Convert all but regex routes to endpoints (#59)
This commit is contained in:
@@ -45,7 +45,7 @@ let toAdminDashboard : HttpHandler = redirectToGet "admin/administration"
|
||||
module Cache =
|
||||
|
||||
// POST /admin/cache/web-log/{id}/refresh
|
||||
let refreshWebLog webLogId : HttpHandler = requireAccess Administrator >=> fun next ctx -> task {
|
||||
let refreshWebLog webLogId : HttpHandler = requireAccess Administrator >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
if webLogId = "all" then
|
||||
do! WebLogCache.fill data
|
||||
@@ -68,7 +68,7 @@ module Cache =
|
||||
}
|
||||
|
||||
// POST /admin/cache/theme/{id}/refresh
|
||||
let refreshTheme themeId : HttpHandler = requireAccess Administrator >=> fun next ctx -> task {
|
||||
let refreshTheme themeId : HttpHandler = requireAccess Administrator >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
if themeId = "all" then
|
||||
Template.Cache.empty ()
|
||||
@@ -120,7 +120,7 @@ module Category =
|
||||
}
|
||||
|
||||
// POST /admin/category/save
|
||||
let save : HttpHandler = fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
let! model = ctx.BindFormAsync<EditCategoryModel>()
|
||||
let category =
|
||||
@@ -193,7 +193,7 @@ module RedirectRules =
|
||||
}
|
||||
|
||||
// POST /admin/settings/redirect-rules/[index]
|
||||
let save idx : HttpHandler = fun next ctx -> task {
|
||||
let save idx : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<EditRedirectRuleModel>()
|
||||
let rule = model.ToRule()
|
||||
let rules =
|
||||
@@ -208,7 +208,7 @@ module RedirectRules =
|
||||
}
|
||||
|
||||
// POST /admin/settings/redirect-rules/[index]/up
|
||||
let moveUp idx : HttpHandler = fun next ctx -> task {
|
||||
let moveUp idx : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
if idx < 1 || idx >= ctx.WebLog.RedirectRules.Length then
|
||||
return! Error.notFound next ctx
|
||||
else
|
||||
@@ -219,7 +219,7 @@ module RedirectRules =
|
||||
}
|
||||
|
||||
// POST /admin/settings/redirect-rules/[index]/down
|
||||
let moveDown idx : HttpHandler = fun next ctx -> task {
|
||||
let moveDown idx : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
if idx < 0 || idx >= ctx.WebLog.RedirectRules.Length - 1 then
|
||||
return! Error.notFound next ctx
|
||||
else
|
||||
@@ -230,7 +230,7 @@ module RedirectRules =
|
||||
}
|
||||
|
||||
// DELETE /admin/settings/redirect-rules/[index]
|
||||
let delete idx : HttpHandler = fun next ctx -> task {
|
||||
let delete idx : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
if idx < 0 || idx >= ctx.WebLog.RedirectRules.Length then
|
||||
return! Error.notFound next ctx
|
||||
else
|
||||
@@ -265,7 +265,7 @@ module TagMapping =
|
||||
}
|
||||
|
||||
// POST /admin/settings/tag-mapping/save
|
||||
let save : HttpHandler = fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
let! model = ctx.BindFormAsync<EditTagMapModel>()
|
||||
let tagMap =
|
||||
@@ -280,7 +280,7 @@ module TagMapping =
|
||||
}
|
||||
|
||||
// DELETE /admin/settings/tag-mapping/{id}
|
||||
let delete tagMapId : HttpHandler = fun next ctx -> task {
|
||||
let delete tagMapId : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
match! ctx.Data.TagMap.Delete (TagMapId tagMapId) ctx.WebLog.Id with
|
||||
