Adding an RBAC functionality for Admins. · baileytownsend.dev/pds-gatekeeper@a4067ce

+203

ADMIN.md

··· 1 + # PDS Admin Portal 2 + 3 + ## Overview 4 + 5 + Bluesky's PDS admin API relies on `PDS_ADMIN_PASSWORD` — a single shared secret that grants unrestricted access to every administrative endpoint. This is workable for solo operators but becomes a liability when multiple team members need admin access. There is no way to limit what any individual can do, no audit trail of who performed an action, and credential rotation affects everyone simultaneously. 6 + 7 + The pds-gatekeeper admin portal solves this by introducing role-based access control (RBAC). Team members authenticate with ATProto OAuth using their own identity, and gatekeeper enforces per-user permissions based on a YAML configuration file. Authorized requests are proxied to the PDS using the admin password on behalf of the authenticated user — the password itself is never exposed to browsers or end users. 8 + 9 + ## Prerequisites 10 + 11 + - A PDS instance running behind pds-gatekeeper 12 + - HTTPS with a valid TLS certificate (required for ATProto OAuth flows) 13 + - SMTP configured on the PDS for email functionality (used by the PDS itself, not strictly by the admin portal) 14 + 15 + ## Quick Start 16 + 17 + ### 1. Create an RBAC configuration file 18 + 19 + Copy the example configuration as a starting point: 20 + 21 + ```sh 22 + cp examples/admin_rbac.yaml /path/to/your/admin_rbac.yaml 23 + ``` 24 + 25 + ### 2. Find your team members' DIDs 26 + 27 + Use [`goat`](https://github.com/bluesky-social/indigo/tree/main/cmd/goat) to resolve a handle to its DID: 28 + 29 + ```sh 30 + goat resolve alice.example.com 31 + ``` 32 + 33 + The DID is the `id` field in the output (e.g. `did:plc:abcdef1234567890`). 34 + 35 + ### 3. Set environment variables 36 + 37 + ```sh 38 + # Required 39 + GATEKEEPER_ADMIN_RBAC_CONFIG=/path/to/your/admin_rbac.yaml 40 + PDS_ADMIN_PASSWORD=your-pds-admin-password 41 + 42 + # Optional 43 + GATEKEEPER_ADMIN_COOKIE_SECRET=<64-character-hex-string> 44 + GATEKEEPER_ADMIN_SESSION_TTL_HOURS=24 45 + ``` 46 + 47 + ### 4. Restart pds-gatekeeper 48 + 49 + ```sh 50 + # If running with systemd: 51 + sudo systemctl restart pds-gatekeeper 52 + 53 + # If running with Docker: 54 + docker restart pds-gatekeeper 55 + ``` 56 + 57 + ### 5. Navigate to the admin portal 58 + 59 + Open your browser and go to: 60 + 61 + ``` 62 + https://your-pds.example.com/admin/login 63 + ``` 64 + 65 + ## RBAC Configuration 66 + 67 + The RBAC configuration is a YAML file with two top-level sections: `roles` and `members`. 68 + 69 + - **Roles** define named sets of endpoint patterns that grant access to specific admin operations. 70 + - **Members** map an ATProto DID to one or more roles. 71 + 72 + A member's effective permissions are the **union** of all endpoints from all of their assigned roles. 73 + 74 + Endpoint patterns support wildcard matching: `com.atproto.admin.*` matches all endpoints under the `com.atproto.admin` namespace. 75 + 76 + Example: 77 + 78 + ```yaml 79 + roles: 80 + pds-admin: 81 + endpoints: 82 + - "com.atproto.admin.*" 83 + - "com.atproto.server.createInviteCode" 84 + - "com.atproto.server.createAccount" 85 + 86 + moderator: 87 + endpoints: 88 + - "com.atproto.admin.getAccountInfo" 89 + - "com.atproto.admin.getAccountInfos" 90 + - "com.atproto.admin.searchAccounts" 91 + - "com.atproto.admin.getSubjectStatus" 92 + - "com.atproto.admin.updateSubjectStatus" 93 + - "com.atproto.admin.sendEmail" 94 + - "com.atproto.admin.getInviteCodes" 95 + 96 + invite-manager: 97 + endpoints: 98 + - "com.atproto.server.createInviteCode" 99 + - "com.atproto.admin.getInviteCodes" 100 + - "com.atproto.admin.disableInviteCodes" 101 + - "com.atproto.admin.enableAccountInvites" 102 + - "com.atproto.admin.disableAccountInvites" 103 + 104 + members: 105 + - did: "did:plc:abcdef1234567890" 106 + roles: 107 + - pds-admin 108 + 109 + - did: "did:plc:bbbbbbbbbbbbbbbb" 110 + roles: 111 + - moderator 112 + - invite-manager 113 + ``` 114 + 115 + ## Available Roles (Reference) 116 + 117 + ### Suggested role templates 118 + 119 + You can make your own roles and teams 120 + 121 + | Role | Description | Endpoints | 122 + |---|---|---| 123 + | `pds-admin` | Full administrative access | `com.atproto.admin.*`, `createInviteCode`, `createAccount` | 124 + | `moderator` | View accounts, manage takedowns, search, send email, view invite codes | `getAccountInfo`, `getAccountInfos`, `searchAccounts`, `getSubjectStatus`, `updateSubjectStatus`, `sendEmail`, `getInviteCodes` | 125 + | `invite-manager` | Manage invite codes and per-account invite permissions | `createInviteCode`, `getInviteCodes`, `disableInviteCodes`, `enableAccountInvites`, `disableAccountInvites` | 126 + 127 + ### All admin XRPC endpoints 128 + 129 + | Endpoint | Description | 130 + |---|---| 131 + | `com.atproto.admin.getAccountInfo` | View single account details | 132 + | `com.atproto.admin.getAccountInfos` | View multiple accounts | 133 + | `com.atproto.admin.searchAccounts` | Search accounts | 134 + | `com.atproto.admin.getSubjectStatus` | Get takedown status | 135 + | `com.atproto.admin.updateSubjectStatus` | Apply or remove takedowns | 136 + | `com.atproto.admin.deleteAccount` | Permanently delete an account | 137 + | `com.atproto.admin.updateAccountPassword` | Reset account password | 138 + | `com.atproto.admin.enableAccountInvites` | Enable invites for an account | 139 + | `com.atproto.admin.disableAccountInvites` | Disable invites for an account | 140 + | `com.atproto.admin.getInviteCodes` | List invite codes | 141 + | `com.atproto.admin.disableInviteCodes` | Disable specific invite codes | 142 + | `com.atproto.admin.sendEmail` | Send email to an account | 143 + | `com.atproto.server.createInviteCode` | Create a new invite code | 144 + | `com.atproto.server.createAccount` | Create a new account | 145 + 146 + ## How It Works 147 + 148 + ### 1. OAuth Login 149 + 150 + The user navigates to `/admin/login` and enters their ATProto handle. Gatekeeper initiates an OAuth authorization flow, redirecting the user to their identity's authorization server. The user authenticates there and is redirected back to gatekeeper with an authorization code. 151 + 152 + ### 2. Session Creation 153 + 154 + Gatekeeper exchanges the authorization code for tokens, extracts the user's DID from the OAuth session, and checks it against the RBAC configuration. If the DID is found in the members list, a signed session cookie is created and set in the browser. 155 + 156 + ### 3. Request Flow 157 + 158 + When the user performs an admin action, gatekeeper: 159 + 160 + 1. Validates the session cookie signature and expiration 161 + 2. Looks up the user's DID in the RBAC configuration 162 + 3. Checks whether the user's roles grant access to the target XRPC endpoint 163 + 4. If authorized, proxies the request to the PDS with `Authorization: Basic` using `PDS_ADMIN_PASSWORD` 164 + 5. Returns the PDS response to the user 165 + 166 + ### 4. UI Rendering 167 + 168 + The admin portal uses server-rendered pages that show or hide actions based on the authenticated user's permissions. However, RBAC is always enforced server-side in route handlers regardless of what the UI displays — hiding a button in the template is a convenience, not a security boundary. 169 + 170 + ## Environment Variables 171 + 172 + | Variable | Required | Default | Description | 173 + |---|---|---|---| 174 + | `GATEKEEPER_ADMIN_RBAC_CONFIG` | Yes | — | Path to the RBAC YAML configuration file | 175 + | `PDS_ADMIN_PASSWORD` | Yes | — | PDS admin password used for proxied requests | 176 + | `GATEKEEPER_ADMIN_COOKIE_SECRET` | No | Derived from `GATEKEEPER_JWE_KEY` | 32-byte hex key for signing session cookies | 177 + | `GATEKEEPER_ADMIN_SESSION_TTL_HOURS` | No | `24` | Admin session lifetime in hours | 178 + 179 + ## Security Considerations 180 + 181 + - **Password isolation**: `PDS_ADMIN_PASSWORD` is never sent to or accessible from browsers. It is only used server-side when proxying authorized requests to the PDS. 182 + - **OAuth security**: The OAuth flow uses DPoP binding and PKCE to prevent token interception and replay attacks. 183 + - **Cookie protections**: Session cookies are signed (tamper-proof) and set with `HttpOnly`, `Secure`, and `SameSite=Lax` attributes. 184 + - **Server-side enforcement**: RBAC is enforced in route handlers, not just in template rendering. Manipulating the UI cannot bypass access controls. 185 + - **Session lifecycle**: Sessions expire after a configurable TTL. Expired sessions are cleaned up automatically. 186 + - **Opt-in activation**: The admin portal is completely opt-in. If `GATEKEEPER_ADMIN_RBAC_CONFIG` is not set, no admin routes are mounted and the portal is entirely inactive. 187 + 188 + ## Troubleshooting 189 + 190 + **OAuth callback failures** 191 + Ensure HTTPS is properly configured with a valid certificate, DNS resolves correctly for your PDS hostname, and the hostname the user accesses matches the PDS configuration. 192 + 193 + **"Access Denied" after login** 194 + Verify that the DID in your RBAC configuration exactly matches the DID of the authenticating identity. Use `goat resolve {handle}` to confirm the correct DID. 195 + 196 + **Session expired** 197 + Sessions expire after the configured TTL (default 24 hours). Either increase `GATEKEEPER_ADMIN_SESSION_TTL_HOURS` or log in again. 198 + 199 + **403 on admin action** 200 + The authenticated user's roles do not include the endpoint being accessed. Check the `members` and `roles` sections of your RBAC config to ensure the required endpoint pattern is granted. 201 + 202 + **Admin portal not appearing** 203 + Confirm that `GATEKEEPER_ADMIN_RBAC_CONFIG` is set in the environment, the file path is correct, and the file exists and is readable by the gatekeeper process.

+328 -6

Cargo.lock

··· 365 365 ] 366 366 367 367 [[package]] 368 + name = "axum-extra" 369 + version = "0.10.3" 370 + source = "registry+https://github.com/rust-lang/crates.io-index" 371 + checksum = "9963ff19f40c6102c76756ef0a46004c0d58957d87259fc9208ff8441c12ab96" 372 + dependencies = [ 373 + "axum", 374 + "axum-core", 375 + "bytes", 376 + "cookie", 377 + "futures-util", 378 + "http", 379 + "http-body", 380 + "http-body-util", 381 + "mime", 382 + "pin-project-lite", 383 + "rustversion", 384 + "serde_core", 385 + "tower-layer", 386 + "tower-service", 387 + "tracing", 388 + ] 389 + 390 + [[package]] 368 391 name = "axum-macros" 369 392 version = "0.5.0" 370 393 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 717 740 checksum = "2f421161cb492475f1661ddc9815a745a1c894592070661180fdec3d4872e9c3" 718 741 719 742 [[package]] 743 + name = "cookie" 744 + version = "0.18.1" 745 + source = "registry+https://github.com/rust-lang/crates.io-index" 746 + checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" 747 + dependencies = [ 748 + "base64", 749 + "hmac", 750 + "percent-encoding", 751 + "rand 0.8.5", 752 + "sha2", 753 + "subtle", 754 + "time", 755 + "version_check", 756 + ] 757 + 758 + [[package]] 720 759 name = "cordyceps" 721 760 version = "0.3.4" 722 761 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1093 1132 checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" 1094 1133 dependencies = [ 1095 1134 "base16ct", 1135 + "base64ct", 1096 1136 "crypto-bigint", 1097 1137 "digest", 1098 1138 "ff", ··· 1102 1142 "pkcs8", 1103 1143 "rand_core 0.6.4", 1104 1144 "sec1", 1145 + "serde_json", 1146 + "serdect", 1105 1147 "subtle", 1106 1148 "zeroize", 1107 1149 ] ··· 1156 1198 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" 1157 1199 dependencies = [ 1158 1200 "libc", 1159 - "windows-sys 0.59.0", 1201 + "windows-sys 0.61.2", 1160 1202 ] 1161 1203 1162 1204 [[package]] ··· 1465 1507 "r-efi", 1466 1508 "wasip2", 1467 1509 "wasm-bindgen", 1510 + ] 1511 + 1512 + [[package]] 1513 + name = "getrandom" 1514 + version = "0.4.1" 1515 + source = "registry+https://github.com/rust-lang/crates.io-index" 1516 + checksum = "139ef39800118c7683f2fd3c98c1b23c09ae076556b435f8e9064ae108aaeeec" 1517 + dependencies = [ 1518 + "cfg-if", 1519 + "libc", 1520 + "r-efi", 1521 + "wasip2", 1522 + "wasip3", 1468 1523 ] 1469 1524 1470 1525 [[package]] ··· 1937 1992 "zerotrie", 1938 1993 "zerovec", 1939 1994 ] 1995 + 1996 + [[package]] 1997 + name = "id-arena" 1998 + version = "2.3.0" 1999 + source = "registry+https://github.com/rust-lang/crates.io-index" 2000 + checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" 1940 2001 1941 2002 [[package]] 1942 2003 name = "ident_case" ··· 2176 2237 ] 2177 2238 2178 2239 [[package]] 2240 + name = "jacquard-oauth" 2241 + version = "0.9.6" 2242 + source = "registry+https://github.com/rust-lang/crates.io-index" 2243 + checksum = "68bf0b0e061d85b09cfa78588dc098918d5b62f539a719165c6a806a1d2c0ef2" 2244 + dependencies = [ 2245 + "base64", 2246 + "bytes", 2247 + "chrono", 2248 + "dashmap", 2249 + "elliptic-curve", 2250 + "http", 2251 + "jacquard-common", 2252 + "jacquard-identity", 2253 + "jose-jwa", 2254 + "jose-jwk", 2255 + "miette", 2256 + "p256", 2257 + "rand 0.8.5", 2258 + "serde", 2259 + "serde_html_form", 2260 + "serde_json", 2261 + "sha2", 2262 + "smol_str", 2263 + "thiserror 2.0.17", 2264 + "tokio", 2265 + "trait-variant", 2266 + "url", 2267 + ] 2268 + 2269 + [[package]] 2179 2270 name = "jobserver" 2180 2271 version = "0.1.34" 2181 2272 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 2186 2277 ] 2187 2278 2188 2279 [[package]] 2280 + name = "jose-b64" 2281 + version = "0.1.2" 2282 + source = "registry+https://github.com/rust-lang/crates.io-index" 2283 + checksum = "bec69375368709666b21c76965ce67549f2d2db7605f1f8707d17c9656801b56" 2284 + dependencies = [ 2285 + "base64ct", 2286 + "serde", 2287 + "subtle", 2288 + "zeroize", 2289 + ] 2290 + 2291 + [[package]] 2292 + name = "jose-jwa" 2293 + version = "0.1.2" 2294 + source = "registry+https://github.com/rust-lang/crates.io-index" 2295 + checksum = "9ab78e053fe886a351d67cf0d194c000f9d0dcb92906eb34d853d7e758a4b3a7" 2296 + dependencies = [ 2297 + "serde", 2298 + ] 2299 + 2300 + [[package]] 2301 + name = "jose-jwk" 2302 + version = "0.1.2" 2303 + source = "registry+https://github.com/rust-lang/crates.io-index" 2304 + checksum = "280fa263807fe0782ecb6f2baadc28dffc04e00558a58e33bfdb801d11fd58e7" 2305 + dependencies = [ 2306 + "jose-b64", 2307 + "jose-jwa", 2308 + "p256", 2309 + "p384", 2310 + "rsa", 2311 + "serde", 2312 + "zeroize", 2313 + ] 2314 + 2315 + [[package]] 2189 2316 name = "josekit" 2190 2317 version = "0.10.3" 2191 2318 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 2274 2401 dependencies = [ 2275 2402 "spin 0.9.8", 2276 2403 ] 2404 + 2405 + [[package]] 2406 + name = "leb128fmt" 2407 + version = "0.1.0" 2408 + source = "registry+https://github.com/rust-lang/crates.io-index" 2409 + checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" 2277 2410 2278 2411 [[package]] 2279 2412 name = "lettre" ··· 2565 2698 source = "registry+https://github.com/rust-lang/crates.io-index" 2566 2699 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" 2567 2700 dependencies = [ 2568 - "windows-sys 0.59.0", 2701 + "windows-sys 0.61.2", 2569 2702 ] 2570 2703 2571 2704 [[package]] ··· 2722 2855 "elliptic-curve", 2723 2856 "primeorder", 2724 2857 "sha2", 2858 + ] 2859 + 2860 + [[package]] 2861 + name = "p384" 2862 + version = "0.13.1" 2863 + source = "registry+https://github.com/rust-lang/crates.io-index" 2864 + checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" 2865 + dependencies = [ 2866 + "elliptic-curve", 2867 + "primeorder", 2725 2868 ] 2726 2869 2727 2870 [[package]] ··· 2781 2924 "anyhow", 2782 2925 "aws-lc-rs", 2783 2926 "axum", 2927 + "axum-extra", 2784 2928 "axum-template", 2929 + "base64", 2785 2930 "chrono", 2786 2931 "dashmap", 2787 2932 "dotenvy", ··· 2791 2936 "hyper-util", 2792 2937 "jacquard-common", 2793 2938 "jacquard-identity", 2939 + "jacquard-oauth", 2940 + "jose-jwk", 2794 2941 "josekit", 2795 2942 "jwt-compact", 2796 2943 "lettre", 2797 2944 "multibase", 2945 + "p256", 2798 2946 "rand 0.9.2", 2799 2947 "reqwest", 2800 2948 "rust-embed", ··· 2802 2950 "scrypt", 2803 2951 "serde", 2804 2952 "serde_json", 2953 + "serde_yaml", 2805 2954 "sha2", 2806 2955 "sqlx", 2807 2956 "tokio", ··· 2812 2961 "tracing-subscriber", 2813 2962 "url", 2814 2963 "urlencoding", 2815 - "valuable", 2964 + "uuid", 2816 2965 ] 2817 2966 2818 2967 [[package]] ··· 3142 3291 "once_cell", 3143 3292 "socket2", 3144 3293 "tracing", 3145 - "windows-sys 0.59.0", 3294 + "windows-sys 0.60.2", 3146 3295 ] 3147 3296 3148 3297 [[package]] ··· 3587 3736 "der", 3588 3737 "generic-array", 3589 3738 "pkcs8", 3739 + "serdect", 3590 3740 "subtle", 3591 3741 "zeroize", 3592 3742 ] ··· 3766 3916 ] 3767 3917 3768 3918 [[package]] 3919 + name = "serde_yaml" 3920 + version = "0.9.34+deprecated" 3921 + source = "registry+https://github.com/rust-lang/crates.io-index" 3922 + checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" 3923 + dependencies = [ 3924 + "indexmap 2.12.1", 3925 + "itoa", 3926 + "ryu", 3927 + "serde", 3928 + "unsafe-libyaml", 3929 + ] 3930 + 3931 + [[package]] 3932 + name = "serdect" 3933 + version = "0.2.0" 3934 + source = "registry+https://github.com/rust-lang/crates.io-index" 3935 + checksum = "a84f14a19e9a014bb9f4512488d9829a68e04ecabffb0f9904cd1ace94598177" 3936 + dependencies = [ 3937 + "base16ct", 3938 + "serde", 3939 + ] 3940 + 3941 + [[package]] 3769 3942 name = "sha1" 3770 3943 version = "0.10.6" 3771 3944 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 4640 4813 checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" 4641 4814 4642 4815 [[package]] 4816 + name = "unsafe-libyaml" 4817 + version = "0.2.11" 4818 + source = "registry+https://github.com/rust-lang/crates.io-index" 4819 + checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" 4820 + 4821 + [[package]] 4643 4822 name = "unsigned-varint" 4644 4823 version = "0.8.0" 4645 4824 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 4688 4867 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" 4689 4868 4690 4869 [[package]] 4870 + name = "uuid" 4871 + version = "1.21.0" 4872 + source = "registry+https://github.com/rust-lang/crates.io-index" 4873 + checksum = "b672338555252d43fd2240c714dc444b8c6fb0a5c5335e65a07bba7742735ddb" 4874 + dependencies = [ 4875 + "getrandom 0.4.1", 4876 + "js-sys", 4877 + "wasm-bindgen", 4878 + ] 4879 + 4880 + [[package]] 4691 4881 name = "valuable" 4692 4882 version = "0.1.1" 4693 4883 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 4742 4932 source = "registry+https://github.com/rust-lang/crates.io-index" 4743 4933 checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" 4744 4934 dependencies = [ 4745 - "wit-bindgen", 4935 + "wit-bindgen 0.46.0", 4936 + ] 4937 + 4938 + [[package]] 4939 + name = "wasip3" 4940 + version = "0.4.0+wasi-0.3.0-rc-2026-01-06" 4941 + source = "registry+https://github.com/rust-lang/crates.io-index" 4942 + checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" 4943 + dependencies = [ 4944 + "wit-bindgen 0.51.0", 4746 4945 ] 4747 4946 4748 4947 [[package]] ··· 4810 5009 ] 4811 5010 4812 5011 [[package]] 5012 + name = "wasm-encoder" 5013 + version = "0.244.0" 5014 + source = "registry+https://github.com/rust-lang/crates.io-index" 5015 + checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" 5016 + dependencies = [ 5017 + "leb128fmt", 5018 + "wasmparser", 5019 + ] 5020 + 5021 + [[package]] 5022 + name = "wasm-metadata" 5023 + version = "0.244.0" 5024 + source = "registry+https://github.com/rust-lang/crates.io-index" 5025 + checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" 5026 + dependencies = [ 5027 + "anyhow", 5028 + "indexmap 2.12.1", 5029 + "wasm-encoder", 5030 + "wasmparser", 5031 + ] 5032 + 5033 + [[package]] 5034 + name = "wasmparser" 5035 + version = "0.244.0" 5036 + source = "registry+https://github.com/rust-lang/crates.io-index" 5037 + checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" 5038 + dependencies = [ 5039 + "bitflags", 5040 + "hashbrown 0.15.5", 5041 + "indexmap 2.12.1", 5042 + "semver", 5043 + ] 5044 + 5045 + [[package]] 4813 5046 name = "web-sys" 4814 5047 version = "0.3.83" 4815 5048 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 4879 5112 source = "registry+https://github.com/rust-lang/crates.io-index" 4880 5113 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" 4881 5114 dependencies = [ 4882 - "windows-sys 0.48.0", 5115 + "windows-sys 0.61.2", 4883 5116 ] 4884 5117 4885 5118 [[package]] ··· 5196 5429 checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" 5197 5430 5198 5431 [[package]] 5432 + name = "wit-bindgen" 5433 + version = "0.51.0" 5434 + source = "registry+https://github.com/rust-lang/crates.io-index" 5435 + checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" 5436 + dependencies = [ 5437 + "wit-bindgen-rust-macro", 5438 + ] 5439 + 5440 + [[package]] 5441 + name = "wit-bindgen-core" 5442 + version = "0.51.0" 5443 + source = "registry+https://github.com/rust-lang/crates.io-index" 5444 + checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" 5445 + dependencies = [ 5446 + "anyhow", 5447 + "heck 0.5.0", 5448 + "wit-parser", 5449 + ] 5450 + 5451 + [[package]] 5452 + name = "wit-bindgen-rust" 5453 + version = "0.51.0" 5454 + source = "registry+https://github.com/rust-lang/crates.io-index" 5455 + checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" 5456 + dependencies = [ 5457 + "anyhow", 5458 + "heck 0.5.0", 5459 + "indexmap 2.12.1", 5460 + "prettyplease", 5461 + "syn 2.0.112", 5462 + "wasm-metadata", 5463 + "wit-bindgen-core", 5464 + "wit-component", 5465 + ] 5466 + 5467 + [[package]] 5468 + name = "wit-bindgen-rust-macro" 5469 + version = "0.51.0" 5470 + source = "registry+https://github.com/rust-lang/crates.io-index" 5471 + checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" 5472 + dependencies = [ 5473 + "anyhow", 5474 + "prettyplease", 5475 + "proc-macro2", 5476 + "quote", 5477 + "syn 2.0.112", 5478 + "wit-bindgen-core", 5479 + "wit-bindgen-rust", 5480 + ] 5481 + 5482 + [[package]] 5483 + name = "wit-component" 5484 + version = "0.244.0" 5485 + source = "registry+https://github.com/rust-lang/crates.io-index" 5486 + checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" 5487 + dependencies = [ 5488 + "anyhow", 5489 + "bitflags", 5490 + "indexmap 2.12.1", 5491 + "log", 5492 + "serde", 5493 + "serde_derive", 5494 + "serde_json", 5495 + "wasm-encoder", 5496 + "wasm-metadata", 5497 + "wasmparser", 5498 + "wit-parser", 5499 + ] 5500 + 5501 + [[package]] 5502 + name = "wit-parser" 5503 + version = "0.244.0" 5504 + source = "registry+https://github.com/rust-lang/crates.io-index" 5505 + checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" 5506 + dependencies = [ 5507 + "anyhow", 5508 + "id-arena", 5509 + "indexmap 2.12.1", 5510 + "log", 5511 + "semver", 5512 + "serde", 5513 + "serde_derive", 5514 + "serde_json", 5515 + "unicode-xid", 5516 + "wasmparser", 5517 + ] 5518 + 5519 + [[package]] 5199 5520 name = "writeable" 5200 5521 version = "0.6.2" 5201 5522 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 5277 5598 source = "registry+https://github.com/rust-lang/crates.io-index" 5278 5599 checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" 5279 5600 dependencies = [ 5601 + "serde", 5280 5602 "zeroize_derive", 5281 5603 ] 5282 5604

