admin only pages, updated sign in page, redirects

2025-02-22 11:25:52 -05:00 · 2025-02-22 11:25:52 -05:00 · ef3d6d8b7a
commit ef3d6d8b7a
parent 339d075edd
7 changed files with 108 additions and 54 deletions
--- a/lib/cms_web/components/layouts/app.html.heex
+++ b/lib/cms_web/components/layouts/app.html.heex
@ -11,7 +11,9 @@
  </section>

  <section class="flex flex-row">
-    <.link href={~p"/admin/session"} method="delete" class="hover:underline">sign out</.link>
+    <.link href={~p"/admin/session/destroy?return_to=#{@current_path}"} class="hover:underline">
+      sign out
+    </.link>
  </section>
 </div>
 <div class="flex flex-col md:flex-row mx-auto max-w-4xl">
@ -28,3 +30,9 @@
    {@inner_content}
  </main>
 </div>
+<div
+  :if={not @admin?}
+  class="fixed right-0 bottom-0 p-2 text-transparent underline hover:text-current"
+>
+  <.link href={~p"/sign-in?return_to=#{@current_path}"}>sign in</.link>
+</div>
--- a/lib/cms_web/controllers/admin_auth.ex
+++ b/lib/cms_web/controllers/admin_auth.ex
@ -5,21 +5,33 @@ defmodule CMSWeb.AdminAuth do
  import Phoenix.Controller
  import Plug.Conn

-  def log_in_admin(conn) do
+  def log_in_admin(conn, params) do
    conn
    |> renew_session()
    |> put_session(:admin?, true)
-    |> redirect(to: ~p"/")
+    |> redirect(to: params["return_to"] || ~p"/admin")
  end

-  def log_out_admin(conn) do
+  def log_out_admin(conn, params) do
    if live_socket_id = get_session(conn, :live_socket_id) do
      CMSWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
    end

    conn
    |> renew_session()
-    |> redirect(to: ~p"/")
+    |> redirect(to: params["return_to"] || ~p"/")
+  end
+
+  def mount_admin(%Plug.Conn{} = conn, _opts) do
+    assign(conn, :admin?, admin?(conn))
+  end
+
+  def require_admin(%Plug.Conn{assigns: %{admin?: true}} = conn, _opts) do
+    conn
+  end
+
+  def require_admin(conn, _opts) do
+    redirect(conn, to: ~p"/sign-in?return_to=#{conn.request_path}")
  end

  def correct_password?(password) do
@ -28,6 +40,10 @@ defmodule CMSWeb.AdminAuth do
    Argon2.verify_pass(password, password_hash)
  end

+  def on_mount(:default, _params, session, socket) do
+    {:cont, Phoenix.Component.assign(socket, :admin?, admin?(session))}
+  end
+
  ## private

  defp renew_session(conn) do
@ -37,4 +53,10 @@ defmodule CMSWeb.AdminAuth do
    |> configure_session(renew: true)
    |> clear_session()
  end
+
+  defp admin?(%Plug.Conn{} = conn) do
+    Plug.Conn.get_session(conn, :admin?, false) == true
+  end
+
+  defp admin?(%{} = session), do: Map.get(session, "admin?", false) == true
 end
--- a/lib/cms_web/controllers/admin_mode.ex
+++ b/lib/cms_web/controllers/admin_mode.ex
@ -1,18 +0,0 @@
-defmodule CMSWeb.AdminMode do
-  @moduledoc false
-  use CMSWeb, :live_view
-
-  def admin_mode(%Plug.Conn{} = conn, _opts) do
-    Plug.Conn.assign(conn, :admin?, admin?(conn))
-  end
-
-  def on_mount(:default, _params, session, socket) do
-    {:cont, assign(socket, :admin?, admin?(session))}
-  end
-
-  defp admin?(%Plug.Conn{} = conn) do
-    Plug.Conn.get_session(conn, :admin?, false) == true
-  end
-
-  defp admin?(%{} = session), do: Map.get(session, :admin?, false) == true
-end
--- a/lib/cms_web/controllers/admin_session_controller.ex
+++ b/lib/cms_web/controllers/admin_session_controller.ex
@ -3,21 +3,19 @@ defmodule CMSWeb.AdminSessionController do

  alias CMSWeb.AdminAuth

-  def create(conn, %{"password" => password}) do
+  def create(conn, %{"password" => password} = params) do
    if AdminAuth.correct_password?(password) do
-      AdminAuth.log_in_admin(conn)
+      AdminAuth.log_in_admin(conn, params)
    else
-      redirect(conn, to: ~p"/admin/sign-in")
+      redirect(conn, to: ~p"/sign-in")
    end
  end

  def create(conn, _params) do
-    redirect(conn, to: ~p"/admin/sign-in")
+    redirect(conn, to: ~p"/sign-in")
  end

