::new();
let resp = client
.post("https://challenges.cloudflare.com/turnstile/v0/siteverify")
.json(&serde_json::json!({
"secret": secret,
"response": token
}))
.send()
.await;
Ok(match resp {
Ok(r) => r
.json::<serde_json::Value>()
.await
.map(|v| v["success"].as_bool() == Some(true))
.unwrap_or(false),
Err(_) => false,
})
}
templates/admin/login.html
+12
View File
@@ -6,6 +6,9 @@
<title>{{ t.nav_title }} — {{ t.login_title }}</title> <title>{{ t.nav_title }} — {{ t.login_title }}</title>
<link rel="icon" type="image/svg+xml" href="/favicon.svg"> <link rel="icon" type="image/svg+xml" href="/favicon.svg">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@1/css/bulma.min.css"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@1/css/bulma.min.css">
{% if !turnstile_site_key.is_empty() %}
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
{% endif %}
<style> <style>
:root { color-scheme: light; } :root { color-scheme: light; }
body { background: #f5f5f5; display: flex; align-items: center; justify-content: center; min-height: 100vh; color: #333; } body { background: #f5f5f5; display: flex; align-items: center; justify-content: center; min-height: 100vh; color: #333; }
@@ -32,6 +35,11 @@
{% if let Some(err) = error.as_ref() %} {% if let Some(err) = error.as_ref() %}
<div class="notification is-danger is-light">{{ err }}</div> <div class="notification is-danger is-light">{{ err }}</div>
{% endif %} {% endif %}
{% if auth_sso_enabled %}
<a href="/admin/oidc/start" class="button is-primary is-fullwidth mt-3">{{ t.login_sso_button }}</a>
{% endif %}
{% if auth_password_enabled %}
{% if auth_sso_enabled %}<hr style="margin:1rem 0;">{% endif %}
<form method="post" action="/admin/login/submit"> <form method="post" action="/admin/login/submit">
<div class="field"> <div class="field">
<label class="label">{{ t.users_login }}</label> <label class="label">{{ t.users_login }}</label>
@@ -41,8 +49,12 @@
<label class="label">{{ t.users_password }}</label> <label class="label">{{ t.users_password }}</label>
<div class="control"><input class="input" type="password" name="password" required></div> <div class="control"><input class="input" type="password" name="password" required></div>
</div> </div>
{% if !turnstile_site_key.is_empty() %}
<div class="cf-turnstile" data-sitekey="{{ turnstile_site_key }}" data-theme="light" style="margin-top:0.75rem;"></div>
{% endif %}
<button type="submit" class="button is-primary is-fullwidth mt-3">{{ t.login_button }}</button> <button type="submit" class="button is-primary is-fullwidth mt-3">{{ t.login_button }}</button>
</form> </form>
{% endif %}
</div> </div>
</div> </div>
</body> </body>
templates/admin/schedule_new.html
+347 -164
View File
@@ -9,238 +9,421 @@
</div> </div>
<div class="form-card"> <div class="form-card">
<form method="post" action="/admin/schedule/create" id="visitForm"> <form method="post" action="/admin/schedule/create" id="visitForm">
<!-- Client -->
<div class="field"> <!-- Client -->
<label class="label">{{ t.schedule_client }}</label> <div class="field">
<div class="control"> <label class="label">{{ t.schedule_client }}</label>
<div class="select is-fullwidth"> <div class="control">
<select name="client_id" required> <div class="select is-fullwidth">
<option value=""></option> <select name="client_id" required>
{% for c in &clients %} <option value=""></option>
<option value="{{ c.id }}">{{ c.name }}{% if let Some(p) = c.phone.as_deref() %} ({{ p }}){% endif %}</option> {% for c in &clients %}
{% endfor %} <option value="{{ c.id }}">{{ c.name }}{% if let Some(p) = c.phone.as_deref() %} ({{ p }}){% endif %}</option>
</select> {% endfor %}
</div> </select>
</div> </div>
</div> </div>
</div>
<!-- Admin --> <!-- Admin -->
<div class="field"> <div class="field">
<label class="label">{{ t.schedule_admin }}</label> <label class="label">{{ t.schedule_admin }}</label>
<div class="control"> <div class="control">
<div class="select is-fullwidth"> <div class="select is-fullwidth">
<select name="user_id"> <select name="user_id">
{% for u in &users %} {% for u in &users %}
