Compare commits

..

4 Commits

10 changed files with 352 additions and 276 deletions

View File

@ -6,6 +6,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"html" "html"
"log"
"net/http" "net/http"
"strings" "strings"
"time" "time"
@ -81,7 +82,8 @@ func (s *Server) handleAdminUsers(w http.ResponseWriter, r *http.Request) {
} }
rows, err := s.db.Query("SELECT id, username, email, confirmed, blocked, created_at FROM server_users ORDER BY created_at DESC") rows, err := s.db.Query("SELECT id, username, email, confirmed, blocked, created_at FROM server_users ORDER BY created_at DESC")
if err != nil { if err != nil {
http.Error(w, err.Error(), 500) log.Printf("admin users: query failed: %v", err)
http.Error(w, t(s.locale(), "server.internalError"), http.StatusInternalServerError)
return return
} }
defer rows.Close() defer rows.Close()
@ -127,7 +129,8 @@ func (s *Server) handleAdminDevices(w http.ResponseWriter, r *http.Request) {
rows, err := s.db.Query(`SELECT d.id, d.name, d.client_version, COALESCE(d.last_seen,''), COALESCE(d.revoked_at,''), d.created_at rows, err := s.db.Query(`SELECT d.id, d.name, d.client_version, COALESCE(d.last_seen,''), COALESCE(d.revoked_at,''), d.created_at
FROM server_devices d ORDER BY d.created_at DESC`) FROM server_devices d ORDER BY d.created_at DESC`)
if err != nil { if err != nil {
http.Error(w, err.Error(), 500) log.Printf("admin devices: query failed: %v", err)
http.Error(w, t(s.locale(), "server.internalError"), http.StatusInternalServerError)
return return
} }
defer rows.Close() defer rows.Close()
@ -214,11 +217,12 @@ func (s *Server) handleAdminSMTPTest(w http.ResponseWriter, r *http.Request) {
to = from to = from
} }
if host == "" || port == "" || from == "" { if host == "" || port == "" || from == "" {
jsonOK(w, map[string]interface{}{"ok": false, "error": "host, port and from required"}) jsonOK(w, map[string]interface{}{"ok": false, "error": t(s.locale(), "admin.smtpRequired")})
return return
} }
if err := s.smtpTest(host, port, user, pass, security, from, to); err != nil { if err := s.smtpTest(host, port, user, pass, security, from, to); err != nil {
jsonOK(w, map[string]interface{}{"ok": false, "error": err.Error()}) log.Printf("admin SMTP test failed: %v", err)
jsonOK(w, map[string]interface{}{"ok": false, "error": t(s.locale(), "admin.smtpTestFailed")})
return return
} }
jsonOK(w, map[string]interface{}{"ok": true}) jsonOK(w, map[string]interface{}{"ok": true})
@ -235,7 +239,7 @@ func (s *Server) handleAdminAPIDevices(w http.ResponseWriter, r *http.Request) {
LEFT JOIN server_users u ON u.id = d.user_id LEFT JOIN server_users u ON u.id = d.user_id
ORDER BY d.created_at DESC`) ORDER BY d.created_at DESC`)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
defer rows.Close() defer rows.Close()
@ -265,7 +269,7 @@ func (s *Server) handleAdminAPIKeys(w http.ResponseWriter, r *http.Request) {
case "GET": case "GET":
rows, err := s.db.Query("SELECT id, name, api_key FROM server_devices ORDER BY created_at") rows, err := s.db.Query("SELECT id, name, api_key FROM server_devices ORDER BY created_at")
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
defer rows.Close() defer rows.Close()
@ -313,7 +317,7 @@ func (s *Server) handleAdminAPIKeysDelete(w http.ResponseWriter, r *http.Request
id := strings.TrimPrefix(r.URL.Path, "/admin/api/keys/") id := strings.TrimPrefix(r.URL.Path, "/admin/api/keys/")
_, err := s.db.Exec("DELETE FROM server_devices WHERE id=?", id) _, err := s.db.Exec("DELETE FROM server_devices WHERE id=?", id)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
s.db.Exec("DELETE FROM server_user_devices WHERE device_id=?", id) s.db.Exec("DELETE FROM server_user_devices WHERE device_id=?", id)
@ -373,7 +377,7 @@ func (s *Server) handleAdminAPIUsers(w http.ResponseWriter, r *http.Request) {
args = append(args, perPage, offset) args = append(args, perPage, offset)
rows, err := s.db.Query(sql, args...) rows, err := s.db.Query(sql, args...)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
defer rows.Close() defer rows.Close()
@ -433,7 +437,7 @@ func (s *Server) handleAdminAPIUserActions(w http.ResponseWriter, r *http.Reques
hash, _ := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost) hash, _ := bcrypt.GenerateFromPassword([]byte(newPass), bcrypt.DefaultCost)
_, err := s.db.Exec("UPDATE server_users SET password_hash=? WHERE id=?", string(hash), id) _, err := s.db.Exec("UPDATE server_users SET password_hash=? WHERE id=?", string(hash), id)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
jsonOK(w, map[string]interface{}{"status": "ok", "new_password": newPass}) jsonOK(w, map[string]interface{}{"status": "ok", "new_password": newPass})
@ -456,7 +460,7 @@ func (s *Server) handleAdminAPIUserActions(w http.ResponseWriter, r *http.Reques
} }
_, err := s.db.Exec("UPDATE server_users SET username=?, email=? WHERE id=?", editReq.Username, strings.ToLower(editReq.Email), id) _, err := s.db.Exec("UPDATE server_users SET username=?, email=? WHERE id=?", editReq.Username, strings.ToLower(editReq.Email), id)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
jsonOK(w, map[string]interface{}{"status": "ok"}) jsonOK(w, map[string]interface{}{"status": "ok"})
@ -534,8 +538,9 @@ func (s *Server) handleAdminCreateUser(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(409) w.WriteHeader(409)
w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), "Username or email already taken", "/admin/create-user"))) w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), "Username or email already taken", "/admin/create-user")))
} else { } else {
log.Printf("admin create user: failed: %v", err)
w.WriteHeader(500) w.WriteHeader(500)
w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), err.Error(), "/admin/create-user"))) w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), t(locale, "admin.createUserFailed"), "/admin/create-user")))
} }
return return
} }
@ -587,7 +592,7 @@ func (s *Server) handleAdminAPICreateUser(w http.ResponseWriter, r *http.Request
if strings.Contains(err.Error(), "UNIQUE") { if strings.Contains(err.Error(), "UNIQUE") {
jsonErr(w, 409, "username or email already taken") jsonErr(w, 409, "username or email already taken")
} else { } else {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
} }
return return
} }