| true -> do! addMessage ctx { UserMessage.Success with Message = "Tag mapping deleted successfully" }
|
||||
| false -> do! addMessage ctx { UserMessage.Error with Message = "Tag mapping not found; nothing deleted" }
|
||||
@@ -383,7 +383,7 @@ module Theme =
|
||||
}
|
||||
|
||||
// POST /admin/theme/new
|
||||
let save : HttpHandler = requireAccess Administrator >=> fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess Administrator >=> validateCsrf >=> fun next ctx -> task {
|
||||
if ctx.Request.HasFormContentType && ctx.Request.Form.Files.Count > 0 then
|
||||
let themeFile = Seq.head ctx.Request.Form.Files
|
||||
match deriveIdFromFileName themeFile.FileName with
|
||||
@@ -424,7 +424,7 @@ module Theme =
|
||||
}
|
||||
|
||||
// POST /admin/theme/{id}/delete
|
||||
let delete themeId : HttpHandler = requireAccess Administrator >=> fun next ctx -> task {
|
||||
let delete themeId : HttpHandler = requireAccess Administrator >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
match themeId with
|
||||
| "admin" | "default" ->
|
||||
@@ -468,7 +468,7 @@ module WebLog =
|
||||
}
|
||||
|
||||
// POST /admin/settings
|
||||
let saveSettings : HttpHandler = fun next ctx -> task {
|
||||
let saveSettings : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
let! model = ctx.BindFormAsync<SettingsModel>()
|
||||
match! data.WebLog.FindById ctx.WebLog.Id with
|
||||
|
||||
@@ -416,7 +416,7 @@ let generate (feedType: FeedType) postCount : HttpHandler = fun next ctx -> back
|
||||
// ~~ FEED ADMINISTRATION ~~
|
||||
|
||||
// POST /admin/settings/rss
|
||||
let saveSettings : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
let saveSettings : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
let! model = ctx.BindFormAsync<EditRssModel>()
|
||||
match! data.WebLog.FindById ctx.WebLog.Id with
|
||||
@@ -457,7 +457,7 @@ let editCustomFeed feedId : HttpHandler = requireAccess WebLogAdmin >=> fun next
|
||||
| None -> Error.notFound next ctx
|
||||
|
||||
// POST /admin/settings/rss/save
|
||||
let saveCustomFeed : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
let saveCustomFeed : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
match! data.WebLog.FindById ctx.WebLog.Id with
|
||||
| Some webLog ->
|
||||
|
||||
@@ -62,7 +62,7 @@ let editPermalinks pgId : HttpHandler = requireAccess Author >=> fun next ctx ->
|
||||
}
|
||||
|
||||
// POST /admin/page/permalinks
|
||||
let savePermalinks : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let savePermalinks : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<ManagePermalinksModel>()
|
||||
let pageId = PageId model.Id
|
||||
match! ctx.Data.Page.FindById pageId ctx.WebLog.Id with
|
||||
@@ -121,7 +121,7 @@ let previewRevision (pgId, revDate) : HttpHandler = requireAccess Author >=> fun
|
||||
}
|
||||
|
||||
// POST /admin/page/{id}/revision/{revision-date}/restore
|
||||
let restoreRevision (pgId, revDate) : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let restoreRevision (pgId, revDate) : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
match! findPageRevision pgId revDate ctx with
|
||||
| Some pg, Some rev when canEdit pg.AuthorId ctx ->
|
||||
do! ctx.Data.Page.Update
|
||||
@@ -148,7 +148,7 @@ let deleteRevision (pgId, revDate) : HttpHandler = requireAccess Author >=> fun
|
||||
}
|
||||
