dd3ec070f7
### Security-Fixes (K1–K6, W1–W4, W7, N1, N5–N6, V1, V5–V7)
- K1: CSRF-Schutz via Double-Submit-Cookie (httpapi/csrf.go + csrf_helpers.go)
- K2: requireScreenAccess() in allen manage-Handlern (Tenant-Isolation)
- K3: Tenant-Check bei DELETE /api/v1/media/{id}
- K4: requirePlaylistAccess() + GetByItemID() für JSON-API Playlist-Routen
- K5: Admin-Passwort nur noch als [gesetzt] geloggt
- K6: POST /api/v1/screens/register mit Pre-Shared-Secret (MORZ_INFOBOARD_REGISTER_SECRET)
- W1: Race Condition bei order_index behoben (atomare Subquery in AddItem)
- W2: Graceful Shutdown mit 15s Timeout auf SIGTERM/SIGINT
- W3: http.MaxBytesReader (512 MB) in allen Upload-Handlern
- W4: err.Error() nicht mehr an den Client
- W7: Template-Execution via bytes.Buffer (kein partial write bei Fehler)
- N1: Rate-Limiting auf /login (5 Versuche/Minute pro IP, httpapi/ratelimit.go)
- N5: Directory-Listing auf /uploads/ deaktiviert (neuteredFileSystem)
- N6: Uploads nach Tenant getrennt (uploads/{tenantSlug}/)
- V1: Upload-Logik konsolidiert in internal/fileutil/fileutil.go
- V5: Cookie-Name als Konstante reqcontext.SessionCookieName
- V6: Strukturiertes Logging mit log/slog + JSON-Handler
- V7: DB-Pool wird im Graceful-Shutdown geschlossen
### Phase 6: Screenshot-Erzeugung
- player/agent/internal/screenshot/screenshot.go erstellt
- Integration in app.go mit MORZ_INFOBOARD_SCREENSHOT_EVERY Config
### UX: PDF.js Integration
- pdf.min.js + pdf.worker.min.js als lokale Assets eingebettet
- Automatisches Seitendurchblättern im Player
### Ansible: Neue Rollen
- signage_base, signage_server, signage_provision erstellt
- inventory.yml und site.yml erweitert
### Konzept-Docs
- GRUPPEN-KONZEPT.md, KAMPAGNEN-AKTIVIERUNG.md, MONITORING-KONZEPT.md
- PROVISION-KONZEPT.md, TEMPLATE-EDITOR.md, WATCHDOG-KONZEPT.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
255 lines
6.8 KiB
Go
255 lines
6.8 KiB
Go
// Package tenant implements the tenant self-service dashboard UI.
|
|
package tenant
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"html/template"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/fileutil"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/store"
|
|
)
|
|
|
|
var tmplFuncs = template.FuncMap{
|
|
"typeIcon": func(t string) string {
|
|
switch t {
|
|
case "image":
|
|
return "🖼"
|
|
case "video":
|
|
return "🎬"
|
|
case "pdf":
|
|
return "📄"
|
|
case "web":
|
|
return "🌐"
|
|
default:
|
|
return "📁"
|
|
}
|
|
},
|
|
"humanSize": func(b int64) string {
|
|
switch {
|
|
case b >= 1<<20:
|
|
return fmt.Sprintf("%.1f MB", float64(b)/float64(1<<20))
|
|
case b >= 1<<10:
|
|
return fmt.Sprintf("%.0f KB", float64(b)/float64(1<<10))
|
|
default:
|
|
return fmt.Sprintf("%d B", b)
|
|
}
|
|
},
|
|
}
|
|
|
|
const maxUploadSize = 512 << 20 // 512 MB
|
|
|
|
// HandleTenantDashboard renders the tenant self-service dashboard.
|
|
func HandleTenantDashboard(
|
|
tenantStore *store.TenantStore,
|
|
screenStore *store.ScreenStore,
|
|
mediaStore *store.MediaStore,
|
|
) http.HandlerFunc {
|
|
t := template.Must(template.New("tenant-dash").Funcs(tmplFuncs).Parse(tenantDashTmpl))
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
tenantSlug := r.PathValue("tenantSlug")
|
|
|
|
tenant, err := tenantStore.Get(r.Context(), tenantSlug)
|
|
if err != nil {
|
|
http.Error(w, "Tenant nicht gefunden: "+tenantSlug, http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
screens, err := screenStore.List(r.Context(), tenant.ID)
|
|
if err != nil {
|
|
http.Error(w, "db error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
assets, err := mediaStore.List(r.Context(), tenant.ID)
|
|
if err != nil {
|
|
http.Error(w, "db error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Flash message: prefer ?flash= (from tenant upload redirect),
|
|
// also accept legacy ?msg= used by manage handlers.
|
|
flash := ""
|
|
if f := r.URL.Query().Get("flash"); f != "" {
|
|
switch f {
|
|
case "uploaded":
|
|
flash = "Medium erfolgreich hochgeladen."
|
|
case "deleted":
|
|
flash = "Medium erfolgreich gelöscht."
|
|
default:
|
|
flash = f
|
|
}
|
|
} else if m := r.URL.Query().Get("msg"); m != "" {
|
|
switch m {
|
|
case "uploaded":
|
|
flash = "Medium erfolgreich hochgeladen."
|
|
case "deleted":
|
|
flash = "Medium erfolgreich gelöscht."