View File

@ -110,7 +110,7 @@ func (s *Server) handleClientPair(w http.ResponseWriter, r *http.Request) {
deviceID, req.DeviceName, hex.EncodeToString(apiKey), tokenHash, prefix, suffix, deviceID, req.DeviceName, hex.EncodeToString(apiKey), tokenHash, prefix, suffix,
userID, req.VaultID, req.ClientVersion, ip, now, now) userID, req.VaultID, req.ClientVersion, ip, now, now)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
s.db.Exec("INSERT OR IGNORE INTO server_user_devices (user_id, device_id) VALUES (?, ?)", userID, deviceID) s.db.Exec("INSERT OR IGNORE INTO server_user_devices (user_id, device_id) VALUES (?, ?)", userID, deviceID)
@ -335,7 +335,7 @@ func (s *Server) handleDeviceRegister(w http.ResponseWriter, r *http.Request) {
deviceID, req.Name, apiKey, userID, req.VaultID, now, now, deviceID, req.Name, apiKey, userID, req.VaultID, now, now,
) )
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
s.db.Exec("INSERT OR IGNORE INTO server_user_devices (user_id, device_id) VALUES (?, ?)", userID, deviceID) s.db.Exec("INSERT OR IGNORE INTO server_user_devices (user_id, device_id) VALUES (?, ?)", userID, deviceID)
@ -369,7 +369,7 @@ func (s *Server) handleSyncPush(w http.ResponseWriter, r *http.Request) {
} `json:"ops"` } `json:"ops"`
} }
if err := json.NewDecoder(r.Body).Decode(&req); err != nil { if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
jsonErr(w, 400, "invalid JSON: "+err.Error()) jsonErr(w, 400, "invalid JSON")
return return
} }
if req.IdempotencyKey != "" { if req.IdempotencyKey != "" {
@ -479,7 +479,7 @@ func (s *Server) handleSyncPull(w http.ResponseWriter, r *http.Request) {
WHERE user_id=? AND vault_id=? AND server_sequence > ? AND server_sequence IS NOT NULL WHERE user_id=? AND vault_id=? AND server_sequence > ? AND server_sequence IS NOT NULL
ORDER BY server_sequence`, scope.UserID, scope.VaultID, req.SinceSequence) ORDER BY server_sequence`, scope.UserID, scope.VaultID, req.SinceSequence)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
defer rows.Close() defer rows.Close()
@ -515,7 +515,7 @@ func (s *Server) handleBlobs(w http.ResponseWriter, r *http.Request) {
switch r.Method { switch r.Method {
case "POST": case "POST":
if err := r.ParseMultipartForm(200 << 20); err != nil { if err := r.ParseMultipartForm(200 << 20); err != nil {
jsonErr(w, 400, "multipart error: "+err.Error()) jsonErr(w, 400, "invalid multipart request")
return return
} }
file, header, err := r.FormFile("file") file, header, err := r.FormFile("file")

View File

@ -56,7 +56,7 @@ func (s *Server) handleRegister(w http.ResponseWriter, r *http.Request) {
jsonErr(w, 409, "username or email already taken") jsonErr(w, 409, "username or email already taken")
return return
} }
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
tok := make([]byte, 24) tok := make([]byte, 24)

View File

@ -78,8 +78,9 @@ func (s *Server) handleUserWebRegister(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(409) w.WriteHeader(409)
w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), "Username or email already taken", "/register"))) w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), "Username or email already taken", "/register")))
} else { } else {
log.Printf("register web: create user failed: %v", err)
w.WriteHeader(500) w.WriteHeader(500)
w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), err.Error(), "/register"))) w.Write([]byte(errorPageHTML(locale, t(locale, "common.error"), t(locale, "server.registrationFailed"), "/register")))
} }
return return
} }
@ -352,7 +353,7 @@ func (s *Server) handleUserDevices(w http.ResponseWriter, r *http.Request) {
WHERE ud.user_id = ? WHERE ud.user_id = ?
ORDER BY d.created_at DESC`, userID) ORDER BY d.created_at DESC`, userID)
if err != nil { if err != nil {
jsonErr(w, 500, err.Error()) jsonInternalError(w, err)
return return
} }
defer rows.Close() defer rows.Close()

