Add site passwordsHEAD master

author: Leonardo Bishop <me@leonardobishop.net> 2026-03-19 17:14:20 +0000
committer: Leonardo Bishop <me@leonardobishop.net> 2026-03-19 17:14:20 +0000
commit: 66bd5d2f7fd84eec39d69f4a8f5c435fc978804f (patch)
tree: 20bfd8637cce28750b4a66bdd9aa47cb9831308b /web
parent: 60cd7875c2c9ee595012078a3ba8f13b71c73dc9 (diff)
7 files changed, 117 insertions, 6 deletions
diff --git a/web/command/handler/authenticate.go b/web/command/handler/authenticate.go
index 1c7d312..a463e7f 100644
--- a/web/command/handler/authenticate.go
+++ b/web/command/handler/authenticate.go
@@ -14,7 +14,7 @@ import (
 
 func GetAuthenticate() func(http.ResponseWriter, *http.Request) {
 	return ghttp.Adapt(func(w http.ResponseWriter, r *http.Request) (Node, error) {
-		return html.AuthenticatePage(""), nil
+		return html.AuthenticateScrapbookPage(""), nil
 	})
 }
 
@@ -22,20 +22,20 @@ func PostAuthenticate(mainConfig *config.MainConfig, authenticator *auth.Authent
 	return func(w http.ResponseWriter, r *http.Request) {
 		err := r.ParseForm()
 		if err != nil {
-			html.AuthenticatePage(err.Error()).Render(w)
+			html.AuthenticateScrapbookPage(err.Error()).Render(w)
 			return
 		}
 
 		token := r.Form.Get("token")
 
 		if len(mainConfig.Command.Secret) == 0 || subtle.ConstantTimeCompare([]byte(token), []byte(mainConfig.Command.Secret)) != 1 {
-			html.AuthenticatePage("The secret key is incorrect").Render(w)
+			html.AuthenticateScrapbookPage("The secret key is incorrect").Render(w)
 			return
 		}
 
 		jwt, err := authenticator.NewJwt()
 		if err != nil {
-			html.AuthenticatePage(fmt.Errorf("Failed to create jwt: %w", err).Error()).Render(w)
+			html.AuthenticateScrapbookPage(fmt.Errorf("Failed to create jwt: %w", err).Error()).Render(w)
 			return
 		}
 
diff --git a/web/command/handler/password.go b/web/command/handler/password.go
new file mode 100644
index 0000000..7f74a78
--- /dev/null
+++ b/web/command/handler/password.go
@@ -0,0 +1,56 @@
+package handler
+
+import (
+	"fmt"
+	"net/http"
+	"path"
+
+	"github.com/LMBishop/scrapbook/pkg/config"
+	"github.com/LMBishop/scrapbook/pkg/index"
+	"github.com/LMBishop/scrapbook/web/command/html"
+	. "maragu.dev/gomponents"
+	ghttp "maragu.dev/gomponents/http"
+)
+
+func GetPassword(index *index.SiteIndex) func(http.ResponseWriter, *http.Request) {
+	return ghttp.Adapt(func(w http.ResponseWriter, r *http.Request) (Node, error) {
+		siteName := r.PathValue("site")
+		if siteName == "" {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+		site := index.GetSite(siteName)
+		if site == nil {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+
+		return html.PasswordPage("", "", siteName, site.SiteConfig.Password), nil
+	})
+}
+
+func PostPassword(mainConfig *config.MainConfig, index *index.SiteIndex) func(http.ResponseWriter, *http.Request) {
+	return ghttp.Adapt(func(w http.ResponseWriter, r *http.Request) (Node, error) {
+		siteName := r.PathValue("site")
+		if siteName == "" {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+		site := index.GetSite(siteName)
+		if site == nil {
+			return html.ErrorPage("Unknown site: " + siteName), nil
+		}
+
+		err := r.ParseForm()
+		if err != nil {
+			return html.PasswordPage("", fmt.Errorf("Could not parse form: %w", err).Error(), siteName, site.SiteConfig.Password), nil
+		}
+
+		password := r.FormValue("password")
+
+		site.SiteConfig.Password = password
+		err = config.WriteSiteConfig(path.Join(site.Path, "site.toml"), site.SiteConfig)
+		if err != nil {
+			return html.PasswordPage("", fmt.Errorf("Failed to persist site: %w", err).Error(), siteName, password), nil
+		}
+
+		return html.PasswordPage(fmt.Sprintf("Successfully set password for %s to '%s'", siteName, password), "", siteName, password), nil
+	})
+}
diff --git a/web/command/html/authenticate.go b/web/command/html/authenticate.go
index 3d85325..fde99c1 100644
--- a/web/command/html/authenticate.go
+++ b/web/command/html/authenticate.go
@@ -6,7 +6,7 @@ import (
 	. "maragu.dev/gomponents/html"
 )
 
