704 lines
19 KiB
Go
704 lines
19 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"database/sql"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
"gopkg.in/yaml.v3"
|
|
_ "github.com/mattn/go-sqlite3"
|
|
)
|
|
|
|
// ============================================================
|
|
// Config
|
|
// ============================================================
|
|
|
|
type AdminUser struct {
|
|
Username string `yaml:"username"`
|
|
PasswordHash string `yaml:"password_hash"`
|
|
}
|
|
|
|
type Config struct {
|
|
Port int `yaml:"port"`
|
|
Admin []AdminUser `yaml:"admin"`
|
|
mu sync.Mutex
|
|
path string
|
|
}
|
|
|
|
func LoadConfig(dataDir string) (*Config, error) {
|
|
path := filepath.Join(dataDir, "config.yml")
|
|
cfg := &Config{
|
|
Port: 47732,
|
|
Admin: nil,
|
|
path: path,
|
|
}
|
|
data, err := os.ReadFile(path)
|
|
if err == nil {
|
|
if err := yaml.Unmarshal(data, cfg); err != nil {
|
|
return nil, fmt.Errorf("parse config: %w", err)
|
|
}
|
|
}
|
|
return cfg, nil
|
|
}
|
|
|
|
func (c *Config) Save() error {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
data, err := yaml.Marshal(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return os.WriteFile(c.path, data, 0640)
|
|
}
|
|
|
|
func (c *Config) SetAdmin(username, password string) error {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
user := AdminUser{Username: username, PasswordHash: string(hash)}
|
|
// Replace existing or append.
|
|
for i, u := range c.Admin {
|
|
if u.Username == username {
|
|
c.Admin[i] = user
|
|
return c.saveLocked()
|
|
}
|
|
}
|
|
c.Admin = append(c.Admin, user)
|
|
return c.saveLocked()
|
|
}
|
|
|
|
func (c *Config) CheckAdmin(username, password string) bool {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
for _, u := range c.Admin {
|
|
if u.Username == username {
|
|
if bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password)) == nil {
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (c *Config) saveLocked() error {
|
|
data, err := yaml.Marshal(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return os.WriteFile(c.path, data, 0640)
|
|
}
|
|
|
|
// ============================================================
|
|
// Token
|
|
// ============================================================
|
|
|
|
type tokenStore struct {
|
|
mu sync.Mutex
|
|
tokens map[string]time.Time
|
|
}
|
|
|
|
func newTokenStore() *tokenStore {
|
|
return &tokenStore{tokens: make(map[string]time.Time)}
|
|
}
|
|
|
|
func (ts *tokenStore) Create() string {
|
|
ts.mu.Lock()
|
|
defer ts.mu.Unlock()
|
|
b := make([]byte, 16)
|
|
rand.Read(b)
|
|
tok := hex.EncodeToString(b)
|
|
ts.tokens[tok] = time.Now().Add(24 * time.Hour)
|
|
return tok
|
|
}
|
|
|
|
func (ts *tokenStore) Check(tok string) bool {
|
|
ts.mu.Lock()
|
|
defer ts.mu.Unlock()
|
|
exp, ok := ts.tokens[tok]
|
|
if !ok {
|
|
return false
|
|
}
|
|
if time.Now().After(exp) {
|
|
delete(ts.tokens, tok)
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
// ============================================================
|
|
// Server DB schema
|
|
// ============================================================
|
|
|
|
const serverSchema = `
|
|
CREATE TABLE IF NOT EXISTS server_devices (
|
|
id TEXT PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
api_key TEXT NOT NULL UNIQUE,
|
|
last_seen TEXT,
|
|
created_at TEXT NOT NULL
|
|
);
|
|
|
|
CREATE TABLE IF NOT EXISTS server_revisions (
|
|
rev INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
op_id TEXT NOT NULL,
|
|
device_id TEXT NOT NULL,
|
|
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
|
);
|
|
|
|
CREATE TABLE IF NOT EXISTS server_ops (
|
|
op_id TEXT PRIMARY KEY,
|
|
device_id TEXT NOT NULL,
|
|
entity_type TEXT NOT NULL,
|
|
entity_id TEXT NOT NULL,
|
|
op_type TEXT NOT NULL,
|
|
payload_json TEXT NOT NULL,
|
|
created_at TEXT NOT NULL,
|
|
pushed_at TEXT NOT NULL DEFAULT (datetime('now'))
|
|
);
|
|
|
|
CREATE TABLE IF NOT EXISTS server_blobs (
|
|
sha256 TEXT PRIMARY KEY,
|
|
size INTEGER NOT NULL,
|
|
created_at TEXT NOT NULL
|
|
);
|
|
`
|
|
|
|
// ============================================================
|
|
// Server
|
|
// ============================================================
|
|
|
|
type Server struct {
|
|
db *sql.DB
|
|
cfg *Config
|
|
tokens *tokenStore
|
|
blobsDir string
|
|
mux *http.ServeMux
|
|
}
|
|
|
|
func NewServer(dbPath, dataDir string, cfg *Config) (*Server, error) {
|
|
db, err := sql.Open("sqlite3", fmt.Sprintf("file:%s?mode=rwc", dbPath))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("open db: %w", err)
|
|
}
|
|
db.SetMaxOpenConns(1)
|
|
|
|
// Run schema.