View File

@ -4,6 +4,7 @@ import (
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"log"
"net/http" "net/http"
) )
@ -18,6 +19,11 @@ func jsonErr(w http.ResponseWriter, code int, msg string) {
json.NewEncoder(w).Encode(map[string]string{"error": msg}) json.NewEncoder(w).Encode(map[string]string{"error": msg})
} }
func jsonInternalError(w http.ResponseWriter, err error) {
log.Printf("request failed: %v", err)
jsonErr(w, http.StatusInternalServerError, "internal error")
}
func sha256Hex(s string) string { func sha256Hex(s string) string {
h := sha256.Sum256([]byte(s)) h := sha256.Sum256([]byte(s))
return hex.EncodeToString(h[:]) return hex.EncodeToString(h[:])

View File

@ -16,253 +16,263 @@ func t(locale, key string) string {
var _translations = map[string]map[string]string{ var _translations = map[string]map[string]string{
"ru": { "ru": {
"server.registerTitle": "Регистрация", "server.registerTitle": "Регистрация",
"server.register": "Регистрация", "server.register": "Регистрация",
"server.username": "Имя пользователя", "server.username": "Имя пользователя",
"server.email": "Email", "server.email": "Email",
"server.password": "Пароль", "server.password": "Пароль",
"server.registerBtn": "Зарегистрироваться", "server.registerBtn": "Зарегистрироваться",
"server.alreadyHaveAccount": "Уже есть аккаунт?", "server.alreadyHaveAccount": "Уже есть аккаунт?",
"server.loginBtn": "Войти", "server.loginBtn": "Войти",
"server.loginTitle": "Вход", "server.loginTitle": "Вход",
"server.usernameOrEmail": "Имя пользователя или email", "server.usernameOrEmail": "Имя пользователя или email",
"server.forgotPassword": "Забыли пароль?", "server.forgotPassword": "Забыли пароль?",
"server.adminLink": "Админ", "server.adminLink": "Админ",
"server.dashboard": "Панель управления", "server.dashboard": "Панель управления",
"server.allFieldsRequired": "Все поля обязательны", "server.allFieldsRequired": "Все поля обязательны",
"server.back": "Назад", "server.back": "Назад",
"server.emailConfirmBody": "Подтвердите регистрацию: %s", "server.emailConfirmBody": "Подтвердите регистрацию: %s",
"server.emailConfirmSubject": "Verstak — подтверждение email", "server.emailConfirmSubject": "Verstak — подтверждение email",
"server.registrationSuccess": "Регистрация успешна", "server.registrationSuccess": "Регистрация успешна",
"server.registrationEmailSent": "Письмо с ссылкой подтверждения отправлено.", "server.registrationEmailSent": "Письмо с ссылкой подтверждения отправлено.",
"server.registrationCheckEmail":"Проверьте почту и подтвердите аккаунт.", "server.registrationCheckEmail": "Проверьте почту и подтвердите аккаунт.",
"server.registrationAutoMessage":"Email не подтверждается. Токен подтверждения выведен в лог сервера.", "server.registrationAutoMessage": "Email не подтверждается. Токен подтверждения выведен в лог сервера.",
"server.resetPasswordTitle": "Сброс пароля", "server.resetPasswordTitle": "Сброс пароля",
"server.resetPassword": "Сброс пароля", "server.resetPassword": "Сброс пароля",
"server.resetInstruction": "Введите email для получения ссылки сброса.", "server.resetInstruction": "Введите email для получения ссылки сброса.",
"server.sendLink": "Отправить ссылку", "server.sendLink": "Отправить ссылку",
"server.backToLogin": "Вернуться к входу", "server.backToLogin": "Вернуться к входу",
"server.emailSentTitle": "Письмо отправлено", "server.emailSentTitle": "Письмо отправлено",
"server.emailSent": "Письмо отправлено", "server.emailSent": "Письмо отправлено",
"server.emailSentMessage": "Если аккаунт существует, ссылка для сброса пароля отправлена на почту.", "server.emailSentMessage": "Если аккаунт существует, ссылка для сброса пароля отправлена на почту.",
"server.goHome": "На главную", "server.goHome": "На главную",
"server.newPasswordTitle": "Новый пароль", "server.newPasswordTitle": "Новый пароль",
"server.newPassword": "Новый пароль", "server.newPassword": "Новый пароль",
"server.passwordConfirm": "Подтвердите пароль", "server.passwordConfirm": "Подтвердите пароль",
"server.save": "Сохранить", "server.save": "Сохранить",
"server.passwordChanged": "Пароль изменён", "server.passwordChanged": "Пароль изменён",
"server.passwordChangedMessage":"Пароль успешно изменён. Теперь можно войти.", "server.passwordChangedMessage": "Пароль успешно изменён. Теперь можно войти.",
"server.emailConfirmed": "Email подтверждён", "server.emailConfirmed": "Email подтверждён",
"server.emailConfirmedMessage": "Аккаунт активирован. Теперь можно войти.", "server.emailConfirmedMessage": "Аккаунт активирован. Теперь можно войти.",
"server.needEmail": "Введите email", "server.needEmail": "Введите email",
"server.passwordsDoNotMatch": "Пароли не совпадают", "server.passwordsDoNotMatch": "Пароли не совпадают",
"server.newPasswordResult": "Новый пароль для %s:\n", "server.newPasswordResult": "Новый пароль для %s:\n",
"server.logout": "Выйти", "server.logout": "Выйти",
"server.error": "Ошибка", "server.error": "Ошибка",
"userDashboard.devices": "Устройства", "server.internalError": "Что-то пошло не так. Повторите попытку.",
"userDashboard.device": "Устройство", "server.registrationFailed": "Не удалось зарегистрировать аккаунт. Повторите попытку.",
"userDashboard.status": "Статус", "userDashboard.devices": "Устройства",