+8 -1

Cargo.toml

··· 40 40 josekit = "0.10.3" 41 41 dashmap = "6.1" 42 42 tower = "0.5" 43 - valuable = "0.1.1" 43 + serde_yaml = "0.9" 44 + jacquard-oauth = "0.9.6" 45 + axum-extra = { version = "0.10", features = ["cookie-signed"] } 46 + uuid = { version = "1", features = ["v4"] } 47 + p256 = { version = "0.13", features = ["ecdsa", "jwk"] } 48 + jose-jwk = { version = "0.1", features = ["p256"] } 49 + base64 = "0.22" 50 + url = "2"

+67

examples/admin_rbac.yaml

··· 1 + # PDS Admin Team — Role-Based Access Control 2 + # 3 + # This file defines which ATProto identities can perform admin operations 4 + # through pds-gatekeeper's admin portal. Each member authenticates via 5 + # ATProto OAuth (using their Bluesky/AT Protocol identity) and is granted 6 + # access only to the endpoints their roles permit. 7 + # 8 + # Endpoint patterns: 9 + # - Exact match: "com.atproto.admin.getAccountInfo" 10 + # - Wildcard: "com.atproto.admin.*" (matches all admin endpoints) 11 + # 12 + # Usage: 13 + # 1. Copy this file and customize for your team 14 + # 2. Set GATEKEEPER_ADMIN_RBAC_CONFIG=/path/to/your/admin_rbac.yaml 15 + # 3. Set PDS_ADMIN_PASSWORD=your-pds-admin-password 16 + # 4. Restart pds-gatekeeper 17 + # 5. Navigate to https://your-pds.example.com/admin/login 18 + 19 + roles: 20 + pds-admin: 21 + description: "Full PDS administrator — all admin endpoints + account/invite creation" 22 + endpoints: 23 + - "com.atproto.admin.*" 24 + - "com.atproto.server.createInviteCode" 25 + - "com.atproto.server.createInviteCodes" 26 + - "com.atproto.server.createAccount" 27 + 28 + moderator: 29 + description: "Content moderation — view accounts, manage takedowns and subject status" 30 + endpoints: 31 + - "com.atproto.admin.getAccountInfo" 32 + - "com.atproto.admin.getAccountInfos" 33 + - "com.atproto.admin.getSubjectStatus" 34 + - "com.atproto.admin.updateSubjectStatus" 35 + - "com.atproto.admin.sendEmail" 36 + - "com.atproto.admin.searchAccounts" 37 + - "com.atproto.admin.getInviteCodes" 38 + 39 + invite-manager: 40 + description: "Invite code management — create and manage invite codes" 41 + endpoints: 42 + - "com.atproto.admin.getInviteCodes" 43 + - "com.atproto.admin.disableInviteCodes" 44 + - "com.atproto.admin.enableAccountInvites" 45 + - "com.atproto.admin.disableAccountInvites" 46 + - "com.atproto.server.createInviteCode" 47 + - "com.atproto.server.createInviteCodes" 48 + 49 + members: 50 + # Replace these with your team members' DIDs. 51 + # Resolve a handle to its DID with: goat resolve {handle} 52 + 53 + # Example: Full admin 54 + - did: "did:plc:your-admin-did-here" 55 + roles: 56 + - pds-admin 57 + 58 + # Example: Moderator only 59 + - did: "did:plc:your-moderator-did-here" 60 + roles: 61 + - moderator 62 + 63 + # Example: Someone with both moderator and invite manager roles 64 + - did: "did:plc:your-team-member-did-here" 65 + roles: 66 + - moderator 67 + - invite-manager

+490

html_templates/admin/account_detail.hbs

··· 1 + <!DOCTYPE html> 2 + <html lang="en"> 3 + <head> 4 + <meta charset="utf-8"/> 5 + <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, viewport-fit=cover"/> 6 + <meta name="referrer" content="origin-when-cross-origin"/> 7 + <title>{{account.handle}} - {{pds_hostname}}</title> 8 + <style> 9 + :root, 10 + :root.light-mode { 11 + --brand-color: rgb(16, 131, 254); 12 + --primary-color: rgb(7, 10, 13); 13 + --secondary-color: rgb(66, 86, 108); 14 + --bg-primary-color: rgb(255, 255, 255); 15 + --bg-secondary-color: rgb(240, 242, 245); 16 + --border-color: rgb(220, 225, 230); 17 + --danger-color: rgb(220, 38, 38); 18 + --success-color: rgb(22, 163, 74); 19 + --warning-color: rgb(234, 179, 8); 20 + --table-stripe: rgba(0, 0, 0, 0.02); 21 + } 22 + 23 + @media (prefers-color-scheme: dark) { 24 + :root { 25 + --brand-color: rgb(16, 131, 254); 26 + --primary-color: rgb(255, 255, 255); 27 + --secondary-color: rgb(133, 152, 173); 28 + --bg-primary-color: rgb(7, 10, 13); 29 + --bg-secondary-color: rgb(13, 18, 23); 30 + --border-color: rgb(40, 45, 55); 31 + --table-stripe: rgba(255, 255, 255, 0.02); 32 + } 33 + } 34 + 35 + :root.dark-mode { 36 + --brand-color: rgb(16, 131, 254); 37 + --primary-color: rgb(255, 255, 255); 38 + --secondary-color: rgb(133, 152, 173); 39 + --bg-primary-color: rgb(7, 10, 13); 40 + --bg-secondary-color: rgb(13, 18, 23); 41 + --border-color: rgb(40, 45, 55); 42 + --table-stripe: rgba(255, 255, 255, 0.02); 43 + } 44 + 45 + * { margin: 0; padding: 0; box-sizing: border-box; } 46 + 47 + body { 48 + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; 49 + background: var(--bg-secondary-color); 50 + color: var(--primary-color); 51 + text-rendering: optimizeLegibility; 52 + -webkit-font-smoothing: antialiased; 53 + } 54 + 55 + .layout { display: flex; min-height: 100vh; } 56 + 57 + .sidebar { 58 + width: 220px; 59 + background: var(--bg-primary-color); 60 + border-right: 1px solid var(--border-color); 61 + padding: 20px 0; 62 + position: fixed; 63 + top: 0; left: 0; bottom: 0; 64 + overflow-y: auto; 65 + display: flex; 66 + flex-direction: column; 67 + } 68 + 69 + .sidebar-title { 70 + font-size: 0.8125rem; 71 + font-weight: 700; 72 + padding: 0 20px; 73 + margin-bottom: 4px; 74 + white-space: nowrap; 75 + overflow: hidden; 76 + text-overflow: ellipsis; 77 + } 78 + 79 + .sidebar-subtitle { 80 + font-size: 0.6875rem; 81 + color: var(--secondary-color); 82 + padding: 0 20px; 83 + margin-bottom: 20px; 84 + } 85 + 86 + .sidebar nav { flex: 1; } 87 + 88 + .sidebar nav a { 89 + display: block; 90 + padding: 8px 20px; 91 + font-size: 0.8125rem; 92 + color: var(--secondary-color); 93 + text-decoration: none; 94 + transition: background 0.1s, color 0.1s; 95 + } 96 + 97 + .sidebar nav a:hover { 98 + background: var(--bg-secondary-color); 99 + color: var(--primary-color); 100 + } 101 + 102 + .sidebar nav a.active { 103 + color: var(--brand-color); 104 + font-weight: 500; 105 + } 106 + 107 + .sidebar-footer { 108 + padding: 16px 20px 0; 109 + border-top: 1px solid var(--border-color); 110 + margin-top: 16px; 111 + } 112 + 113 + .sidebar-footer .session-info { 114 + font-size: 0.75rem; 115 + color: var(--secondary-color); 116 + margin-bottom: 8px; 117 + } 118 + 119 + .sidebar-footer form { display: inline; } 120 + 121 + .sidebar-footer button { 122 + background: none; 123 + border: none; 124 + font-size: 0.75rem; 125 + color: var(--secondary-color); 126 + cursor: pointer; 127 + padding: 0; 128 + text-decoration: underline; 129 + } 130 + 131 + .sidebar-footer button:hover { color: var(--primary-color); } 132 + 133 + .main { 134 + margin-left: 220px; 135 + flex: 1; 136 + padding: 32px; 137 + max-width: 960px; 138 + } 139 + 140 + .page-title { 141 + font-size: 1.5rem; 142 + font-weight: 700; 143 + margin-bottom: 4px; 144 + } 145 + 146 + .page-subtitle { 147 + font-size: 0.8125rem; 148 + color: var(--secondary-color); 149 + font-family: 'SF Mono', SFMono-Regular, Menlo, Consolas, monospace; 150 + margin-bottom: 24px; 151 + word-break: break-all; 152 + } 153 + 154 + .flash-success { 155 + background: rgba(22, 163, 74, 0.1); 156 + color: var(--success-color); 157 + border: 1px solid rgba(22, 163, 74, 0.2); 158 + border-radius: 8px; 159 + padding: 10px 14px; 160 + font-size: 0.875rem; 161 + margin-bottom: 20px; 162 + } 163 + 164 + .flash-error { 165 + background: rgba(220, 38, 38, 0.1); 166 + color: var(--danger-color); 167 + border: 1px solid rgba(220, 38, 38, 0.2); 168 + border-radius: 8px; 169 + padding: 10px 14px; 170 + font-size: 0.875rem; 171 + margin-bottom: 20px; 172 + } 173 + 174 + .detail-section { 175 + background: var(--bg-primary-color); 176 + border: 1px solid var(--border-color); 177 + border-radius: 10px; 178 + padding: 20px; 179 + margin-bottom: 16px; 180 + } 181 + 182 + .detail-section h3 { 183 + font-size: 0.875rem; 184 + font-weight: 600; 185 + margin-bottom: 12px; 186 + } 187 + 188 + .detail-row { 189 + display: flex; 190 + justify-content: space-between; 191 + align-items: center; 192 + padding: 8px 0; 193 + font-size: 0.8125rem; 194 + border-bottom: 1px solid var(--border-color); 195 + } 196 + 197 + .detail-row:last-child { 198 + border-bottom: none; 199 + } 200 + 201 + .detail-row .label { 202 + color: var(--secondary-color); 203 + flex-shrink: 0; 204 + } 205 + 206 + .detail-row .value { 207 + font-weight: 500; 208 + word-break: break-all; 209 + text-align: right; 210 + max-width: 65%; 211 + } 212 + 213 + .badge { 214 + display: inline-block; 215 + padding: 2px 8px; 216 + border-radius: 4px; 217 + font-size: 0.75rem; 218 + font-weight: 500; 219 + } 220 + 221 + .badge-success { 222 + background: rgba(22, 163, 74, 0.1); 223 + color: var(--success-color); 224 + } 225 + 226 + .badge-danger { 227 + background: rgba(220, 38, 38, 0.1); 228 + color: var(--danger-color); 229 + } 230 + 231 + .badge-warning { 232 + background: rgba(234, 179, 8, 0.1); 233 + color: var(--warning-color); 234 + } 235 + 236 + .actions { 237 + display: flex; 238 + flex-wrap: wrap; 239 + gap: 8px; 240 + margin-top: 8px; 241 + } 242 + 243 + .actions form { 244 + display: inline; 245 + } 246 + 247 + .btn { 248 + display: inline-flex; 249 + align-items: center; 250 + justify-content: center; 251 + padding: 8px 16px; 252 + font-size: 0.8125rem; 253 + font-weight: 500; 254 + border: 1px solid var(--border-color); 255 + border-radius: 8px; 256 + cursor: pointer; 257 + transition: opacity 0.15s; 258 + text-decoration: none; 259 + background: var(--bg-primary-color); 260 + color: var(--primary-color); 261 + } 262 + 263 + .btn:hover { opacity: 0.85; } 264 + 265 + .btn-primary { 266 + background: var(--brand-color); 267 + color: #fff; 268 + border-color: var(--brand-color); 269 + } 270 + 271 + .btn-danger { 272 + background: var(--danger-color); 273 + color: #fff; 274 + border-color: var(--danger-color); 275 + } 276 + 277 + .btn-warning { 278 + background: var(--warning-color); 279 + color: #000; 280 + border-color: var(--warning-color); 281 + } 282 + 283 + .password-box { 284 + background: rgba(22, 163, 74, 0.08); 285 + border: 1px solid rgba(22, 163, 74, 0.2); 286 + border-radius: 10px; 287 + padding: 16px 20px; 288 + margin-bottom: 16px; 289 + } 290 + 291 + .password-box .pw-label { 292 + font-size: 0.75rem; 293 + font-weight: 600; 294 + color: var(--success-color); 295 + margin-bottom: 6px; 296 + } 297 + 298 + .password-box .pw-value { 299 + font-family: 'SF Mono', SFMono-Regular, Menlo, Consolas, monospace; 300 + font-size: 1rem; 301 + font-weight: 600; 302 + user-select: all; 303 + } 304 + 305 + .back-link { 306 + display: inline-block; 307 + color: var(--brand-color); 308 + text-decoration: none; 309 + font-size: 0.8125rem; 310 + margin-bottom: 16px; 311 + } 312 + 313 + .back-link:hover { text-decoration: underline; } 314 + 315 + @media (max-width: 768px) { 316 + .sidebar { display: none; } 317 + .main { margin-left: 0; } 318 + } 319 + </style> 320 + </head> 321 + <body> 322 + <div class="layout"> 323 + <aside class="sidebar"> 324 + <div class="sidebar-title">{{pds_hostname}}</div> 325 + <div class="sidebar-subtitle">Admin Portal</div> 326 + <nav> 327 + <a href="/admin/">Dashboard</a> 328 + <a href="/admin/accounts" class="active">Accounts</a> 329 + {{#if can_manage_invites}} 330 + <a href="/admin/invite-codes">Invite Codes</a> 331 + {{/if}} 332 + {{#if can_create_account}} 333 + <a href="/admin/create-account">Create Account</a> 334 + {{/if}} 335 + </nav> 336 + <div class="sidebar-footer"> 337 + <div class="session-info">Signed in as {{handle}}</div> 338 + <form method="POST" action="/admin/logout"> 339 + <button type="submit">Sign out</button> 340 + </form> 341 + </div> 342 + </aside> 343 + 344 + <main class="main"> 345 + {{#if flash_success}} 346 + <div class="flash-success">{{flash_success}}</div> 347 + {{/if}} 348 + {{#if flash_error}} 349 + <div class="flash-error">{{flash_error}}</div> 350 + {{/if}} 351 + 352 + <a href="/admin/accounts" class="back-link">← Back to Accounts</a> 353 + 354 + <h1 class="page-title">{{account.handle}}</h1> 355 + <div class="page-subtitle">{{account.did}}</div> 356 + 357 + {{#if new_password}} 358 + <div class="password-box"> 359 + <div class="pw-label">New Password (copy now -- it will not be shown again)</div> 360 + <div class="pw-value">{{new_password}}</div> 361 + </div> 362 + {{/if}} 363 + 364 + <div class="detail-section"> 365 + <h3>Account Information</h3> 366 + <div class="detail-row"> 367 + <span class="label">Handle</span> 368 + <span class="value">{{account.handle}}</span> 369 + </div> 370 + <div class="detail-row"> 371 + <span class="label">DID</span> 372 + <span class="value">{{account.did}}</span> 373 + </div> 374 + <div class="detail-row"> 375 + <span class="label">Email</span> 376 + <span class="value">{{account.email}}</span> 377 + </div> 378 + {{#if account.indexedAt}} 379 + <div class="detail-row"> 380 + <span class="label">Indexed At</span> 381 + <span class="value">{{account.indexedAt}}</span> 382 + </div> 383 + {{/if}} 384 + </div> 385 + 386 + <div class="detail-section"> 387 + <h3>Status</h3> 388 + <div class="detail-row"> 389 + <span class="label">Takedown</span> 390 + <span class="value"> 391 + {{#if account.takendown}} 392 + <span class="badge badge-danger">Taken Down</span> 393 + {{else}} 394 + <span class="badge badge-success">Active</span> 395 + {{/if}} 396 + </span> 397 + </div> 398 + <div class="detail-row"> 399 + <span class="label">Email Confirmed</span> 400 + <span class="value"> 401 + {{#if account.emailConfirmedAt}} 402 + <span class="badge badge-success">Confirmed</span> 403 + {{else}} 404 + <span class="badge badge-warning">Unconfirmed</span> 405 + {{/if}} 406 + </span> 407 + </div> 408 + <div class="detail-row"> 409 + <span class="label">Deactivated</span> 410 + <span class="value"> 411 + {{#if account.deactivatedAt}} 412 + <span class="badge badge-warning">{{account.deactivatedAt}}</span> 413 + {{else}} 414 + <span class="badge badge-success">No</span> 415 + {{/if}} 416 + </span> 417 + </div> 418 + </div> 419 + 420 + <div class="detail-section"> 421 + <h3>Invite Information</h3> 422 + {{#if account.invitedBy}} 423 + <div class="detail-row"> 424 + <span class="label">Invited By</span> 425 + <span class="value">{{account.invitedBy}}</span> 426 + </div> 427 + {{/if}} 428 + <div class="detail-row"> 429 + <span class="label">Invites Disabled</span> 430 + <span class="value"> 431 + {{#if account.invitesDisabled}} 432 + <span class="badge badge-danger">Yes</span> 433 + {{else}} 434 + <span class="badge badge-success">No</span> 435 + {{/if}} 436 + </span> 437 + </div> 438 + {{#if account.inviteNote}} 439 + <div class="detail-row"> 440 + <span class="label">Invite Note</span> 441 + <span class="value">{{account.inviteNote}}</span> 442 + </div> 443 + {{/if}} 444 + </div> 445 + 446 + <div class="detail-section"> 447 + <h3>Actions</h3> 448 + <div class="actions"> 449 + {{#if can_manage_takedowns}} 450 + {{#if account.takendown}} 451 + <form method="POST" action="/admin/accounts/{{account.did}}/untakedown"> 452 + <button type="submit" class="btn btn-primary">Remove Takedown</button> 453 + </form> 454 + {{else}} 455 + <form method="POST" action="/admin/accounts/{{account.did}}/takedown"> 456 + <button type="submit" class="btn btn-warning">Takedown Account</button> 457 + </form> 458 + {{/if}} 459 + {{/if}} 460 + 461 + {{#if can_reset_password}} 462 + <form method="POST" action="/admin/accounts/{{account.did}}/reset-password" onsubmit="return confirm('Are you sure you want to reset this account password? The current password will be invalidated.');"> 463 + <button type="submit" class="btn">Reset Password</button> 464 + </form> 465 + {{/if}} 466 + 467 + {{#if can_manage_invites}} 468 + {{#if account.invitesDisabled}} 469 + <form method="POST" action="/admin/accounts/{{account.did}}/enable-invites"> 470 + <button type="submit" class="btn">Enable Invites</button> 471 + </form> 472 + {{else}} 473 + <form method="POST" action="/admin/accounts/{{account.did}}/disable-invites"> 474 + <button type="submit" class="btn">Disable Invites</button> 475 + </form> 476 + {{/if}} 477 + {{/if}} 478 + 479 + {{#if can_delete_account}} 480 + <form method="POST" action="/admin/accounts/{{account.did}}/delete" onsubmit="return confirm('PERMANENTLY DELETE this account? This action cannot be undone.');"> 481 + <button type="submit" class="btn btn-danger">Delete Account</button> 482 + </form> 483 + {{/if}} 484 + </div> 485 + </div> 486 + </main> 487 + </div> 488 + 489 + </body> 490 + </html>