|
|
for _, stmt := range strings.Split(serverSchema, ";") {
|
|
stmt = strings.TrimSpace(stmt)
|
|
if stmt == "" {
|
|
continue
|
|
}
|
|
if _, err := db.Exec(stmt); err != nil {
|
|
db.Close()
|
|
return nil, fmt.Errorf("schema: %w", err)
|
|
}
|
|
}
|
|
|
|
blobsDir := filepath.Join(dataDir, "blobs")
|
|
if err := os.MkdirAll(blobsDir, 0750); err != nil {
|
|
db.Close()
|
|
return nil, err
|
|
}
|
|
|
|
s := &Server{
|
|
db: db,
|
|
cfg: cfg,
|
|
tokens: newTokenStore(),
|
|
blobsDir: blobsDir,
|
|
}
|
|
s.mux = s.routes()
|
|
return s, nil
|
|
}
|
|
|
|
func (s *Server) Close() error {
|
|
return s.db.Close()
|
|
}
|
|
|
|
func (s *Server) ListenAndServe(addr string) error {
|
|
return http.ListenAndServe(addr, s.mux)
|
|
}
|
|
|
|
// ============================================================
|
|
// Routes
|
|
// ============================================================
|
|
|
|
func (s *Server) routes() *http.ServeMux {
|
|
mux := http.NewServeMux()
|
|
mux.HandleFunc("/api/v1/health", s.handleHealth)
|
|
mux.HandleFunc("/api/v1/device/register", s.handleDeviceRegister)
|
|
mux.HandleFunc("/api/v1/sync/push", s.handleSyncPush)
|
|
mux.HandleFunc("/api/v1/sync/pull", s.handleSyncPull)
|
|
mux.HandleFunc("/api/v1/blobs/", s.handleBlobs)
|
|
mux.HandleFunc("/admin/login", s.handleAdminLogin)
|
|
mux.HandleFunc("/admin/dashboard", s.handleAdminDashboard)
|
|
mux.HandleFunc("/admin/", s.handleAdminAPI)
|
|
mux.HandleFunc("/", s.handleNotFound)
|
|
return mux
|
|
}
|
|
|
|
// ============================================================
|
|
// Helpers
|
|
// ============================================================
|
|
|
|
func jsonOK(w http.ResponseWriter, v interface{}) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(v)
|
|
}
|
|
|
|
func jsonErr(w http.ResponseWriter, code int, msg string) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(code)
|
|
json.NewEncoder(w).Encode(map[string]string{"error": msg})
|
|
}
|
|
|
|
func (s *Server) requireAPIKey(w http.ResponseWriter, r *http.Request) bool {
|
|
key := r.Header.Get("Authorization")
|
|
key = strings.TrimPrefix(key, "Bearer ")
|
|
if key == "" {
|
|
key = r.URL.Query().Get("api_key")
|
|
}
|
|
if key == "" {
|
|
jsonErr(w, 401, "API key required")
|
|
return false
|
|
}
|
|
var count int
|
|
err := s.db.QueryRow("SELECT COUNT(*) FROM server_devices WHERE api_key=?", key).Scan(&count)
|
|
if err != nil || count == 0 {
|
|
jsonErr(w, 401, "invalid API key")
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (s *Server) requireAdmin(w http.ResponseWriter, r *http.Request) bool {
|
|
cookie, err := r.Cookie("session")
|
|
if err != nil || !s.tokens.Check(cookie.Value) {
|
|
http.Redirect(w, r, "/admin/login", http.StatusFound)
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