"userDashboard.connected": "Подключено", "userDashboard.device": "Устройство",
"userDashboard.lastSeen": "Последний раз", "userDashboard.status": "Статус",
"userDashboard.version": "Версия", "userDashboard.connected": "Подключено",
"userDashboard.connectNew": "Подключить новое устройство", "userDashboard.lastSeen": "Последний раз",
"userDashboard.connectNewHint": "Установите Верстак на новом устройстве и выполните регистрацию.", "userDashboard.version": "Версия",
"userDashboard.revokeConfirm": "Отозвать устройство?", "userDashboard.connectNew": "Подключить новое устройство",
"userDashboard.revokePrompt": "Введите пароль для подтверждения:", "userDashboard.connectNewHint": "Установите Верстак на новом устройстве и выполните регистрацию.",
"userDashboard.noDevices": "Нет устройств", "userDashboard.revokeConfirm": "Отозвать устройство?",
"userDashboard.active": "Активно", "userDashboard.revokePrompt": "Введите пароль для подтверждения:",
"userDashboard.revoked": "Отозвано", "userDashboard.noDevices": "Нет устройств",
"userDashboard.revoke": "Отозвать", "userDashboard.active": "Активно",
"admin.login": "Вход администратора", "userDashboard.revoked": "Отозвано",
"admin.username": "Имя пользователя", "userDashboard.revoke": "Отозвать",
"admin.password": "Пароль", "admin.login": "Вход администратора",
"admin.loginBtn": "Войти", "admin.username": "Имя пользователя",
"admin.dashboard": "Панель управления", "admin.password": "Пароль",
"admin.deviceCount": "Устройств", "admin.loginBtn": "Войти",
"admin.opsCount": "Операций", "admin.dashboard": "Панель управления",
"admin.devices": "Устройства", "admin.deviceCount": "Устройств",
"admin.noDevices": "Нет устройств", "admin.opsCount": "Операций",
"admin.device": "Устройство", "admin.devices": "Устройства",
"admin.user": "Пользователь", "admin.noDevices": "Нет устройств",
"admin.version": "Версия", "admin.device": "Устройство",
"admin.status": "Статус", "admin.user": "Пользователь",
"admin.lastSeen": "Последний раз", "admin.version": "Версия",
"admin.active": "Активно", "admin.status": "Статус",
"admin.revoked": "Отозвано", "admin.lastSeen": "Последний раз",
"admin.revoke": "Отозвать", "admin.active": "Активно",
"admin.smtp": "SMTP", "admin.revoked": "Отозвано",
"admin.users": "Пользователи", "admin.revoke": "Отозвать",
"admin.usersHeading": "Пользователи", "admin.smtp": "SMTP",
"admin.healthCheck": "Проверка здоровья", "admin.users": "Пользователи",
"admin.smtpServer": "SMTP сервер", "admin.usersHeading": "Пользователи",
"admin.smtpPort": "SMTP порт", "admin.healthCheck": "Проверка здоровья",
"admin.smtpType": "Тип шифрования", "admin.smtpServer": "SMTP сервер",
"admin.smtpNoEncryption": "Без шифрования", "admin.smtpPort": "SMTP порт",
"admin.smtpUsername": "Имя пользователя SMTP", "admin.smtpType": "Тип шифрования",
"admin.smtpPassword": "Пароль SMTP", "admin.smtpNoEncryption": "Без шифрования",
"admin.smtpFrom": "Отправитель", "admin.smtpUsername": "Имя пользователя SMTP",
"admin.smtpServerURL": "URL сервера", "admin.smtpPassword": "Пароль SMTP",
"admin.smtpSave": "Сохранить", "admin.smtpFrom": "Отправитель",
"admin.smtpTest": "Тест", "admin.smtpServerURL": "URL сервера",
"admin.smtpTitle": "Настройки SMTP", "admin.smtpSave": "Сохранить",
"admin.smtpTesting": "Проверка...", "admin.smtpTest": "Тест",
"admin.smtpPassed": "✓ Тест пройден", "admin.smtpTitle": "Настройки SMTP",
"admin.revokeConfirm": "Вы уверены?", "admin.smtpTesting": "Проверка...",
"common.loading": "Загрузка...", "admin.smtpPassed": "✓ Тест пройден",
"common.ok": "OK", "admin.smtpRequired": "Укажите SMTP-сервер, порт и отправителя.",
"common.error": "Ошибка", "admin.smtpTestFailed": "Не удалось проверить настройки SMTP. Повторите попытку.",
"admin.filterPlaceholder": "Поиск...", "admin.revokeConfirm": "Вы уверены?",
"admin.email": "Email", "common.loading": "Загрузка...",
"admin.actions": "Действия", "common.ok": "OK",
"admin.confirmTitle": "Подтверждение", "common.error": "Ошибка",
"admin.modalCancel": "Отмена", "admin.filterPlaceholder": "Поиск...",
"admin.modalConfirm": "Подтвердить", "admin.email": "Email",
"admin.editUser": "Редактировать пользователя", "admin.actions": "Действия",
"admin.editBtn": "Сохранить", "admin.confirmTitle": "Подтверждение",
"admin.resultTitle": "Результат", "admin.modalCancel": "Отмена",
"admin.confirmed": "Подтверждён", "admin.modalConfirm": "Подтвердить",
"admin.unconfirmed": "Не подтверждён", "admin.editUser": "Редактировать пользователя",
"admin.blocked": "Заблокирован", "admin.editBtn": "Сохранить",
"admin.unblock": "Разблокировать", "admin.resultTitle": "Результат",
"admin.block": "Заблокировать", "admin.confirmed": "Подтверждён",
"admin.resetPassword": "Сбросить пароль", "admin.unconfirmed": "Не подтверждён",
"admin.noUsers": "Нет пользователей", "admin.blocked": "Заблокирован",
"admin.resetPasswordConfirm": "Сбросить пароль", "admin.unblock": "Разблокировать",
"admin.resetPasswordMessage": "Новый пароль: ", "admin.block": "Заблокировать",
"admin.resetBtn": "Сбросить", "admin.resetPassword": "Сбросить пароль",
"admin.deleteUser": "Удалить", "admin.noUsers": "Нет пользователей",
"admin.deleteUserMessage": "Удалить пользователя %s?", "admin.resetPasswordConfirm": "Сбросить пароль",
"admin.deleteBtn": "Удалить", "admin.resetPasswordMessage": "Новый пароль: ",