|
||||
// POST /admin/page/save
|
||||
let save : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<EditPageModel>()
|
||||
let data = ctx.Data
|
||||
let now = Noda.now ()
|
||||
|
||||
@@ -98,7 +98,7 @@ open Giraffe
|
||||
|
||||
// GET /page/{pageNbr}[/]
|
||||
let pageOfPosts pageNbr : HttpHandler = fun next ctx -> task {
|
||||
if ctx.Request.Path.Value.EndsWith "/" then
|
||||
if pageNbr <> 1 && ctx.Request.Path.Value.EndsWith "/" then
|
||||
return! redirectTo true (ctx.WebLog.RelativeUrl(Permalink $"page/{pageNbr}")) next ctx
|
||||
else
|
||||
let count = ctx.WebLog.PostsPerPage
|
||||
@@ -310,7 +310,7 @@ let editPermalinks postId : HttpHandler = requireAccess Author >=> fun next ctx
|
||||
}
|
||||
|
||||
// POST /admin/post/permalinks
|
||||
let savePermalinks : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let savePermalinks : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<ManagePermalinksModel>()
|
||||
let postId = PostId model.Id
|
||||
match! ctx.Data.Post.FindById postId ctx.WebLog.Id with
|
||||
@@ -370,7 +370,7 @@ let previewRevision (postId, revDate) : HttpHandler = requireAccess Author >=> f
|
||||
}
|
||||
|
||||
// POST /admin/post/{id}/revision/{revision-date}/restore
|
||||
let restoreRevision (postId, revDate) : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let restoreRevision (postId, revDate) : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
match! findPostRevision postId revDate ctx with
|
||||
| Some post, Some rev when canEdit post.AuthorId ctx ->
|
||||
do! ctx.Data.Post.Update
|
||||
@@ -431,7 +431,7 @@ let editChapter (postId, index) : HttpHandler = requireAccess Author >=> fun nex
|
||||
}
|
||||
|
||||
// POST /admin/post/{id}/chapter/{idx}
|
||||
let saveChapter (postId, index) : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let saveChapter (postId, index) : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
match! data.Post.FindFullById (PostId postId) ctx.WebLog.Id with
|
||||
| Some post
|
||||
@@ -483,7 +483,7 @@ let deleteChapter (postId, index) : HttpHandler = requireAccess Author >=> fun n
|
||||
}
|
||||
|
||||
// POST /admin/post/save
|
||||
let save : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<EditPostModel>()
|
||||
let data = ctx.Data
|
||||
let tryPost =
|
||||
|
||||
@@ -20,6 +20,7 @@ module CatchAll =
|
||||
let await it = (Async.AwaitTask >> Async.RunSynchronously) it
|
||||
seq {
|
||||
// Static file
|
||||
// TODO: static file middleware may take care of this now that we're setting the path base
|
||||
debug (fun () -> $"Considering URL {textLink}")
|
||||
let staticFileName =
|
||||
[ ctx.GetWebHostEnvironment().ContentRootPath
|
||||
@@ -113,91 +114,21 @@ module Asset =
|
||||
}
|
||||
|
||||
|
||||
/// The primary myWebLog router
|
||||
let router : HttpHandler = choose [
|
||||
subRoute "/admin" (requireUser >=> choose [
|
||||
POST >=> validateCsrf >=> choose [
|
||||
subRoute "/cache" (choose [
|
||||
routef "/theme/%s/refresh" Admin.Cache.refreshTheme
|
||||
routef "/web-log/%s/refresh" Admin.Cache.refreshWebLog
|
||||
])
|
||||
subRoute "/category" (requireAccess WebLogAdmin >=> choose [
|
||||
route "/save" >=> Admin.Category.save
|
||||
routef "/%s/delete" Admin.Category.delete
|
||||
])
|
||||
route "/my-info" >=> User.saveMyInfo