// ============================================================
|
|
// Handlers
|
|
// ============================================================
|
|
|
|
func (s *Server) handleNotFound(w http.ResponseWriter, r *http.Request) {
|
|
if r.URL.Path == "/" {
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
w.Write([]byte("Verstak Sync Server\n"))
|
|
return
|
|
}
|
|
jsonErr(w, 404, "not found")
|
|
}
|
|
|
|
func (s *Server) handleHealth(w http.ResponseWriter, r *http.Request) {
|
|
jsonOK(w, map[string]interface{}{
|
|
"status": "ok",
|
|
"version": "verstak-server/v1",
|
|
"time": time.Now().UTC().Format(time.RFC3339),
|
|
})
|
|
}
|
|
|
|
func (s *Server) handleDeviceRegister(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != "POST" {
|
|
jsonErr(w, 405, "POST required")
|
|
return
|
|
}
|
|
var req struct {
|
|
Name string `json:"name"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
jsonErr(w, 400, "invalid JSON")
|
|
return
|
|
}
|
|
if req.Name == "" {
|
|
jsonErr(w, 400, "name required")
|
|
return
|
|
}
|
|
|
|
b := make([]byte, 20)
|
|
rand.Read(b)
|
|
apiKey := hex.EncodeToString(b)
|
|
|
|
now := time.Now().UTC().Format(time.RFC3339)
|
|
|
|
result, err := s.db.Exec(
|
|
"INSERT INTO server_devices (id, name, api_key, last_seen, created_at) VALUES (?, ?, ?, ?, ?)",
|
|
apiKey[:12], req.Name, apiKey, now, now,
|
|
)
|
|
if err != nil {
|
|
jsonErr(w, 500, err.Error())
|
|
return
|
|
}
|
|
id, _ := result.LastInsertId()
|
|
_ = id
|
|
|
|
jsonOK(w, map[string]interface{}{
|
|
"device_id": apiKey[:12],
|
|
"api_key": apiKey,
|
|
})
|
|
}
|
|
|
|
func (s *Server) handleSyncPush(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireAPIKey(w, r) {
|
|
return
|
|
}
|
|
if r.Method != "POST" {
|
|
jsonErr(w, 405, "POST required")
|
|
return
|
|
}
|
|
var req struct {
|
|
DeviceID string `json:"device_id"`
|
|
Ops []struct {
|
|
OpID string `json:"op_id"`
|
|
EntityType string `json:"entity_type"`
|
|
EntityID string `json:"entity_id"`
|
|
OpType string `json:"op_type"`
|
|
PayloadJSON string `json:"payload_json"`
|
|
CreatedAt string `json:"created_at"`
|
|
} `json:"ops"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
jsonErr(w, 400, "invalid JSON: "+err.Error())
|
|
return
|
|
}
|
|
|
|
var accepted []string
|
|
for _, op := range req.Ops {
|
|
if op.OpID == "" || op.EntityType == "" || op.EntityID == "" || op.OpType == "" {
|
|
continue
|
|
}
|
|
_, err := s.db.Exec(
|
|
`INSERT OR IGNORE INTO server_ops (op_id, device_id, entity_type, entity_id, op_type, payload_json, created_at)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?)`,
|
|
op.OpID, req.DeviceID, op.EntityType, op.EntityID, op.OpType, op.PayloadJSON, op.CreatedAt,
|
|
)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
// Assign revision.