"admin.unblockUserTitle": "Разблокировать", "admin.resetBtn": "Сбросить",
"admin.blockUserTitle": "Заблокировать", "admin.deleteUser": "Удалить",
"admin.unblockUserMessage": "Разблокировать пользователя?", "admin.deleteUserMessage": "Удалить пользователя %s?",
"admin.blockUserMessage": "Заблокировать пользователя?", "admin.deleteBtn": "Удалить",
"admin.createUser": "Создать пользователя", "admin.unblockUserTitle": "Разблокировать",
"admin.createUserBtn": "Создать", "admin.blockUserTitle": "Заблокировать",
"admin.unblockUserMessage": "Разблокировать пользователя?",
"admin.blockUserMessage": "Заблокировать пользователя?",
"admin.createUser": "Создать пользователя",
"admin.createUserBtn": "Создать",
"admin.createUserFailed": "Не удалось создать пользователя. Повторите попытку.",
}, },
"en": { "en": {
"server.registerTitle": "Registration", "server.registerTitle": "Registration",
"server.register": "Register", "server.register": "Register",
"server.username": "Username", "server.username": "Username",
"server.email": "Email", "server.email": "Email",
"server.password": "Password", "server.password": "Password",
"server.registerBtn": "Register", "server.registerBtn": "Register",
"server.alreadyHaveAccount": "Already have an account?", "server.alreadyHaveAccount": "Already have an account?",
"server.loginBtn": "Login", "server.loginBtn": "Login",
"server.loginTitle": "Login", "server.loginTitle": "Login",
"server.usernameOrEmail": "Username or email", "server.usernameOrEmail": "Username or email",
"server.forgotPassword": "Forgot password?", "server.forgotPassword": "Forgot password?",
"server.adminLink": "Admin", "server.adminLink": "Admin",
"server.dashboard": "Dashboard", "server.dashboard": "Dashboard",
"server.allFieldsRequired": "All fields are required", "server.allFieldsRequired": "All fields are required",
"server.back": "Back", "server.back": "Back",
"server.emailConfirmBody": "Confirm registration: %s", "server.emailConfirmBody": "Confirm registration: %s",
"server.emailConfirmSubject": "Verstak — email confirmation", "server.emailConfirmSubject": "Verstak — email confirmation",
"server.registrationSuccess": "Registration successful", "server.registrationSuccess": "Registration successful",
"server.registrationEmailSent": "Confirmation link has been sent.", "server.registrationEmailSent": "Confirmation link has been sent.",
"server.registrationCheckEmail":"Check your email and confirm your account.", "server.registrationCheckEmail": "Check your email and confirm your account.",
"server.registrationAutoMessage":"Email is not confirmed. Confirmation token logged to server.", "server.registrationAutoMessage": "Email is not confirmed. Confirmation token logged to server.",
"server.resetPasswordTitle": "Reset Password", "server.resetPasswordTitle": "Reset Password",
"server.resetPassword": "Reset Password", "server.resetPassword": "Reset Password",
"server.resetInstruction": "Enter your email to receive a reset link.", "server.resetInstruction": "Enter your email to receive a reset link.",
"server.sendLink": "Send link", "server.sendLink": "Send link",
"server.backToLogin": "Back to login", "server.backToLogin": "Back to login",
"server.emailSentTitle": "Email sent", "server.emailSentTitle": "Email sent",
"server.emailSent": "Email sent", "server.emailSent": "Email sent",
"server.emailSentMessage": "If the account exists, a reset link has been sent.", "server.emailSentMessage": "If the account exists, a reset link has been sent.",
"server.goHome": "Go home", "server.goHome": "Go home",
"server.newPasswordTitle": "New Password", "server.newPasswordTitle": "New Password",
"server.newPassword": "New Password", "server.newPassword": "New Password",
"server.passwordConfirm": "Confirm Password", "server.passwordConfirm": "Confirm Password",
"server.save": "Save", "server.save": "Save",
"server.passwordChanged": "Password changed", "server.passwordChanged": "Password changed",
"server.passwordChangedMessage":"Password has been changed. You can now login.", "server.passwordChangedMessage": "Password has been changed. You can now login.",
"server.emailConfirmed": "Email confirmed", "server.emailConfirmed": "Email confirmed",
"server.emailConfirmedMessage": "Account activated. You can now login.", "server.emailConfirmedMessage": "Account activated. You can now login.",
"server.needEmail": "Enter email", "server.needEmail": "Enter email",
"server.passwordsDoNotMatch": "Passwords do not match", "server.passwordsDoNotMatch": "Passwords do not match",
"server.newPasswordResult": "New password for %s:\n", "server.newPasswordResult": "New password for %s:\n",
"server.logout": "Logout", "server.logout": "Logout",
"server.error": "Error", "server.error": "Error",
"userDashboard.devices": "Devices", "server.internalError": "Something went wrong. Please try again.",
"userDashboard.device": "Device", "server.registrationFailed": "Could not register the account. Please try again.",
"userDashboard.status": "Status", "userDashboard.devices": "Devices",
"userDashboard.connected": "Connected", "userDashboard.device": "Device",
"userDashboard.lastSeen": "Last seen", "userDashboard.status": "Status",
"userDashboard.version": "Version", "userDashboard.connected": "Connected",