<option value="{{ u.id }}" {% if u.id.unwrap() == current_user_id %}selected{% endif %}> <option value="{{ u.id }}" {% if u.id.unwrap() == current_user_id %}selected{% endif %}>
{{ u.display_name.as_deref().unwrap_or(&u.login) }} {{ u.display_name.as_deref().unwrap_or(&u.login) }}
</option> </option>
{% endfor %} {% endfor %}
</select> </select>
</div>
</div> </div>
</div> </div>
</div>
<!-- Default time --> <!-- Default time -->
<div class="field"> <div class="field">
<label class="label">{{ t.schedule_default_time }}</label> <label class="label">{{ t.schedule_default_time }}</label>
<div class="columns is-mobile" style="margin-bottom:0;"> <div class="time-row">
<div class="column"> <div class="time-block">
<div class="control"> <span class="time-lbl">{{ t.schedule_time_start }}</span>
<input class="input" type="time" id="defaultStart" value="18:00"> <input class="input" type="time" id="defaultStart" value="18:00">
</div> </div>
</div> <div class="time-sep"></div>
<div class="column"> <div class="time-block">
<div class="control"> <span class="time-lbl">{{ t.schedule_time_end }}</span>
<input class="input" type="time" id="defaultEnd" value="19:00"> <input class="input" type="time" id="defaultEnd" value="19:00">
</div>
</div>
</div> </div>
</div> </div>
</div>
<!-- Add individual date --> <!-- Calendar -->
<div class="field"> <div class="field">
<label class="label">{{ t.schedule_pick_dates }}</label> <div class="cal-toolbar">
<div class="columns is-mobile" style="margin-bottom:0;"> <button type="button" id="rangeModeBtn" class="button is-small is-outlined is-info">⇔ Выбрать диапазон</button>
<div class="column"> <button type="button" id="resetBtn" class="button is-small is-outlined is-danger" style="display:none;">✕ Сбросить</button>
<div class="control">
<input class="input" type="date" id="pickDate">
</div>
</div>
<div class="column is-narrow">
<button type="button" class="button is-info" id="addDateBtn">+</button>
</div>
</div>
</div> </div>
<!-- Date range fill --> <div class="sched-cal">
<div class="field"> <div class="cal-nav">
<label class="label is-small has-text-grey">{{ t.schedule_range_from }} — {{ t.schedule_range_to }}</label> <button type="button" id="calPrev"></button>
<div class="columns is-mobile" style="margin-bottom:0;"> <span id="calTitle"></span>
<div class="column"> <button type="button" id="calNext"></button>
<input class="input" type="date" id="rangeFrom">
</div>
<div class="column">
<input class="input" type="date" id="rangeTo">
</div>
<div class="column is-narrow">
<button type="button" class="button is-info is-outlined" id="fillRangeBtn">{{ t.schedule_fill_range }}</button>
</div>
</div> </div>
<div class="cal-grid" id="calGrid"></div>
</div> </div>
</div>
<!-- Selected days list --> <!-- Selected days -->
<div class="field"> <div class="field" id="selectedSection" style="display:none;">
<label class="label">{{ t.schedule_selected_days }}</label> <label class="label">{{ t.schedule_selected_days }} <span id="selectedCount" class="tag is-info is-light" style="margin-left:0.4rem;"></span></label>
<div id="daysList"> <div id="daysList"></div>
<p class="has-text-grey is-size-7" id="noDaysMsg">{{ t.schedule_no_days }}</p> </div>
</div>
<!-- Notes -->
<div class="field">
<label class="label">{{ t.schedule_notes }}</label>
<div class="control">
<textarea class="textarea" name="notes" rows="2"></textarea>
</div> </div>
</div>
<!-- Notes --> <input type="hidden" name="days_json" id="daysJson" value="[]">
<div class="field"> <button type="submit" class="button is-primary is-fullwidth" id="submitBtn" disabled>{{ t.schedule_create }}</button>
<label class="label">{{ t.schedule_notes }}</label>
<div class="control">
<textarea class="textarea" name="notes" rows="2"></textarea>
</div>
</div>
<!-- Hidden days data --> </form>
<input type="hidden" name="days_json" id="daysJson" value="[]">
<button type="submit" class="button is-primary is-fullwidth" id="submitBtn" disabled>{{ t.schedule_create }}</button>
</form>
</div> </div>
<style> <style>
.day-row { /* Time row */
display: flex; align-items: center; gap: 0.4rem; padding: 0.4rem 0; .time-row { display:flex; align-items:center; gap:0.5rem; }
