bent/BeetRoundServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

After "mix phx.gen.auth Admins Admin admins" with added working register and login path.

Browse Source
This commit is contained in:
Bent Witthold
2026-02-20 13:09:55 +01:00
parent a47931f40e
commit 53d19a3a18
28 changed files with 2830 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
lib/beet_round_server_web/controllers/admin_controller.ex Normal file
View File

@ -0,0 +1,56 @@
defmodule BeetRoundServerWeb.AdminController do
use BeetRoundServerWeb, :controller
alias BeetRoundServer.Admins
alias BeetRoundServer.Admins.Admin
action_fallback BeetRoundServerWeb.FallbackController
def create(conn, %{"admin" => admin_params}) do
with {:ok, %Admin{} = admin} <- Admins.register_admin(admin_params) do
conn
|> put_status(:created)
|> render(:show, admin: admin)
else
{:error, _changeset} ->
existingAdmin = Admins.get_admin_by_email(admin_params["email"])
if existingAdmin == nil do
conn
|> put_status(:bad_request)
|> render(:error, %{error: "Admin could not be created!", admin: admin_params})
else
admin = %{
mail: existingAdmin.email,
id: existingAdmin.id
}
conn
|> put_status(:conflict)
|> render(:error, %{error: "Admin already exists!", admin: admin})
end
end
end
def show(conn, %{"id" => id}) do
admin = Admins.get_admin!(id)
render(conn, :show, admin: admin)
end
def log_in(conn, %{"admin" => admin_params}) do
case Admins.get_admin_by_email_and_password(admin_params["email"], admin_params["password"]) do
nil ->
IO.puts("Admin couldn't be found!")
conn
|> put_status(:forbidden)
|> render(:error, %{error: "Invalid email or password!", admin: admin_params})
admin ->
encoded_token = Admins.create_admin_api_token(admin)
updated_admin = Map.put(admin, :token, encoded_token)
render(conn, :token, admin: updated_admin)
end
end
end

47
lib/beet_round_server_web/controllers/admin_json.ex Normal file
View File

@ -0,0 +1,47 @@
defmodule BeetRoundServerWeb.AdminJSON do
alias BeetRoundServer.Admins.Admin
@doc """
Renders a list of admins.
"""
def index(%{admins: admins}) do
%{data: for(admin <- admins, do: data(admin))}
end
@doc """
Renders a single admin.
"""
def show(%{admin: admin}) do
%{
data: data(admin)
}
end
def token(%{admin: admin}) do
%{
data: %{
id: admin.id,
email: admin.email,
token: admin.token
}
}
end
def mail_status(%{status: status}) do
%{data: status}
end
def error(%{error: error, admin: admin}) do
%{
error: error,
admin: admin
}
end
defp data(%Admin{} = admin) do
%{
id: admin.id,
email: admin.email
}
end
end

32
lib/beet_round_server_web/controllers/admin_registration_controller.ex Normal file
View File

@ -0,0 +1,32 @@
defmodule BeetRoundServerWeb.AdminRegistrationController do
use BeetRoundServerWeb, :controller
alias BeetRoundServer.Admins
alias BeetRoundServer.Admins.Admin
def new(conn, _params) do
changeset = Admins.change_admin_email(%Admin{})
render(conn, :new, changeset: changeset)
end
def create(conn, %{"admin" => admin_params}) do
case Admins.register_admin(admin_params) do
{:ok, admin} ->
{:ok, _} =
Admins.deliver_login_instructions(
admin,
&url(~p"/admins/log-in/#{&1}")
)
conn
|> put_flash(
:info,
"An email was sent to #{admin.email}, please access it to confirm your account."
)
|> redirect(to: ~p"/admins/log-in")
{:error, %Ecto.Changeset{} = changeset} ->
render(conn, :new, changeset: changeset)
end
end
end

5
lib/beet_round_server_web/controllers/admin_registration_html.ex Normal file
View File

