Orgs, Members, SSH and Admin page

2026-02-14 13:20:05 +01:00 · 2025-09-01 21:58:34 +01:00
parent 3f22521f49
commit 5425ed5dcc
61 changed files with 7138 additions and 819 deletions
--- a/internal/handlers/authn/funcs.go
+++ b/internal/handlers/authn/funcs.go
@@ -4,11 +4,14 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
+	"net/http"
+	"strconv"
 	"time"

 	"github.com/glueops/autoglue/internal/config"
 	"github.com/glueops/autoglue/internal/db"
 	"github.com/glueops/autoglue/internal/db/models"
+	"github.com/glueops/autoglue/internal/middleware"
 	appsmtp "github.com/glueops/autoglue/internal/smtp"
 	"github.com/google/uuid"
 )
@@ -90,3 +93,54 @@ func sendTemplatedEmail(to string, templateFile string, data any) error {
 	}
 	return m.Send(to, data, templateFile)
 }
+
+func mustInt(s string, def int) int {
+	if s == "" {
+		return def
+	}
+	n, err := strconv.Atoi(s)
+	if err != nil {
+		return def
+	}
+	return n
+}
+
+func adminCount(except *uuid.UUID) (int64, error) {
+	q := db.DB.Model(&models.User{}).Where(`role = ?`, "admin")
+	if except != nil {
+		q = q.Where("id <> ?", *except)
+	}
+	var n int64
+	err := q.Count(&n).Error
+	return n, err
+}
+
+func requireGlobalAdmin(w http.ResponseWriter, r *http.Request) (*models.User, bool) {
+	ctx := middleware.GetAuthContext(r)
+	if ctx == nil {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return nil, false
+	}
+	var me models.User
+	if err := db.DB.Select("id, role").First(&me, "id = ?", ctx.UserID).Error; err != nil {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return nil, false
+	}
+	if me.Role != "admin" {
+		http.Error(w, "forbidden", http.StatusForbidden)
+		return nil, false
+	}
+	return &me, true
+}
+
+func asUserOut(u models.User) userOut {
+	return userOut{
+		ID:            u.ID,
+		Name:          u.Name,
+		Email:         u.Email,
+		EmailVerified: u.EmailVerified,
+		Role:          string(u.Role),
+		CreatedAt:     u.CreatedAt,
+		UpdatedAt:     u.UpdatedAt,
+	}
+}