admin now sees the env-vars

author PhiTux <redacted>

Wed, 10 Sep 2025 14:38:55 +0000 (16:38 +0200)

committer PhiTux <redacted>

Wed, 10 Sep 2025 14:38:55 +0000 (16:38 +0200)
author PhiTux <redacted>
Wed, 10 Sep 2025 14:38:55 +0000 (16:38 +0200)
committer PhiTux <redacted>
Wed, 10 Sep 2025 14:38:55 +0000 (16:38 +0200)
diff --git a/backend/handlers/admin.go b/backend/handlers/admin.go

index f6058e2455c1051ae77be5ab6522d57b032cd3c3..930b8fedfbb44810148f051f82f6fdadfb4089cb 100644 (file)
--- a/backend/handlers/admin.go
+++ b/backend/handlers/admin.go
@@ -121,11 +121,15 @@ func GetAdminData(w http.ResponseWriter, r *http.Request) {
         // Check for old directory and get old users info
         oldDirInfo := getOldDirectoryInfo()
  
+       // Get App Settings (Env-vars)
+       appSettings := utils.GetAppSettings()
+
         w.Header().Set("Content-Type", "application/json")
         json.NewEncoder(w).Encode(map[string]any{
-               "users":      adminUsers,
-               "free_space": freeSpace,
-               "old_data":   oldDirInfo,
+               "users":        adminUsers,
+               "free_space":   freeSpace,
+               "old_data":     oldDirInfo,
+               "app_settings": appSettings,
         })
  }
  
diff --git a/backend/handlers/users.go b/backend/handlers/users.go

index b1d3bedb563444e514279b94fc952f0c06c6210d..c35bbbe8645e82f6ce97c94385b6518097956b73 100644 (file)
--- a/backend/handlers/users.go
+++ b/backend/handlers/users.go
@@ -234,6 +234,11 @@ type RegisterRequest struct {
  // Register handles user registration
  // The API endpoint
  func RegisterHandler(w http.ResponseWriter, r *http.Request) {
+       if !utils.Settings.AllowRegistration {
+               http.Error(w, "Registration is not allowed", http.StatusForbidden)
+               return
+       }
+
         // Parse the request body
         var req RegisterRequest
         if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
diff --git a/backend/utils/helpers.go b/backend/utils/helpers.go

index 7b754a7cf022e3d84d2f451c343ed56fc51d8e29..c13402b3715ce89f8e35057f9399635cc3fe2c0b 100644 (file)
--- a/backend/utils/helpers.go
+++ b/backend/utils/helpers.go
@@ -121,6 +121,17 @@ func InitSettings() error {
         return nil
  }
  
+func GetAppSettings() AppSettings {
+       // dont't show secret - remove it!
+       var tempSettings AppSettings
+
+       data, _ := json.Marshal(Settings)
+       json.Unmarshal(data, &tempSettings)
+
+       tempSettings.SecretToken = ""
+       return tempSettings
+}
+
  func GetUserIDByUsername(username string) (int, error) {
         // Get users
         users, err := GetUsers()
diff --git a/frontend/src/lib/settings/Admin.svelte b/frontend/src/lib/settings/Admin.svelte

index f69090ebd4d08ad05a93491a9ec07fff523ec1f3..10e1e627f7bcd19fd74ab1c5ab8ef22c8ca0ac5b 100644 (file)
--- a/frontend/src/lib/settings/Admin.svelte
+++ b/frontend/src/lib/settings/Admin.svelte
@@ -23,6 +23,7 @@
         let freeSpace = $state(0);
         let oldData = $state({});
         let users = $state([]);
+       let appSettings = $state({});
         let isLoadingUsers = $state(false);
         let deleteUserId = $state(null);
         let isDeletingUser = $state(false);
@@ -83,6 +84,7 @@
                         users = response.data.users || [];
                         freeSpace = response.data.free_space;
                         oldData = response.data.old_data;
+                       appSettings = response.data.app_settings || {};
                 } catch (error) {
                         console.error('Error loading users:', error);
                         if (error.response?.status === 401) {
@@ -129,6 +131,7 @@
                 adminPassword = '';
                 adminAuthError = '';
                 users = [];
+               appSettings = {};
                 deleteUserId = null;
         }
  