"userDashboard.connectNew": "Connect new device", "userDashboard.lastSeen": "Last seen",
"userDashboard.connectNewHint": "Install Verstak on a new device and register it.", "userDashboard.version": "Version",
"userDashboard.revokeConfirm": "Revoke device?", "userDashboard.connectNew": "Connect new device",
"userDashboard.revokePrompt": "Enter password to confirm:", "userDashboard.connectNewHint": "Install Verstak on a new device and register it.",
"userDashboard.noDevices": "No devices", "userDashboard.revokeConfirm": "Revoke device?",
"userDashboard.active": "Active", "userDashboard.revokePrompt": "Enter password to confirm:",
"userDashboard.revoked": "Revoked", "userDashboard.noDevices": "No devices",
"userDashboard.revoke": "Revoke", "userDashboard.active": "Active",
"admin.login": "Admin Login", "userDashboard.revoked": "Revoked",
"admin.username": "Username", "userDashboard.revoke": "Revoke",
"admin.password": "Password", "admin.login": "Admin Login",
"admin.loginBtn": "Login", "admin.username": "Username",
"admin.dashboard": "Admin Dashboard", "admin.password": "Password",
"admin.deviceCount": "Devices", "admin.loginBtn": "Login",
"admin.opsCount": "Operations", "admin.dashboard": "Admin Dashboard",
"admin.devices": "Devices", "admin.deviceCount": "Devices",
"admin.noDevices": "No devices", "admin.opsCount": "Operations",
"admin.device": "Device", "admin.devices": "Devices",
"admin.user": "User", "admin.noDevices": "No devices",
"admin.version": "Version", "admin.device": "Device",
"admin.status": "Status", "admin.user": "User",
"admin.lastSeen": "Last seen", "admin.version": "Version",
"admin.active": "Active", "admin.status": "Status",
"admin.revoked": "Revoked", "admin.lastSeen": "Last seen",
"admin.revoke": "Revoke", "admin.active": "Active",
"admin.smtp": "SMTP", "admin.revoked": "Revoked",
"admin.users": "Users", "admin.revoke": "Revoke",
"admin.usersHeading": "Users", "admin.smtp": "SMTP",
"admin.healthCheck": "Health Check", "admin.users": "Users",
"admin.smtpServer": "SMTP Server", "admin.usersHeading": "Users",
"admin.smtpPort": "SMTP Port", "admin.healthCheck": "Health Check",
"admin.smtpType": "Encryption", "admin.smtpServer": "SMTP Server",
"admin.smtpNoEncryption": "None", "admin.smtpPort": "SMTP Port",
"admin.smtpUsername": "SMTP Username", "admin.smtpType": "Encryption",
"admin.smtpPassword": "SMTP Password", "admin.smtpNoEncryption": "None",
"admin.smtpFrom": "From", "admin.smtpUsername": "SMTP Username",
"admin.smtpServerURL": "Server URL", "admin.smtpPassword": "SMTP Password",
"admin.smtpSave": "Save", "admin.smtpFrom": "From",
"admin.smtpTest": "Test", "admin.smtpServerURL": "Server URL",
"admin.smtpTitle": "SMTP Settings", "admin.smtpSave": "Save",
"admin.smtpTesting": "Testing...", "admin.smtpTest": "Test",
"admin.smtpPassed": "✓ Test passed", "admin.smtpTitle": "SMTP Settings",
"admin.revokeConfirm": "Are you sure?", "admin.smtpTesting": "Testing...",
"common.loading": "Loading...", "admin.smtpPassed": "✓ Test passed",
"common.ok": "OK", "admin.smtpRequired": "Enter the SMTP server, port, and sender.",
"common.error": "Error", "admin.smtpTestFailed": "Could not test the SMTP settings. Please try again.",
"admin.filterPlaceholder": "Search...", "admin.revokeConfirm": "Are you sure?",
"admin.email": "Email", "common.loading": "Loading...",
"admin.actions": "Actions", "common.ok": "OK",
"admin.confirmTitle": "Confirm", "common.error": "Error",
"admin.modalCancel": "Cancel", "admin.filterPlaceholder": "Search...",
"admin.modalConfirm": "Confirm", "admin.email": "Email",
"admin.editUser": "Edit User", "admin.actions": "Actions",
"admin.editBtn": "Save", "admin.confirmTitle": "Confirm",
"admin.resultTitle": "Result", "admin.modalCancel": "Cancel",
"admin.confirmed": "Confirmed", "admin.modalConfirm": "Confirm",
"admin.unconfirmed": "Unconfirmed", "admin.editUser": "Edit User",
"admin.blocked": "Blocked", "admin.editBtn": "Save",
"admin.unblock": "Unblock", "admin.resultTitle": "Result",
"admin.block": "Block", "admin.confirmed": "Confirmed",
"admin.resetPassword": "Reset Password", "admin.unconfirmed": "Unconfirmed",
"admin.noUsers": "No users", "admin.blocked": "Blocked",
"admin.resetPasswordConfirm": "Reset Password", "admin.unblock": "Unblock",
"admin.resetPasswordMessage": "New password: ", "admin.block": "Block",
"admin.resetBtn": "Reset", "admin.resetPassword": "Reset Password",
"admin.deleteUser": "Delete", "admin.noUsers": "No users",
"admin.deleteUserMessage": "Delete user %s?", "admin.resetPasswordConfirm": "Reset Password",
"admin.deleteBtn": "Delete", "admin.resetPasswordMessage": "New password: ",
"admin.unblockUserTitle": "Unblock", "admin.resetBtn": "Reset",
"admin.blockUserTitle": "Block", "admin.deleteUser": "Delete",
"admin.unblockUserMessage": "Unblock user?", "admin.deleteUserMessage": "Delete user %s?",
"admin.blockUserMessage": "Block user?", "admin.deleteBtn": "Delete",
"admin.createUser": "Create User", "admin.unblockUserTitle": "Unblock",
"admin.createUserBtn": "Create", "admin.blockUserTitle": "Block",
"admin.unblockUserMessage": "Unblock user?",
"admin.blockUserMessage": "Block user?",
"admin.createUser": "Create User",
"admin.createUserBtn": "Create",
"admin.createUserFailed": "Could not create the user. Please try again.",
}, },
} }