-  def destroy(conn, _params) do
-    conn
-    |> AdminAuth.log_out_admin()
-    |> redirect(to: ~p"/")
+  def destroy(conn, params) do
+    AdminAuth.log_out_admin(conn, params)
  end
 end
--- a/lib/cms_web/controllers/globals.ex
+++ b/lib/cms_web/controllers/globals.ex
@ -0,0 +1,18 @@
+defmodule CMSWeb.Globals do
+  @moduledoc false
+  use CMSWeb, :live_view
+
+  def assign_globals(%Plug.Conn{} = conn, _opts) do
+    Plug.Conn.assign(conn, :current_path, conn.request_path)
+  end
+
+  def on_mount(:default, _params, _session, socket) do
+    socket =
+      attach_hook(socket, :assign_handle_params_globals, :handle_params, fn _params, uri, socket ->
+        %URI{path: current_path} = URI.parse(uri)
+        {:cont, assign(socket, :current_path, current_path)}
+      end)
+
+    {:cont, socket}
+  end
+end
--- a/lib/cms_web/live/admin_login_live.ex
+++ b/lib/cms_web/live/admin_login_live.ex
@ -3,27 +3,37 @@ defmodule CMSWeb.AdminLoginLive do
  use CMSWeb, :live_view

  @impl true
-  def mount(_params, _session, socket) do
-    socket = assign(socket, :form, to_form(%{"password" => ""}))
+  def mount(params, _session, socket) do
+    socket = assign(socket, :form, to_form(%{"password" => "", "return_to" => params["return_to"]}))

-    {:ok, socket}
+    {:ok, socket, layout: false}
  end

  @impl true
  def render(assigns) do
    ~H"""
-    <h1 class="font-bold text-lg mb-4">Sign in</h1>
-
-    <.form for={@form} action={~p"/admin/session"}>
-      <input
-        type="password"
-        placeholder="password"
-        id={@form[:password].id}
-        name={@form[:password].name}
-        value={@form[:password].value}
-        required
-      />
-    </.form>
+    <main class="flex flex-col w-screen h-screen fixed justify-center items-center">
+      <.form for={@form} action={~p"/admin/session/create"} class="flex flex-col gap-y-2">
+        <input
+          type="hidden"
+          id={@form[:return_to].id}
+          name={@form[:return_to].name}
+          value={@form[:return_to].value}
+        />
+        <input
+          type="password"
+          placeholder="password"
+          id={@form[:password].id}
+          name={@form[:password].name}
+          value={@form[:password].value}
+          required
+        />
+        <div class="flex flex-col items-end">
+          <button type="submit" class="font-bold hover:underline">sign in</button>
+          <.link href={~p"/"} class="hover:underline">cancel</.link>
+        </div>
+      </.form>
+    </main>
    """
  end
 end
--- a/lib/cms_web/router.ex
+++ b/lib/cms_web/router.ex
@ -1,9 +1,11 @@
 defmodule CMSWeb.Router do
  use CMSWeb, :router

-  import CMSWeb.AdminMode
+  import CMSWeb.AdminAuth
+  import CMSWeb.Globals

-  alias CMSWeb.AdminMode
+  alias CMSWeb.AdminAuth
+  alias CMSWeb.Globals

  pipeline :browser do
    plug :accepts, ["html"]
@ -12,23 +14,37 @@ defmodule CMSWeb.Router do
    plug :put_root_layout, html: {CMSWeb.Layouts, :root}
    plug :protect_from_forgery
    plug :put_secure_browser_headers
-    plug :admin_mode
+    plug :assign_globals
  end

-  live_session :default, on_mount: AdminMode do
+  pipeline :supports_admin_action do
+    plug :mount_admin
+  end
+
+  pipeline :requires_admin do
+    plug :mount_admin
+    plug :require_admin
+  end
+
+  live_session :default, on_mount: [AdminAuth, Globals] do
    scope "/", CMSWeb do
      pipe_through :browser
+      pipe_through :supports_admin_action

      get "/", PageController, :home
      get "/writing", PageController, :writing
      get "/microblog", PageController, :microblog

-      live "/admin", AdminLive
+      live "/sign-in", AdminLoginLive
+      post "/admin/session/create", AdminSessionController, :create
+      get "/admin/session/destroy", AdminSessionController, :destroy
+    end

-      live "/admin/sign-in", AdminLoginLive
+    scope "/admin", CMSWeb do
+      pipe_through :browser
+      pipe_through :requires_admin

-      post "/admin/session", AdminSessionController, :create
-      delete "/admin/session", AdminSessionController, :destroy
+      live "/", AdminLive
    end
  end