+347

html_templates/admin/accounts.hbs

··· 1 + <!DOCTYPE html> 2 + <html lang="en"> 3 + <head> 4 + <meta charset="utf-8"/> 5 + <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, viewport-fit=cover"/> 6 + <meta name="referrer" content="origin-when-cross-origin"/> 7 + <title>Accounts - {{pds_hostname}}</title> 8 + <style> 9 + :root, 10 + :root.light-mode { 11 + --brand-color: rgb(16, 131, 254); 12 + --primary-color: rgb(7, 10, 13); 13 + --secondary-color: rgb(66, 86, 108); 14 + --bg-primary-color: rgb(255, 255, 255); 15 + --bg-secondary-color: rgb(240, 242, 245); 16 + --border-color: rgb(220, 225, 230); 17 + --danger-color: rgb(220, 38, 38); 18 + --success-color: rgb(22, 163, 74); 19 + --warning-color: rgb(234, 179, 8); 20 + --table-stripe: rgba(0, 0, 0, 0.02); 21 + } 22 + 23 + @media (prefers-color-scheme: dark) { 24 + :root { 25 + --brand-color: rgb(16, 131, 254); 26 + --primary-color: rgb(255, 255, 255); 27 + --secondary-color: rgb(133, 152, 173); 28 + --bg-primary-color: rgb(7, 10, 13); 29 + --bg-secondary-color: rgb(13, 18, 23); 30 + --border-color: rgb(40, 45, 55); 31 + --table-stripe: rgba(255, 255, 255, 0.02); 32 + } 33 + } 34 + 35 + :root.dark-mode { 36 + --brand-color: rgb(16, 131, 254); 37 + --primary-color: rgb(255, 255, 255); 38 + --secondary-color: rgb(133, 152, 173); 39 + --bg-primary-color: rgb(7, 10, 13); 40 + --bg-secondary-color: rgb(13, 18, 23); 41 + --border-color: rgb(40, 45, 55); 42 + --table-stripe: rgba(255, 255, 255, 0.02); 43 + } 44 + 45 + * { margin: 0; padding: 0; box-sizing: border-box; } 46 + 47 + body { 48 + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; 49 + background: var(--bg-secondary-color); 50 + color: var(--primary-color); 51 + text-rendering: optimizeLegibility; 52 + -webkit-font-smoothing: antialiased; 53 + } 54 + 55 + .layout { display: flex; min-height: 100vh; } 56 + 57 + .sidebar { 58 + width: 220px; 59 + background: var(--bg-primary-color); 60 + border-right: 1px solid var(--border-color); 61 + padding: 20px 0; 62 + position: fixed; 63 + top: 0; left: 0; bottom: 0; 64 + overflow-y: auto; 65 + display: flex; 66 + flex-direction: column; 67 + } 68 + 69 + .sidebar-title { 70 + font-size: 0.8125rem; 71 + font-weight: 700; 72 + padding: 0 20px; 73 + margin-bottom: 4px; 74 + white-space: nowrap; 75 + overflow: hidden; 76 + text-overflow: ellipsis; 77 + } 78 + 79 + .sidebar-subtitle { 80 + font-size: 0.6875rem; 81 + color: var(--secondary-color); 82 + padding: 0 20px; 83 + margin-bottom: 20px; 84 + } 85 + 86 + .sidebar nav { flex: 1; } 87 + 88 + .sidebar nav a { 89 + display: block; 90 + padding: 8px 20px; 91 + font-size: 0.8125rem; 92 + color: var(--secondary-color); 93 + text-decoration: none; 94 + transition: background 0.1s, color 0.1s; 95 + } 96 + 97 + .sidebar nav a:hover { 98 + background: var(--bg-secondary-color); 99 + color: var(--primary-color); 100 + } 101 + 102 + .sidebar nav a.active { 103 + color: var(--brand-color); 104 + font-weight: 500; 105 + } 106 + 107 + .sidebar-footer { 108 + padding: 16px 20px 0; 109 + border-top: 1px solid var(--border-color); 110 + margin-top: 16px; 111 + } 112 + 113 + .sidebar-footer .session-info { 114 + font-size: 0.75rem; 115 + color: var(--secondary-color); 116 + margin-bottom: 8px; 117 + } 118 + 119 + .sidebar-footer form { display: inline; } 120 + 121 + .sidebar-footer button { 122 + background: none; 123 + border: none; 124 + font-size: 0.75rem; 125 + color: var(--secondary-color); 126 + cursor: pointer; 127 + padding: 0; 128 + text-decoration: underline; 129 + } 130 + 131 + .sidebar-footer button:hover { color: var(--primary-color); } 132 + 133 + .main { 134 + margin-left: 220px; 135 + flex: 1; 136 + padding: 32px; 137 + max-width: 960px; 138 + } 139 + 140 + .page-title { 141 + font-size: 1.5rem; 142 + font-weight: 700; 143 + margin-bottom: 24px; 144 + } 145 + 146 + .flash-success { 147 + background: rgba(22, 163, 74, 0.1); 148 + color: var(--success-color); 149 + border: 1px solid rgba(22, 163, 74, 0.2); 150 + border-radius: 8px; 151 + padding: 10px 14px; 152 + font-size: 0.875rem; 153 + margin-bottom: 20px; 154 + } 155 + 156 + .flash-error { 157 + background: rgba(220, 38, 38, 0.1); 158 + color: var(--danger-color); 159 + border: 1px solid rgba(220, 38, 38, 0.2); 160 + border-radius: 8px; 161 + padding: 10px 14px; 162 + font-size: 0.875rem; 163 + margin-bottom: 20px; 164 + } 165 + 166 + .search-form { 167 + display: flex; 168 + gap: 8px; 169 + margin-bottom: 24px; 170 + } 171 + 172 + .search-form input { 173 + flex: 1; 174 + padding: 10px 12px; 175 + font-size: 0.875rem; 176 + border: 1px solid var(--border-color); 177 + border-radius: 8px; 178 + background: var(--bg-primary-color); 179 + color: var(--primary-color); 180 + outline: none; 181 + } 182 + 183 + .search-form input:focus { 184 + border-color: var(--brand-color); 185 + } 186 + 187 + .btn { 188 + display: inline-flex; 189 + align-items: center; 190 + justify-content: center; 191 + padding: 10px 20px; 192 + font-size: 0.875rem; 193 + font-weight: 500; 194 + border: none; 195 + border-radius: 8px; 196 + cursor: pointer; 197 + transition: opacity 0.15s; 198 + text-decoration: none; 199 + } 200 + 201 + .btn:hover { opacity: 0.85; } 202 + 203 + .btn-primary { 204 + background: var(--brand-color); 205 + color: #fff; 206 + } 207 + 208 + .table-container { 209 + background: var(--bg-primary-color); 210 + border: 1px solid var(--border-color); 211 + border-radius: 10px; 212 + overflow: hidden; 213 + } 214 + 215 + table { 216 + width: 100%; 217 + border-collapse: collapse; 218 + } 219 + 220 + thead th { 221 + text-align: left; 222 + padding: 12px 16px; 223 + font-size: 0.75rem; 224 + font-weight: 600; 225 + color: var(--secondary-color); 226 + text-transform: uppercase; 227 + letter-spacing: 0.5px; 228 + border-bottom: 1px solid var(--border-color); 229 + } 230 + 231 + tbody tr { 232 + border-bottom: 1px solid var(--border-color); 233 + } 234 + 235 + tbody tr:last-child { 236 + border-bottom: none; 237 + } 238 + 239 + tbody tr:nth-child(even) { 240 + background: var(--table-stripe); 241 + } 242 + 243 + tbody td { 244 + padding: 10px 16px; 245 + font-size: 0.8125rem; 246 + } 247 + 248 + tbody td a { 249 + color: var(--brand-color); 250 + text-decoration: none; 251 + } 252 + 253 + tbody td a:hover { 254 + text-decoration: underline; 255 + } 256 + 257 + .empty-state { 258 + text-align: center; 259 + padding: 40px 20px; 260 + color: var(--secondary-color); 261 + font-size: 0.875rem; 262 + } 263 + 264 + .did-cell { 265 + font-family: 'SF Mono', SFMono-Regular, Menlo, Consolas, monospace; 266 + font-size: 0.75rem; 267 + color: var(--secondary-color); 268 + } 269 + 270 + @media (max-width: 768px) { 271 + .sidebar { display: none; } 272 + .main { margin-left: 0; } 273 + } 274 + </style> 275 + </head> 276 + <body> 277 + <div class="layout"> 278 + <aside class="sidebar"> 279 + <div class="sidebar-title">{{pds_hostname}}</div> 280 + <div class="sidebar-subtitle">Admin Portal</div> 281 + <nav> 282 + <a href="/admin/">Dashboard</a> 283 + <a href="/admin/accounts" class="active">Accounts</a> 284 + {{#if can_manage_invites}} 285 + <a href="/admin/invite-codes">Invite Codes</a> 286 + {{/if}} 287 + {{#if can_create_account}} 288 + <a href="/admin/create-account">Create Account</a> 289 + {{/if}} 290 + </nav> 291 + <div class="sidebar-footer"> 292 + <div class="session-info">Signed in as {{handle}}</div> 293 + <form method="POST" action="/admin/logout"> 294 + <button type="submit">Sign out</button> 295 + </form> 296 + </div> 297 + </aside> 298 + 299 + <main class="main"> 300 + {{#if flash_success}} 301 + <div class="flash-success">{{flash_success}}</div> 302 + {{/if}} 303 + {{#if flash_error}} 304 + <div class="flash-error">{{flash_error}}</div> 305 + {{/if}} 306 + 307 + <h1 class="page-title">Accounts</h1> 308 + 309 + <form class="search-form" method="GET" action="/admin/search"> 310 + <input type="text" name="q" placeholder="Search by handle or DID..." value="{{query}}" /> 311 + <button type="submit" class="btn btn-primary">Search</button> 312 + </form> 313 + 314 + {{#if accounts}} 315 + <div class="table-container"> 316 + <table> 317 + <thead> 318 + <tr> 319 + <th>Handle</th> 320 + <th>DID</th> 321 + <th>Email</th> 322 + </tr> 323 + </thead> 324 + <tbody> 325 + {{#each accounts}} 326 + <tr> 327 + <td><a href="/admin/accounts/{{this.did}}">{{this.handle}}</a></td> 328 + <td class="did-cell">{{this.did}}</td> 329 + <td>{{this.email}}</td> 330 + </tr> 331 + {{/each}} 332 + </tbody> 333 + </table> 334 + </div> 335 + {{else}} 336 + <div class="empty-state"> 337 + {{#if query}} 338 + No accounts matching "{{query}}" 339 + {{else}} 340 + No accounts found 341 + {{/if}} 342 + </div> 343 + {{/if}} 344 + </main> 345 + </div> 346 + </body> 347 + </html>