border-bottom: 1px solid #f0f0f0; flex-wrap: wrap; .time-block { display:flex; flex-direction:column; flex:1; }
} .time-lbl { font-size:0.75rem; color:#888; margin-bottom:0.2rem; }
.day-row .day-date { font-weight: 600; min-width: 6rem; font-size: 0.9rem; } .time-sep { font-size:1.2rem; color:#aaa; padding-top:1.2rem; }
.day-row input[type="time"] { width: 7rem; padding: 0.2rem 0.4rem; border: 1px solid #ddd; border-radius: 4px; font-size: 0.85rem; }
.day-row .remove-btn { color: #e55; cursor: pointer; font-size: 0.8rem; margin-left: auto; background: none; border: none; } /* Calendar toolbar */
.cal-toolbar { display:flex; align-items:center; justify-content:space-between; margin-bottom:0.5rem; }
/* Calendar container */
.sched-cal { background:#fafafa; border:1px solid #eee; border-radius:10px; overflow:hidden; }
.cal-nav { display:flex; align-items:center; justify-content:space-between; padding:0.6rem 0.75rem; background:#fff; border-bottom:1px solid #eee; }
.cal-nav button { background:none; border:none; font-size:1.1rem; cursor:pointer; color:#6c63ff; padding:0.2rem 0.5rem; border-radius:4px; }
.cal-nav button:hover { background:#f0eeff; }
.cal-nav span { font-weight:700; font-size:1rem; color:#333; }
.cal-grid { display:grid; grid-template-columns:repeat(7,1fr); }
.cal-wday { text-align:center; font-size:0.72rem; font-weight:700; color:#aaa; padding:0.4rem 0; background:#fafafa; }
.cal-wday.is-weekend { color:#f0a0a0; }
.cal-day { text-align:center; padding:0.55rem 0.2rem; font-size:0.9rem; cursor:pointer; color:#333; border-radius:0; transition:background 0.1s; position:relative; user-select:none; -webkit-user-select:none; }
.cal-day:hover { background:#f0eeff; }
.cal-day.is-empty { cursor:default; }
.cal-day.is-empty:hover { background:none; }
.cal-day.is-today { font-weight:700; color:#6c63ff; }
.cal-day.is-selected { background:#6c63ff !important; color:#fff !important; border-radius:0; }
.cal-day.is-range-start { background:#a89cff !important; color:#fff !important; }
.cal-day.is-past { color:#ccc; }
/* Selected days list */
.day-row { display:flex; align-items:center; gap:0.4rem; padding:0.45rem 0; border-bottom:1px solid #f5f5f5; }
.day-row:last-child { border-bottom:none; }
.day-date { font-weight:600; font-size:0.85rem; flex:1; min-width:0; overflow:hidden; text-overflow:ellipsis; white-space:nowrap; }
.day-times { display:flex; align-items:center; gap:0.25rem; flex-shrink:0; }
.day-times .time-sep { color:#bbb; font-size:0.8rem; }
.day-rm { background:none; border:none; color:#ccc; cursor:pointer; font-size:1rem; padding:0.15rem 0.25rem; flex-shrink:0; line-height:1; }
.day-rm:hover { color:#e55; }
/* Time badge */
.time-badge-wrap {
position: relative;
display: inline-flex;
align-items: center;
justify-content: center;
background: #ede9ff;
color: #5b52d6;
border: 1.5px solid #c4beff;
border-radius: 20px;
padding: 0.15rem 0.5rem;
font-size: 0.78rem;
font-weight: 700;
cursor: pointer;
min-width: 3.6rem;
white-space: nowrap;
}
.time-badge-wrap:focus-within {
border-color: #6c63ff;
background: #f0eeff;
}
.time-badge-label { pointer-events: none; z-index: 1; }
.time-badge-input {
position: absolute;
inset: 0;
width: 100%;
height: 100%;
opacity: 0;
cursor: pointer;
border: none;
background: transparent;
padding: 0;
margin: 0;
font-size: 16px; /* prevent iOS zoom */
}
</style> </style>
<script> <script>
const days = new Map(); // date string -> {start, end} (function() {
const removeLabel = '{{ t.schedule_remove_day }}';
const weekdays = '{{ lang.code() }}' === 'ru' const IS_RU = '{{ lang.code() }}' === 'ru';
? ['Вс','Пн','Вт','Ср','Чт','Пт','Сб'] const TZ = '{{ timezone }}';
: ['Sun','Mon','Tue','Wed','Thu','Fri','Sat']; const WDAYS = IS_RU ? ['Пн','Вт','Ср','Чт','Пт','Сб','Вс'] : ['Mo','Tu','We','Th','Fr','Sa','Su'];
const MONTHS = IS_RU
? ['Январь','Февраль','Март','Апрель','Май','Июнь','Июль','Август','Сентябрь','Октябрь','Ноябрь','Декабрь']
: ['January','February','March','April','May','June','July','August','September','October','November','December'];
const days = new Map(); // dateStr -> {start, end}
let viewYear, viewMonth;