View File

@ -64,6 +64,41 @@ func TestConfigSetAdmin(t *testing.T) {
} }
} }
func TestAdminDashboardSMTPSecuritySelectUsesApplicationStyles(t *testing.T) {
html := adminDashboardHTML("en", 0, 0, "", "", "", "", "starttls", "")
for _, expected := range []string{
`<select name="smtp_security" class="form-select">`,
`.form-select{`,
`appearance:none`,
`background-image:linear-gradient`,
`.form-select option{background:#13131f;color:#e4e4ef}`,
`.form-select:focus{outline:none;border-color:#6366f1`,
} {
if !strings.Contains(html, expected) {
t.Errorf("SMTP security select is missing application styling %q", expected)
}
}
}
func TestUserFacingServerErrorsDoNotExposeInternalDetails(t *testing.T) {
for _, name := range []string{"handlers_auth.go", "handlers_api.go", "handlers_admin.go", "handlers_web_user.go"} {
source, err := os.ReadFile(name)
if err != nil {
t.Fatalf("read %s: %v", name, err)
}
for _, forbidden := range []string{
"jsonErr(w, 500, err.Error())",
"http.Error(w, err.Error(), 500)",
"errorPageHTML(locale, t(locale, \"common.error\"), err.Error()",
} {
if strings.Contains(string(source), forbidden) {
t.Errorf("%s exposes an internal error with %q", name, forbidden)
}
}
}
}
func TestSyncPushPullStoresSequencedOps(t *testing.T) { func TestSyncPushPullStoresSequencedOps(t *testing.T) {
dir := t.TempDir() dir := t.TempDir()
s, err := NewServer(filepath.Join(dir, "test.db"), filepath.Join(dir, "data"), &Config{Port: 47732}) s, err := NewServer(filepath.Join(dir, "test.db"), filepath.Join(dir, "data"), &Config{Port: 47732})

View File

@ -312,6 +312,9 @@ input:focus{outline:none;border-color:#6366f1}
.form-row{display:flex;gap:8px;margin-bottom:8px;align-items:center} .form-row{display:flex;gap:8px;margin-bottom:8px;align-items:center}
.form-row label{font-size:12px;color:#888;min-width:80px;flex-shrink:0} .form-row label{font-size:12px;color:#888;min-width:80px;flex-shrink:0}
.form-row input{flex:1} .form-row input{flex:1}
.form-select{font-family:inherit;font-size:14px;padding:8px 32px 8px 12px;border:1px solid #2a2a3c;background-color:#13131f;color:#e4e4ef;border-radius:6px;flex:1;box-sizing:border-box;appearance:none;background-image:linear-gradient(45deg,transparent 50%%,#8b93aa 50%%),linear-gradient(135deg,#8b93aa 50%%,transparent 50%%);background-position:calc(100%% - 16px) 50%%,calc(100%% - 11px) 50%%;background-size:5px 5px,5px 5px;background-repeat:no-repeat}
.form-select option{background:#13131f;color:#e4e4ef}
.form-select:focus{outline:none;border-color:#6366f1;box-shadow:0 0 0 2px rgba(99,102,241,.24)}
.toolbar{display:flex;gap:8px;margin:16px 0;flex-wrap:wrap} .toolbar{display:flex;gap:8px;margin:16px 0;flex-wrap:wrap}
.modal-overlay{position:fixed;inset:0;background:rgba(0,0,0,0.6);display:flex;align-items:center;justify-content:center;z-index:100} .modal-overlay{position:fixed;inset:0;background:rgba(0,0,0,0.6);display:flex;align-items:center;justify-content:center;z-index:100}
.modal{background:#1a1a28;border:1px solid #2a2a3c;border-radius:12px;padding:24px;width:420px;max-width:90vw;position:relative;max-height:80vh;overflow-y:auto} .modal{background:#1a1a28;border:1px solid #2a2a3c;border-radius:12px;padding:24px;width:420px;max-width:90vw;position:relative;max-height:80vh;overflow-y:auto}
@ -380,7 +383,7 @@ function testSMTP(){
<form action="/admin/api/smtp" method="POST"> <form action="/admin/api/smtp" method="POST">
<div class="form-row"><label>%[18]s</label><input name="smtp_host" value="%[32]s" placeholder="smtp.example.com"></div> <div class="form-row"><label>%[18]s</label><input name="smtp_host" value="%[32]s" placeholder="smtp.example.com"></div>
<div class="form-row"><label>%[19]s</label><input name="smtp_port" value="%[33]s" placeholder="587"></div> <div class="form-row"><label>%[19]s</label><input name="smtp_port" value="%[33]s" placeholder="587"></div>
<div class="form-row"><label>%[20]s</label><select name="smtp_security" style="font-family:inherit;font-size:14px;padding:8px 12px;border:1px solid #2a2a3c;background:#13131f;color:#e4e4ef;border-radius:6px;flex:1;box-sizing:border-box"> <div class="form-row"><label>%[20]s</label><select name="smtp_security" class="form-select">
<option value="starttls"%[34]s>STARTTLS</option> <option value="starttls"%[34]s>STARTTLS</option>
<option value="tls"%[35]s>TLS</option> <option value="tls"%[35]s>TLS</option>
<option value="none"%[36]s>%[21]s</option> <option value="none"%[36]s>%[21]s</option>