|
|
res, err := s.db.Exec(
|
|
"INSERT INTO server_revisions (op_id, device_id) VALUES (?, ?)",
|
|
op.OpID, req.DeviceID,
|
|
)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
rev, _ := res.LastInsertId()
|
|
_ = rev
|
|
accepted = append(accepted, op.OpID)
|
|
}
|
|
|
|
jsonOK(w, map[string]interface{}{
|
|
"accepted": accepted,
|
|
"count": len(accepted),
|
|
})
|
|
}
|
|
|
|
func (s *Server) handleSyncPull(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireAPIKey(w, r) {
|
|
return
|
|
}
|
|
if r.Method != "POST" {
|
|
jsonErr(w, 405, "POST required")
|
|
return
|
|
}
|
|
var req struct {
|
|
SinceRevision int `json:"since_revision"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
jsonErr(w, 400, "invalid JSON")
|
|
return
|
|
}
|
|
|
|
// Get current server revision.
|
|
var serverRev int
|
|
s.db.QueryRow("SELECT COALESCE(MAX(rev), 0) FROM server_revisions").Scan(&serverRev)
|
|
|
|
// Get ops since the requested revision.
|
|
rows, err := s.db.Query(`
|
|
SELECT so.op_id, so.device_id, so.entity_type, so.entity_id, so.op_type, so.payload_json, so.created_at
|
|
FROM server_ops so
|
|
JOIN server_revisions sr ON sr.op_id = so.op_id
|
|
WHERE sr.rev > ?
|
|
ORDER BY sr.rev`, req.SinceRevision)
|
|
if err != nil {
|
|
jsonErr(w, 500, err.Error())
|
|
return
|
|
}
|
|
defer rows.Close()
|
|
|
|
type opDTO struct {
|
|
OpID string `json:"op_id"`
|
|
DeviceID string `json:"device_id"`
|
|
EntityType string `json:"entity_type"`
|
|
EntityID string `json:"entity_id"`
|
|
OpType string `json:"op_type"`
|
|
PayloadJSON string `json:"payload_json"`
|
|
CreatedAt string `json:"created_at"`
|
|
}
|
|
var ops []opDTO
|
|
for rows.Next() {
|
|
var o opDTO
|
|
if err := rows.Scan(&o.OpID, &o.DeviceID, &o.EntityType, &o.EntityID, &o.OpType, &o.PayloadJSON, &o.CreatedAt); err != nil {
|
|
continue
|
|
}
|
|
ops = append(ops, o)
|
|
}
|
|
|
|
jsonOK(w, map[string]interface{}{
|
|
"server_revision": serverRev,
|
|
"ops": ops,
|
|
})
|
|
}
|
|
|
|
func (s *Server) handleBlobs(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireAPIKey(w, r) {
|
|
return
|
|
}
|
|
switch r.Method {
|
|
case "POST":
|
|
// Upload: accept multipart file, store by SHA-256.
|
|
if err := r.ParseMultipartForm(200 << 20); err != nil {
|
|
jsonErr(w, 400, "multipart error: "+err.Error())
|
|
return
|
|
}
|
|
file, header, err := r.FormFile("file")
|
|
if err != nil {
|
|
jsonErr(w, 400, "file field required")
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
// Read content and compute SHA-256.
|
|
data, err := io.ReadAll(file)
|
|
if err != nil {
|
|
jsonErr(w, 500, "read error")
|
|
return
|
|
}
|
|
hash := sha256.Sum256(data)
|
|
shaHex := hex.EncodeToString(hash[:])
|
|
|
|
// Store at blobs/ab/cd/sha256.
|
|
blobDir := filepath.Join(s.blobsDir, shaHex[:2], shaHex[2:4])
|
|
if err := os.MkdirAll(blobDir, 0750); err != nil {
|
|
jsonErr(w, 500, "mkdir error")
|
|
return
|
|
}
|
|
blobPath := filepath.Join(blobDir, shaHex)
|
|
if err := os.WriteFile(blobPath, data, 0640); err != nil {
|
|
jsonErr(w, 500, "write error")
|
|
return
|
|
}
|
|
_ = header
|
|
|
|
// Record in blobs table.