@ -0,0 +1,5 @@
defmodule BeetRoundServerWeb.AdminRegistrationHTML do
use BeetRoundServerWeb, :html
embed_templates "admin_registration_html/*"
end

31
lib/beet_round_server_web/controllers/admin_registration_html/new.html.heex Normal file
View File

@ -0,0 +1,31 @@
<Layouts.app flash={@flash} current_scope={@current_scope}>
<div class="mx-auto max-w-sm">
<div class="text-center">
<.header>
Register for an account
<:subtitle>
Already registered?
<.link navigate={~p"/admins/log-in"} class="font-semibold text-brand hover:underline">
Log in
</.link>
to your account now.
</:subtitle>
</.header>
</div>
<.form :let={f} for={@changeset} action={~p"/admins/register"}>
<.input
field={f[:email]}
type="email"
label="Email"
autocomplete="email"
required
phx-mounted={JS.focus()}
/>
<.button phx-disable-with="Creating account..." class="btn btn-primary w-full">
Create an account
</.button>
</.form>
</div>
</Layouts.app>

88
lib/beet_round_server_web/controllers/admin_session_controller.ex Normal file
View File

@ -0,0 +1,88 @@
defmodule BeetRoundServerWeb.AdminSessionController do
use BeetRoundServerWeb, :controller
alias BeetRoundServer.Admins
alias BeetRoundServerWeb.AdminAuth
def new(conn, _params) do
email = get_in(conn.assigns, [:current_scope, Access.key(:admin), Access.key(:email)])
form = Phoenix.Component.to_form(%{"email" => email}, as: "admin")
render(conn, :new, form: form)
end
# magic link login
def create(conn, %{"admin" => %{"token" => token} = admin_params} = params) do
info =
case params do
%{"_action" => "confirmed"} -> "Admin confirmed successfully."
_ -> "Welcome back!"
end
case Admins.login_admin_by_magic_link(token) do
{:ok, {admin, _expired_tokens}} ->
conn
|> put_flash(:info, info)
|> AdminAuth.log_in_admin(admin, admin_params)
{:error, :not_found} ->
conn
|> put_flash(:error, "The link is invalid or it has expired.")
|> render(:new, form: Phoenix.Component.to_form(%{}, as: "admin"))
end
end
# email + password login
def create(conn, %{"admin" => %{"email" => email, "password" => password} = admin_params}) do
if admin = Admins.get_admin_by_email_and_password(email, password) do
conn
|> put_flash(:info, "Welcome back!")
|> AdminAuth.log_in_admin(admin, admin_params)
else
form = Phoenix.Component.to_form(admin_params, as: "admin")
# In order to prevent user enumeration attacks, don't disclose whether the email is registered.
conn
|> put_flash(:error, "Invalid email or password")
|> render(:new, form: form)
end
end
# magic link request
def create(conn, %{"admin" => %{"email" => email}}) do
if admin = Admins.get_admin_by_email(email) do
Admins.deliver_login_instructions(
admin,
&url(~p"/admins/log-in/#{&1}")
)
end
info =
"If your email is in our system, you will receive instructions for logging in shortly."
conn
|> put_flash(:info, info)
|> redirect(to: ~p"/admins/log-in")
end
def confirm(conn, %{"token" => token}) do
if admin = Admins.get_admin_by_magic_link_token(token) do
form = Phoenix.Component.to_form(%{"token" => token}, as: "admin")
conn
|> assign(:admin, admin)
|> assign(:form, form)
|> render(:confirm)
else
conn
|> put_flash(:error, "Magic link is invalid or it has expired.")
|> redirect(to: ~p"/admins/log-in")
end
end
def delete(conn, _params) do
conn
|> put_flash(:info, "Logged out successfully.")
|> AdminAuth.log_out_admin()
end
end

9
lib/beet_round_server_web/controllers/admin_session_html.ex Normal file
View File

@ -0,0 +1,9 @@
defmodule BeetRoundServerWeb.AdminSessionHTML do
use BeetRoundServerWeb, :html
embed_templates "admin_session_html/*"
defp local_mail_adapter? do
Application.get_env(:beet_round_server, BeetRoundServer.Mailer)[:adapter] == Swoosh.Adapters.Local
end
end