let rangeMode = false;
let rangeStart = null; // dateStr of first tap in range mode
const now = new Date();
const todayStr_ = tzDateStr(now);
viewYear = parseInt(todayStr_.slice(0, 4));
viewMonth = parseInt(todayStr_.slice(5, 7)) - 1; // 0-based
function isoDate(y, m, d) {
return y + '-' + String(m+1).padStart(2,'0') + '-' + String(d).padStart(2,'0');
}
function getDefaults() { function getDefaults() {
return { return {
start: document.getElementById('defaultStart').value || '18:00', start: document.getElementById('defaultStart').value || '18:00',
end: document.getElementById('defaultEnd').value || '19:00' end: document.getElementById('defaultEnd').value || '19:00'
}; };
} }
function addDay(dateStr) { function addDay(ds) {
if (!dateStr || days.has(dateStr)) return; if (!ds || days.has(ds)) return;
const def = getDefaults(); const def = getDefaults();
days.set(dateStr, { start: def.start, end: def.end }); days.set(ds, { start: def.start, end: def.end });
renderDays();
} }
function removeDay(dateStr) { function toggleDay(ds) {
days.delete(dateStr); if (days.has(ds)) { days.delete(ds); } else { addDay(ds); }
renderDays();
} }
function renderDays() { // Получить текущую дату в нужном TZ как строку YYYY-MM-DD
const list = document.getElementById('daysList'); function tzDateStr(d) {
const msg = document.getElementById('noDaysMsg'); const parts = new Intl.DateTimeFormat('en-CA', {
const btn = document.getElementById('submitBtn'); timeZone: TZ, year: 'numeric', month: '2-digit', day: '2-digit'
}).formatToParts(d);
const p = {};
parts.forEach(function(x) { p[x.type] = x.value; });
return p.year + '-' + p.month + '-' + p.day;
}
// Remove old day rows function fillRange(from, to) {
list.querySelectorAll('.day-row').forEach(el => el.remove()); if (from > to) { let t = from; from = to; to = t; }
// Используем полдень чтобы избежать проблем с переходом суток при смене DST
let cur = new Date(from + 'T12:00:00');
const end = new Date(to + 'T12:00:00');
while (cur <= end) {
addDay(tzDateStr(cur));
cur.setDate(cur.getDate() + 1);
}
}
// ── Render calendar ──────────────────────────────────────
function renderCal() {
document.getElementById('calTitle').textContent = MONTHS[viewMonth] + ' ' + viewYear;
const grid = document.getElementById('calGrid');
grid.innerHTML = '';
// Weekday headers
WDAYS.forEach(function(wd, i) {
const cell = document.createElement('div');
cell.className = 'cal-wday' + (i >= 5 ? ' is-weekend' : '');
cell.textContent = wd;
grid.appendChild(cell);
});
// First day of month (Mon=0 for our grid)
const first = new Date(viewYear, viewMonth, 1);
let startDow = first.getDay(); // 0=Sun
startDow = (startDow === 0) ? 6 : startDow - 1; // shift to Mon=0
const daysInMonth = new Date(viewYear, viewMonth + 1, 0).getDate();
const todayStr = todayStr_;
// Empty cells before first day
for (let i = 0; i < startDow; i++) {
const empty = document.createElement('div');
empty.className = 'cal-day is-empty';
grid.appendChild(empty);
}
for (let d = 1; d <= daysInMonth; d++) {
const ds = isoDate(viewYear, viewMonth, d);
const cell = document.createElement('div');
let cls = 'cal-day';
if (ds === todayStr) cls += ' is-today';
if (days.has(ds)) cls += ' is-selected';
if (ds === rangeStart) cls += ' is-range-start';
cell.className = cls;
cell.textContent = d;
cell.dataset.date = ds;
cell.addEventListener('click', onDayClick);
grid.appendChild(cell);
}
}
function onDayClick(e) {
const ds = e.currentTarget.dataset.date;
if (!ds) return;
if (rangeMode) {
if (days.has(ds)) {
days.delete(ds);
if (rangeStart === ds) rangeStart = null;
} else if (!rangeStart) {
rangeStart = ds;
} else {
fillRange(rangeStart, ds);
rangeStart = null;
}
} else {
toggleDay(ds);
}
renderCal();
renderList();
}
// ── Render selected days list ────────────────────────────
function renderList() {
const list = document.getElementById('daysList');
const section = document.getElementById('selectedSection');
const count = document.getElementById('selectedCount');
const btn = document.getElementById('submitBtn');
list.innerHTML = '';
const resetBtn = document.getElementById('resetBtn');