|
||||
subRoute "/page" (choose [
|
||||
route "/save" >=> Page.save
|
||||
route "/permalinks" >=> Page.savePermalinks
|
||||
routef "/%s/revision/%s/restore" Page.restoreRevision
|
||||
])
|
||||
subRoute "/post" (choose [
|
||||
route "/save" >=> Post.save
|
||||
route "/permalinks" >=> Post.savePermalinks
|
||||
routef "/%s/chapter/%i" Post.saveChapter
|
||||
routef "/%s/revision/%s/restore" Post.restoreRevision
|
||||
])
|
||||
subRoute "/settings" (requireAccess WebLogAdmin >=> choose [
|
||||
route "" >=> Admin.WebLog.saveSettings
|
||||
subRoute "/rss" (choose [
|
||||
route "" >=> Feed.saveSettings
|
||||
route "/save" >=> Feed.saveCustomFeed
|
||||
])
|
||||
subRoute "/redirect-rules" (choose [
|
||||
routef "/%i" Admin.RedirectRules.save
|
||||
routef "/%i/up" Admin.RedirectRules.moveUp
|
||||
routef "/%i/down" Admin.RedirectRules.moveDown
|
||||
])
|
||||
route "/tag-mapping/save" >=> Admin.TagMapping.save
|
||||
route "/user/save" >=> User.save
|
||||
])
|
||||
subRoute "/theme" (choose [
|
||||
route "/new" >=> Admin.Theme.save
|
||||
routef "/%s/delete" Admin.Theme.delete
|
||||
])
|
||||
route "/upload/save" >=> Upload.save
|
||||
/// Router to deal with regex routes and routes served by pages, posts, and feeds
|
||||
let regexRouter: HttpHandler = choose [
|
||||
DELETE >=> routexp "/admin/upload/disk/(.*)" Upload.deleteFromDisk
|
||||
GET_HEAD >=> choose [
|
||||
routexp "/category/(.*)" Post.pageOfCategorizedPosts
|
||||
routexp "/tag/(.*)" Post.pageOfTaggedPosts
|
||||
routexp "/themes/(.*)" Asset.serve
|
||||
routexp "/upload/(.*)" Upload.serve
|
||||
CatchAll.route
|
||||
]
|
||||
DELETE >=> choose [
|
||||
routef "/category/%s" Admin.Category.delete
|
||||
subRoute "/page" (choose [
|
||||
routef "/%s" Page.delete
|
||||
routef "/%s/revision/%s" Page.deleteRevision
|
||||
routef "/%s/revisions" Page.purgeRevisions
|
||||
])
|
||||
subRoute "/post" (choose [
|
||||
routef "/%s" Post.delete
|
||||
routef "/%s/chapter/%i" Post.deleteChapter
|
||||
routef "/%s/revision/%s" Post.deleteRevision
|
||||
routef "/%s/revisions" Post.purgeRevisions
|
||||
])
|
||||
subRoute "/settings" (requireAccess WebLogAdmin >=> choose [
|
||||
routef "/redirect-rules/%i" Admin.RedirectRules.delete
|
||||
routef "/rss/%s" Feed.deleteCustomFeed
|
||||
routef "/tag-mapping/%s" Admin.TagMapping.delete
|
||||
routef "/user/%s" User.delete
|
||||
])
|
||||
subRoute "/upload" (requireAccess WebLogAdmin >=> choose [
|
||||
routexp "/disk/(.*)" Upload.deleteFromDisk
|
||||
routef "/%s" Upload.deleteFromDb
|
||||
])
|
||||
]
|
||||
])
|
||||
GET_HEAD >=> routexp "/category/(.*)" Post.pageOfCategorizedPosts
|
||||
GET_HEAD >=> routexp "/tag/(.*)" Post.pageOfTaggedPosts
|
||||
GET_HEAD >=> routexp "/themes/(.*)" Asset.serve
|
||||
GET_HEAD >=> routexp "/upload/(.*)" Upload.serve
|
||||
subRoute "/user" (choose [
|
||||
POST >=> validateCsrf >=> choose [
|
||||
route "/log-on" >=> User.doLogOn
|
||||
]
|
||||
])
|
||||
GET_HEAD >=> CatchAll.route
|
||||
//Error.notFound
|
||||
]
|
||||
|
||||
open Giraffe.EndpointRouting
|
||||
|
||||
/// Endpoint-routed handler to deal with sub-routes
|
||||
/// The primary myWebLog routes / endpoints
|
||||
let endpoints = [
|
||||
GET_HEAD [ route "/" Post.home ]
|
||||
subRoute "/admin" [
|
||||
