diff --git a/Cargo.lock b/Cargo.lock index 4aed81e..a459ecd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2271,6 +2271,7 @@ dependencies = [ "sqlx", "tera", "ureq", + "urlencoding", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 39208c5..d75e236 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,6 +28,7 @@ itertools = "0.13" job_scheduler_ng = "2.0" ureq = { version = "2.9", features = ["json"] } regex = "1.10" +urlencoding = "2.1" [target.'cfg(not(windows))'.dependencies] openssl = { version = "0.10", features = [ "vendored" ] } diff --git a/Rocket.toml b/Rocket.toml index b9d5057..4b4856e 100644 --- a/Rocket.toml +++ b/Rocket.toml @@ -5,3 +5,4 @@ limits = { file = "10 MiB", data-form = "10 MiB"} smtp_pw = "8kIjlLH79Ky6D3jQ" usage_log_path = "./usage.txt" openweathermap_key = "c8dab8f91b5b815d76e9879cbaecd8d5" +wordpress_key = "pw-to-allow-sending-notifications" diff --git a/notes.md b/notes.md deleted file mode 100644 index 74ce2fe..0000000 --- a/notes.md +++ /dev/null @@ -1,73 +0,0 @@ -# Wordpress auth - -Add the following code to `wp-content/themes/bravada/functions.php`: - -``` -function rot_auth( $user, $username, $password ){ - // Make sure a username and password are present for us to work with - if($username == '' || $password == '') return; - - $ch = curl_init(); - - curl_setopt($ch, CURLOPT_URL, 'https://app.rudernlinz.at/wikiauth'); - curl_setopt($ch, CURLOPT_POST, 1); - curl_setopt($ch, CURLOPT_POSTFIELDS, "name=$username&password=$password"); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - - // Execute the cURL session and get the response - $response = curl_exec($ch); - - // Check for cURL errors - if(curl_errno($ch)){ - $user = new WP_Error( 'denied', __('Curl error: ' . curl_error($ch)) ); - } - - // Close the cURL session - curl_close($ch); - - - if (strpos($response, 'SUCC') !== false) { - $user = get_user_by('login', $username); - - if (!$user) { - // User does not exist, create a new one - $userdata = array( - 'user_email' => $username, - 'user_login' => $username, - 'first_name' => $username, - 'last_name' => '' - ); - $new_user_id = wp_insert_user($userdata); - - if (!is_wp_error($new_user_id)) { - // Load the new user info - $user = new WP_User($new_user_id); - - // Set role based on username - if ($username == 'Philipp Hofer' || $username == 'Marie Birner') { - $user->set_role('administrator'); - } else { - $user->set_role('editor'); - } - } else { - // Handle error in user creation - return $new_user_id; - } - } else { - } - - } else { - $user = new WP_Error( 'denied', __("Falscher Benutzername/Passwort. Verwendest du deine Accountdaten vom Ruderassistenten?") ); - } - - - - return $user; -} - -// Comment this line if you wish to fall back on WordPress authentication -// Useful for times when the external service is offline -remove_action('authenticate', 'wp_authenticate_username_password', 20); - -add_filter( 'authenticate', 'rot_auth', 10, 3 ); -``` diff --git a/src/model/notification.rs b/src/model/notification.rs index 8919cb9..0dcf45a 100644 --- a/src/model/notification.rs +++ b/src/model/notification.rs @@ -179,6 +179,13 @@ ORDER BY read_at DESC, created_at DESC; .await .unwrap(); } + + pub(crate) async fn delete_by_link(db: &sqlx::Pool, link: &str) { + sqlx::query!("DELETE FROM notification WHERE link=?", link) + .execute(db) + .await + .unwrap(); + } } #[cfg(test)] diff --git a/src/tera/mod.rs b/src/tera/mod.rs index 27e88dc..9094c40 100644 --- a/src/tera/mod.rs +++ b/src/tera/mod.rs @@ -118,6 +118,56 @@ fn unauthorized_error(req: &Request) -> Redirect { Redirect::to("/auth") } +#[derive(FromForm, Debug)] +struct NewBlogpostForm<'r> { + article_url: &'r str, + article_title: &'r str, + pw: &'r str, +} + +#[post("/", data = "")] +async fn new_blogpost( + db: &State, + blogpost: Form>, + config: &State, +) -> String { + if blogpost.pw == &config.wordpress_key { + let member = Role::find_by_name(&db, "Donau Linz").await.unwrap(); + Notification::create_for_role( + db, + &member, + &urlencoding::decode(blogpost.article_title).expect("UTF-8"), + &format!("Neuer Blogpost"), + Some(blogpost.article_url), + None, + ) + .await; + "ACK".into() + } else { + "WRONG pw".into() + } +} + +#[derive(FromForm, Debug)] +struct BlogpostUnpublishedForm<'r> { + article_url: &'r str, + pw: &'r str, +} + +#[post("/", data = "")] +async fn blogpost_unpublished( + db: &State, + blogpost: Form>, + config: &State, +) -> String { + if blogpost.pw == &config.wordpress_key { + Notification::delete_by_link(&db, blogpost.article_url).await; + "ACK".into() + } else { + "WRONG pw".into() + } +} + #[catch(403)] //forbidden fn forbidden_error() -> Flash { Flash::error(Redirect::to("/"), "Keine Berechtigung für diese Aktion. Wenn du der Meinung bist, dass du das machen darfst, melde dich bitte bei it@rudernlinz.at.") @@ -187,6 +237,7 @@ pub struct Config { smtp_pw: String, usage_log_path: String, pub openweathermap_key: String, + wordpress_key: String, } pub fn config(rocket: Rocket) -> Rocket { @@ -194,6 +245,8 @@ pub fn config(rocket: Rocket) -> Rocket { .mount("/", routes![index, steering, impressum]) .mount("/auth", auth::routes()) .mount("/wikiauth", routes![wikiauth]) + .mount("/new-blogpost", routes![new_blogpost]) + .mount("/blogpost-unpublished", routes![blogpost_unpublished]) .mount("/log", log::routes()) .mount("/planned", planned::routes()) .mount("/ergo", ergo::routes()) diff --git a/templates/index.html.tera b/templates/index.html.tera index cca630f..a275d0f 100644 --- a/templates/index.html.tera +++ b/templates/index.html.tera @@ -33,6 +33,13 @@