59
lib/beet_round_server_web/controllers/admin_session_html/confirm.html.heex Normal file
View File

@ -0,0 +1,59 @@
<Layouts.app flash={@flash} current_scope={@current_scope}>
<div class="mx-auto max-w-sm">
<div class="text-center">
<.header>Welcome {@admin.email}</.header>
</div>
<.form
:if={!@admin.confirmed_at}
for={@form}
id="confirmation_form"
action={~p"/admins/log-in?_action=confirmed"}
phx-mounted={JS.focus_first()}
>
<input type="hidden" name={@form[:token].name} value={@form[:token].value} />
<.button
name={@form[:remember_me].name}
value="true"
phx-disable-with="Confirming..."
class="btn btn-primary w-full"
>
Confirm and stay logged in
</.button>
<.button phx-disable-with="Confirming..." class="btn btn-primary btn-soft w-full mt-2">
Confirm and log in only this time
</.button>
</.form>
<.form
:if={@admin.confirmed_at}
for={@form}
id="login_form"
action={~p"/admins/log-in"}
phx-mounted={JS.focus_first()}
>
<input type="hidden" name={@form[:token].name} value={@form[:token].value} />
<%= if @current_scope do %>
<.button variant="primary" phx-disable-with="Logging in..." class="btn btn-primary w-full">
Log in
</.button>
<% else %>
<.button
name={@form[:remember_me].name}
value="true"
phx-disable-with="Logging in..."
class="btn btn-primary w-full"
>
Keep me logged in on this device
</.button>
<.button phx-disable-with="Logging in..." class="btn btn-primary btn-soft w-full mt-2">
Log me in only this time
</.button>
<% end %>
</.form>
<p :if={!@admin.confirmed_at} class="alert alert-outline mt-8">
Tip: If you prefer passwords, you can enable them in the admin settings.
</p>
</div>
</Layouts.app>

70
lib/beet_round_server_web/controllers/admin_session_html/new.html.heex Normal file
View File

@ -0,0 +1,70 @@
<Layouts.app flash={@flash} current_scope={@current_scope}>
<div class="mx-auto max-w-sm space-y-4">
<div class="text-center">
<.header>
<p>Log in</p>
<:subtitle>
<%= if @current_scope do %>
You need to reauthenticate to perform sensitive actions on your account.
<% else %>
Don't have an account? <.link
navigate={~p"/admins/register"}
class="font-semibold text-brand hover:underline"
phx-no-format
>Sign up</.link> for an account now.
<% end %>
</:subtitle>
</.header>
</div>
<div :if={local_mail_adapter?()} class="alert alert-info">
<.icon name="hero-information-circle" class="size-6 shrink-0" />
<div>
<p>You are running the local mail adapter.</p>
<p>
To see sent emails, visit <.link href="/dev/mailbox" class="underline">the mailbox page</.link>.
</p>
</div>
</div>
<.form :let={f} for={@form} as={:admin} id="login_form_magic" action={~p"/admins/log-in"}>
<.input
readonly={!!@current_scope}
field={f[:email]}
type="email"
label="Email"
autocomplete="email"
required
phx-mounted={JS.focus()}
/>
<.button class="btn btn-primary w-full">
Log in with email <span aria-hidden="true">→</span>
</.button>
</.form>
<div class="divider">or</div>
<.form :let={f} for={@form} as={:admin} id="login_form_password" action={~p"/admins/log-in"}>
<.input
readonly={!!@current_scope}
field={f[:email]}
type="email"
label="Email"
autocomplete="email"
required
/>
<.input
field={f[:password]}
type="password"
label="Password"
autocomplete="current-password"
/>
<.button class="btn btn-primary w-full" name={@form[:remember_me].name} value="true">
Log in and stay logged in <span aria-hidden="true">→</span>
</.button>
<.button class="btn btn-primary btn-soft w-full mt-2">
Log in only this time
</.button>
</.form>
</div>
</Layouts.app>