@@ -252,13 +183,73 @@ let endpoints = [
|
||||
route "/new" Upload.showNew
|
||||
]
|
||||
]
|
||||
POST [
|
||||
subRoute "/cache" [
|
||||
routef "/theme/%s/refresh" Admin.Cache.refreshTheme
|
||||
routef "/web-log/%s/refresh" Admin.Cache.refreshWebLog
|
||||
]
|
||||
route "/category/save" Admin.Category.save
|
||||
route "/my-info" User.saveMyInfo
|
||||
subRoute "/page" [
|
||||
route "/save" Page.save
|
||||
route "/permalinks" Page.savePermalinks
|
||||
routef "/%s/revision/%s/restore" Page.restoreRevision
|
||||
]
|
||||
subRoute "/post" [
|
||||
route "/save" Post.save
|
||||
route "/permalinks" Post.savePermalinks
|
||||
routef "/%s/chapter/%i" Post.saveChapter
|
||||
routef "/%s/revision/%s/restore" Post.restoreRevision
|
||||
]
|
||||
subRoute "/settings" [
|
||||
route "" Admin.WebLog.saveSettings
|
||||
subRoute "/rss" [
|
||||
route "" Feed.saveSettings
|
||||
route "/save" Feed.saveCustomFeed
|
||||
]
|
||||
subRoute "/redirect-rules" [
|
||||
routef "/%i" Admin.RedirectRules.save
|
||||
routef "/%i/up" Admin.RedirectRules.moveUp
|
||||
routef "/%i/down" Admin.RedirectRules.moveDown
|
||||
]
|
||||
route "/tag-mapping/save" Admin.TagMapping.save
|
||||
route "/user/save" User.save
|
||||
]
|
||||
subRoute "/theme" [
|
||||
route "/new" Admin.Theme.save
|
||||
routef "/%s/delete" Admin.Theme.delete
|
||||
]
|
||||
route "/upload/save" Upload.save
|
||||
]
|
||||
DELETE [
|
||||
routef "/category/%s" Admin.Category.delete
|
||||
subRoute "/page" [
|
||||
routef "/%s" Page.delete
|
||||
routef "/%s/revision/%s" Page.deleteRevision
|
||||
routef "/%s/revisions" Page.purgeRevisions
|
||||
]
|
||||
subRoute "/post" [
|
||||
routef "/%s" Post.delete
|
||||
routef "/%s/chapter/%i" Post.deleteChapter
|
||||
routef "/%s/revision/%s" Post.deleteRevision
|
||||
routef "/%s/revisions" Post.purgeRevisions
|
||||
]
|
||||
subRoute "/settings" [
|
||||
routef "/redirect-rules/%i" Admin.RedirectRules.delete
|
||||
routef "/rss/%s" Feed.deleteCustomFeed
|
||||
routef "/tag-mapping/%s" Admin.TagMapping.delete
|
||||
routef "/user/%s" User.delete
|
||||
]
|
||||
routef "/upload/%s" Upload.deleteFromDb
|
||||
]
|
||||
]
|
||||
subRoute "/user" [
|
||||
GET_HEAD [ route "/log-on" (User.logOn None) ]
|
||||
POST [
|
||||
route "/log-off" User.logOff
|
||||
route "/log-on" User.doLogOn
|
||||
]
|
||||
]
|
||||
GET_HEAD [ routef "/page/%i" Post.pageOfPosts ]
|
||||
route "{**url}" router
|
||||
route "{**url}" regexRouter
|
||||
]
|
||||
|
||||
@@ -128,7 +128,7 @@ let showNew : HttpHandler = requireAccess Author >=> fun next ctx ->
|
||||
adminPage "Upload a File" next ctx Views.WebLog.uploadNew
|
||||
|
||||
// POST /admin/upload/save
|
||||
let save : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
if ctx.Request.HasFormContentType && ctx.Request.Form.Files.Count > 0 then
|
||||
let upload = Seq.head ctx.Request.Form.Files
|
||||
let fileName = String.Concat (makeSlug (Path.GetFileNameWithoutExtension upload.FileName),
|
||||
@@ -163,7 +163,7 @@ let save : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
}
|
||||
|
||||
// DELETE /admin/upload/{id}
|
||||
let deleteFromDb upId : HttpHandler = fun next ctx -> task {
|
||||
let deleteFromDb upId : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
match! ctx.Data.Upload.Delete (UploadId upId) ctx.WebLog.Id with