+359

html_templates/admin/create_account.hbs

··· 1 + <!DOCTYPE html> 2 + <html lang="en"> 3 + <head> 4 + <meta charset="utf-8"/> 5 + <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, viewport-fit=cover"/> 6 + <meta name="referrer" content="origin-when-cross-origin"/> 7 + <title>Create Account - {{pds_hostname}}</title> 8 + <style> 9 + :root, 10 + :root.light-mode { 11 + --brand-color: rgb(16, 131, 254); 12 + --primary-color: rgb(7, 10, 13); 13 + --secondary-color: rgb(66, 86, 108); 14 + --bg-primary-color: rgb(255, 255, 255); 15 + --bg-secondary-color: rgb(240, 242, 245); 16 + --border-color: rgb(220, 225, 230); 17 + --danger-color: rgb(220, 38, 38); 18 + --success-color: rgb(22, 163, 74); 19 + --warning-color: rgb(234, 179, 8); 20 + --table-stripe: rgba(0, 0, 0, 0.02); 21 + } 22 + 23 + @media (prefers-color-scheme: dark) { 24 + :root { 25 + --brand-color: rgb(16, 131, 254); 26 + --primary-color: rgb(255, 255, 255); 27 + --secondary-color: rgb(133, 152, 173); 28 + --bg-primary-color: rgb(7, 10, 13); 29 + --bg-secondary-color: rgb(13, 18, 23); 30 + --border-color: rgb(40, 45, 55); 31 + --table-stripe: rgba(255, 255, 255, 0.02); 32 + } 33 + } 34 + 35 + :root.dark-mode { 36 + --brand-color: rgb(16, 131, 254); 37 + --primary-color: rgb(255, 255, 255); 38 + --secondary-color: rgb(133, 152, 173); 39 + --bg-primary-color: rgb(7, 10, 13); 40 + --bg-secondary-color: rgb(13, 18, 23); 41 + --border-color: rgb(40, 45, 55); 42 + --table-stripe: rgba(255, 255, 255, 0.02); 43 + } 44 + 45 + * { margin: 0; padding: 0; box-sizing: border-box; } 46 + 47 + body { 48 + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; 49 + background: var(--bg-secondary-color); 50 + color: var(--primary-color); 51 + text-rendering: optimizeLegibility; 52 + -webkit-font-smoothing: antialiased; 53 + } 54 + 55 + .layout { display: flex; min-height: 100vh; } 56 + 57 + .sidebar { 58 + width: 220px; 59 + background: var(--bg-primary-color); 60 + border-right: 1px solid var(--border-color); 61 + padding: 20px 0; 62 + position: fixed; 63 + top: 0; left: 0; bottom: 0; 64 + overflow-y: auto; 65 + display: flex; 66 + flex-direction: column; 67 + } 68 + 69 + .sidebar-title { 70 + font-size: 0.8125rem; 71 + font-weight: 700; 72 + padding: 0 20px; 73 + margin-bottom: 4px; 74 + white-space: nowrap; 75 + overflow: hidden; 76 + text-overflow: ellipsis; 77 + } 78 + 79 + .sidebar-subtitle { 80 + font-size: 0.6875rem; 81 + color: var(--secondary-color); 82 + padding: 0 20px; 83 + margin-bottom: 20px; 84 + } 85 + 86 + .sidebar nav { flex: 1; } 87 + 88 + .sidebar nav a { 89 + display: block; 90 + padding: 8px 20px; 91 + font-size: 0.8125rem; 92 + color: var(--secondary-color); 93 + text-decoration: none; 94 + transition: background 0.1s, color 0.1s; 95 + } 96 + 97 + .sidebar nav a:hover { 98 + background: var(--bg-secondary-color); 99 + color: var(--primary-color); 100 + } 101 + 102 + .sidebar nav a.active { 103 + color: var(--brand-color); 104 + font-weight: 500; 105 + } 106 + 107 + .sidebar-footer { 108 + padding: 16px 20px 0; 109 + border-top: 1px solid var(--border-color); 110 + margin-top: 16px; 111 + } 112 + 113 + .sidebar-footer .session-info { 114 + font-size: 0.75rem; 115 + color: var(--secondary-color); 116 + margin-bottom: 8px; 117 + } 118 + 119 + .sidebar-footer form { display: inline; } 120 + 121 + .sidebar-footer button { 122 + background: none; 123 + border: none; 124 + font-size: 0.75rem; 125 + color: var(--secondary-color); 126 + cursor: pointer; 127 + padding: 0; 128 + text-decoration: underline; 129 + } 130 + 131 + .sidebar-footer button:hover { color: var(--primary-color); } 132 + 133 + .main { 134 + margin-left: 220px; 135 + flex: 1; 136 + padding: 32px; 137 + max-width: 960px; 138 + } 139 + 140 + .page-title { 141 + font-size: 1.5rem; 142 + font-weight: 700; 143 + margin-bottom: 24px; 144 + } 145 + 146 + .flash-success { 147 + background: rgba(22, 163, 74, 0.1); 148 + color: var(--success-color); 149 + border: 1px solid rgba(22, 163, 74, 0.2); 150 + border-radius: 8px; 151 + padding: 10px 14px; 152 + font-size: 0.875rem; 153 + margin-bottom: 20px; 154 + } 155 + 156 + .flash-error { 157 + background: rgba(220, 38, 38, 0.1); 158 + color: var(--danger-color); 159 + border: 1px solid rgba(220, 38, 38, 0.2); 160 + border-radius: 8px; 161 + padding: 10px 14px; 162 + font-size: 0.875rem; 163 + margin-bottom: 20px; 164 + } 165 + 166 + .form-card { 167 + background: var(--bg-primary-color); 168 + border: 1px solid var(--border-color); 169 + border-radius: 10px; 170 + padding: 24px; 171 + max-width: 480px; 172 + } 173 + 174 + .form-group { 175 + margin-bottom: 16px; 176 + } 177 + 178 + .form-group label { 179 + display: block; 180 + font-size: 0.8125rem; 181 + font-weight: 500; 182 + margin-bottom: 6px; 183 + color: var(--primary-color); 184 + } 185 + 186 + .form-group input { 187 + width: 100%; 188 + padding: 10px 12px; 189 + font-size: 0.875rem; 190 + border: 1px solid var(--border-color); 191 + border-radius: 8px; 192 + background: var(--bg-primary-color); 193 + color: var(--primary-color); 194 + outline: none; 195 + transition: border-color 0.15s; 196 + } 197 + 198 + .form-group input:focus { 199 + border-color: var(--brand-color); 200 + } 201 + 202 + .form-group .hint { 203 + font-size: 0.75rem; 204 + color: var(--secondary-color); 205 + margin-top: 4px; 206 + } 207 + 208 + .btn { 209 + display: inline-flex; 210 + align-items: center; 211 + justify-content: center; 212 + padding: 10px 20px; 213 + font-size: 0.875rem; 214 + font-weight: 500; 215 + border: none; 216 + border-radius: 8px; 217 + cursor: pointer; 218 + transition: opacity 0.15s; 219 + text-decoration: none; 220 + } 221 + 222 + .btn:hover { opacity: 0.85; } 223 + 224 + .btn-primary { 225 + background: var(--brand-color); 226 + color: #fff; 227 + } 228 + 229 + .success-card { 230 + background: var(--bg-primary-color); 231 + border: 1px solid var(--border-color); 232 + border-radius: 10px; 233 + padding: 24px; 234 + max-width: 480px; 235 + } 236 + 237 + .success-card h3 { 238 + font-size: 1rem; 239 + font-weight: 600; 240 + color: var(--success-color); 241 + margin-bottom: 16px; 242 + } 243 + 244 + .detail-row { 245 + display: flex; 246 + justify-content: space-between; 247 + padding: 8px 0; 248 + font-size: 0.8125rem; 249 + border-bottom: 1px solid var(--border-color); 250 + } 251 + 252 + .detail-row:last-child { 253 + border-bottom: none; 254 + } 255 + 256 + .detail-row .label { 257 + color: var(--secondary-color); 258 + } 259 + 260 + .detail-row .value { 261 + font-weight: 500; 262 + word-break: break-all; 263 + text-align: right; 264 + max-width: 65%; 265 + } 266 + 267 + .password-highlight { 268 + font-family: 'SF Mono', SFMono-Regular, Menlo, Consolas, monospace; 269 + background: rgba(22, 163, 74, 0.08); 270 + padding: 2px 6px; 271 + border-radius: 4px; 272 + user-select: all; 273 + } 274 + 275 + @media (max-width: 768px) { 276 + .sidebar { display: none; } 277 + .main { margin-left: 0; } 278 + } 279 + </style> 280 + </head> 281 + <body> 282 + <div class="layout"> 283 + <aside class="sidebar"> 284 + <div class="sidebar-title">{{pds_hostname}}</div> 285 + <div class="sidebar-subtitle">Admin Portal</div> 286 + <nav> 287 + <a href="/admin/">Dashboard</a> 288 + <a href="/admin/accounts">Accounts</a> 289 + {{#if can_manage_invites}} 290 + <a href="/admin/invite-codes">Invite Codes</a> 291 + {{/if}} 292 + {{#if can_create_account}} 293 + <a href="/admin/create-account" class="active">Create Account</a> 294 + {{/if}} 295 + </nav> 296 + <div class="sidebar-footer"> 297 + <div class="session-info">Signed in as {{handle}}</div> 298 + <form method="POST" action="/admin/logout"> 299 + <button type="submit">Sign out</button> 300 + </form> 301 + </div> 302 + </aside> 303 + 304 + <main class="main"> 305 + {{#if flash_success}} 306 + <div class="flash-success">{{flash_success}}</div> 307 + {{/if}} 308 + {{#if flash_error}} 309 + <div class="flash-error">{{flash_error}}</div> 310 + {{/if}} 311 + 312 + <h1 class="page-title">Create Account</h1> 313 + 314 + {{#if created}} 315 + <div class="success-card"> 316 + <h3>Account Created Successfully</h3> 317 + <div class="detail-row"> 318 + <span class="label">DID</span> 319 + <span class="value">{{created.did}}</span> 320 + </div> 321 + <div class="detail-row"> 322 + <span class="label">Handle</span> 323 + <span class="value">{{created.handle}}</span> 324 + </div> 325 + <div class="detail-row"> 326 + <span class="label">Email</span> 327 + <span class="value">{{created.email}}</span> 328 + </div> 329 + <div class="detail-row"> 330 + <span class="label">Password</span> 331 + <span class="value"><span class="password-highlight">{{created.password}}</span></span> 332 + </div> 333 + {{#if created.inviteCode}} 334 + <div class="detail-row"> 335 + <span class="label">Invite Code Used</span> 336 + <span class="value">{{created.inviteCode}}</span> 337 + </div> 338 + {{/if}} 339 + </div> 340 + {{else}} 341 + <div class="form-card"> 342 + <form method="POST" action="/admin/create-account"> 343 + <div class="form-group"> 344 + <label for="email">Email</label> 345 + <input type="email" id="email" name="email" placeholder="user@example.com" required /> 346 + </div> 347 + <div class="form-group"> 348 + <label for="handle">Handle</label> 349 + <input type="text" id="handle" name="handle" placeholder="user.example.com" required /> 350 + <div class="hint">Must be a valid handle for this PDS</div> 351 + </div> 352 + <button type="submit" class="btn btn-primary">Create Account</button> 353 + </form> 354 + </div> 355 + {{/if}} 356 + </main> 357 + </div> 358 + </body> 359 + </html>

+323

html_templates/admin/dashboard.hbs

··· 1 + <!DOCTYPE html> 2 + <html lang="en"> 3 + <head> 4 + <meta charset="utf-8"/> 5 + <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, viewport-fit=cover"/> 6 + <meta name="referrer" content="origin-when-cross-origin"/> 7 + <title>Dashboard - {{pds_hostname}}</title> 8 + <style> 9 + :root, 10 + :root.light-mode { 11 + --brand-color: rgb(16, 131, 254); 12 + --primary-color: rgb(7, 10, 13); 13 + --secondary-color: rgb(66, 86, 108); 14 + --bg-primary-color: rgb(255, 255, 255); 15 + --bg-secondary-color: rgb(240, 242, 245); 16 + --border-color: rgb(220, 225, 230); 17 + --danger-color: rgb(220, 38, 38); 18 + --success-color: rgb(22, 163, 74); 19 + --warning-color: rgb(234, 179, 8); 20 + --table-stripe: rgba(0, 0, 0, 0.02); 21 + } 22 + 23 + @media (prefers-color-scheme: dark) { 24 + :root { 25 + --brand-color: rgb(16, 131, 254); 26 + --primary-color: rgb(255, 255, 255); 27 + --secondary-color: rgb(133, 152, 173); 28 + --bg-primary-color: rgb(7, 10, 13); 29 + --bg-secondary-color: rgb(13, 18, 23); 30 + --border-color: rgb(40, 45, 55); 31 + --table-stripe: rgba(255, 255, 255, 0.02); 32 + } 33 + } 34 + 35 + :root.dark-mode { 36 + --brand-color: rgb(16, 131, 254); 37 + --primary-color: rgb(255, 255, 255); 38 + --secondary-color: rgb(133, 152, 173); 39 + --bg-primary-color: rgb(7, 10, 13); 40 + --bg-secondary-color: rgb(13, 18, 23); 41 + --border-color: rgb(40, 45, 55); 42 + --table-stripe: rgba(255, 255, 255, 0.02); 43 + } 44 + 45 + * { margin: 0; padding: 0; box-sizing: border-box; } 46 + 47 + body { 48 + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; 49 + background: var(--bg-secondary-color); 50 + color: var(--primary-color); 51 + text-rendering: optimizeLegibility; 52 + -webkit-font-smoothing: antialiased; 53 + } 54 + 55 + .layout { 56 + display: flex; 57 + min-height: 100vh; 58 + } 59 + 60 + .sidebar { 61 + width: 220px; 62 + background: var(--bg-primary-color); 63 + border-right: 1px solid var(--border-color); 64 + padding: 20px 0; 65 + position: fixed; 66 + top: 0; 67 + left: 0; 68 + bottom: 0; 69 + overflow-y: auto; 70 + display: flex; 71 + flex-direction: column; 72 + } 73 + 74 + .sidebar-title { 75 + font-size: 0.8125rem; 76 + font-weight: 700; 77 + padding: 0 20px; 78 + margin-bottom: 4px; 79 + white-space: nowrap; 80 + overflow: hidden; 81 + text-overflow: ellipsis; 82 + } 83 + 84 + .sidebar-subtitle { 85 + font-size: 0.6875rem; 86 + color: var(--secondary-color); 87 + padding: 0 20px; 88 + margin-bottom: 20px; 89 + } 90 + 91 + .sidebar nav { 92 + flex: 1; 93 + } 94 + 95 + .sidebar nav a { 96 + display: block; 97 + padding: 8px 20px; 98 + font-size: 0.8125rem; 99 + color: var(--secondary-color); 100 + text-decoration: none; 101 + transition: background 0.1s, color 0.1s; 102 + } 103 + 104 + .sidebar nav a:hover { 105 + background: var(--bg-secondary-color); 106 + color: var(--primary-color); 107 + } 108 + 109 + .sidebar nav a.active { 110 + color: var(--brand-color); 111 + font-weight: 500; 112 + } 113 + 114 + .sidebar-footer { 115 + padding: 16px 20px 0; 116 + border-top: 1px solid var(--border-color); 117 + margin-top: 16px; 118 + } 119 + 120 + .sidebar-footer .session-info { 121 + font-size: 0.75rem; 122 + color: var(--secondary-color); 123 + margin-bottom: 8px; 124 + } 125 + 126 + .sidebar-footer form { 127 + display: inline; 128 + } 129 + 130 + .sidebar-footer button { 131 + background: none; 132 + border: none; 133 + font-size: 0.75rem; 134 + color: var(--secondary-color); 135 + cursor: pointer; 136 + padding: 0; 137 + text-decoration: underline; 138 + } 139 + 140 + .sidebar-footer button:hover { 141 + color: var(--primary-color); 142 + } 143 + 144 + .main { 145 + margin-left: 220px; 146 + flex: 1; 147 + padding: 32px; 148 + max-width: 960px; 149 + } 150 + 151 + .page-title { 152 + font-size: 1.5rem; 153 + font-weight: 700; 154 + margin-bottom: 24px; 155 + } 156 + 157 + .flash-success { 158 + background: rgba(22, 163, 74, 0.1); 159 + color: var(--success-color); 160 + border: 1px solid rgba(22, 163, 74, 0.2); 161 + border-radius: 8px; 162 + padding: 10px 14px; 163 + font-size: 0.875rem; 164 + margin-bottom: 20px; 165 + } 166 + 167 + .flash-error { 168 + background: rgba(220, 38, 38, 0.1); 169 + color: var(--danger-color); 170 + border: 1px solid rgba(220, 38, 38, 0.2); 171 + border-radius: 8px; 172 + padding: 10px 14px; 173 + font-size: 0.875rem; 174 + margin-bottom: 20px; 175 + } 176 + 177 + .cards { 178 + display: grid; 179 + grid-template-columns: repeat(auto-fill, minmax(260px, 1fr)); 180 + gap: 16px; 181 + margin-bottom: 32px; 182 + } 183 + 184 + .card { 185 + background: var(--bg-primary-color); 186 + border: 1px solid var(--border-color); 187 + border-radius: 10px; 188 + padding: 20px; 189 + } 190 + 191 + .card-label { 192 + font-size: 0.75rem; 193 + font-weight: 500; 194 + color: var(--secondary-color); 195 + text-transform: uppercase; 196 + letter-spacing: 0.5px; 197 + margin-bottom: 6px; 198 + } 199 + 200 + .card-value { 201 + font-size: 1.25rem; 202 + font-weight: 600; 203 + } 204 + 205 + .card-value.success { color: var(--success-color); } 206 + .card-value.danger { color: var(--danger-color); } 207 + 208 + .detail-section { 209 + background: var(--bg-primary-color); 210 + border: 1px solid var(--border-color); 211 + border-radius: 10px; 212 + padding: 20px; 213 + margin-bottom: 16px; 214 + } 215 + 216 + .detail-section h3 { 217 + font-size: 0.875rem; 218 + font-weight: 600; 219 + margin-bottom: 12px; 220 + } 221 + 222 + .detail-row { 223 + display: flex; 224 + justify-content: space-between; 225 + padding: 6px 0; 226 + font-size: 0.8125rem; 227 + border-bottom: 1px solid var(--border-color); 228 + } 229 + 230 + .detail-row:last-child { 231 + border-bottom: none; 232 + } 233 + 234 + .detail-row .label { 235 + color: var(--secondary-color); 236 + } 237 + 238 + .detail-row .value { 239 + font-weight: 500; 240 + word-break: break-all; 241 + text-align: right; 242 + max-width: 60%; 243 + } 244 + 245 + @media (max-width: 768px) { 246 + .sidebar { 247 + display: none; 248 + } 249 + .main { 250 + margin-left: 0; 251 + } 252 + } 253 + </style> 254 + </head> 255 + <body> 256 + <div class="layout"> 257 + <aside class="sidebar"> 258 + <div class="sidebar-title">{{pds_hostname}}</div> 259 + <div class="sidebar-subtitle">Admin Portal</div> 260 + <nav> 261 + <a href="/admin/" class="active">Dashboard</a> 262 + <a href="/admin/accounts">Accounts</a> 263 + {{#if can_manage_invites}} 264 + <a href="/admin/invite-codes">Invite Codes</a> 265 + {{/if}} 266 + {{#if can_create_account}} 267 + <a href="/admin/create-account">Create Account</a> 268 + {{/if}} 269 + </nav> 270 + <div class="sidebar-footer"> 271 + <div class="session-info">Signed in as {{handle}}</div> 272 + <form method="POST" action="/admin/logout"> 273 + <button type="submit">Sign out</button> 274 + </form> 275 + </div> 276 + </aside> 277 + 278 + <main class="main"> 279 + {{#if flash_success}} 280 + <div class="flash-success">{{flash_success}}</div> 281 + {{/if}} 282 + {{#if flash_error}} 283 + <div class="flash-error">{{flash_error}}</div> 284 + {{/if}} 285 + 286 + <h1 class="page-title">Dashboard</h1> 287 + 288 + <div class="cards"> 289 + <div class="card"> 290 + <div class="card-label">PDS Version</div> 291 + <div class="card-value">{{version}}</div> 292 + </div> 293 + <div class="card"> 294 + <div class="card-label">Total Accounts</div> 295 + <div class="card-value">{{account_count}}</div> 296 + </div> 297 + <div class="card"> 298 + <div class="card-label">Invite Code Required</div> 299 + <div class="card-value">{{#if invite_code_required}}Yes{{else}}No{{/if}}</div> 300 + </div> 301 + </div> 302 + 303 + <div class="detail-section"> 304 + <h3>Server Information</h3> 305 + <div class="detail-row"> 306 + <span class="label">Server DID</span> 307 + <span class="value">{{server_did}}</span> 308 + </div> 309 + <div class="detail-row"> 310 + <span class="label">Available Domains</span> 311 + <span class="value">{{available_domains}}</span> 312 + </div> 313 + {{#if contact_email}} 314 + <div class="detail-row"> 315 + <span class="label">Contact Email</span> 316 + <span class="value">{{contact_email}}</span> 317 + </div> 318 + {{/if}} 319 + </div> 320 + </main> 321 + </div> 322 + </body> 323 + </html>

+241

html_templates/admin/error.hbs

··· 1 + <!DOCTYPE html> 2 + <html lang="en"> 3 + <head> 4 + <meta charset="utf-8"/> 5 + <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, viewport-fit=cover"/> 6 + <meta name="referrer" content="origin-when-cross-origin"/> 7 + <title>Error - {{pds_hostname}}</title> 8 + <style> 9 + :root, 10 + :root.light-mode { 11 + --brand-color: rgb(16, 131, 254); 12 + --primary-color: rgb(7, 10, 13); 13 + --secondary-color: rgb(66, 86, 108); 14 + --bg-primary-color: rgb(255, 255, 255); 15 + --bg-secondary-color: rgb(240, 242, 245); 16 + --border-color: rgb(220, 225, 230); 17 + --danger-color: rgb(220, 38, 38); 18 + --success-color: rgb(22, 163, 74); 19 + } 20 + 21 + @media (prefers-color-scheme: dark) { 22 + :root { 23 + --brand-color: rgb(16, 131, 254); 24 + --primary-color: rgb(255, 255, 255); 25 + --secondary-color: rgb(133, 152, 173); 26 + --bg-primary-color: rgb(7, 10, 13); 27 + --bg-secondary-color: rgb(13, 18, 23); 28 + --border-color: rgb(40, 45, 55); 29 + } 30 + } 31 + 32 + :root.dark-mode { 33 + --brand-color: rgb(16, 131, 254); 34 + --primary-color: rgb(255, 255, 255); 35 + --secondary-color: rgb(133, 152, 173); 36 + --bg-primary-color: rgb(7, 10, 13); 37 + --bg-secondary-color: rgb(13, 18, 23); 38 + --border-color: rgb(40, 45, 55); 39 + } 40 + 41 + * { margin: 0; padding: 0; box-sizing: border-box; } 42 + 43 + body { 44 + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; 45 + background: var(--bg-secondary-color); 46 + color: var(--primary-color); 47 + text-rendering: optimizeLegibility; 48 + -webkit-font-smoothing: antialiased; 49 + min-height: 100vh; 50 + } 51 + 52 + /* When logged in, use sidebar layout */ 53 + .layout { display: flex; min-height: 100vh; } 54 + 55 + .sidebar { 56 + width: 220px; 57 + background: var(--bg-primary-color); 58 + border-right: 1px solid var(--border-color); 59 + padding: 20px 0; 60 + position: fixed; 61 + top: 0; left: 0; bottom: 0; 62 + overflow-y: auto; 63 + display: flex; 64 + flex-direction: column; 65 + } 66 + 67 + .sidebar-title { 68 + font-size: 0.8125rem; 69 + font-weight: 700; 70 + padding: 0 20px; 71 + margin-bottom: 4px; 72 + white-space: nowrap; 73 + overflow: hidden; 74 + text-overflow: ellipsis; 75 + } 76 + 77 + .sidebar-subtitle { 78 + font-size: 0.6875rem; 79 + color: var(--secondary-color); 80 + padding: 0 20px; 81 + margin-bottom: 20px; 82 + } 83 + 84 + .sidebar nav { flex: 1; } 85 + 86 + .sidebar nav a { 87 + display: block; 88 + padding: 8px 20px; 89 + font-size: 0.8125rem; 90 + color: var(--secondary-color); 91 + text-decoration: none; 92 + transition: background 0.1s, color 0.1s; 93 + } 94 + 95 + .sidebar nav a:hover { 96 + background: var(--bg-secondary-color); 97 + color: var(--primary-color); 98 + } 99 + 100 + .sidebar-footer { 101 + padding: 16px 20px 0; 102 + border-top: 1px solid var(--border-color); 103 + margin-top: 16px; 104 + } 105 + 106 + .sidebar-footer .session-info { 107 + font-size: 0.75rem; 108 + color: var(--secondary-color); 109 + margin-bottom: 8px; 110 + } 111 + 112 + .sidebar-footer form { display: inline; } 113 + 114 + .sidebar-footer button { 115 + background: none; 116 + border: none; 117 + font-size: 0.75rem; 118 + color: var(--secondary-color); 119 + cursor: pointer; 120 + padding: 0; 121 + text-decoration: underline; 122 + } 123 + 124 + .sidebar-footer button:hover { color: var(--primary-color); } 125 + 126 + .main { 127 + margin-left: 220px; 128 + flex: 1; 129 + padding: 32px; 130 + max-width: 960px; 131 + } 132 + 133 + /* Standalone centered layout (when not logged in) */ 134 + .centered { 135 + display: flex; 136 + align-items: center; 137 + justify-content: center; 138 + min-height: 100vh; 139 + } 140 + 141 + .error-card { 142 + background: var(--bg-primary-color); 143 + border: 1px solid var(--border-color); 144 + border-radius: 12px; 145 + padding: 40px; 146 + text-align: center; 147 + max-width: 480px; 148 + width: 100%; 149 + margin: 20px; 150 + } 151 + 152 + .error-icon { 153 + font-size: 2.5rem; 154 + margin-bottom: 16px; 155 + color: var(--danger-color); 156 + } 157 + 158 + .error-title { 159 + font-size: 1.25rem; 160 + font-weight: 700; 161 + margin-bottom: 8px; 162 + } 163 + 164 + .error-message { 165 + font-size: 0.875rem; 166 + color: var(--secondary-color); 167 + margin-bottom: 24px; 168 + line-height: 1.5; 169 + } 170 + 171 + .error-link { 172 + display: inline-flex; 173 + align-items: center; 174 + justify-content: center; 175 + padding: 10px 20px; 176 + font-size: 0.875rem; 177 + font-weight: 500; 178 + border: none; 179 + border-radius: 8px; 180 + cursor: pointer; 181 + text-decoration: none; 182 + background: var(--brand-color); 183 + color: #fff; 184 + transition: opacity 0.15s; 185 + } 186 + 187 + .error-link:hover { opacity: 0.85; } 188 + 189 + @media (max-width: 768px) { 190 + .sidebar { display: none; } 191 + .main { margin-left: 0; } 192 + } 193 + </style> 194 + </head> 195 + <body> 196 + {{#if handle}} 197 + {{!-- Logged-in user: show sidebar layout --}} 198 + <div class="layout"> 199 + <aside class="sidebar"> 200 + <div class="sidebar-title">{{pds_hostname}}</div> 201 + <div class="sidebar-subtitle">Admin Portal</div> 202 + <nav> 203 + <a href="/admin/">Dashboard</a> 204 + <a href="/admin/accounts">Accounts</a> 205 + {{#if can_manage_invites}} 206 + <a href="/admin/invite-codes">Invite Codes</a> 207 + {{/if}} 208 + {{#if can_create_account}} 209 + <a href="/admin/create-account">Create Account</a> 210 + {{/if}} 211 + </nav> 212 + <div class="sidebar-footer"> 213 + <div class="session-info">Signed in as {{handle}}</div> 214 + <form method="POST" action="/admin/logout"> 215 + <button type="submit">Sign out</button> 216 + </form> 217 + </div> 218 + </aside> 219 + 220 + <main class="main"> 221 + <div class="error-card" style="text-align:center; margin: 60px auto;"> 222 + <div class="error-icon">!</div> 223 + <div class="error-title">{{error_title}}</div> 224 + <div class="error-message">{{error_message}}</div> 225 + <a href="/admin/" class="error-link">Back to Dashboard</a> 226 + </div> 227 + </main> 228 + </div> 229 + {{else}} 230 + {{!-- Not logged in: standalone centered layout --}} 231 + <div class="centered"> 232 + <div class="error-card"> 233 + <div class="error-icon">!</div> 234 + <div class="error-title">{{error_title}}</div> 235 + <div class="error-message">{{error_message}}</div> 236 + <a href="/admin/login" class="error-link">Go to Login</a> 237 + </div> 238 + </div> 239 + {{/if}} 240 + </body> 241 + </html>