if (days.size === 0) { if (days.size === 0) {
msg.style.display = ''; section.style.display = 'none';
btn.disabled = true; btn.disabled = true;
document.getElementById('daysJson').value = '[]'; document.getElementById('daysJson').value = '[]';
resetBtn.style.display = 'none';
return; return;
} }
msg.style.display = 'none'; resetBtn.style.display = '';
section.style.display = '';
btn.disabled = false; btn.disabled = false;
count.textContent = days.size;
// Sort by date const sorted = [...days.entries()].sort((a,b) => a[0].localeCompare(b[0]));
const sorted = [...days.entries()].sort((a, b) => a[0].localeCompare(b[0]));
sorted.forEach(([dateStr, times]) => { sorted.forEach(function([ds, times]) {
const d = new Date(dateStr + 'T00:00:00'); const d = new Date(ds + 'T00:00:00');
const wd = weekdays[d.getDay()]; const dow = IS_RU
const label = dateStr.split('-').reverse().join('.') + ' ' + wd; ? ['Вс','Пн','Вт','Ср','Чт','Пт','Сб'][d.getDay()]
: ['Sun','Mon','Tue','Wed','Thu','Fri','Sat'][d.getDay()];
const parts = ds.split('-');
const label = parts[2] + '.' + parts[1] + ' ' + dow; // DD.MM Вт
const row = document.createElement('div'); const row = document.createElement('div');
row.className = 'day-row'; row.className = 'day-row';
row.innerHTML = ` row.innerHTML =
<span class="day-date">${label}</span> '<span class="day-date">' + label + '</span>' +
<input type="time" value="${times.start}" data-date="${dateStr}" data-field="start"> '<div class="day-times">' +
<span></span> '<div class="time-badge-wrap">' +
<input type="time" value="${times.end}" data-date="${dateStr}" data-field="end"> '<span class="time-badge-label">' + times.start + '</span>' +
<button type="button" class="remove-btn" data-date="${dateStr}">${removeLabel}</button> '<input type="time" class="time-badge-input" value="' + times.start + '" data-date="' + ds + '" data-field="start">' +
`; '</div>' +
'<span class="time-sep"></span>' +
'<div class="time-badge-wrap">' +
'<span class="time-badge-label">' + times.end + '</span>' +
'<input type="time" class="time-badge-input" value="' + times.end + '" data-date="' + ds + '" data-field="end">' +
'</div>' +
'</div>' +
'<button type="button" class="day-rm" data-date="' + ds + '" title="Убрать"></button>';
list.appendChild(row); list.appendChild(row);
}); });
// Update hidden JSON list.querySelectorAll('.time-badge-input').forEach(function(inp) {
updateJson();
// Bind events
list.querySelectorAll('input[type="time"]').forEach(inp => {
inp.addEventListener('change', function() { inp.addEventListener('change', function() {
const dt = this.dataset.date; const d = days.get(this.dataset.date);
const field = this.dataset.field; if (d) {
if (days.has(dt)) { d[this.dataset.field] = this.value;
days.get(dt)[field] = this.value; this.previousElementSibling.textContent = this.value;
updateJson(); updateJson();
} }
}); });
}); });
list.querySelectorAll('.remove-btn').forEach(btn => { list.querySelectorAll('.day-rm').forEach(function(b) {
btn.addEventListener('click', function() { b.addEventListener('click', function() {
removeDay(this.dataset.date); days.delete(this.dataset.date);
renderCal();
renderList();
}); });
}); });
updateJson();
} }
function updateJson() { function updateJson() {
const arr = [...days.entries()].map(([date, t]) => ({ const arr = [...days.entries()].map(function([date, t]) {
date: date, return { date: date, time_start: t.start, time_end: t.end };
time_start: t.start, });
time_end: t.end
}));
document.getElementById('daysJson').value = JSON.stringify(arr); document.getElementById('daysJson').value = JSON.stringify(arr);
} }
document.getElementById('addDateBtn').addEventListener('click', function() { // ── Navigation ───────────────────────────────────────────
const v = document.getElementById('pickDate').value; document.getElementById('calPrev').addEventListener('click', function() {
addDay(v); viewMonth--;
document.getElementById('pickDate').value = ''; if (viewMonth < 0) { viewMonth = 11; viewYear--; }
renderCal();
});
document.getElementById('calNext').addEventListener('click', function() {
viewMonth++;
if (viewMonth > 11) { viewMonth = 0; viewYear++; }