-func AuthenticatePage(err string) Node {
+func AuthenticateScrapbookPage(err string) Node {
 	return Page("Authenticate",
 		H1(Text("Welcome to scrapbook")),
 
diff --git a/web/command/html/flags.go b/web/command/html/flags.go
index 61a1f50..cb19baf 100644
--- a/web/command/html/flags.go
+++ b/web/command/html/flags.go
@@ -88,7 +88,6 @@ func FlagsPage(success, err string, siteName string, flags config.SiteFlag) Node
 							ID("password"),
 							Name("password"),
 							Type("checkbox"),
-							Disabled(),
 							If(flags&config.FlagPassword != 0, Checked()),
 						),
 						Label(
diff --git a/web/command/html/password.go b/web/command/html/password.go
new file mode 100644
index 0000000..3c53048
--- /dev/null
+++ b/web/command/html/password.go
@@ -0,0 +1,53 @@
+package html
+
+import (
+	"fmt"
+
+	. "github.com/LMBishop/scrapbook/web/skeleton"
+	. "maragu.dev/gomponents"
+	. "maragu.dev/gomponents/html"
+)
+
+func PasswordPage(success, err, siteName, passwordValue string) Node {
+	return Page("Change password for "+siteName,
+		H1(Text("Change password for "+siteName)),
+
+		If(success != "", Group{
+			AlertSuccess(success),
+			Div(
+				Class("control-group group-right"),
+				NavButton("OK", fmt.Sprintf("/site/%s/", siteName)),
+			),
+		}),
+
+		If(success == "", Group{
+			If(err != "", AlertError(err)),
+
+			Form(
+				Method("post"),
+
+				FieldSet(
+					Legend(Text("Password")),
+					Input(
+						ID("password"),
+						Name("password"),
+						Value(passwordValue),
+					),
+					Span(
+						Class("form-help"),
+						Text("The password visitors must enter to be able to view the site."),
+					),
+				),
+
+				Div(
+					Class("control-group group-right"),
+					NavButton("Go back", fmt.Sprintf("/site/%s/", siteName)),
+					Input(
+						Type("submit"),
+						Value("Submit"),
+					),
+				),
+			),
+		}),
+	)
+}
diff --git a/web/command/html/site.go b/web/command/html/site.go
index e9bfbac..bd91c12 100644
--- a/web/command/html/site.go
+++ b/web/command/html/site.go
@@ -27,6 +27,7 @@ func SitePage(mainConfig *config.MainConfig, site *site.Site) Node {
 
 				NavButton("Change host", "host"),
 				NavButton("Set flags", "flags"),
+				NavButton("Change password", "password"),
 				NavButton("Delete site", "delete"),
 			),
 		),
diff --git a/web/mux.go b/web/mux.go
index e3ad8d4..ea18711 100644
--- a/web/mux.go
+++ b/web/mux.go
@@ -25,6 +25,8 @@ func NewMux(cfg *config.MainConfig, siteIndex *index.SiteIndex, authenticator *a
 	mux.HandleFunc("POST /site/{site}/flags", middleware.MustAuthenticate(authenticator, handler.PostFlags(cfg, siteIndex)))
 	mux.HandleFunc("GET /site/{site}/host", middleware.MustAuthenticate(authenticator, handler.GetHost(siteIndex)))
 	mux.HandleFunc("POST /site/{site}/host", middleware.MustAuthenticate(authenticator, handler.PostHost(cfg, siteIndex)))
+	mux.HandleFunc("GET /site/{site}/password", middleware.MustAuthenticate(authenticator, handler.GetPassword(siteIndex)))
+	mux.HandleFunc("POST /site/{site}/password", middleware.MustAuthenticate(authenticator, handler.PostPassword(cfg, siteIndex)))
 	mux.HandleFunc("GET /site/{site}/delete", middleware.MustAuthenticate(authenticator, handler.GetDelete(siteIndex)))
 	mux.HandleFunc("POST /site/{site}/delete", middleware.MustAuthenticate(authenticator, handler.PostDelete(cfg, siteIndex)))
author	Leonardo Bishop <me@leonardobishop.net>	2026-03-19 17:14:20 +0000
committer	Leonardo Bishop <me@leonardobishop.net>	2026-03-19 17:14:20 +0000
commit	66bd5d2f7fd84eec39d69f4a8f5c435fc978804f (patch)
tree	20bfd8637cce28750b4a66bdd9aa47cb9831308b /web
parent	60cd7875c2c9ee595012078a3ba8f13b71c73dc9 (diff)