+430

html_templates/admin/invite_codes.hbs

··· 1 + <!DOCTYPE html> 2 + <html lang="en"> 3 + <head> 4 + <meta charset="utf-8"/> 5 + <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, viewport-fit=cover"/> 6 + <meta name="referrer" content="origin-when-cross-origin"/> 7 + <title>Invite Codes - {{pds_hostname}}</title> 8 + <style> 9 + :root, 10 + :root.light-mode { 11 + --brand-color: rgb(16, 131, 254); 12 + --primary-color: rgb(7, 10, 13); 13 + --secondary-color: rgb(66, 86, 108); 14 + --bg-primary-color: rgb(255, 255, 255); 15 + --bg-secondary-color: rgb(240, 242, 245); 16 + --border-color: rgb(220, 225, 230); 17 + --danger-color: rgb(220, 38, 38); 18 + --success-color: rgb(22, 163, 74); 19 + --warning-color: rgb(234, 179, 8); 20 + --table-stripe: rgba(0, 0, 0, 0.02); 21 + } 22 + 23 + @media (prefers-color-scheme: dark) { 24 + :root { 25 + --brand-color: rgb(16, 131, 254); 26 + --primary-color: rgb(255, 255, 255); 27 + --secondary-color: rgb(133, 152, 173); 28 + --bg-primary-color: rgb(7, 10, 13); 29 + --bg-secondary-color: rgb(13, 18, 23); 30 + --border-color: rgb(40, 45, 55); 31 + --table-stripe: rgba(255, 255, 255, 0.02); 32 + } 33 + } 34 + 35 + :root.dark-mode { 36 + --brand-color: rgb(16, 131, 254); 37 + --primary-color: rgb(255, 255, 255); 38 + --secondary-color: rgb(133, 152, 173); 39 + --bg-primary-color: rgb(7, 10, 13); 40 + --bg-secondary-color: rgb(13, 18, 23); 41 + --border-color: rgb(40, 45, 55); 42 + --table-stripe: rgba(255, 255, 255, 0.02); 43 + } 44 + 45 + * { margin: 0; padding: 0; box-sizing: border-box; } 46 + 47 + body { 48 + font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; 49 + background: var(--bg-secondary-color); 50 + color: var(--primary-color); 51 + text-rendering: optimizeLegibility; 52 + -webkit-font-smoothing: antialiased; 53 + } 54 + 55 + .layout { display: flex; min-height: 100vh; } 56 + 57 + .sidebar { 58 + width: 220px; 59 + background: var(--bg-primary-color); 60 + border-right: 1px solid var(--border-color); 61 + padding: 20px 0; 62 + position: fixed; 63 + top: 0; left: 0; bottom: 0; 64 + overflow-y: auto; 65 + display: flex; 66 + flex-direction: column; 67 + } 68 + 69 + .sidebar-title { 70 + font-size: 0.8125rem; 71 + font-weight: 700; 72 + padding: 0 20px; 73 + margin-bottom: 4px; 74 + white-space: nowrap; 75 + overflow: hidden; 76 + text-overflow: ellipsis; 77 + } 78 + 79 + .sidebar-subtitle { 80 + font-size: 0.6875rem; 81 + color: var(--secondary-color); 82 + padding: 0 20px; 83 + margin-bottom: 20px; 84 + } 85 + 86 + .sidebar nav { flex: 1; } 87 + 88 + .sidebar nav a { 89 + display: block; 90 + padding: 8px 20px; 91 + font-size: 0.8125rem; 92 + color: var(--secondary-color); 93 + text-decoration: none; 94 + transition: background 0.1s, color 0.1s; 95 + } 96 + 97 + .sidebar nav a:hover { 98 + background: var(--bg-secondary-color); 99 + color: var(--primary-color); 100 + } 101 + 102 + .sidebar nav a.active { 103 + color: var(--brand-color); 104 + font-weight: 500; 105 + } 106 + 107 + .sidebar-footer { 108 + padding: 16px 20px 0; 109 + border-top: 1px solid var(--border-color); 110 + margin-top: 16px; 111 + } 112 + 113 + .sidebar-footer .session-info { 114 + font-size: 0.75rem; 115 + color: var(--secondary-color); 116 + margin-bottom: 8px; 117 + } 118 + 119 + .sidebar-footer form { display: inline; } 120 + 121 + .sidebar-footer button { 122 + background: none; 123 + border: none; 124 + font-size: 0.75rem; 125 + color: var(--secondary-color); 126 + cursor: pointer; 127 + padding: 0; 128 + text-decoration: underline; 129 + } 130 + 131 + .sidebar-footer button:hover { color: var(--primary-color); } 132 + 133 + .main { 134 + margin-left: 220px; 135 + flex: 1; 136 + padding: 32px; 137 + max-width: 960px; 138 + } 139 + 140 + .page-title { 141 + font-size: 1.5rem; 142 + font-weight: 700; 143 + margin-bottom: 24px; 144 + } 145 + 146 + .flash-success { 147 + background: rgba(22, 163, 74, 0.1); 148 + color: var(--success-color); 149 + border: 1px solid rgba(22, 163, 74, 0.2); 150 + border-radius: 8px; 151 + padding: 10px 14px; 152 + font-size: 0.875rem; 153 + margin-bottom: 20px; 154 + } 155 + 156 + .flash-error { 157 + background: rgba(220, 38, 38, 0.1); 158 + color: var(--danger-color); 159 + border: 1px solid rgba(220, 38, 38, 0.2); 160 + border-radius: 8px; 161 + padding: 10px 14px; 162 + font-size: 0.875rem; 163 + margin-bottom: 20px; 164 + } 165 + 166 + .create-form { 167 + display: flex; 168 + gap: 8px; 169 + align-items: flex-end; 170 + margin-bottom: 24px; 171 + } 172 + 173 + .create-form .form-group { 174 + display: flex; 175 + flex-direction: column; 176 + gap: 4px; 177 + } 178 + 179 + .create-form label { 180 + font-size: 0.75rem; 181 + font-weight: 500; 182 + color: var(--secondary-color); 183 + } 184 + 185 + .create-form input[type="number"] { 186 + padding: 10px 12px; 187 + font-size: 0.875rem; 188 + border: 1px solid var(--border-color); 189 + border-radius: 8px; 190 + background: var(--bg-primary-color); 191 + color: var(--primary-color); 192 + outline: none; 193 + width: 120px; 194 + } 195 + 196 + .create-form input[type="number"]:focus { 197 + border-color: var(--brand-color); 198 + } 199 + 200 + .btn { 201 + display: inline-flex; 202 + align-items: center; 203 + justify-content: center; 204 + padding: 10px 20px; 205 + font-size: 0.875rem; 206 + font-weight: 500; 207 + border: none; 208 + border-radius: 8px; 209 + cursor: pointer; 210 + transition: opacity 0.15s; 211 + text-decoration: none; 212 + } 213 + 214 + .btn:hover { opacity: 0.85; } 215 + 216 + .btn-primary { 217 + background: var(--brand-color); 218 + color: #fff; 219 + } 220 + 221 + .btn-small { 222 + padding: 6px 12px; 223 + font-size: 0.75rem; 224 + } 225 + 226 + .btn-outline-danger { 227 + background: transparent; 228 + color: var(--danger-color); 229 + border: 1px solid var(--danger-color); 230 + } 231 + 232 + .code-box { 233 + background: rgba(22, 163, 74, 0.08); 234 + border: 1px solid rgba(22, 163, 74, 0.2); 235 + border-radius: 10px; 236 + padding: 16px 20px; 237 + margin-bottom: 24px; 238 + } 239 + 240 + .code-box .code-label { 241 + font-size: 0.75rem; 242 + font-weight: 600; 243 + color: var(--success-color); 244 + margin-bottom: 6px; 245 + } 246 + 247 + .code-box .code-value { 248 + font-family: 'SF Mono', SFMono-Regular, Menlo, Consolas, monospace; 249 + font-size: 1rem; 250 + font-weight: 600; 251 + user-select: all; 252 + } 253 + 254 + .table-container { 255 + background: var(--bg-primary-color); 256 + border: 1px solid var(--border-color); 257 + border-radius: 10px; 258 + overflow: hidden; 259 + } 260 + 261 + table { 262 + width: 100%; 263 + border-collapse: collapse; 264 + } 265 + 266 + thead th { 267 + text-align: left; 268 + padding: 12px 16px; 269 + font-size: 0.75rem; 270 + font-weight: 600; 271 + color: var(--secondary-color); 272 + text-transform: uppercase; 273 + letter-spacing: 0.5px; 274 + border-bottom: 1px solid var(--border-color); 275 + } 276 + 277 + tbody tr { 278 + border-bottom: 1px solid var(--border-color); 279 + } 280 + 281 + tbody tr:last-child { 282 + border-bottom: none; 283 + } 284 + 285 + tbody tr:nth-child(even) { 286 + background: var(--table-stripe); 287 + } 288 + 289 + tbody td { 290 + padding: 10px 16px; 291 + font-size: 0.8125rem; 292 + } 293 + 294 + .code-cell { 295 + font-family: 'SF Mono', SFMono-Regular, Menlo, Consolas, monospace; 296 + font-size: 0.75rem; 297 + } 298 + 299 + .badge { 300 + display: inline-block; 301 + padding: 2px 8px; 302 + border-radius: 4px; 303 + font-size: 0.75rem; 304 + font-weight: 500; 305 + } 306 + 307 + .badge-success { 308 + background: rgba(22, 163, 74, 0.1); 309 + color: var(--success-color); 310 + } 311 + 312 + .badge-danger { 313 + background: rgba(220, 38, 38, 0.1); 314 + color: var(--danger-color); 315 + } 316 + 317 + .empty-state { 318 + text-align: center; 319 + padding: 40px 20px; 320 + color: var(--secondary-color); 321 + font-size: 0.875rem; 322 + } 323 + 324 + @media (max-width: 768px) { 325 + .sidebar { display: none; } 326 + .main { margin-left: 0; } 327 + } 328 + </style> 329 + </head> 330 + <body> 331 + <div class="layout"> 332 + <aside class="sidebar"> 333 + <div class="sidebar-title">{{pds_hostname}}</div> 334 + <div class="sidebar-subtitle">Admin Portal</div> 335 + <nav> 336 + <a href="/admin/">Dashboard</a> 337 + <a href="/admin/accounts">Accounts</a> 338 + {{#if can_manage_invites}} 339 + <a href="/admin/invite-codes" class="active">Invite Codes</a> 340 + {{/if}} 341 + {{#if can_create_account}} 342 + <a href="/admin/create-account">Create Account</a> 343 + {{/if}} 344 + </nav> 345 + <div class="sidebar-footer"> 346 + <div class="session-info">Signed in as {{handle}}</div> 347 + <form method="POST" action="/admin/logout"> 348 + <button type="submit">Sign out</button> 349 + </form> 350 + </div> 351 + </aside> 352 + 353 + <main class="main"> 354 + {{#if flash_success}} 355 + <div class="flash-success">{{flash_success}}</div> 356 + {{/if}} 357 + {{#if flash_error}} 358 + <div class="flash-error">{{flash_error}}</div> 359 + {{/if}} 360 + 361 + <h1 class="page-title">Invite Codes</h1> 362 + 363 + {{#if can_create_invite}} 364 + <form class="create-form" method="POST" action="/admin/invite-codes/create"> 365 + <div class="form-group"> 366 + <label for="use_count">Max Uses</label> 367 + <input type="number" id="use_count" name="use_count" value="1" min="1" max="100" /> 368 + </div> 369 + <button type="submit" class="btn btn-primary">Create Invite Code</button> 370 + </form> 371 + {{/if}} 372 + 373 + {{#if new_code}} 374 + <div class="code-box"> 375 + <div class="code-label">New Invite Code Created</div> 376 + <div class="code-value">{{new_code}}</div> 377 + </div> 378 + {{/if}} 379 + 380 + {{#if codes}} 381 + <div class="table-container"> 382 + <table> 383 + <thead> 384 + <tr> 385 + <th>Code</th> 386 + <th>Available / Used</th> 387 + <th>Status</th> 388 + <th>Created By</th> 389 + <th>Created At</th> 390 + {{#if can_manage_invites}} 391 + <th></th> 392 + {{/if}} 393 + </tr> 394 + </thead> 395 + <tbody> 396 + {{#each codes}} 397 + <tr> 398 + <td class="code-cell">{{this.code}}</td> 399 + <td>{{this.available}} / {{this.uses}}</td> 400 + <td> 401 + {{#if this.disabled}} 402 + <span class="badge badge-danger">Disabled</span> 403 + {{else}} 404 + <span class="badge badge-success">Active</span> 405 + {{/if}} 406 + </td> 407 + <td>{{this.createdBy}}</td> 408 + <td>{{this.createdAt}}</td> 409 + {{#if ../can_manage_invites}} 410 + <td> 411 + {{#unless this.disabled}} 412 + <form method="POST" action="/admin/invite-codes/disable" style="display:inline;"> 413 + <input type="hidden" name="code" value="{{this.code}}" /> 414 + <button type="submit" class="btn btn-small btn-outline-danger">Disable</button> 415 + </form> 416 + {{/unless}} 417 + </td> 418 + {{/if}} 419 + </tr> 420 + {{/each}} 421 + </tbody> 422 + </table> 423 + </div> 424 + {{else}} 425 + <div class="empty-state">No invite codes found</div> 426 + {{/if}} 427 + </main> 428 + </div> 429 + </body> 430 + </html>

+158

html_templates/admin/login.hbs

···

+8

migrations/20260228000000_admin_sessions.sql

··· 1 + CREATE TABLE admin_sessions ( 2 + session_id VARCHAR(36) PRIMARY KEY, 3 + did VARCHAR NOT NULL, 4 + handle VARCHAR NOT NULL, 5 + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 6 + expires_at TIMESTAMP NOT NULL 7 + ); 8 + CREATE INDEX idx_admin_sessions_expires_at ON admin_sessions(expires_at);

+106

src/admin/middleware.rs

··· 1 + use axum::{ 2 + extract::{Request, State}, 3 + http::StatusCode, 4 + middleware::Next, 5 + response::{IntoResponse, Redirect, Response}, 6 + }; 7 + use axum_extra::extract::cookie::SignedCookieJar; 8 + 9 + use crate::AppState; 10 + 11 + use super::rbac::RbacConfig; 12 + use super::session; 13 + 14 + /// Admin session data injected into request extensions. 15 + #[derive(Debug, Clone)] 16 + pub struct AdminSession { 17 + pub did: String, 18 + pub handle: String, 19 + pub roles: Vec<String>, 20 + } 21 + 22 + /// Pre-computed permission flags for template rendering and quick checks. 23 + #[derive(Debug, Clone)] 24 + pub struct AdminPermissions { 25 + pub can_view_accounts: bool, 26 + pub can_manage_takedowns: bool, 27 + pub can_delete_account: bool, 28 + pub can_reset_password: bool, 29 + pub can_create_account: bool, 30 + pub can_manage_invites: bool, 31 + pub can_create_invite: bool, 32 + pub can_send_email: bool, 33 + } 34 + 35 + impl AdminPermissions { 36 + pub fn compute(rbac: &RbacConfig, did: &str) -> Self { 37 + Self { 38 + can_view_accounts: rbac 39 + .can_access_endpoint(did, "com.atproto.admin.getAccountInfo") 40 + || rbac.can_access_endpoint(did, "com.atproto.admin.getAccountInfos"), 41 + can_manage_takedowns: rbac 42 + .can_access_endpoint(did, "com.atproto.admin.updateSubjectStatus"), 43 + can_delete_account: rbac 44 + .can_access_endpoint(did, "com.atproto.admin.deleteAccount"), 45 + can_reset_password: rbac 46 + .can_access_endpoint(did, "com.atproto.admin.updateAccountPassword"), 47 + can_create_account: rbac 48 + .can_access_endpoint(did, "com.atproto.server.createAccount"), 49 + can_manage_invites: rbac 50 + .can_access_endpoint(did, "com.atproto.admin.getInviteCodes"), 51 + can_create_invite: rbac 52 + .can_access_endpoint(did, "com.atproto.server.createInviteCode"), 53 + can_send_email: rbac.can_access_endpoint(did, "com.atproto.admin.sendEmail"), 54 + } 55 + } 56 + } 57 + 58 + /// Middleware that checks for a valid admin session cookie. 59 + /// If valid, injects AdminSession and AdminPermissions into request extensions. 60 + /// If invalid or missing, redirects to /admin/login. 61 + pub async fn admin_auth_middleware( 62 + State(state): State<AppState>, 63 + jar: SignedCookieJar, 64 + mut req: Request, 65 + next: Next, 66 + ) -> Response { 67 + let rbac = match &state.admin_rbac_config { 68 + Some(rbac) => rbac, 69 + None => return StatusCode::NOT_FOUND.into_response(), 70 + }; 71 + 72 + // Extract session ID from signed cookie 73 + let session_id = match jar.get("__gatekeeper_admin_session") { 74 + Some(cookie) => cookie.value().to_string(), 75 + None => return Redirect::to("/admin/login").into_response(), 76 + }; 77 + 78 + // Look up session in database 79 + let session_row = match session::get_session(&state.pds_gatekeeper_pool, &session_id).await { 80 + Ok(Some(row)) => row, 81 + Ok(None) => return Redirect::to("/admin/login").into_response(), 82 + Err(e) => { 83 + tracing::error!("Failed to look up admin session: {}", e); 84 + return Redirect::to("/admin/login").into_response(); 85 + } 86 + }; 87 + 88 + // Verify the DID is still a valid member 89 + if !rbac.is_member(&session_row.did) { 90 + return Redirect::to("/admin/login").into_response(); 91 + } 92 + 93 + let roles = rbac.get_member_roles(&session_row.did); 94 + let permissions = AdminPermissions::compute(rbac, &session_row.did); 95 + 96 + let admin_session = AdminSession { 97 + did: session_row.did, 98 + handle: session_row.handle, 99 + roles, 100 + }; 101 + 102 + req.extensions_mut().insert(admin_session); 103 + req.extensions_mut().insert(permissions); 104 + 105 + next.run(req).await 106 + }