renderCal();
}); });
document.getElementById('pickDate').addEventListener('keydown', function(e) { // ── Range mode toggle ────────────────────────────────────
if (e.key === 'Enter') { e.preventDefault(); document.getElementById('addDateBtn').click(); } document.getElementById('rangeModeBtn').addEventListener('click', function() {
}); rangeMode = !rangeMode;
rangeStart = null;
document.getElementById('fillRangeBtn').addEventListener('click', function() { if (rangeMode) {
const from = document.getElementById('rangeFrom').value; this.classList.remove('is-outlined', 'is-info');
const to = document.getElementById('rangeTo').value; this.classList.add('is-warning');
if (!from || !to || from > to) return; this.textContent = '✕ Выбрать отдельные дни';
let cur = new Date(from + 'T00:00:00'); } else {
const end = new Date(to + 'T00:00:00'); this.classList.remove('is-warning');
while (cur <= end) { this.classList.add('is-outlined', 'is-info');
const ds = cur.toISOString().slice(0, 10); this.textContent = '⇔ Выбрать диапазон';
addDay(ds);
cur.setDate(cur.getDate() + 1);
} }
document.getElementById('rangeFrom').value = ''; renderCal();
document.getElementById('rangeTo').value = '';
}); });
// Set default pick date to today document.getElementById('resetBtn').addEventListener('click', function() {
document.getElementById('pickDate').valueAsDate = new Date(); days.clear();
rangeStart = null;
renderCal();
renderList();
});
// ── Default time change → update existing days ───────────
// (only updates days that still have the old default)
// kept simple: doesn't retroactively update already-added days
renderCal();
renderList();
})();
</script> </script>
{% endblock %} {% endblock %}
templates/admin/settings.html
+85 -20
View File
@@ -14,12 +14,8 @@
<div class="form-card"> <div class="form-card">
<form method="post" action="/admin/settings/save"> <form method="post" action="/admin/settings/save">
<div class="field">
<label class="label">{{ t.settings_telegram_bot_token }}</label> <h2 class="subtitle is-5 mb-3" style="border-bottom:1px solid #eee;padding-bottom:0.5rem;">{{ t.settings_contact_info }}</h2>
<div class="control">
<input class="input" type="text" name="telegram_bot_token" value="{% for s in &settings %}{% if s.key == "telegram_bot_token" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field"> <div class="field">
<label class="label">{{ t.settings_contact_info }}</label> <label class="label">{{ t.settings_contact_info }}</label>
<div class="control"> <div class="control">
@@ -32,18 +28,6 @@
<textarea class="input" name="pricing_info" rows="3" style="min-height:70px;resize:vertical;" placeholder="от 600 рублей за визит">{% for s in &settings %}{% if s.key == "pricing_info" %}{{ s.value }}{% endif %}{% endfor %}</textarea> <textarea class="input" name="pricing_info" rows="3" style="min-height:70px;resize:vertical;" placeholder="от 600 рублей за визит">{% for s in &settings %}{% if s.key == "pricing_info" %}{{ s.value }}{% endif %}{% endfor %}</textarea>
</div> </div>
</div> </div>
<div class="field">
<label class="label">{{ t.settings_site_domain }}</label>
<div class="control">
<input class="input" type="text" name="site_domain" placeholder="https://example.com" value="{% for s in &settings %}{% if s.key == "site_domain" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="label">{{ t.settings_timezone }}</label>
<div class="control">
<input class="input" type="text" name="timezone" placeholder="Asia/Vladivostok" value="{% for s in &settings %}{% if s.key == "timezone" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field"> <div class="field">
<label class="label">{{ t.settings_seo_keywords }}</label> <label class="label">{{ t.settings_seo_keywords }}</label>
<div class="control"> <div class="control">
@@ -52,10 +36,91 @@
placeholder="зооняня Хабаровск, присмотр за питомцем Хабаровск, догситтер Хабаровск">{% for s in &settings %}{% if s.key == "seo_keywords" %}{{ s.value }}{% endif %}{% endfor %}</textarea> placeholder="зооняня Хабаровск, присмотр за питомцем Хабаровск, догситтер Хабаровск">{% for s in &settings %}{% if s.key == "seo_keywords" %}{{ s.value }}{% endif %}{% endfor %}</textarea>