{{ notification.message | safe }}
{% endif %} {% endfor %} diff --git a/wordpress-notes.md b/wordpress-notes.md new file mode 100644 index 0000000..fc13429 --- /dev/null +++ b/wordpress-notes.md @@ -0,0 +1,156 @@ +# Wordpress auth + +Add the following code to `wp-content/themes/bravada/functions.php`: + +``` +function rot_auth( $user, $username, $password ){ + // Make sure a username and password are present for us to work with + if($username == '' || $password == '') return; + + $ch = curl_init(); + + curl_setopt($ch, CURLOPT_URL, 'https://app.rudernlinz.at/wikiauth'); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, "name=$username&password=$password"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + + // Execute the cURL session and get the response + $response = curl_exec($ch); + + // Check for cURL errors + if(curl_errno($ch)){ + $user = new WP_Error( 'denied', __('Curl error: ' . curl_error($ch)) ); + } + + // Close the cURL session + curl_close($ch); + + + if (strpos($response, 'SUCC') !== false) { + $user = get_user_by('login', $username); + + if (!$user) { + // User does not exist, create a new one + $userdata = array( + 'user_email' => $username, + 'user_login' => $username, + 'first_name' => $username, + 'last_name' => '' + ); + $new_user_id = wp_insert_user($userdata); + + if (!is_wp_error($new_user_id)) { + // Load the new user info + $user = new WP_User($new_user_id); + + // Set role based on username + if ($username == 'Philipp Hofer' || $username == 'Marie Birner') { + $user->set_role('administrator'); + } else { + $user->set_role('editor'); + } + } else { + // Handle error in user creation + return $new_user_id; + } + } else { + } + + } else { + $user = new WP_Error( 'denied', __("Falscher Benutzername/Passwort. Verwendest du deine Accountdaten vom Ruderassistenten?") ); + } + + + + return $user; +} + +// Comment this line if you wish to fall back on WordPress authentication +// Useful for times when the external service is offline +remove_action('authenticate', 'wp_authenticate_username_password', 20); + +add_filter( 'authenticate', 'rot_auth', 10, 3 ); +``` + + +# Wordpress notify rowt on newly published article + +Add the following code to `wp-content/themes/bravada/functions.php`: + +``` +function send_article_url_on_publish($new_status, $old_status, $post) { + // Check if the post is transitioning to 'publish' status + if ($new_status == 'publish' && $old_status != 'publish' && $post->post_type == 'post') { + // Get the URL of the newly published article + $article_url = get_permalink($post->ID); + $article_title = get_the_title($post->ID); + + // URL to send the POST request to + $api_url = 'https://app.rudernlinz.at/new-blogpost'; + + // Prepare the data for the POST request + $body = array( + 'article_url' => $article_url, + 'article_title' => $article_title, + 'pw' => "wordpress_key" + ); + + // Prepare the arguments for wp_remote_post + $args = array( + 'body' => $body, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => array(), + 'cookies' => array() + ); + + // Send the POST request + $response = wp_remote_post($api_url, $args); + + // Optional: Check if the request was successful + if (is_wp_error($response)) { + error_log('Failed to send POST request: ' . $response->get_error_message()); + } else { + error_log('POST request sent successfully with article URL: ' . $article_url); + } + } + if ($new_status != 'publish' && $old_status == 'publish' && $post->post_type == 'post') { + $article_url = get_permalink($post->ID); + // URL to send the POST request to + $api_url = 'https://app.rudernlinz.at/blogpost-unpublished'; + + // Prepare the data for the POST request + $body = array( + 'article_url' => $article_url, + 'pw' => "wordpress_key" + ); + + // Prepare the arguments for wp_remote_post + $args = array( + 'body' => $body, + 'timeout' => '5', + 'redirection' => '5', + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => array(), + 'cookies' => array() + ); + + // Send the POST request + $response = wp_remote_post($api_url, $args); + + // Optional: Check if the request was successful + if (is_wp_error($response)) { + error_log('Failed to send POST request: ' . $response->get_error_message()); + } else { + error_log('POST request sent successfully with article URL: ' . $article_url); + } + + } +} + +// Hook the function to the 'transition_post_status' action +add_action('transition_post_status', 'send_article_url_on_publish', 10, 3); +```