|
||||
| Ok fileName ->
|
||||
do! addMessage ctx { UserMessage.Success with Message = $"{fileName} deleted successfully" }
|
||||
@@ -183,7 +183,7 @@ let removeEmptyDirectories (webLog: WebLog) (filePath: string) =
|
||||
else finished <- true
|
||||
|
||||
// DELETE /admin/upload/disk/{**path}
|
||||
let deleteFromDisk urlParts : HttpHandler = fun next ctx -> task {
|
||||
let deleteFromDisk urlParts : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
let filePath = urlParts |> Seq.skip 1 |> Seq.head
|
||||
let path = Path.Combine(uploadDir, ctx.WebLog.Slug, filePath)
|
||||
if File.Exists path then
|
||||
|
||||
@@ -43,7 +43,7 @@ open Microsoft.AspNetCore.Authentication
|
||||
open Microsoft.AspNetCore.Authentication.Cookies
|
||||
|
||||
// POST /user/log-on
|
||||
let doLogOn : HttpHandler = fun next ctx -> task {
|
||||
let doLogOn : HttpHandler = validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<LogOnModel>()
|
||||
let data = ctx.Data
|
||||
let! tryUser = data.WebLogUser.FindByEmail (model.EmailAddress.ToLowerInvariant()) ctx.WebLog.Id
|
||||
@@ -111,7 +111,7 @@ let edit usrId : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> tas
|
||||
}
|
||||
|
||||
// DELETE /admin/settings/user/{id}
|
||||
let delete userId : HttpHandler = fun next ctx -> task {
|
||||
let delete userId : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
let data = ctx.Data
|
||||
match! data.WebLogUser.FindById (WebLogUserId userId) ctx.WebLog.Id with
|
||||
| Some user ->
|
||||
@@ -144,7 +144,7 @@ let myInfo : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
}
|
||||
|
||||
// POST /admin/my-info
|
||||
let saveMyInfo : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
let saveMyInfo : HttpHandler = requireAccess Author >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<EditMyInfoModel>()
|
||||
let data = ctx.Data
|
||||
match! data.WebLogUser.FindById ctx.UserId ctx.WebLog.Id with
|
||||
@@ -172,7 +172,7 @@ let saveMyInfo : HttpHandler = requireAccess Author >=> fun next ctx -> task {
|
||||
#nowarn "3511"
|
||||
|
||||
// POST /admin/settings/user/save
|
||||
let save : HttpHandler = requireAccess WebLogAdmin >=> fun next ctx -> task {
|
||||
let save : HttpHandler = requireAccess WebLogAdmin >=> validateCsrf >=> fun next ctx -> task {
|
||||
let! model = ctx.BindFormAsync<EditUserModel>()
|
||||
let data = ctx.Data
|
||||
let tryUser =
|
||||
|
||||
@@ -235,15 +235,16 @@ let main args =
|
||||
let _ = app.UseForwardedHeaders()
|
||||
|
||||
(app.Services.GetRequiredService<IConfiguration>().GetSection "CanonicalDomains").Value
|
||||
|> (isNull >> not)
|
||||
|> isNotNull
|
||||
|> function true -> app.UseCanonicalDomains() |> ignore | false -> ()
|
||||
|
||||
let _ = app.UseCookiePolicy(CookiePolicyOptions (MinimumSameSitePolicy = SameSiteMode.Strict))
|
||||
let _ = app.UseMiddleware<WebLogMiddleware>()
|
||||
let _ = app.UseMiddleware<RedirectRuleMiddleware>()
|
||||
let _ = app.UseAuthentication()
|
||||
let _ = app.UseStaticFiles()
|
||||
let _ = app.UseRouting()
|
||||
let _ = app.UseStaticFiles()
|
||||
//let _ = app.MapStaticAssets()
|
||||
let _ = app.UseSession()
|
||||
let _ = app.UseGiraffe Handlers.Routes.endpoints
|
||||
|
||||
|
||||
Reference in New Issue
Block a user