</div> </div>
<div id="seoPreview" style="margin-top:0.5rem;padding:0.5rem 0.75rem;background:#fafafa;border:1px solid #eee;border-radius:6px;min-height:2rem;line-height:2;font-size:0.85rem;display:none;"></div> <div id="seoPreview" style="margin-top:0.5rem;padding:0.5rem 0.75rem;background:#fafafa;border:1px solid #eee;border-radius:6px;min-height:2rem;line-height:2;font-size:0.85rem;display:none;"></div>
<p style="font-size:0.78rem;color:#aaa;margin-top:0.3rem;">Каждая фраза между запятыми — отдельное ключевое слово</p>
</div> </div>
<button type="submit" class="button is-primary">{{ t.settings_save }}</button> <details style="margin-top:1.5rem;">
<summary class="subtitle is-5 mb-3" style="cursor:pointer;border-bottom:1px solid #eee;padding-bottom:0.5rem;">
{{ t.settings_section_advanced }}
</summary>
<div style="margin-top:1rem;">
<h3 class="subtitle is-6 mb-2 has-text-grey">{{ t.settings_section_general }}</h3>
<div class="field">
<label class="label">{{ t.settings_site_domain }}</label>
<div class="control">
<input class="input" type="text" name="site_domain" placeholder="https://example.com" value="{% for s in &settings %}{% if s.key == "site_domain" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="label">{{ t.settings_timezone }}</label>
<div class="control">
<input class="input" type="text" name="timezone" placeholder="Asia/Vladivostok" value="{% for s in &settings %}{% if s.key == "timezone" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<h3 class="subtitle is-6 mb-2 has-text-grey" style="margin-top:1.25rem;">{{ t.settings_section_notifications }}</h3>
<div class="field">
<label class="label">{{ t.settings_telegram_bot_token }}</label>
<div class="control">
<input class="input" type="text" name="telegram_bot_token" value="{% for s in &settings %}{% if s.key == "telegram_bot_token" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<h3 class="subtitle is-6 mb-2 has-text-grey" style="margin-top:1.25rem;">{{ t.settings_section_captcha }}</h3>
<div class="field">
<label class="label">{{ t.settings_turnstile_site_key }}</label>
<div class="control">
<input class="input" type="text" name="turnstile_site_key" value="{% for s in &settings %}{% if s.key == "turnstile_site_key" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="label">{{ t.settings_turnstile_secret_key }}</label>
<div class="control">
<input class="input" type="text" name="turnstile_secret_key" value="{% for s in &settings %}{% if s.key == "turnstile_secret_key" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<h3 class="subtitle is-6 mb-2 has-text-grey" style="margin-top:1.25rem;">{{ t.settings_section_oidc }}</h3>
<div class="field">
<label class="label">{{ t.settings_oidc_issuer_url }}</label>
<div class="control">
<input class="input" type="text" name="oidc_issuer_url" placeholder="https://keycloak.example.com/realms/myrealm" value="{% for s in &settings %}{% if s.key == "oidc_issuer_url" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="label">{{ t.settings_oidc_client_id }}</label>
<div class="control">
<input class="input" type="text" name="oidc_client_id" value="{% for s in &settings %}{% if s.key == "oidc_client_id" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="label">{{ t.settings_oidc_client_secret }}</label>
<div class="control">
<input class="input" type="password" name="oidc_client_secret" value="{% for s in &settings %}{% if s.key == "oidc_client_secret" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="label">{{ t.settings_oidc_allowed_groups }}</label>
<div class="control">
<input class="input" type="text" name="oidc_allowed_groups" placeholder="admins, web-petting" value="{% for s in &settings %}{% if s.key == "oidc_allowed_groups" %}{{ s.value }}{% endif %}{% endfor %}">
</div>
</div>
<div class="field">
<label class="checkbox">
<input type="checkbox" name="auth_password_enabled" value="true"{% if auth_password_checked %} checked{% endif %}>
{{ t.settings_auth_password_enabled }}
</label>
</div>
<div class="field">
<label class="checkbox">
<input type="checkbox" name="auth_sso_enabled" value="true"{% if auth_sso_checked %} checked{% endif %}>