View File

@ -39,15 +39,15 @@ fi
"$RELEASE_SCRIPT" "$VERSION" "$RELEASE_SCRIPT" "$VERSION"
shopt -s nullglob ARCHIVE="$RELEASE_DIR/verstak-sync-server-linux-amd64-$VERSION.tar.gz"
ASSETS=("$RELEASE_DIR"/*.tar.gz "$RELEASE_DIR"/*.tgz) if [[ ! -f "$ARCHIVE" ]]; then
echo "release archive not found: $ARCHIVE" >&2
exit 1
fi
ASSETS=("$ARCHIVE")
if [[ -f "$RELEASE_DIR/SHA256SUMS" ]]; then if [[ -f "$RELEASE_DIR/SHA256SUMS" ]]; then
ASSETS+=("$RELEASE_DIR/SHA256SUMS") ASSETS+=("$RELEASE_DIR/SHA256SUMS")
fi fi
if [[ ${#ASSETS[@]} -eq 0 ]]; then
echo "no release assets found in $RELEASE_DIR" >&2
exit 1
fi
if "$GIT_BIN" rev-parse -q --verify "refs/tags/$VERSION" >/dev/null; then if "$GIT_BIN" rev-parse -q --verify "refs/tags/$VERSION" >/dev/null; then
if [[ "$("$GIT_BIN" rev-parse "${VERSION}^{commit}")" != "$HEAD" ]]; then if [[ "$("$GIT_BIN" rev-parse "${VERSION}^{commit}")" != "$HEAD" ]]; then
@ -62,12 +62,16 @@ fi
if "$GH_BIN" release view "$VERSION" --repo "$REPOSITORY" >/dev/null 2>&1; then if "$GH_BIN" release view "$VERSION" --repo "$REPOSITORY" >/dev/null 2>&1; then
"$GH_BIN" release upload "$VERSION" "${ASSETS[@]}" --repo "$REPOSITORY" --clobber "$GH_BIN" release upload "$VERSION" "${ASSETS[@]}" --repo "$REPOSITORY" --clobber
else else
RELEASE_OPTIONS=(--generate-notes --verify-tag)
if [[ "$VERSION" == *-* ]]; then
RELEASE_OPTIONS+=(--prerelease)
else
RELEASE_OPTIONS+=(--latest)
fi
"$GH_BIN" release create "$VERSION" "${ASSETS[@]}" \ "$GH_BIN" release create "$VERSION" "${ASSETS[@]}" \
--repo "$REPOSITORY" \ --repo "$REPOSITORY" \
--title "Verstak Sync Server $VERSION" \ --title "Verstak Sync Server $VERSION" \
--generate-notes \ "${RELEASE_OPTIONS[@]}"
--latest \
--verify-tag
fi fi
echo "GitHub release:" echo "GitHub release:"

View File

@ -6,6 +6,7 @@ PUBLISHER="$ROOT/scripts/publish-github-release.sh"
VERSION="v0.0.0-test" VERSION="v0.0.0-test"
REPOSITORY="mirivlad/verstak-sync-server" REPOSITORY="mirivlad/verstak-sync-server"
ASSET_NAME="verstak-sync-server-linux-amd64-${VERSION}.tar.gz" ASSET_NAME="verstak-sync-server-linux-amd64-${VERSION}.tar.gz"
STALE_ASSET="verstak-sync-server-linux-amd64-v0.0.0-stale.tar.gz"
WORK="$(mktemp -d)" WORK="$(mktemp -d)"
trap 'rm -rf "$WORK"' EXIT trap 'rm -rf "$WORK"' EXIT
@ -27,6 +28,8 @@ printf 'checksum\n' > "$VERSTAK_RELEASE_DIR/SHA256SUMS"
SCRIPT SCRIPT
chmod +x "$WORK/release.sh" chmod +x "$WORK/release.sh"
printf 'stale archive\n' > "$WORK/release/$STALE_ASSET"
cat > "$WORK/bin/git" <<'SCRIPT' cat > "$WORK/bin/git" <<'SCRIPT'
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
@ -84,6 +87,15 @@ grep -Fqx "push:origin:refs/tags/$VERSION" "$LOG"
grep -F "release create $VERSION" "$LOG" >/dev/null grep -F "release create $VERSION" "$LOG" >/dev/null
grep -F "$ASSET_NAME" "$LOG" >/dev/null grep -F "$ASSET_NAME" "$LOG" >/dev/null
grep -F "SHA256SUMS" "$LOG" >/dev/null grep -F "SHA256SUMS" "$LOG" >/dev/null
grep -F -- "--prerelease" "$LOG" >/dev/null
if grep -F -- "--latest" "$LOG" >/dev/null; then
echo "alpha release was incorrectly marked latest" >&2
exit 1
fi
if grep -F "$STALE_ASSET" "$LOG" >/dev/null; then
echo "publisher uploaded an archive from a different release version" >&2
exit 1
fi
run_publisher run_publisher
grep -F "release upload $VERSION" "$LOG" >/dev/null grep -F "release upload $VERSION" "$LOG" >/dev/null