@@ -423,6 +426,51 @@
                                 </div>
                         {/if}
  
+                       <!-- App Settings Card / Environment Variables -->
+                       <div class="card mt-4">
+                               <div class="card-header">
+                                       <h4 class="card-title mb-0">⚙️ {$t('settings.admin.environment_variables')}</h4>
+                               </div>
+                               <div class="card-body">
+                                       <p class="text-muted mb-3">
+                                               {$t('settings.admin.environment_variables_description')}
+                                       </p>
+
+                                       {#if Object.keys(appSettings).length > 0}
+                                               <div class="list-group list-group-flush">
+                                                       {#each Object.entries(appSettings) as [key, value]}
+                                                               <div class="list-group-item px-0 py-2">
+                                                                       <div class="row">
+                                                                               <div class="col-4">
+                                                                                       <span class="fw-bold text-muted">{key}:</span>
+                                                                               </div>
+                                                                               <div class="col-8">
+                                                                                       <span class="font-monospace">
+                                                                                               {#if Array.isArray(value)}
+                                                                                                       {JSON.stringify(value)}
+                                                                                               {:else if typeof value === 'boolean'}
+                                                                                                       <span class="badge {value ? 'bg-success' : 'bg-danger'}">
+                                                                                                               {value ? 'true' : 'false'}
+                                                                                                       </span>
+                                                                                               {:else if key === 'secret_token' && value === ''}
+                                                                                                       <span class="text-muted fst-italic"
+                                                                                                               >{$t('settings.admin.hidden_for_security')}</span
+                                                                                                       >
+                                                                                               {:else}
+                                                                                                       {value}
+                                                                                               {/if}
+                                                                                       </span>
+                                                                               </div>
+                                                                       </div>
+                                                               </div>
+                                                       {/each}
+                                               </div>
+                                       {:else}
+                                               <p class="text-muted">{$t('settings.admin.no_environment_variables')}</p>
+                                       {/if}
+                               </div>
+                       </div>
+
                         <!-- Reload Button moved to bottom -->
                         <div class="mt-4 d-flex justify-content-center">
                                 <button class="btn btn-outline-primary" onclick={loadUsers} disabled={isLoadingUsers}>
diff --git a/frontend/src/routes/login/+page.svelte b/frontend/src/routes/login/+page.svelte

index deffe9ebc54dadccbdd4e24e9410e01f0bfc5f06..406b13c55bbf165fec4201023780e9ca3c0ba187 100644 (file)
--- a/frontend/src/routes/login/+page.svelte
+++ b/frontend/src/routes/login/+page.svelte
@@ -424,6 +424,12 @@
                                 </h2>
                                 <div id="collapseTwo" class="accordion-collapse collapse" data-bs-parent="#loginAccordion">
                                         <div class="accordion-body">
+                                               <div class="alert alert-info">{$t('login.create_account_info')}</div>
+                                               {#if !registration_allowed}
+                                                       <div class="alert alert-danger" role="alert">
+                                                               {$t('login.alert.registration_not_allowed')}
+                                                       </div>
+                                               {/if}
                                                 <form onsubmit={handleRegister}>
                                                         <div class="form-floating mb-3">
                                                                 <input
@@ -455,11 +461,7 @@
                                                                 />
                                                                 <label for="registerPassword2">{$t('login.confirm_password')}</label>
                                                         </div>
-                                                       {#if !registration_allowed}
-                                                               <div class="alert alert-danger" role="alert">
-                                                                       {$t('login.alert.registration_not_allowed')}
-                                                               </div>
-                                                       {/if}
+
                                                         {#if show_registration_failed_with_message}
                                                                 <div class="alert alert-danger" role="alert">
                                                                         {@html $t('login.alert.registration_failed_with_message', {
author	PhiTux <redacted>
	Wed, 10 Sep 2025 14:38:55 +0000 (16:38 +0200)
committer	PhiTux <redacted>
	Wed, 10 Sep 2025 14:38:55 +0000 (16:38 +0200)
backend/handlers/admin.go		patch \| blob \| history
backend/handlers/users.go		patch \| blob \| history
backend/utils/helpers.go		patch \| blob \| history
frontend/src/lib/settings/Admin.svelte		patch \| blob \| history
frontend/src/routes/login/+page.svelte		patch \| blob \| history