{{ t.settings_auth_sso_enabled }}
</label>
</div>
</div>
</details>
<button type="submit" class="button is-primary" style="margin-top:1.5rem;">{{ t.settings_save }}</button>
</form> </form>
</div> </div>
templates/client_portal.html
+9
View File
@@ -5,6 +5,9 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{{ t.portal_title }} — {{ client.name }}</title> <title>{{ t.portal_title }} — {{ client.name }}</title>
<link rel="icon" type="image/svg+xml" href="/favicon.svg"> <link rel="icon" type="image/svg+xml" href="/favicon.svg">
{% if !turnstile_site_key.is_empty() %}
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
{% endif %}
<style> <style>
:root { color-scheme: light; } :root { color-scheme: light; }
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; } *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
@@ -166,6 +169,9 @@
</div> </div>
<form class="feedback-form" id="fb-form-{{ pv.visit.id }}" style="display:none;" method="post" action="/client/{{ client.media_token }}/{{ pv.visit.id }}/feedback"> <form class="feedback-form" id="fb-form-{{ pv.visit.id }}" style="display:none;" method="post" action="/client/{{ client.media_token }}/{{ pv.visit.id }}/feedback">
<textarea name="feedback" required>{{ fb }}</textarea> <textarea name="feedback" required>{{ fb }}</textarea>
{% if !turnstile_site_key.is_empty() %}
<div class="cf-turnstile" data-sitekey="{{ turnstile_site_key }}" data-theme="light" data-appearance="interaction-only" style="margin-top:0.4rem;"></div>
{% endif %}
<div style="display:flex;gap:0.4rem;"> <div style="display:flex;gap:0.4rem;">
<button type="submit">{{ t.portal_feedback_submit }}</button> <button type="submit">{{ t.portal_feedback_submit }}</button>
<button type="button" class="fb-cancel-btn" onclick="hideFbEdit({{ pv.visit.id }})"></button> <button type="button" class="fb-cancel-btn" onclick="hideFbEdit({{ pv.visit.id }})"></button>
@@ -174,6 +180,9 @@
{% else %} {% else %}
<form class="feedback-form" method="post" action="/client/{{ client.media_token }}/{{ pv.visit.id }}/feedback"> <form class="feedback-form" method="post" action="/client/{{ client.media_token }}/{{ pv.visit.id }}/feedback">
<textarea name="feedback" placeholder="{{ t.portal_feedback_placeholder }}" required></textarea> <textarea name="feedback" placeholder="{{ t.portal_feedback_placeholder }}" required></textarea>
{% if !turnstile_site_key.is_empty() %}
<div class="cf-turnstile" data-sitekey="{{ turnstile_site_key }}" data-theme="light" data-appearance="interaction-only" style="margin-top:0.4rem;"></div>
{% endif %}
<button type="submit">{{ t.portal_feedback_submit }}</button> <button type="submit">{{ t.portal_feedback_submit }}</button>
</form> </form>
{% endif %} {% endif %}
templates/landing.html
+7
View File
@@ -50,6 +50,10 @@
} }
</script> </script>
{% if !turnstile_site_key.is_empty() %}
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
{% endif %}
<style> <style>
/* ── Reset & Base ── */ /* ── Reset & Base ── */
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; } *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
@@ -464,6 +468,9 @@
<input type="checkbox" id="consent" name="consent" required style="margin-top:0.2rem;width:auto;flex-shrink:0;"> <input type="checkbox" id="consent" name="consent" required style="margin-top:0.2rem;width:auto;flex-shrink:0;">
<label for="consent" style="font-size:0.82rem;font-weight:400;color:#7a7599;cursor:pointer;display:inline;">{{ t.landing_form_consent }}</label> <label for="consent" style="font-size:0.82rem;font-weight:400;color:#7a7599;cursor:pointer;display:inline;">{{ t.landing_form_consent }}</label>
</div> </div>
{% if !turnstile_site_key.is_empty() %}
<div class="cf-turnstile" data-sitekey="{{ turnstile_site_key }}" data-theme="light" data-size="compact" style="margin-bottom:1.25rem;"></div>
{% endif %}
<button type="submit" class="form-submit">{{ t.landing_form_submit }}</button> <button type="submit" class="form-submit">{{ t.landing_form_submit }}</button>
</form> </form>
{% if !contact_info.is_empty() %} {% if !contact_info.is_empty() %}