feat: site admin (#8)

.gitignore

@@ -17,3 +17,4 @@ yarn-error.log
 /.fleet
 /.idea
 /.vscode
+.auth0.*.json

composer.json

@@ -6,6 +6,7 @@
     "license": "MIT",
     "require": {
         "php": "^8.1",
+        "auth0/login": "^7.8",
         "guzzlehttp/guzzle": "^7.2",
         "laravel/framework": "^10.10",
         "laravel/sanctum": "^3.2",

config/auth0.php

@@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+use Auth0\Laravel\Configuration;
+use Auth0\SDK\Configuration\SdkConfiguration;
+
+return Configuration::VERSION_2 + [
+    'registerGuards' => true,
+    'registerMiddleware' => true,
+    'registerAuthenticationRoutes' => true,
+    'configurationPath' => null,
+
+    'guards' => [
+        'default' => [
+            Configuration::CONFIG_STRATEGY => Configuration::get(Configuration::CONFIG_STRATEGY, SdkConfiguration::STRATEGY_NONE),
+            Configuration::CONFIG_DOMAIN => Configuration::get(Configuration::CONFIG_DOMAIN),
+            Configuration::CONFIG_CUSTOM_DOMAIN => Configuration::get(Configuration::CONFIG_CUSTOM_DOMAIN),
+            Configuration::CONFIG_CLIENT_ID => Configuration::get(Configuration::CONFIG_CLIENT_ID),
+            Configuration::CONFIG_CLIENT_SECRET => Configuration::get(Configuration::CONFIG_CLIENT_SECRET),
+            Configuration::CONFIG_AUDIENCE => Configuration::get(Configuration::CONFIG_AUDIENCE),
+            Configuration::CONFIG_ORGANIZATION => Configuration::get(Configuration::CONFIG_ORGANIZATION),
+            Configuration::CONFIG_USE_PKCE => Configuration::get(Configuration::CONFIG_USE_PKCE),
+            Configuration::CONFIG_SCOPE => Configuration::get(Configuration::CONFIG_SCOPE),
+            Configuration::CONFIG_RESPONSE_MODE => Configuration::get(Configuration::CONFIG_RESPONSE_MODE),
+            Configuration::CONFIG_RESPONSE_TYPE => Configuration::get(Configuration::CONFIG_RESPONSE_TYPE),
+            Configuration::CONFIG_TOKEN_ALGORITHM => Configuration::get(Configuration::CONFIG_TOKEN_ALGORITHM),
+            Configuration::CONFIG_TOKEN_JWKS_URI => Configuration::get(Configuration::CONFIG_TOKEN_JWKS_URI),
+            Configuration::CONFIG_TOKEN_MAX_AGE => Configuration::get(Configuration::CONFIG_TOKEN_MAX_AGE),
+            Configuration::CONFIG_TOKEN_LEEWAY => Configuration::get(Configuration::CONFIG_TOKEN_LEEWAY),
+            Configuration::CONFIG_TOKEN_CACHE => Configuration::get(Configuration::CONFIG_TOKEN_CACHE),
+            Configuration::CONFIG_TOKEN_CACHE_TTL => Configuration::get(Configuration::CONFIG_TOKEN_CACHE_TTL),
+            Configuration::CONFIG_HTTP_MAX_RETRIES => Configuration::get(Configuration::CONFIG_HTTP_MAX_RETRIES),
+            Configuration::CONFIG_HTTP_TELEMETRY => Configuration::get(Configuration::CONFIG_HTTP_TELEMETRY),
+            Configuration::CONFIG_MANAGEMENT_TOKEN => Configuration::get(Configuration::CONFIG_MANAGEMENT_TOKEN),
+            Configuration::CONFIG_MANAGEMENT_TOKEN_CACHE => Configuration::get(Configuration::CONFIG_MANAGEMENT_TOKEN_CACHE),
+            Configuration::CONFIG_CLIENT_ASSERTION_SIGNING_KEY => Configuration::get(Configuration::CONFIG_CLIENT_ASSERTION_SIGNING_KEY),
+            Configuration::CONFIG_CLIENT_ASSERTION_SIGNING_ALGORITHM => Configuration::get(Configuration::CONFIG_CLIENT_ASSERTION_SIGNING_ALGORITHM),
+            Configuration::CONFIG_PUSHED_AUTHORIZATION_REQUEST => Configuration::get(Configuration::CONFIG_PUSHED_AUTHORIZATION_REQUEST),
+        ],
+
+        'api' => [
+            Configuration::CONFIG_STRATEGY => SdkConfiguration::STRATEGY_API,
+        ],
+
+        'web' => [
+            Configuration::CONFIG_STRATEGY => SdkConfiguration::STRATEGY_REGULAR,
+            Configuration::CONFIG_COOKIE_SECRET => Configuration::get(Configuration::CONFIG_COOKIE_SECRET, env('APP_KEY')),
+            Configuration::CONFIG_REDIRECT_URI => Configuration::get(Configuration::CONFIG_REDIRECT_URI, env('APP_URL') . '/callback'),
+            Configuration::CONFIG_SESSION_STORAGE => Configuration::get(Configuration::CONFIG_SESSION_STORAGE),
+            Configuration::CONFIG_SESSION_STORAGE_ID => Configuration::get(Configuration::CONFIG_SESSION_STORAGE_ID),
+            Configuration::CONFIG_TRANSIENT_STORAGE => Configuration::get(Configuration::CONFIG_TRANSIENT_STORAGE),
+            Configuration::CONFIG_TRANSIENT_STORAGE_ID => Configuration::get(Configuration::CONFIG_TRANSIENT_STORAGE_ID),
+        ],
+    ],
+];