+69

src/admin/mod.rs

··· 1 + pub mod middleware; 2 + pub mod oauth; 3 + pub mod pds_proxy; 4 + pub mod rbac; 5 + pub mod routes; 6 + pub mod session; 7 + 8 + use axum::{Router, middleware as ax_middleware, routing::get, routing::post}; 9 + 10 + use crate::AppState; 11 + 12 + /// Build the admin sub-router. 13 + /// Public routes (login, OAuth callback, client-metadata) are not behind auth middleware. 14 + /// All other admin routes require a valid session. 15 + pub fn router(state: AppState) -> Router<AppState> { 16 + // Routes that do NOT require authentication 17 + let public_routes = Router::new() 18 + .route("/login", get(oauth::get_login).post(oauth::post_login)) 19 + .route("/oauth/callback", get(oauth::oauth_callback)) 20 + .route("/client-metadata.json", get(oauth::client_metadata_json)); 21 + 22 + // Routes that DO require authentication (via admin_auth middleware) 23 + let protected_routes = Router::new() 24 + .route("/", get(routes::dashboard)) 25 + .route("/accounts", get(routes::accounts_list)) 26 + .route("/accounts/{did}", get(routes::account_detail)) 27 + .route( 28 + "/accounts/{did}/takedown", 29 + post(routes::takedown_account), 30 + ) 31 + .route( 32 + "/accounts/{did}/untakedown", 33 + post(routes::untakedown_account), 34 + ) 35 + .route( 36 + "/accounts/{did}/delete", 37 + post(routes::delete_account), 38 + ) 39 + .route( 40 + "/accounts/{did}/reset-password", 41 + post(routes::reset_password), 42 + ) 43 + .route( 44 + "/accounts/{did}/disable-invites", 45 + post(routes::disable_account_invites), 46 + ) 47 + .route( 48 + "/accounts/{did}/enable-invites", 49 + post(routes::enable_account_invites), 50 + ) 51 + .route("/invite-codes", get(routes::invite_codes_list)) 52 + .route("/invite-codes/create", post(routes::create_invite_code)) 53 + .route( 54 + "/invite-codes/disable", 55 + post(routes::disable_invite_codes), 56 + ) 57 + .route( 58 + "/create-account", 59 + get(routes::get_create_account).post(routes::post_create_account), 60 + ) 61 + .route("/search", get(routes::search_accounts)) 62 + .route("/logout", post(routes::logout)) 63 + .layer(ax_middleware::from_fn_with_state( 64 + state.clone(), 65 + middleware::admin_auth_middleware, 66 + )); 67 + 68 + Router::new().merge(public_routes).merge(protected_routes) 69 + }

+301

src/admin/oauth.rs

··· 1 + use axum::{ 2 + extract::{Query, State}, 3 + http::StatusCode, 4 + response::{Html, IntoResponse, Redirect, Response}, 5 + }; 6 + use axum_extra::extract::cookie::{Cookie, SameSite, SignedCookieJar}; 7 + use base64::Engine as _; 8 + use jacquard_identity::JacquardResolver; 9 + use jacquard_oauth::{ 10 + atproto::{AtprotoClientMetadata, GrantType}, 11 + authstore::MemoryAuthStore, 12 + client::OAuthClient, 13 + keyset::Keyset, 14 + session::ClientData, 15 + types::{AuthorizeOptions, CallbackParams}, 16 + }; 17 + use jose_jwk::Jwk; 18 + use serde::Deserialize; 19 + 20 + use crate::AppState; 21 + 22 + use super::session; 23 + 24 + /// Type alias for the concrete OAuthClient we use. 25 + pub type AdminOAuthClient = OAuthClient<JacquardResolver, MemoryAuthStore>; 26 + 27 + /// Initialize the OAuth client for admin portal authentication. 28 + pub fn init_oauth_client(pds_hostname: &str) -> Result<AdminOAuthClient, anyhow::Error> { 29 + // Generate ES256 keypair 30 + let secret_key = p256::SecretKey::random(&mut p256::elliptic_curve::rand_core::OsRng); 31 + let public_key = secret_key.public_key(); 32 + 33 + // Build JWK JSON manually with both public and private components 34 + let public_jwk_str = public_key.to_jwk_string(); 35 + let mut jwk: serde_json::Value = serde_json::from_str(&public_jwk_str)?; 36 + 37 + // Add the private key component 'd' 38 + let secret_scalar = secret_key.to_bytes(); 39 + let d_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(secret_scalar.as_slice()); 40 + let jwk_obj = jwk 41 + .as_object_mut() 42 + .ok_or_else(|| anyhow::anyhow!("JWK is not an object"))?; 43 + jwk_obj.insert("d".to_string(), serde_json::Value::String(d_b64)); 44 + 45 + // Add kid and alg 46 + let kid = uuid::Uuid::new_v4().to_string(); 47 + jwk_obj.insert("kid".to_string(), serde_json::Value::String(kid)); 48 + jwk_obj.insert( 49 + "alg".to_string(), 50 + serde_json::Value::String("ES256".to_string()), 51 + ); 52 + jwk_obj.insert( 53 + "use".to_string(), 54 + serde_json::Value::String("sig".to_string()), 55 + ); 56 + 57 + // Parse into jose-jwk type for Keyset 58 + let jose_jwk: Jwk = serde_json::from_value(jwk)?; 59 + let keyset = Keyset::try_from(vec![jose_jwk])?; 60 + 61 + // Build client metadata 62 + let client_id = format!("https://{}/admin/client-metadata.json", pds_hostname) 63 + .parse() 64 + .map_err(|_: url::ParseError| anyhow::anyhow!("Invalid client_id URL"))?; 65 + let redirect_uri = format!("https://{}/admin/oauth/callback", pds_hostname) 66 + .parse() 67 + .map_err(|_: url::ParseError| anyhow::anyhow!("Invalid redirect_uri URL"))?; 68 + let client_uri = format!("https://{}/admin/", pds_hostname) 69 + .parse() 70 + .map_err(|_: url::ParseError| anyhow::anyhow!("Invalid client_uri URL"))?; 71 + 72 + let config = AtprotoClientMetadata::new( 73 + client_id, 74 + Some(client_uri), 75 + vec![redirect_uri], 76 + vec![GrantType::AuthorizationCode], 77 + vec![ 78 + jacquard_oauth::scopes::Scope::parse("atproto").expect("valid scope"), 79 + ], 80 + None, 81 + ); 82 + 83 + let client_data = ClientData::new(Some(keyset), config); 84 + let store = MemoryAuthStore::new(); 85 + let client = OAuthClient::new(store, client_data); 86 + 87 + Ok(client) 88 + } 89 + 90 + /// GET /admin/client-metadata.json — Serves the OAuth client metadata. 91 + pub async fn client_metadata_json(State(state): State<AppState>) -> Response { 92 + let oauth_client: &AdminOAuthClient = match &state.admin_oauth_client { 93 + Some(client) => client, 94 + None => return StatusCode::NOT_FOUND.into_response(), 95 + }; 96 + 97 + let pds_hostname = &state.app_config.pds_hostname; 98 + let client_id = format!("https://{}/admin/client-metadata.json", pds_hostname); 99 + let redirect_uri = format!("https://{}/admin/oauth/callback", pds_hostname); 100 + let client_uri = format!("https://{}/admin/", pds_hostname); 101 + 102 + let jwks = oauth_client.jwks(); 103 + 104 + let metadata = serde_json::json!({ 105 + "client_id": client_id, 106 + "client_uri": client_uri, 107 + "redirect_uris": [redirect_uri], 108 + "grant_types": ["authorization_code"], 109 + "response_types": ["code"], 110 + "scope": "atproto", 111 + "token_endpoint_auth_method": "private_key_jwt", 112 + "token_endpoint_auth_signing_alg": "ES256", 113 + "application_type": "web", 114 + "dpop_bound_access_tokens": true, 115 + "jwks": jwks, 116 + }); 117 + 118 + ( 119 + StatusCode::OK, 120 + [(axum::http::header::CONTENT_TYPE, "application/json")], 121 + serde_json::to_string_pretty(&metadata).unwrap_or_default(), 122 + ) 123 + .into_response() 124 + } 125 + 126 + /// GET /admin/login — Renders the login page. 127 + pub async fn get_login( 128 + State(state): State<AppState>, 129 + Query(params): Query<LoginQueryParams>, 130 + ) -> Response { 131 + let mut data = serde_json::json!({ 132 + "pds_hostname": state.app_config.pds_hostname, 133 + }); 134 + 135 + if let Some(error) = params.error { 136 + data["error"] = serde_json::Value::String(error); 137 + } 138 + 139 + use axum_template::TemplateEngine; 140 + match state.template_engine.render("admin/login.hbs", data) 141 + { 142 + Ok(html) => Html(html).into_response(), 143 + Err(e) => { 144 + tracing::error!("Failed to render login template: {}", e); 145 + StatusCode::INTERNAL_SERVER_ERROR.into_response() 146 + } 147 + } 148 + } 149 + 150 + #[derive(Debug, Deserialize)] 151 + pub struct LoginQueryParams { 152 + pub error: Option<String>, 153 + } 154 + 155 + #[derive(Debug, Deserialize)] 156 + pub struct LoginForm { 157 + pub handle: String, 158 + } 159 + 160 + /// POST /admin/login — Initiates the OAuth flow. 161 + pub async fn post_login( 162 + State(state): State<AppState>, 163 + axum::extract::Form(form): axum::extract::Form<LoginForm>, 164 + ) -> Response { 165 + let oauth_client: &AdminOAuthClient = match &state.admin_oauth_client { 166 + Some(client) => client, 167 + None => return StatusCode::NOT_FOUND.into_response(), 168 + }; 169 + 170 + let pds_hostname = &state.app_config.pds_hostname; 171 + let redirect_uri: url::Url = 172 + match format!("https://{}/admin/oauth/callback", pds_hostname).parse() { 173 + Ok(u) => u, 174 + Err(_) => { 175 + return Redirect::to("/admin/login?error=Invalid+server+configuration") 176 + .into_response() 177 + } 178 + }; 179 + 180 + let options = AuthorizeOptions { 181 + redirect_uri: Some(redirect_uri), 182 + scopes: vec![ 183 + jacquard_oauth::scopes::Scope::parse("atproto").expect("valid scope"), 184 + jacquard_oauth::scopes::Scope::parse("transition:generic").expect("valid scope"), 185 + ], 186 + prompt: None, 187 + state: None, 188 + }; 189 + 190 + match oauth_client.start_auth(&form.handle, options).await { 191 + Ok(auth_url) => Redirect::to(&auth_url).into_response(), 192 + Err(e) => { 193 + tracing::error!("OAuth start_auth failed: {}", e); 194 + let msg = format!("Login failed: {}", e); 195 + let error_msg = urlencoding::encode(&msg); 196 + Redirect::to(&format!("/admin/login?error={}", error_msg)).into_response() 197 + } 198 + } 199 + } 200 + 201 + #[derive(Debug, Deserialize)] 202 + pub struct OAuthCallbackParams { 203 + pub code: String, 204 + pub state: Option<String>, 205 + pub iss: Option<String>, 206 + } 207 + 208 + /// GET /admin/oauth/callback — Handles the OAuth callback. 209 + pub async fn oauth_callback( 210 + State(state): State<AppState>, 211 + Query(params): Query<OAuthCallbackParams>, 212 + jar: SignedCookieJar, 213 + ) -> Response { 214 + let oauth_client: &AdminOAuthClient = match &state.admin_oauth_client { 215 + Some(client) => client, 216 + None => return StatusCode::NOT_FOUND.into_response(), 217 + }; 218 + 219 + let rbac = match &state.admin_rbac_config { 220 + Some(rbac) => rbac, 221 + None => return StatusCode::NOT_FOUND.into_response(), 222 + }; 223 + 224 + let callback_params = CallbackParams { 225 + code: params.code.as_str().into(), 226 + state: params.state.as_deref().map(Into::into), 227 + iss: params.iss.as_deref().map(Into::into), 228 + }; 229 + 230 + // Exchange authorization code for session 231 + let oauth_session = match oauth_client.callback(callback_params).await { 232 + Ok(session) => session, 233 + Err(e) => { 234 + tracing::error!("OAuth callback failed: {}", e); 235 + let msg = format!("Authentication failed: {}", e); 236 + let error_msg = urlencoding::encode(&msg); 237 + return Redirect::to(&format!("/admin/login?error={}", error_msg)).into_response(); 238 + } 239 + }; 240 + 241 + // Extract DID and handle from the OAuth session 242 + let (did, handle) = oauth_session.session_info().await; 243 + let did_str = did.to_string(); 244 + let handle_str = handle.to_string(); 245 + 246 + // Check if this DID is a member in the RBAC config 247 + if !rbac.is_member(&did_str) { 248 + tracing::warn!("Access denied for DID {} (not in RBAC config)", did_str); 249 + return render_error( 250 + &state, 251 + "Access Denied", 252 + &format!( 253 + "Your identity ({}) is not authorized to access the admin portal. Contact your PDS administrator.", 254 + handle_str 255 + ), 256 + ); 257 + } 258 + 259 + // Create admin session 260 + let ttl_hours = state.app_config.admin_session_ttl_hours; 261 + let session_id = match session::create_session( 262 + &state.pds_gatekeeper_pool, 263 + &did_str, 264 + &handle_str, 265 + ttl_hours, 266 + ) 267 + .await 268 + { 269 + Ok(id) => id, 270 + Err(e) => { 271 + tracing::error!("Failed to create admin session: {}", e); 272 + return Redirect::to("/admin/login?error=Session+creation+failed").into_response(); 273 + } 274 + }; 275 + 276 + // Set signed cookie 277 + let mut cookie = Cookie::new("__gatekeeper_admin_session", session_id); 278 + cookie.set_http_only(true); 279 + cookie.set_secure(true); 280 + cookie.set_same_site(SameSite::Lax); 281 + cookie.set_path("/admin/"); 282 + 283 + let updated_jar = jar.add(cookie); 284 + 285 + (updated_jar, Redirect::to("/admin/")).into_response() 286 + } 287 + 288 + fn render_error(state: &AppState, title: &str, message: &str) -> Response { 289 + let data = serde_json::json!({ 290 + "error_title": title, 291 + "error_message": message, 292 + "pds_hostname": state.app_config.pds_hostname, 293 + }); 294 + 295 + use axum_template::TemplateEngine; 296 + match state.template_engine.render("admin/error.hbs", data) 297 + { 298 + Ok(html) => Html(html).into_response(), 299 + Err(_) => (StatusCode::FORBIDDEN, format!("{}: {}", title, message)).into_response(), 300 + } 301 + }

+252

src/admin/pds_proxy.rs

··· 1 + use serde::de::DeserializeOwned; 2 + use serde::Serialize; 3 + use std::fmt; 4 + 5 + #[derive(Debug)] 6 + pub enum AdminProxyError { 7 + RequestFailed(String), 8 + PdsError { 9 + status: u16, 10 + error: String, 11 + message: String, 12 + }, 13 + ParseError(String), 14 + } 15 + 16 + impl fmt::Display for AdminProxyError { 17 + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 18 + match self { 19 + AdminProxyError::RequestFailed(msg) => write!(f, "Request failed: {msg}"), 20 + AdminProxyError::PdsError { 21 + status, 22 + error, 23 + message, 24 + } => write!(f, "PDS error ({status}): {error} - {message}"), 25 + AdminProxyError::ParseError(msg) => write!(f, "Parse error: {msg}"), 26 + } 27 + } 28 + } 29 + 30 + /// Make an authenticated GET request to a PDS XRPC endpoint. 31 + pub async fn admin_xrpc_get<R: DeserializeOwned>( 32 + pds_base_url: &str, 33 + admin_password: &str, 34 + endpoint: &str, 35 + query_params: &[(&str, &str)], 36 + ) -> Result<R, AdminProxyError> { 37 + let url = format!( 38 + "{}/xrpc/{}", 39 + pds_base_url.trim_end_matches('/'), 40 + endpoint 41 + ); 42 + let client = reqwest::Client::new(); 43 + let resp = client 44 + .get(&url) 45 + .query(query_params) 46 + .basic_auth("admin", Some(admin_password)) 47 + .send() 48 + .await 49 + .map_err(|e| AdminProxyError::RequestFailed(e.to_string()))?; 50 + 51 + if !resp.status().is_success() { 52 + let status = resp.status().as_u16(); 53 + let body = resp.text().await.unwrap_or_default(); 54 + if let Ok(err_json) = serde_json::from_str::<serde_json::Value>(&body) { 55 + return Err(AdminProxyError::PdsError { 56 + status, 57 + error: err_json["error"] 58 + .as_str() 59 + .unwrap_or("Unknown") 60 + .to_string(), 61 + message: err_json["message"] 62 + .as_str() 63 + .unwrap_or(&body) 64 + .to_string(), 65 + }); 66 + } 67 + return Err(AdminProxyError::PdsError { 68 + status, 69 + error: "Unknown".to_string(), 70 + message: body, 71 + }); 72 + } 73 + 74 + resp.json::<R>() 75 + .await 76 + .map_err(|e| AdminProxyError::ParseError(e.to_string())) 77 + } 78 + 79 + /// Make an authenticated POST request to a PDS XRPC endpoint. 80 + pub async fn admin_xrpc_post<T: Serialize, R: DeserializeOwned>( 81 + pds_base_url: &str, 82 + admin_password: &str, 83 + endpoint: &str, 84 + body: &T, 85 + ) -> Result<R, AdminProxyError> { 86 + let url = format!( 87 + "{}/xrpc/{}", 88 + pds_base_url.trim_end_matches('/'), 89 + endpoint 90 + ); 91 + let client = reqwest::Client::new(); 92 + let resp = client 93 + .post(&url) 94 + .json(body) 95 + .basic_auth("admin", Some(admin_password)) 96 + .send() 97 + .await 98 + .map_err(|e| AdminProxyError::RequestFailed(e.to_string()))?; 99 + 100 + if !resp.status().is_success() { 101 + let status = resp.status().as_u16(); 102 + let body = resp.text().await.unwrap_or_default(); 103 + if let Ok(err_json) = serde_json::from_str::<serde_json::Value>(&body) { 104 + return Err(AdminProxyError::PdsError { 105 + status, 106 + error: err_json["error"] 107 + .as_str() 108 + .unwrap_or("Unknown") 109 + .to_string(), 110 + message: err_json["message"] 111 + .as_str() 112 + .unwrap_or(&body) 113 + .to_string(), 114 + }); 115 + } 116 + return Err(AdminProxyError::PdsError { 117 + status, 118 + error: "Unknown".to_string(), 119 + message: body, 120 + }); 121 + } 122 + 123 + resp.json::<R>() 124 + .await 125 + .map_err(|e| AdminProxyError::ParseError(e.to_string())) 126 + } 127 + 128 + /// Make an authenticated POST request that returns no meaningful body (just success/failure). 129 + pub async fn admin_xrpc_post_no_response<T: Serialize>( 130 + pds_base_url: &str, 131 + admin_password: &str, 132 + endpoint: &str, 133 + body: &T, 134 + ) -> Result<(), AdminProxyError> { 135 + let url = format!( 136 + "{}/xrpc/{}", 137 + pds_base_url.trim_end_matches('/'), 138 + endpoint 139 + ); 140 + let client = reqwest::Client::new(); 141 + let resp = client 142 + .post(&url) 143 + .json(body) 144 + .basic_auth("admin", Some(admin_password)) 145 + .send() 146 + .await 147 + .map_err(|e| AdminProxyError::RequestFailed(e.to_string()))?; 148 + 149 + if !resp.status().is_success() { 150 + let status = resp.status().as_u16(); 151 + let body = resp.text().await.unwrap_or_default(); 152 + if let Ok(err_json) = serde_json::from_str::<serde_json::Value>(&body) { 153 + return Err(AdminProxyError::PdsError { 154 + status, 155 + error: err_json["error"] 156 + .as_str() 157 + .unwrap_or("Unknown") 158 + .to_string(), 159 + message: err_json["message"] 160 + .as_str() 161 + .unwrap_or(&body) 162 + .to_string(), 163 + }); 164 + } 165 + return Err(AdminProxyError::PdsError { 166 + status, 167 + error: "Unknown".to_string(), 168 + message: body, 169 + }); 170 + } 171 + 172 + Ok(()) 173 + } 174 + 175 + /// Make an unauthenticated GET request that returns text (e.g., _health). 176 + pub async fn get_text( 177 + pds_base_url: &str, 178 + endpoint: &str, 179 + ) -> Result<String, AdminProxyError> { 180 + let url = format!( 181 + "{}/{}", 182 + pds_base_url.trim_end_matches('/'), 183 + endpoint 184 + ); 185 + let client = reqwest::Client::new(); 186 + let resp = client 187 + .get(&url) 188 + .send() 189 + .await 190 + .map_err(|e| AdminProxyError::RequestFailed(e.to_string()))?; 191 + 192 + if !resp.status().is_success() { 193 + let status = resp.status().as_u16(); 194 + let body = resp.text().await.unwrap_or_default(); 195 + return Err(AdminProxyError::PdsError { 196 + status, 197 + error: "Unknown".to_string(), 198 + message: body, 199 + }); 200 + } 201 + 202 + resp.text() 203 + .await 204 + .map_err(|e| AdminProxyError::ParseError(e.to_string())) 205 + } 206 + 207 + /// Make an unauthenticated GET request with JSON response parsing. 208 + pub async fn public_xrpc_get<R: DeserializeOwned>( 209 + pds_base_url: &str, 210 + endpoint: &str, 211 + query_params: &[(&str, &str)], 212 + ) -> Result<R, AdminProxyError> { 213 + let url = format!( 214 + "{}/xrpc/{}", 215 + pds_base_url.trim_end_matches('/'), 216 + endpoint 217 + ); 218 + let client = reqwest::Client::new(); 219 + let resp = client 220 + .get(&url) 221 + .query(query_params) 222 + .send() 223 + .await 224 + .map_err(|e| AdminProxyError::RequestFailed(e.to_string()))?; 225 + 226 + if !resp.status().is_success() { 227 + let status = resp.status().as_u16(); 228 + let body = resp.text().await.unwrap_or_default(); 229 + if let Ok(err_json) = serde_json::from_str::<serde_json::Value>(&body) { 230 + return Err(AdminProxyError::PdsError { 231 + status, 232 + error: err_json["error"] 233 + .as_str() 234 + .unwrap_or("Unknown") 235 + .to_string(), 236 + message: err_json["message"] 237 + .as_str() 238 + .unwrap_or(&body) 239 + .to_string(), 240 + }); 241 + } 242 + return Err(AdminProxyError::PdsError { 243 + status, 244 + error: "Unknown".to_string(), 245 + message: body, 246 + }); 247 + } 248 + 249 + resp.json::<R>() 250 + .await 251 + .map_err(|e| AdminProxyError::ParseError(e.to_string())) 252 + }