|
|
default:
|
|
flash = m
|
|
}
|
|
}
|
|
|
|
// W7: Template in Buffer rendern, erst bei Erfolg an Client senden.
|
|
var buf bytes.Buffer
|
|
if err := t.Execute(&buf, map[string]any{
|
|
"Tenant": tenant,
|
|
"Screens": screens,
|
|
"Assets": assets,
|
|
"Flash": flash,
|
|
}); err != nil {
|
|
http.Error(w, "Interner Fehler (Template)", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
buf.WriteTo(w) //nolint:errcheck
|
|
}
|
|
}
|
|
|
|
// HandleTenantUpload handles multipart file uploads and web-URL registrations
|
|
// from the tenant dashboard, then redirects back.
|
|
func HandleTenantUpload(
|
|
tenantStore *store.TenantStore,
|
|
mediaStore *store.MediaStore,
|
|
uploadDir string,
|
|
) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
tenantSlug := r.PathValue("tenantSlug")
|
|
|
|
tenant, err := tenantStore.Get(r.Context(), tenantSlug)
|
|
if err != nil {
|
|
http.Error(w, "Tenant nicht gefunden: "+tenantSlug, http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
// W3: MaxBytesReader begrenzt Uploads auf maxUploadSize bevor ParseMultipartForm.
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxUploadSize)
|
|
|
|
if err := r.ParseMultipartForm(maxUploadSize); err != nil {
|
|
http.Error(w, "Upload zu groß oder ungültig", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
assetType := strings.TrimSpace(r.FormValue("type"))
|
|
title := strings.TrimSpace(r.FormValue("title"))
|
|
|
|
switch assetType {
|
|
case "web":
|
|
url := strings.TrimSpace(r.FormValue("url"))
|
|
if url == "" {
|
|
http.Error(w, "URL erforderlich", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if title == "" {
|
|
title = url
|
|
}
|
|
_, err = mediaStore.Create(r.Context(), tenant.ID, title, "web", "", url, "", 0)
|
|
|
|
case "image", "video", "pdf":
|
|
file, header, ferr := r.FormFile("file")
|
|
if ferr != nil {
|
|
http.Error(w, "Datei erforderlich", http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
if title == "" {
|
|
title = strings.TrimSuffix(header.Filename, filepath.Ext(header.Filename))
|
|
}
|
|
mimeType := header.Header.Get("Content-Type")
|
|
// Derive asset type from MIME if more specific.
|
|
if detected := mimeToAssetType(mimeType); detected != "" {
|
|
assetType = detected
|
|
}
|
|
// V1+N6: tenant-spezifisches Upload-Verzeichnis.
|
|
storagePath, size, cerr := fileutil.SaveUploadedFile(file, header.Filename, title, uploadDir, tenantSlug)
|
|
if cerr != nil {
|
|
http.Error(w, "Speicherfehler", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
_, err = mediaStore.Create(r.Context(), tenant.ID, title, assetType, storagePath, "", mimeType, size)
|
|
|
|
default:
|
|
http.Error(w, "Unbekannter Typ", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err != nil {
|
|
http.Error(w, "Interner Fehler", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/tenant/"+tenantSlug+"/dashboard?tab=media&flash=uploaded", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
// HandleTenantDeleteMedia deletes a media asset owned by the tenant.
|
|
func HandleTenantDeleteMedia(
|
|
tenantStore *store.TenantStore,
|
|
mediaStore *store.MediaStore,
|
|
uploadDir string,
|
|
) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
tenantSlug := r.PathValue("tenantSlug")
|
|
mediaID := r.PathValue("mediaId")
|
|
|
|
// Verify tenant exists.
|
|
tenant, err := tenantStore.Get(r.Context(), tenantSlug)
|
|
if err != nil {
|
|
http.Error(w, "Tenant nicht gefunden", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
asset, err := mediaStore.Get(r.Context(), mediaID)
|
|
if err != nil {
|
|
http.Error(w, "Medium nicht gefunden", http.StatusNotFound)
|
|
return
|
|
}
|
|
// Ownership check.
|
|
if asset.TenantID != tenant.ID {
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
if asset.StoragePath != "" {
|
|
os.Remove(filepath.Join(uploadDir, filepath.Base(asset.StoragePath))) //nolint:errcheck
|
|
}
|
|
mediaStore.Delete(r.Context(), mediaID) //nolint:errcheck
|
|
|
|
http.Redirect(w, r, "/tenant/"+tenantSlug+"/dashboard?tab=media&flash=deleted", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
// mimeToAssetType derives the asset type from a MIME type string.
|
|
func mimeToAssetType(mime string) string {
|
|
mime = strings.ToLower(strings.TrimSpace(mime))
|
|
switch {
|
|
case strings.HasPrefix(mime, "image/"):
|
|
return "image"
|
|
case strings.HasPrefix(mime, "video/"):
|
|
return "video"
|
|
case mime == "application/pdf":
|
|
return "pdf"
|
|
default:
|
|
return ""
|
|
}
|
|
}
|
|
|
|
// sanitize converts a string to a safe filename component.
|
|
func sanitize(s string) string {
|
|
var b strings.Builder
|
|
for _, r := range s {
|
|
if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '-' || r == '_' {
|
|
b.WriteRune(r)
|
|
} else {
|
|
b.WriteRune('_')
|
|
}
|
|
}
|
|
out := b.String()
|
|
if len(out) > 40 {
|
|
out = out[:40]
|
|
}
|
|
return out
|
|
}
|