public/css/master.css

@@ -350,3 +350,29 @@ table.gb_entry tr td {
 table.gb_entry {
     margin-bottom: 5px;
 }
+
+table.gb_admin {
+    margin-bottom: 5px;
+    width: 500px;
+    border: #FFFFFF solid;
+}
+
+table.gb_admin tr td {
+    border-right: none;
+    border-bottom: none;
+    vertical-align: top;
+    padding: 5px;
+}
+
+table.gb_admin tr td.gb_del {
+    border-left: none;
+    vertical-align: top;
+    padding: 5px;
+    width: 32px;
+}
+
+table.gb_admin tr td.gb_message {
+    border-top: none;
+    vertical-align: top;
+    padding: 5px;
+}

public/css/minimal.css

@@ -9,3 +9,7 @@ body {
     color: #ddd;
     background-color: #333;
 }
+
+table.gb_entry_details tr td {
+    padding-right: 5px;
+}

resources/views/errors/generic-error.blade.php

@@ -0,0 +1,9 @@
+@extends('layouts.minimal')
+@section('title', 'Error 401: Unauthorized User!')
+@section('content')
+    <h1>{{ $error }}</h1>
+    <hr/>
+    @if(isset($description))
+        <p>{{ $description }}</p>
+    @endif
+@stop

resources/views/errors/no-auth.blade.php

@@ -0,0 +1,8 @@
+@extends('layouts.minimal')
+@section('title', 'Error 401: Unauthorized User!')
+@section('content')
+    <h1>Error 401: Unauthorized User!</h1>
+    <hr/>
+    <p>Woah there! Only authorized users can access this page. Please <a href="/login">log in</a> to proceed.</p>
+    <p>Ended up here on accident? Click <a href="/">here</a> to return to the homepage</u>!</p>
+@stop

resources/views/includes/admin/header.blade.php

@@ -0,0 +1,12 @@
+    <nav>
+        <div>
+            <a href="/">public home</a> |
+            <a href="/admin">admin home</a> |
+            <a href="/admin/guestbook">guestbook</a>
+            @if (auth()->check())
+                | ({{ auth()->user()->name }}) <a href="/logout">logout</a>
+            @else
+                | <a href="/login">login</a>
+            @endif
+        </div>
+    </nav>

resources/views/includes/header.blade.php

@@ -1,12 +1,18 @@
     <nav>
         <div>
             <a href="/">home</a> |
-	    <a href="//git.diskfloppy.me/">cgit</a> |
+	        <a href="//git.diskfloppy.me/">cgit</a> |
             <a href="//wiki.diskfloppy.me/">wiki</a> |
             <a href="/projects/">projects</a> |
             <a href="/calculators/">calculators</a> |
             <a href="/computers/">computers</a> |
             <a href="/bookmarks/">bookmarks</a> |
             <a href="/guestbook/">guestbook</a>
+            @if (auth()->check())
+                | <a href="/admin/">admin</a>
+                | ({{ auth()->user()->name }}) <a href="/logout">logout</a>
+            @else
+                | <a href="/login">login</a>
+            @endif
         </div>
     </nav>