+263

src/admin/rbac.rs

··· 1 + use serde::Deserialize; 2 + use std::collections::HashMap; 3 + use std::path::Path; 4 + 5 + #[derive(Debug, Clone, Deserialize)] 6 + pub struct RbacConfig { 7 + pub roles: HashMap<String, RoleDefinition>, 8 + pub members: Vec<MemberDefinition>, 9 + } 10 + 11 + #[derive(Debug, Clone, Deserialize)] 12 + pub struct RoleDefinition { 13 + pub description: String, 14 + pub endpoints: Vec<String>, 15 + } 16 + 17 + #[derive(Debug, Clone, Deserialize)] 18 + pub struct MemberDefinition { 19 + pub did: String, 20 + pub roles: Vec<String>, 21 + } 22 + 23 + impl RbacConfig { 24 + /// Load RBAC configuration from a YAML file. 25 + pub fn load_from_file(path: impl AsRef<Path>) -> Result<Self, anyhow::Error> { 26 + let contents = std::fs::read_to_string(path)?; 27 + let config: RbacConfig = serde_yaml::from_str(&contents)?; 28 + config.validate()?; 29 + Ok(config) 30 + } 31 + 32 + /// Validate that all member roles reference defined roles. 33 + fn validate(&self) -> Result<(), anyhow::Error> { 34 + for member in &self.members { 35 + for role in &member.roles { 36 + if !self.roles.contains_key(role) { 37 + return Err(anyhow::anyhow!( 38 + "Member {} references undefined role: {}", 39 + member.did, 40 + role 41 + )); 42 + } 43 + } 44 + } 45 + Ok(()) 46 + } 47 + 48 + /// Check whether a DID is a configured member. 49 + pub fn is_member(&self, did: &str) -> bool { 50 + self.members.iter().any(|m| m.did == did) 51 + } 52 + 53 + /// Get the role names assigned to a DID. 54 + pub fn get_member_roles(&self, did: &str) -> Vec<String> { 55 + self.members 56 + .iter() 57 + .find(|m| m.did == did) 58 + .map(|m| m.roles.clone()) 59 + .unwrap_or_default() 60 + } 61 + 62 + /// Get all endpoint patterns that a DID is allowed to access (aggregated from all roles). 63 + pub fn get_allowed_endpoints(&self, did: &str) -> Vec<String> { 64 + let roles = self.get_member_roles(did); 65 + let mut endpoints = Vec::new(); 66 + for role_name in &roles { 67 + if let Some(role) = self.roles.get(role_name) { 68 + endpoints.extend(role.endpoints.clone()); 69 + } 70 + } 71 + endpoints 72 + } 73 + 74 + /// Check whether a DID can access a specific endpoint. 75 + /// Supports wildcard matching: `com.atproto.admin.*` matches `com.atproto.admin.getAccountInfo`. 76 + pub fn can_access_endpoint(&self, did: &str, endpoint: &str) -> bool { 77 + let allowed = self.get_allowed_endpoints(did); 78 + for pattern in &allowed { 79 + if matches_endpoint_pattern(pattern, endpoint) { 80 + return true; 81 + } 82 + } 83 + false 84 + } 85 + } 86 + 87 + /// Match an endpoint against a pattern. Supports trailing `*` wildcard. 88 + /// e.g. `com.atproto.admin.*` matches `com.atproto.admin.getAccountInfo` 89 + fn matches_endpoint_pattern(pattern: &str, endpoint: &str) -> bool { 90 + if pattern == endpoint { 91 + return true; 92 + } 93 + if let Some(prefix) = pattern.strip_suffix('*') { 94 + return endpoint.starts_with(prefix); 95 + } 96 + false 97 + } 98 + 99 + #[cfg(test)] 100 + mod tests { 101 + use super::*; 102 + 103 + fn test_config() -> RbacConfig { 104 + let yaml = r#" 105 + roles: 106 + pds-admin: 107 + description: "Full admin" 108 + endpoints: 109 + - "com.atproto.admin.*" 110 + - "com.atproto.server.createInviteCode" 111 + - "com.atproto.server.createAccount" 112 + moderator: 113 + description: "Content moderation" 114 + endpoints: 115 + - "com.atproto.admin.getAccountInfo" 116 + - "com.atproto.admin.getAccountInfos" 117 + - "com.atproto.admin.getSubjectStatus" 118 + - "com.atproto.admin.updateSubjectStatus" 119 + - "com.atproto.admin.searchAccounts" 120 + - "com.atproto.admin.getInviteCodes" 121 + invite-manager: 122 + description: "Invite management" 123 + endpoints: 124 + - "com.atproto.admin.getInviteCodes" 125 + - "com.atproto.admin.disableInviteCodes" 126 + - "com.atproto.server.createInviteCode" 127 + 128 + members: 129 + - did: "did:plc:admin123" 130 + roles: 131 + - pds-admin 132 + - did: "did:plc:mod456" 133 + roles: 134 + - moderator 135 + - did: "did:plc:both789" 136 + roles: 137 + - moderator 138 + - invite-manager 139 + "#; 140 + serde_yaml::from_str(yaml).unwrap() 141 + } 142 + 143 + #[test] 144 + fn test_is_member() { 145 + let config = test_config(); 146 + assert!(config.is_member("did:plc:admin123")); 147 + assert!(config.is_member("did:plc:mod456")); 148 + assert!(!config.is_member("did:plc:unknown")); 149 + } 150 + 151 + #[test] 152 + fn test_get_member_roles() { 153 + let config = test_config(); 154 + assert_eq!(config.get_member_roles("did:plc:admin123"), vec!["pds-admin"]); 155 + assert_eq!( 156 + config.get_member_roles("did:plc:both789"), 157 + vec!["moderator", "invite-manager"] 158 + ); 159 + assert!(config.get_member_roles("did:plc:unknown").is_empty()); 160 + } 161 + 162 + #[test] 163 + fn test_wildcard_matching() { 164 + assert!(matches_endpoint_pattern( 165 + "com.atproto.admin.*", 166 + "com.atproto.admin.getAccountInfo" 167 + )); 168 + assert!(matches_endpoint_pattern( 169 + "com.atproto.admin.*", 170 + "com.atproto.admin.deleteAccount" 171 + )); 172 + assert!(!matches_endpoint_pattern( 173 + "com.atproto.admin.*", 174 + "com.atproto.server.createAccount" 175 + )); 176 + } 177 + 178 + #[test] 179 + fn test_exact_matching() { 180 + assert!(matches_endpoint_pattern( 181 + "com.atproto.server.createInviteCode", 182 + "com.atproto.server.createInviteCode" 183 + )); 184 + assert!(!matches_endpoint_pattern( 185 + "com.atproto.server.createInviteCode", 186 + "com.atproto.server.createAccount" 187 + )); 188 + } 189 + 190 + #[test] 191 + fn test_admin_can_access_all_admin_endpoints() { 192 + let config = test_config(); 193 + assert!(config.can_access_endpoint("did:plc:admin123", "com.atproto.admin.getAccountInfo")); 194 + assert!(config.can_access_endpoint("did:plc:admin123", "com.atproto.admin.deleteAccount")); 195 + assert!(config.can_access_endpoint( 196 + "did:plc:admin123", 197 + "com.atproto.server.createInviteCode" 198 + )); 199 + assert!(config.can_access_endpoint("did:plc:admin123", "com.atproto.server.createAccount")); 200 + } 201 + 202 + #[test] 203 + fn test_moderator_limited_access() { 204 + let config = test_config(); 205 + assert!(config.can_access_endpoint("did:plc:mod456", "com.atproto.admin.getAccountInfo")); 206 + assert!(config.can_access_endpoint( 207 + "did:plc:mod456", 208 + "com.atproto.admin.updateSubjectStatus" 209 + )); 210 + assert!(!config.can_access_endpoint("did:plc:mod456", "com.atproto.admin.deleteAccount")); 211 + assert!(!config.can_access_endpoint( 212 + "did:plc:mod456", 213 + "com.atproto.server.createInviteCode" 214 + )); 215 + } 216 + 217 + #[test] 218 + fn test_combined_roles() { 219 + let config = test_config(); 220 + // Has moderator + invite-manager 221 + assert!(config.can_access_endpoint("did:plc:both789", "com.atproto.admin.getAccountInfo")); 222 + assert!(config.can_access_endpoint("did:plc:both789", "com.atproto.admin.getInviteCodes")); 223 + assert!(config.can_access_endpoint( 224 + "did:plc:both789", 225 + "com.atproto.server.createInviteCode" 226 + )); 227 + assert!(config.can_access_endpoint( 228 + "did:plc:both789", 229 + "com.atproto.admin.disableInviteCodes" 230 + )); 231 + // But not delete or create account 232 + assert!(!config.can_access_endpoint("did:plc:both789", "com.atproto.admin.deleteAccount")); 233 + assert!(!config.can_access_endpoint( 234 + "did:plc:both789", 235 + "com.atproto.server.createAccount" 236 + )); 237 + } 238 + 239 + #[test] 240 + fn test_non_member_no_access() { 241 + let config = test_config(); 242 + assert!(!config.can_access_endpoint( 243 + "did:plc:unknown", 244 + "com.atproto.admin.getAccountInfo" 245 + )); 246 + } 247 + 248 + #[test] 249 + fn test_validate_rejects_undefined_role() { 250 + let yaml = r#" 251 + roles: 252 + admin: 253 + description: "Admin" 254 + endpoints: ["com.atproto.admin.*"] 255 + members: 256 + - did: "did:plc:test" 257 + roles: 258 + - nonexistent 259 + "#; 260 + let config: RbacConfig = serde_yaml::from_str(yaml).unwrap(); 261 + assert!(config.validate().is_err()); 262 + } 263 + }