|
|
now := time.Now().UTC().Format(time.RFC3339)
|
|
s.db.Exec("INSERT OR IGNORE INTO server_blobs (sha256, size, created_at) VALUES (?, ?, ?)",
|
|
shaHex, len(data), now)
|
|
|
|
jsonOK(w, map[string]interface{}{
|
|
"sha256": shaHex,
|
|
"size": len(data),
|
|
})
|
|
|
|
case "GET":
|
|
// Download: GET /api/v1/blobs/{sha256}
|
|
shaHex := strings.TrimPrefix(r.URL.Path, "/api/v1/blobs/")
|
|
if len(shaHex) != 64 {
|
|
jsonErr(w, 400, "invalid SHA-256")
|
|
return
|
|
}
|
|
blobPath := filepath.Join(s.blobsDir, shaHex[:2], shaHex[2:4], shaHex)
|
|
if _, err := os.Stat(blobPath); os.IsNotExist(err) {
|
|
jsonErr(w, 404, "blob not found")
|
|
return
|
|
}
|
|
data, err := os.ReadFile(blobPath)
|
|
if err != nil {
|
|
jsonErr(w, 500, "read error")
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/octet-stream")
|
|
w.Header().Set("Content-Disposition", "attachment; filename=\""+shaHex+"\"")
|
|
w.Write(data)
|
|
|
|
default:
|
|
jsonErr(w, 405, "method not allowed")
|
|
}
|
|
}
|
|
|
|
func (s *Server) handleAdminLogin(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case "GET":
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
w.Write([]byte(adminLoginHTML))
|
|
case "POST":
|
|
if err := r.ParseForm(); err != nil {
|
|
jsonErr(w, 400, "bad form")
|
|
return
|
|
}
|
|
user := r.FormValue("username")
|
|
pass := r.FormValue("password")
|
|
if !s.cfg.CheckAdmin(user, pass) {
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
w.WriteHeader(401)
|
|
w.Write([]byte("<html><body><h1>401 Unauthorized</h1><a href='/admin/login'>Try again</a></body></html>"))
|
|
return
|
|
}
|
|
tok := s.tokens.Create()
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "session", Value: tok, Path: "/admin",
|
|
HttpOnly: true, SameSite: http.SameSiteLaxMode,
|
|
MaxAge: 86400,
|
|
})
|
|
http.Redirect(w, r, "/admin/dashboard", http.StatusFound)
|
|
default:
|
|
jsonErr(w, 405, "method not allowed")
|
|
}
|
|
}
|
|
|
|
func (s *Server) handleAdminDashboard(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireAdmin(w, r) {
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
// Fetch data for dashboard.
|
|
var deviceCount, opsCount int
|
|
s.db.QueryRow("SELECT COUNT(*) FROM server_devices").Scan(&deviceCount)
|
|
s.db.QueryRow("SELECT COUNT(*) FROM server_ops").Scan(&opsCount)
|
|
|
|
html := fmt.Sprintf(`<!DOCTYPE html>
|
|
<html lang="ru">
|
|
<head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
|
|
<title>Verstak Sync — Admin</title>
|
|
<style>body{font-family:sans-serif;background:#13131f;color:#e4e4ef;padding:24px;max-width:800px;margin:0 auto}a{color:#6366f1}h1{border-bottom:1px solid #2a2a3c;padding-bottom:12px}.stat{background:#1a1a28;border:1px solid #2a2a3c;padding:12px 16px;border-radius:8px;margin:8px 0}.row{display:flex;gap:16px}</style>
|
|
</head><body>
|
|
<h1>Verstak Sync Server</h1>
|
|
<div class="row">
|
|
<div class="stat"><strong>Устройств:</strong> %d</div>
|
|
<div class="stat"><strong>Операций:</strong> %d</div>
|
|
</div>
|
|
<h2>API-ключи</h2>
|
|
<div id="keys"></div>
|
|
<script>
|
|
fetch('/admin/api/keys').then(r=>r.json()).then(keys=>{
|
|
const div=document.getElementById('keys')
|
|
if(!keys.length){div.innerHTML='<p>Нет ключей</p>';return}
|
|
div.innerHTML='<table><tr><th>Устройство</th><th>Ключ</th><th></th></tr>'+
|
|
keys.map(k=>'<tr><td>'+k.name+'</td><td><code>'+k.api_key.slice(0,16)+'…</code></td>'+
|
|
'<td><button onclick="delKey(\''+k.id+'\')">Удалить</button></td></tr>').join('')+'</table>'
|
|
})
|
|