resources/views/layouts/default-admin.blade.php

@@ -0,0 +1,23 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+    @include('includes.head')
+</head>
+
+<body>
+<div class="page">
+<div class="header">
+    @include('includes.admin.header')
+</div> <!-- header -->
+
+<div id="pagebody">
+    <div id="content">
+@yield('content')
+    </div> <!-- content -->
+    <div id="footer" class="pagefooter">
+        @include('includes.footer')
+    </div> <!-- footer -->
+</div> <!-- pagebody -->
+</div> <!-- page -->
+</body>
+</html>

resources/views/pages/admin/guestbook-del-confirm.blade.php

@@ -0,0 +1,33 @@
+@extends('layouts.minimal')
+@section('title', 'Delete confirm')
+@section('content')
+    <h1>Delete Confirmation</h1>
+    <hr/>
+    <p>Are you sure you want to delete this entry?</p>
+
+    <h3>Entry Details:</h3>
+    <table class="gb_entry_details">
+        <tr>
+            <td><b>ID:</b></td>
+            <td>{{ $entry->id }}</td>
+        </tr>
+        <tr>
+            <td><b>Name:</b></td>
+            <td>{{ $entry->name }}</td>
+        </tr>
+        <tr>
+            <td><b>Date:</b></td>
+            <td>{{ gmdate("H:i:s - Y-m-d", $entry->timestamp) }}</td>
+        </tr>
+        <tr>
+            <td><b>Message:</b></td>
+            <td>{{ $entry->message }}</td>
+        </tr>
+    </table>
+
+    <form action="/admin/guestbook/delete" method="POST">
+        @csrf
+        <input type="hidden" name="id" value="{{ $entry->id }}">
+        <button type="submit">Confirm Delete</button>
+    </form>
+@stop

resources/views/pages/admin/guestbook.blade.php

@@ -0,0 +1,27 @@
+@extends('layouts.default-admin')
+@section('title', 'guestbook')
+@section('content')
+    @php
+        $entries = DB::select('SELECT id, name, timestamp, message FROM guestbook_entries ORDER BY id DESC');
+    @endphp
+    <h1>Entries <small>({{ count($entries) }} total)</small></h1>
+    @foreach ($entries as $entry)
+        <table class="gb_admin">
+            <tr>
+                <td>
+                    Name:&nbsp;{{ $entry->name }}<br/>
+                    Date:&nbsp;{{ gmdate("H:i:s - Y-m-d", $entry->timestamp) }}
+                </td>
+                <td class="gb_del">
+                    <a href="/admin/guestbook/delete?id={{ $entry->id }}">del</a>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2" class="gb_message">
+                    <br/>
+                    {{ htmlspecialchars($entry->message) }}
+                </td>
+            </tr></table>
+    @endforeach
+@stop
+

resources/views/pages/admin/index.blade.php

@@ -0,0 +1,9 @@
+@extends('layouts.default-admin')
+@section('title', 'Page Title')
+@section('description', 'Page description goes here')
+@php
+    $user = auth()->user();
+@endphp
+@section('content')
+    <p>You are logged in as {{ $user->name }} ({{ $user->email }})</p>
+@stop

routes/web.php

@@ -40,4 +40,46 @@
     ->name('guestbookPost')
     ->middleware('rate_limit');
 
+Route::get('/admin', function () {
+    if (!auth()->check()) {
+        return view('errors.no-auth');
+    }
+    return view('pages.admin.index');
+});
+
+Route::get('/admin/guestbook', function () {
+    if (!auth()->check()) {
+        return view('errors.no-auth');
+    }
+    return view('pages.admin.guestbook');
+});
+
+Route::get('/admin/guestbook/delete', function () {
+    if (!auth()->check()) {
+        return view('errors.no-auth');
+    }
+
+    $id = request()->input('id');
+    $entry = DB::table('guestbook_entries')->find($id);
+
+    if ($entry) {
+        // Render a confirmation view
+        return View::make('pages.admin.guestbook-del-confirm', compact('entry'));
+    } else {
+        return view('errors.generic-error')
+            ->with('error', "Entry not found")
+            ->with('description', "The specified entry does not exist!");
+    }
+});
+
+Route::post('/admin/guestbook/delete', function () {
+    if (!auth()->check()) {
+        return view('errors.no-auth');
+    }
+
+    $id = request()->input('id');
+    DB::table('guestbook_entries')->where('id', $id)->delete();
+
+    return back()->with('success', 'Entry deleted successfully!');
+});