From 4038276daf722acf24df081f26a32f49ac90f415 Mon Sep 17 00:00:00 2001
From: TheSaminator <thesaminator@users.noreply.github.com>
Date: Wed, 6 Jul 2022 11:29:16 -0400
Subject: [PATCH] Rework admin panel

---
 .../starshipfights/admin/endpoints_admin.kt   | 36 +++++++++----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/jvmMain/kotlin/net/starshipfights/admin/endpoints_admin.kt b/src/jvmMain/kotlin/net/starshipfights/admin/endpoints_admin.kt
index 7a124bd..83b1dcf 100644
--- a/src/jvmMain/kotlin/net/starshipfights/admin/endpoints_admin.kt
+++ b/src/jvmMain/kotlin/net/starshipfights/admin/endpoints_admin.kt
@@ -9,10 +9,8 @@ import io.ktor.util.*
 import kotlinx.coroutines.Job
 import kotlinx.html.*
 import net.starshipfights.auth.getUser
-import net.starshipfights.auth.getUserAndSession
 import net.starshipfights.auth.receiveValidatedParameters
 import net.starshipfights.forbid
-import net.starshipfights.info.csrfToken
 import net.starshipfights.info.page
 import net.starshipfights.info.standardNavBar
 import net.starshipfights.redirect
@@ -21,14 +19,9 @@ private val shutDown = Job()
 
 fun Routing.installAdmin() {
 	get("/admin") {
-		val (sess, user) = call.getUserAndSession()
-		
-		if (!user.isAdmin)
+		if (!call.getUser().isAdmin)
 			forbid()
 		
-		sess ?: redirect("/login")
-		user ?: redirect("/login")
-		
 		call.respondHtml(HttpStatusCode.OK, call.page("Admin Panel", call.standardNavBar()) {
 			section {
 				h1 { +"Admin Panel" }
@@ -40,24 +33,22 @@ fun Routing.installAdmin() {
 						name = "announcement"
 						required = true
 					}
-					csrfToken(sess.id)
 					submitInput {
 						value = "Announce"
 					}
 				}
 			}
+			section {
+				h2 { +"Server Shutdown" }
+				form(action = "/admin/shutdown", method = FormMethod.post) {
+					submitInput(classes = "evil") {
+						value = "Shutdown the Server"
+					}
+				}
+			}
 		})
 	}
 	
-	get("/admin/shutdown") {
-		if (!call.getUser().isAdmin)
-			forbid()
-		
-		shutDown.complete()
-		
-		call.respond(HttpStatusCode.Gone)
-	}
-	
 	post("/admin/announce") {
 		val user = call.getUser()
 		user ?: redirect("/login")
@@ -70,6 +61,15 @@ fun Routing.installAdmin() {
 		sendAdminAnnouncement(announcement)
 		redirect("/admin")
 	}
+	
+	post("/admin/shutdown") {
+		if (!call.getUser().isAdmin)
+			forbid()
+		
+		shutDown.complete()
+		
+		call.respond(HttpStatusCode.Gone)
+	}
 }
 
 suspend fun awaitShutDown() = shutDown.join()
-- 
2.25.1