77
lib/beet_round_server_web/controllers/admin_settings_controller.ex Normal file
View File

@ -0,0 +1,77 @@
defmodule BeetRoundServerWeb.AdminSettingsController do
use BeetRoundServerWeb, :controller
alias BeetRoundServer.Admins
alias BeetRoundServerWeb.AdminAuth
import BeetRoundServerWeb.AdminAuth, only: [require_sudo_mode: 2]
plug :require_sudo_mode
plug :assign_email_and_password_changesets
def edit(conn, _params) do
render(conn, :edit)
end
def update(conn, %{"action" => "update_email"} = params) do
%{"admin" => admin_params} = params
admin = conn.assigns.current_scope.admin
case Admins.change_admin_email(admin, admin_params) do
%{valid?: true} = changeset ->
Admins.deliver_admin_update_email_instructions(
Ecto.Changeset.apply_action!(changeset, :insert),
admin.email,
&url(~p"/admins/settings/confirm-email/#{&1}")
)
conn
|> put_flash(
:info,
"A link to confirm your email change has been sent to the new address."
)
|> redirect(to: ~p"/admins/settings")
changeset ->
render(conn, :edit, email_changeset: %{changeset | action: :insert})
end
end
def update(conn, %{"action" => "update_password"} = params) do
%{"admin" => admin_params} = params
admin = conn.assigns.current_scope.admin
case Admins.update_admin_password(admin, admin_params) do
{:ok, {admin, _}} ->
conn
|> put_flash(:info, "Password updated successfully.")
|> put_session(:admin_return_to, ~p"/admins/settings")
|> AdminAuth.log_in_admin(admin)
{:error, changeset} ->
render(conn, :edit, password_changeset: changeset)
end
end
def confirm_email(conn, %{"token" => token}) do
case Admins.update_admin_email(conn.assigns.current_scope.admin, token) do
{:ok, _admin} ->
conn
|> put_flash(:info, "Email changed successfully.")
|> redirect(to: ~p"/admins/settings")
{:error, _} ->
conn
|> put_flash(:error, "Email change link is invalid or it has expired.")
|> redirect(to: ~p"/admins/settings")
end
end
defp assign_email_and_password_changesets(conn, _opts) do
admin = conn.assigns.current_scope.admin
conn
|> assign(:email_changeset, Admins.change_admin_email(admin))
|> assign(:password_changeset, Admins.change_admin_password(admin))
end
end

5
lib/beet_round_server_web/controllers/admin_settings_html.ex Normal file
View File

@ -0,0 +1,5 @@
defmodule BeetRoundServerWeb.AdminSettingsHTML do
use BeetRoundServerWeb, :html
embed_templates "admin_settings_html/*"
end

40
lib/beet_round_server_web/controllers/admin_settings_html/edit.html.heex Normal file
View File

@ -0,0 +1,40 @@
<Layouts.app flash={@flash} current_scope={@current_scope}>
<div class="text-center">
<.header>
Account Settings
<:subtitle>Manage your account email address and password settings</:subtitle>
</.header>
</div>
<.form :let={f} for={@email_changeset} action={~p"/admins/settings"} id="update_email">
<input type="hidden" name="action" value="update_email" />
<.input field={f[:email]} type="email" label="Email" autocomplete="email" required />
<.button variant="primary" phx-disable-with="Changing...">Change Email</.button>
</.form>
<div class="divider" />
<.form :let={f} for={@password_changeset} action={~p"/admins/settings"} id="update_password">
<input type="hidden" name="action" value="update_password" />
<.input
field={f[:password]}
type="password"
label="New password"
autocomplete="new-password"
required
/>
<.input
field={f[:password_confirmation]}
type="password"
label="Confirm new password"
autocomplete="new-password"
required
/>
<.button variant="primary" phx-disable-with="Changing...">
Save Password
</.button>
</.form>
</Layouts.app>