function delKey(id){if(confirm('Удалить ключ?'))fetch('/admin/api/keys/'+id,{method:'DELETE'}).then(()=>location.reload())}
|
|
</script>
|
|
<h2>Новый ключ</h2>
|
|
<form action="/admin/api/keys" method="POST">
|
|
<input name="name" placeholder="Название устройства" required>
|
|
<button>Создать</button>
|
|
</form>
|
|
<p><a href="/api/v1/health">Health check</a></p>
|
|
</body></html>`, deviceCount, opsCount)
|
|
w.Write([]byte(html))
|
|
}
|
|
|
|
func (s *Server) handleAdminAPI(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireAdmin(w, r) {
|
|
return
|
|
}
|
|
path := strings.TrimPrefix(r.URL.Path, "/admin")
|
|
|
|
switch {
|
|
case path == "/api/keys" && r.Method == "GET":
|
|
rows, err := s.db.Query("SELECT id, name, api_key FROM server_devices ORDER BY created_at")
|
|
if err != nil {
|
|
jsonErr(w, 500, err.Error())
|
|
return
|
|
}
|
|
defer rows.Close()
|
|
var out []map[string]string
|
|
for rows.Next() {
|
|
var id, name, key string
|
|
rows.Scan(&id, &name, &key)
|
|
out = append(out, map[string]string{"id": id, "name": name, "api_key": key})
|
|
}
|
|
jsonOK(w, out)
|
|
|
|
case path == "/api/keys" && r.Method == "POST":
|
|
if err := r.ParseForm(); err != nil {
|
|
jsonErr(w, 400, "bad form")
|
|
return
|
|
}
|
|
name := r.FormValue("name")
|
|
if name == "" {
|
|
jsonErr(w, 400, "name required")
|
|
return
|
|
}
|
|
b := make([]byte, 20)
|
|
rand.Read(b)
|
|
apiKey := hex.EncodeToString(b)
|
|
now := time.Now().UTC().Format(time.RFC3339)
|
|
_, err := s.db.Exec(
|
|
"INSERT INTO server_devices (id, name, api_key, last_seen, created_at) VALUES (?, ?, ?, ?, ?)",
|
|
apiKey[:12], name, apiKey, now, now,
|
|
)
|
|
if err != nil {
|
|
jsonErr(w, 500, err.Error())
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/admin/dashboard", http.StatusFound)
|
|
|
|
case strings.HasPrefix(path, "/api/keys/") && r.Method == "DELETE":
|
|
id := strings.TrimPrefix(path, "/api/keys/")
|
|
_, err := s.db.Exec("DELETE FROM server_devices WHERE id=?", id)
|
|
if err != nil {
|
|
jsonErr(w, 500, err.Error())
|
|
return
|
|
}
|
|
jsonOK(w, map[string]string{"status": "deleted"})
|
|
|
|
default:
|
|
jsonErr(w, 404, "not found")
|
|
}
|
|
}
|
|
|
|
// ============================================================
|
|
// Embedded admin login HTML
|
|
// ============================================================
|
|
|
|
const adminLoginHTML = `<!DOCTYPE html>
|
|
<html lang="ru">
|
|
<head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
|
|
<title>Verstak Sync — Admin Login</title>
|
|
<style>body{font-family:sans-serif;background:#13131f;color:#e4e4ef;display:flex;justify-content:center;align-items:center;height:100vh;margin:0}
|
|
form{background:#1a1a28;border:1px solid #2a2a3c;border-radius:12px;padding:32px;width:320px}
|
|
h1{font-size:20px;margin:0 0 20px;text-align:center}
|
|
label{display:block;font-size:12px;color:#888;margin-bottom:4px}
|
|
input{width:100%;padding:8px 12px;border:1px solid #2a2a3c;background:#13131f;color:#e4e4ef;border-radius:6px;font-size:14px;margin-bottom:16px;box-sizing:border-box}
|
|
button{width:100%;padding:10px;background:#6366f1;color:#fff;border:none;border-radius:6px;font-size:14px;cursor:pointer}
|
|
button:hover{background:#4f46e5}</style>
|
|
</head><body>
|
|
<form method="POST">
|
|
<h1>Verstak Sync</h1>
|
|
<label>Логин</label>
|
|
<input type="text" name="username" autofocus required>
|
|
<label>Пароль</label>
|
|
<input type="password" name="password" required>
|
|
<button>Войти</button>
|
|
</form>
|
|
</body></html>`
|