+1071

src/admin/routes.rs

··· 1 + use axum::{ 2 + extract::{Extension, Path, Query, State}, 3 + http::StatusCode, 4 + response::{Html, IntoResponse, Redirect, Response}, 5 + }; 6 + use axum_extra::extract::cookie::{Cookie, SignedCookieJar}; 7 + use serde::{Deserialize, Serialize}; 8 + 9 + use crate::AppState; 10 + 11 + use super::middleware::{AdminPermissions, AdminSession}; 12 + use super::pds_proxy; 13 + use super::session; 14 + 15 + // ─── Response types from PDS API ───────────────────────────────────────────── 16 + 17 + #[derive(Debug, Deserialize, Serialize)] 18 + pub struct HealthResponse { 19 + pub version: Option<String>, 20 + } 21 + 22 + #[derive(Debug, Deserialize, Serialize)] 23 + #[serde(rename_all = "camelCase")] 24 + pub struct DescribeServerResponse { 25 + pub did: Option<String>, 26 + #[serde(default)] 27 + pub available_user_domains: Vec<String>, 28 + pub invite_code_required: Option<bool>, 29 + pub phone_verification_required: Option<bool>, 30 + } 31 + 32 + #[derive(Debug, Deserialize, Serialize)] 33 + pub struct ListReposResponse { 34 + #[serde(default)] 35 + pub repos: Vec<RepoInfo>, 36 + pub cursor: Option<String>, 37 + } 38 + 39 + #[derive(Debug, Deserialize, Serialize)] 40 + pub struct RepoInfo { 41 + pub did: String, 42 + pub head: Option<String>, 43 + } 44 + 45 + #[derive(Debug, Deserialize, Serialize)] 46 + #[serde(rename_all = "camelCase")] 47 + pub struct AccountInfo { 48 + pub did: String, 49 + pub handle: String, 50 + pub email: Option<String>, 51 + pub indexed_at: Option<String>, 52 + pub invited_by: Option<InviteCodeRef>, 53 + #[serde(default)] 54 + pub invites: Vec<InviteCodeInfo>, 55 + pub invites_disabled: Option<bool>, 56 + pub email_confirmed_at: Option<String>, 57 + pub deactivated_at: Option<String>, 58 + #[serde(default)] 59 + pub related_records: Vec<serde_json::Value>, 60 + pub invite_note: Option<String>, 61 + } 62 + 63 + #[derive(Debug, Deserialize, Serialize)] 64 + pub struct InviteCodeRef { 65 + pub code: Option<String>, 66 + } 67 + 68 + #[derive(Debug, Deserialize, Serialize)] 69 + #[serde(rename_all = "camelCase")] 70 + pub struct GetAccountInfosResponse { 71 + #[serde(default)] 72 + pub infos: Vec<AccountInfo>, 73 + } 74 + 75 + #[derive(Debug, Deserialize, Serialize)] 76 + #[serde(rename_all = "camelCase")] 77 + pub struct SubjectStatusResponse { 78 + pub subject: Option<serde_json::Value>, 79 + pub takedown: Option<StatusAttr>, 80 + } 81 + 82 + #[derive(Debug, Deserialize, Serialize)] 83 + pub struct StatusAttr { 84 + pub applied: bool, 85 + pub r#ref: Option<String>, 86 + } 87 + 88 + #[derive(Debug, Deserialize, Serialize)] 89 + #[serde(rename_all = "camelCase")] 90 + pub struct InviteCodeInfo { 91 + pub code: String, 92 + pub available: Option<i64>, 93 + pub disabled: Option<bool>, 94 + pub for_account: Option<String>, 95 + pub created_by: Option<String>, 96 + pub created_at: Option<String>, 97 + #[serde(default)] 98 + pub uses: Vec<InviteCodeUse>, 99 + } 100 + 101 + #[derive(Debug, Deserialize, Serialize)] 102 + #[serde(rename_all = "camelCase")] 103 + pub struct InviteCodeUse { 104 + pub used_by: String, 105 + pub used_at: Option<String>, 106 + } 107 + 108 + #[derive(Debug, Deserialize, Serialize)] 109 + pub struct GetInviteCodesResponse { 110 + #[serde(default)] 111 + pub codes: Vec<InviteCodeInfo>, 112 + pub cursor: Option<String>, 113 + } 114 + 115 + #[derive(Debug, Deserialize, Serialize)] 116 + pub struct CreateInviteCodeResponse { 117 + pub code: String, 118 + } 119 + 120 + #[derive(Debug, Deserialize, Serialize)] 121 + #[serde(rename_all = "camelCase")] 122 + pub struct SearchAccountsResponse { 123 + #[serde(default)] 124 + pub accounts: Vec<AccountInfo>, 125 + pub cursor: Option<String>, 126 + } 127 + 128 + #[derive(Debug, Deserialize, Serialize)] 129 + #[serde(rename_all = "camelCase")] 130 + pub struct CreateAccountResponse { 131 + pub did: String, 132 + pub handle: String, 133 + pub access_jwt: Option<String>, 134 + pub refresh_jwt: Option<String>, 135 + } 136 + 137 + // ─── Query parameter types ─────────────────────────────────────────────────── 138 + 139 + #[derive(Debug, Deserialize)] 140 + pub struct FlashParams { 141 + pub flash_success: Option<String>, 142 + pub flash_error: Option<String>, 143 + } 144 + 145 + #[derive(Debug, Deserialize)] 146 + pub struct SearchParams { 147 + pub q: Option<String>, 148 + pub flash_success: Option<String>, 149 + pub flash_error: Option<String>, 150 + } 151 + 152 + // ─── Form types ────────────────────────────────────────────────────────────── 153 + 154 + #[derive(Debug, Deserialize)] 155 + pub struct CreateInviteForm { 156 + pub use_count: Option<i64>, 157 + } 158 + 159 + #[derive(Debug, Deserialize)] 160 + pub struct DisableInviteCodesForm { 161 + pub codes: String, // comma-separated 162 + } 163 + 164 + #[derive(Debug, Deserialize)] 165 + pub struct CreateAccountForm { 166 + pub email: String, 167 + pub handle: String, 168 + } 169 + 170 + // ─── Helper functions ──────────────────────────────────────────────────────── 171 + 172 + fn admin_password(state: &AppState) -> &str { 173 + state 174 + .app_config 175 + .pds_admin_password 176 + .as_deref() 177 + .unwrap_or("") 178 + } 179 + 180 + fn pds_url(state: &AppState) -> &str { 181 + &state.app_config.pds_base_url 182 + } 183 + 184 + fn render_template(state: &AppState, template: &str, data: serde_json::Value) -> Response { 185 + use axum_template::TemplateEngine; 186 + match state.template_engine.render(template, data) { 187 + Ok(html) => Html(html).into_response(), 188 + Err(e) => { 189 + tracing::error!("Template render error for {}: {}", template, e); 190 + StatusCode::INTERNAL_SERVER_ERROR.into_response() 191 + } 192 + } 193 + } 194 + 195 + fn inject_nav_data( 196 + data: &mut serde_json::Value, 197 + session: &AdminSession, 198 + permissions: &AdminPermissions, 199 + ) { 200 + let obj = data.as_object_mut().unwrap(); 201 + obj.insert("admin_handle".into(), session.handle.clone().into()); 202 + obj.insert("admin_did".into(), session.did.clone().into()); 203 + obj.insert( 204 + "can_view_accounts".into(), 205 + permissions.can_view_accounts.into(), 206 + ); 207 + obj.insert( 208 + "can_manage_takedowns".into(), 209 + permissions.can_manage_takedowns.into(), 210 + ); 211 + obj.insert( 212 + "can_delete_account".into(), 213 + permissions.can_delete_account.into(), 214 + ); 215 + obj.insert( 216 + "can_reset_password".into(), 217 + permissions.can_reset_password.into(), 218 + ); 219 + obj.insert( 220 + "can_create_account".into(), 221 + permissions.can_create_account.into(), 222 + ); 223 + obj.insert( 224 + "can_manage_invites".into(), 225 + permissions.can_manage_invites.into(), 226 + ); 227 + obj.insert( 228 + "can_create_invite".into(), 229 + permissions.can_create_invite.into(), 230 + ); 231 + obj.insert( 232 + "can_send_email".into(), 233 + permissions.can_send_email.into(), 234 + ); 235 + } 236 + 237 + fn flash_redirect(base_path: &str, success: Option<&str>, error: Option<&str>) -> Response { 238 + let mut url = base_path.to_string(); 239 + let mut sep = '?'; 240 + if let Some(msg) = success { 241 + url.push_str(&format!("{}flash_success={}", sep, urlencoding::encode(msg))); 242 + sep = '&'; 243 + } 244 + if let Some(msg) = error { 245 + url.push_str(&format!("{}flash_error={}", sep, urlencoding::encode(msg))); 246 + } 247 + Redirect::to(&url).into_response() 248 + } 249 + 250 + fn generate_random_password() -> String { 251 + use rand::Rng; 252 + let chars = b"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"; 253 + let mut rng = rand::rng(); 254 + (0..24) 255 + .map(|_| chars[rng.random_range(0..chars.len())] as char) 256 + .collect() 257 + } 258 + 259 + // ─── Route handlers ────────────────────────────────────────────────────────── 260 + 261 + /// GET /admin/ — Dashboard 262 + pub async fn dashboard( 263 + State(state): State<AppState>, 264 + Extension(session): Extension<AdminSession>, 265 + Extension(permissions): Extension<AdminPermissions>, 266 + Query(flash): Query<FlashParams>, 267 + ) -> Response { 268 + let pds = pds_url(&state); 269 + 270 + // Fetch health, server description, and repo count in parallel 271 + let health_fut = pds_proxy::get_text(pds, "xrpc/_health"); 272 + let desc_fut = 273 + pds_proxy::public_xrpc_get::<DescribeServerResponse>(pds, "com.atproto.server.describeServer", &[]); 274 + let repos_fut = 275 + pds_proxy::public_xrpc_get::<ListReposResponse>(pds, "com.atproto.sync.listRepos", &[("limit", "1")]); 276 + 277 + let (health_res, desc_res, _repos_res) = tokio::join!(health_fut, desc_fut, repos_fut); 278 + 279 + let version = health_res 280 + .ok() 281 + .and_then(|t| { 282 + serde_json::from_str::<HealthResponse>(&t) 283 + .ok() 284 + .and_then(|h| h.version) 285 + }) 286 + .unwrap_or_else(|| "Unknown".to_string()); 287 + 288 + let desc = desc_res.ok(); 289 + 290 + // For account count, we fetch all repos 291 + let account_count_fut = 292 + pds_proxy::public_xrpc_get::<ListReposResponse>(pds, "com.atproto.sync.listRepos", &[("limit", "1000")]); 293 + let account_count = account_count_fut 294 + .await 295 + .map(|r| r.repos.len()) 296 + .unwrap_or(0); 297 + 298 + let mut data = serde_json::json!({ 299 + "version": version, 300 + "account_count": account_count, 301 + "server_did": desc.as_ref().and_then(|d| d.did.clone()).unwrap_or_default(), 302 + "available_domains": desc.as_ref().map(|d| d.available_user_domains.clone()).unwrap_or_default(), 303 + "invite_code_required": desc.as_ref().and_then(|d| d.invite_code_required).unwrap_or(false), 304 + "pds_hostname": state.app_config.pds_hostname, 305 + "active_page": "dashboard", 306 + }); 307 + 308 + if let Some(msg) = flash.flash_success { 309 + data["flash_success"] = msg.into(); 310 + } 311 + if let Some(msg) = flash.flash_error { 312 + data["flash_error"] = msg.into(); 313 + } 314 + 315 + inject_nav_data(&mut data, &session, &permissions); 316 + 317 + render_template(&state, "admin/dashboard.hbs", data) 318 + } 319 + 320 + /// GET /admin/accounts — Account list 321 + pub async fn accounts_list( 322 + State(state): State<AppState>, 323 + Extension(session): Extension<AdminSession>, 324 + Extension(permissions): Extension<AdminPermissions>, 325 + Query(flash): Query<FlashParams>, 326 + ) -> Response { 327 + if !permissions.can_view_accounts { 328 + return flash_redirect("/admin/", None, Some("Access denied")); 329 + } 330 + 331 + let pds = pds_url(&state); 332 + let password = admin_password(&state); 333 + 334 + // Get all repos first 335 + let repos = match pds_proxy::public_xrpc_get::<ListReposResponse>( 336 + pds, 337 + "com.atproto.sync.listRepos", 338 + &[("limit", "1000")], 339 + ) 340 + .await 341 + { 342 + Ok(r) => r, 343 + Err(e) => { 344 + tracing::error!("Failed to list repos: {}", e); 345 + return flash_redirect("/admin/", None, Some(&format!("Failed to list accounts: {}", e))); 346 + } 347 + }; 348 + 349 + let dids: Vec<String> = repos.repos.iter().map(|r| r.did.clone()).collect(); 350 + 351 + let accounts = if !dids.is_empty() { 352 + // Build query params for getAccountInfos 353 + let did_params: Vec<(&str, &str)> = dids.iter().map(|d| ("dids", d.as_str())).collect(); 354 + match pds_proxy::admin_xrpc_get::<GetAccountInfosResponse>( 355 + pds, 356 + password, 357 + "com.atproto.admin.getAccountInfos", 358 + &did_params, 359 + ) 360 + .await 361 + { 362 + Ok(res) => res.infos, 363 + Err(e) => { 364 + tracing::error!("Failed to get account infos: {}", e); 365 + vec![] 366 + } 367 + } 368 + } else { 369 + vec![] 370 + }; 371 + 372 + let mut data = serde_json::json!({ 373 + "accounts": accounts, 374 + "account_count": accounts.len(), 375 + "pds_hostname": state.app_config.pds_hostname, 376 + "active_page": "accounts", 377 + }); 378 + 379 + if let Some(msg) = flash.flash_success { 380 + data["flash_success"] = msg.into(); 381 + } 382 + if let Some(msg) = flash.flash_error { 383 + data["flash_error"] = msg.into(); 384 + } 385 + 386 + inject_nav_data(&mut data, &session, &permissions); 387 + 388 + render_template(&state, "admin/accounts.hbs", data) 389 + } 390 + 391 + /// GET /admin/accounts/:did — Account detail 392 + pub async fn account_detail( 393 + State(state): State<AppState>, 394 + Extension(session): Extension<AdminSession>, 395 + Extension(permissions): Extension<AdminPermissions>, 396 + Path(did): Path<String>, 397 + Query(flash): Query<FlashParams>, 398 + ) -> Response { 399 + if !permissions.can_view_accounts { 400 + return flash_redirect("/admin/", None, Some("Access denied")); 401 + } 402 + 403 + let pds = pds_url(&state); 404 + let password = admin_password(&state); 405 + 406 + let did_param: Vec<(&str, &str)> = vec![("did", did.as_str())]; 407 + let account_fut = pds_proxy::admin_xrpc_get::<AccountInfo>( 408 + pds, 409 + password, 410 + "com.atproto.admin.getAccountInfo", 411 + &did_param, 412 + ); 413 + 414 + let did_param2: Vec<(&str, &str)> = vec![("did", did.as_str())]; 415 + let status_fut = pds_proxy::admin_xrpc_get::<SubjectStatusResponse>( 416 + pds, 417 + password, 418 + "com.atproto.admin.getSubjectStatus", 419 + &did_param2, 420 + ); 421 + 422 + let (account_res, status_res) = tokio::join!(account_fut, status_fut); 423 + 424 + let account = match account_res { 425 + Ok(a) => a, 426 + Err(e) => { 427 + tracing::error!("Failed to get account info for {}: {}", did, e); 428 + return flash_redirect( 429 + "/admin/accounts", 430 + None, 431 + Some(&format!("Failed to get account: {}", e)), 432 + ); 433 + } 434 + }; 435 + 436 + let takedown = status_res 437 + .ok() 438 + .and_then(|s| s.takedown) 439 + .map(|t| t.applied) 440 + .unwrap_or(false); 441 + 442 + let mut data = serde_json::json!({ 443 + "account": account, 444 + "is_taken_down": takedown, 445 + "pds_hostname": state.app_config.pds_hostname, 446 + "active_page": "accounts", 447 + }); 448 + 449 + if let Some(msg) = flash.flash_success { 450 + data["flash_success"] = msg.into(); 451 + } 452 + if let Some(msg) = flash.flash_error { 453 + data["flash_error"] = msg.into(); 454 + } 455 + 456 + inject_nav_data(&mut data, &session, &permissions); 457 + 458 + render_template(&state, "admin/account_detail.hbs", data) 459 + } 460 + 461 + /// POST /admin/accounts/:did/takedown 462 + pub async fn takedown_account( 463 + State(state): State<AppState>, 464 + Extension(session): Extension<AdminSession>, 465 + Extension(_permissions): Extension<AdminPermissions>, 466 + Path(did): Path<String>, 467 + ) -> Response { 468 + let rbac = match &state.admin_rbac_config { 469 + Some(r) => r, 470 + None => return StatusCode::NOT_FOUND.into_response(), 471 + }; 472 + 473 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.updateSubjectStatus") { 474 + return flash_redirect( 475 + &format!("/admin/accounts/{}", did), 476 + None, 477 + Some("Access denied: cannot manage takedowns"), 478 + ); 479 + } 480 + 481 + let body = serde_json::json!({ 482 + "subject": { 483 + "$type": "com.atproto.admin.defs#repoRef", 484 + "did": did, 485 + }, 486 + "takedown": { 487 + "applied": true, 488 + "ref": chrono::Utc::now().timestamp().to_string(), 489 + }, 490 + }); 491 + 492 + match pds_proxy::admin_xrpc_post_no_response( 493 + pds_url(&state), 494 + admin_password(&state), 495 + "com.atproto.admin.updateSubjectStatus", 496 + &body, 497 + ) 498 + .await 499 + { 500 + Ok(()) => flash_redirect( 501 + &format!("/admin/accounts/{}", did), 502 + Some("Account taken down successfully"), 503 + None, 504 + ), 505 + Err(e) => flash_redirect( 506 + &format!("/admin/accounts/{}", did), 507 + None, 508 + Some(&format!("Takedown failed: {}", e)), 509 + ), 510 + } 511 + } 512 + 513 + /// POST /admin/accounts/:did/untakedown 514 + pub async fn untakedown_account( 515 + State(state): State<AppState>, 516 + Extension(session): Extension<AdminSession>, 517 + Extension(_permissions): Extension<AdminPermissions>, 518 + Path(did): Path<String>, 519 + ) -> Response { 520 + let rbac = match &state.admin_rbac_config { 521 + Some(r) => r, 522 + None => return StatusCode::NOT_FOUND.into_response(), 523 + }; 524 + 525 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.updateSubjectStatus") { 526 + return flash_redirect( 527 + &format!("/admin/accounts/{}", did), 528 + None, 529 + Some("Access denied"), 530 + ); 531 + } 532 + 533 + let body = serde_json::json!({ 534 + "subject": { 535 + "$type": "com.atproto.admin.defs#repoRef", 536 + "did": did, 537 + }, 538 + "takedown": { 539 + "applied": false, 540 + }, 541 + }); 542 + 543 + match pds_proxy::admin_xrpc_post_no_response( 544 + pds_url(&state), 545 + admin_password(&state), 546 + "com.atproto.admin.updateSubjectStatus", 547 + &body, 548 + ) 549 + .await 550 + { 551 + Ok(()) => flash_redirect( 552 + &format!("/admin/accounts/{}", did), 553 + Some("Takedown removed successfully"), 554 + None, 555 + ), 556 + Err(e) => flash_redirect( 557 + &format!("/admin/accounts/{}", did), 558 + None, 559 + Some(&format!("Failed to remove takedown: {}", e)), 560 + ), 561 + } 562 + } 563 + 564 + /// POST /admin/accounts/:did/delete 565 + pub async fn delete_account( 566 + State(state): State<AppState>, 567 + Extension(session): Extension<AdminSession>, 568 + Extension(_permissions): Extension<AdminPermissions>, 569 + Path(did): Path<String>, 570 + ) -> Response { 571 + let rbac = match &state.admin_rbac_config { 572 + Some(r) => r, 573 + None => return StatusCode::NOT_FOUND.into_response(), 574 + }; 575 + 576 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.deleteAccount") { 577 + return flash_redirect( 578 + &format!("/admin/accounts/{}", did), 579 + None, 580 + Some("Access denied: cannot delete accounts"), 581 + ); 582 + } 583 + 584 + let body = serde_json::json!({ "did": did }); 585 + 586 + match pds_proxy::admin_xrpc_post_no_response( 587 + pds_url(&state), 588 + admin_password(&state), 589 + "com.atproto.admin.deleteAccount", 590 + &body, 591 + ) 592 + .await 593 + { 594 + Ok(()) => flash_redirect( 595 + "/admin/accounts", 596 + Some(&format!("Account {} deleted", did)), 597 + None, 598 + ), 599 + Err(e) => flash_redirect( 600 + &format!("/admin/accounts/{}", did), 601 + None, 602 + Some(&format!("Delete failed: {}", e)), 603 + ), 604 + } 605 + } 606 + 607 + /// POST /admin/accounts/:did/reset-password 608 + pub async fn reset_password( 609 + State(state): State<AppState>, 610 + Extension(session): Extension<AdminSession>, 611 + Extension(_permissions): Extension<AdminPermissions>, 612 + Path(did): Path<String>, 613 + Query(_flash): Query<FlashParams>, 614 + ) -> Response { 615 + let rbac = match &state.admin_rbac_config { 616 + Some(r) => r, 617 + None => return StatusCode::NOT_FOUND.into_response(), 618 + }; 619 + 620 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.updateAccountPassword") { 621 + return flash_redirect( 622 + &format!("/admin/accounts/{}", did), 623 + None, 624 + Some("Access denied: cannot reset passwords"), 625 + ); 626 + } 627 + 628 + let new_password = generate_random_password(); 629 + let body = serde_json::json!({ 630 + "did": did, 631 + "password": new_password, 632 + }); 633 + 634 + match pds_proxy::admin_xrpc_post_no_response( 635 + pds_url(&state), 636 + admin_password(&state), 637 + "com.atproto.admin.updateAccountPassword", 638 + &body, 639 + ) 640 + .await 641 + { 642 + Ok(()) => { 643 + // Redirect with the new password as a flash param 644 + let encoded = urlencoding::encode(&new_password); 645 + Redirect::to(&format!( 646 + "/admin/accounts/{}?flash_success=Password+reset+successfully&new_password={}", 647 + did, encoded 648 + )) 649 + .into_response() 650 + } 651 + Err(e) => flash_redirect( 652 + &format!("/admin/accounts/{}", did), 653 + None, 654 + Some(&format!("Password reset failed: {}", e)), 655 + ), 656 + } 657 + } 658 + 659 + /// POST /admin/accounts/:did/disable-invites 660 + pub async fn disable_account_invites( 661 + State(state): State<AppState>, 662 + Extension(session): Extension<AdminSession>, 663 + Extension(_permissions): Extension<AdminPermissions>, 664 + Path(did): Path<String>, 665 + ) -> Response { 666 + let rbac = match &state.admin_rbac_config { 667 + Some(r) => r, 668 + None => return StatusCode::NOT_FOUND.into_response(), 669 + }; 670 + 671 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.disableAccountInvites") { 672 + return flash_redirect( 673 + &format!("/admin/accounts/{}", did), 674 + None, 675 + Some("Access denied"), 676 + ); 677 + } 678 + 679 + let body = serde_json::json!({ "account": did }); 680 + 681 + match pds_proxy::admin_xrpc_post_no_response( 682 + pds_url(&state), 683 + admin_password(&state), 684 + "com.atproto.admin.disableAccountInvites", 685 + &body, 686 + ) 687 + .await 688 + { 689 + Ok(()) => flash_redirect( 690 + &format!("/admin/accounts/{}", did), 691 + Some("Invites disabled"), 692 + None, 693 + ), 694 + Err(e) => flash_redirect( 695 + &format!("/admin/accounts/{}", did), 696 + None, 697 + Some(&format!("Failed: {}", e)), 698 + ), 699 + } 700 + } 701 + 702 + /// POST /admin/accounts/:did/enable-invites 703 + pub async fn enable_account_invites( 704 + State(state): State<AppState>, 705 + Extension(session): Extension<AdminSession>, 706 + Extension(_permissions): Extension<AdminPermissions>, 707 + Path(did): Path<String>, 708 + ) -> Response { 709 + let rbac = match &state.admin_rbac_config { 710 + Some(r) => r, 711 + None => return StatusCode::NOT_FOUND.into_response(), 712 + }; 713 + 714 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.enableAccountInvites") { 715 + return flash_redirect( 716 + &format!("/admin/accounts/{}", did), 717 + None, 718 + Some("Access denied"), 719 + ); 720 + } 721 + 722 + let body = serde_json::json!({ "account": did }); 723 + 724 + match pds_proxy::admin_xrpc_post_no_response( 725 + pds_url(&state), 726 + admin_password(&state), 727 + "com.atproto.admin.enableAccountInvites", 728 + &body, 729 + ) 730 + .await 731 + { 732 + Ok(()) => flash_redirect( 733 + &format!("/admin/accounts/{}", did), 734 + Some("Invites enabled"), 735 + None, 736 + ), 737 + Err(e) => flash_redirect( 738 + &format!("/admin/accounts/{}", did), 739 + None, 740 + Some(&format!("Failed: {}", e)), 741 + ), 742 + } 743 + } 744 + 745 + /// GET /admin/invite-codes — List invite codes 746 + pub async fn invite_codes_list( 747 + State(state): State<AppState>, 748 + Extension(session): Extension<AdminSession>, 749 + Extension(permissions): Extension<AdminPermissions>, 750 + Query(flash): Query<FlashParams>, 751 + ) -> Response { 752 + let rbac = match &state.admin_rbac_config { 753 + Some(r) => r, 754 + None => return StatusCode::NOT_FOUND.into_response(), 755 + }; 756 + 757 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.getInviteCodes") { 758 + return flash_redirect("/admin/", None, Some("Access denied")); 759 + } 760 + 761 + let codes = match pds_proxy::admin_xrpc_get::<GetInviteCodesResponse>( 762 + pds_url(&state), 763 + admin_password(&state), 764 + "com.atproto.admin.getInviteCodes", 765 + &[("limit", "100"), ("sort", "recent")], 766 + ) 767 + .await 768 + { 769 + Ok(res) => res.codes, 770 + Err(e) => { 771 + tracing::error!("Failed to get invite codes: {}", e); 772 + vec![] 773 + } 774 + }; 775 + 776 + let mut data = serde_json::json!({ 777 + "codes": codes, 778 + "pds_hostname": state.app_config.pds_hostname, 779 + "active_page": "invite_codes", 780 + }); 781 + 782 + if let Some(msg) = flash.flash_success { 783 + data["flash_success"] = msg.into(); 784 + } 785 + if let Some(msg) = flash.flash_error { 786 + data["flash_error"] = msg.into(); 787 + } 788 + 789 + inject_nav_data(&mut data, &session, &permissions); 790 + 791 + render_template(&state, "admin/invite_codes.hbs", data) 792 + } 793 + 794 + /// POST /admin/invite-codes/create 795 + pub async fn create_invite_code( 796 + State(state): State<AppState>, 797 + Extension(session): Extension<AdminSession>, 798 + Extension(_permissions): Extension<AdminPermissions>, 799 + axum::extract::Form(form): axum::extract::Form<CreateInviteForm>, 800 + ) -> Response { 801 + let rbac = match &state.admin_rbac_config { 802 + Some(r) => r, 803 + None => return StatusCode::NOT_FOUND.into_response(), 804 + }; 805 + 806 + if !rbac.can_access_endpoint(&session.did, "com.atproto.server.createInviteCode") { 807 + return flash_redirect("/admin/invite-codes", None, Some("Access denied")); 808 + } 809 + 810 + let use_count = form.use_count.unwrap_or(1).max(1); 811 + let body = serde_json::json!({ "useCount": use_count }); 812 + 813 + match pds_proxy::admin_xrpc_post::<_, CreateInviteCodeResponse>( 814 + pds_url(&state), 815 + admin_password(&state), 816 + "com.atproto.server.createInviteCode", 817 + &body, 818 + ) 819 + .await 820 + { 821 + Ok(res) => flash_redirect( 822 + "/admin/invite-codes", 823 + Some(&format!("Invite code created: {}", res.code)), 824 + None, 825 + ), 826 + Err(e) => flash_redirect( 827 + "/admin/invite-codes", 828 + None, 829 + Some(&format!("Failed to create invite code: {}", e)), 830 + ), 831 + } 832 + } 833 + 834 + /// POST /admin/invite-codes/disable 835 + pub async fn disable_invite_codes( 836 + State(state): State<AppState>, 837 + Extension(session): Extension<AdminSession>, 838 + Extension(_permissions): Extension<AdminPermissions>, 839 + axum::extract::Form(form): axum::extract::Form<DisableInviteCodesForm>, 840 + ) -> Response { 841 + let rbac = match &state.admin_rbac_config { 842 + Some(r) => r, 843 + None => return StatusCode::NOT_FOUND.into_response(), 844 + }; 845 + 846 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.disableInviteCodes") { 847 + return flash_redirect("/admin/invite-codes", None, Some("Access denied")); 848 + } 849 + 850 + let codes: Vec<String> = form 851 + .codes 852 + .split(',') 853 + .map(|s| s.trim().to_string()) 854 + .filter(|s| !s.is_empty()) 855 + .collect(); 856 + 857 + let body = serde_json::json!({ 858 + "codes": codes, 859 + "accounts": [], 860 + }); 861 + 862 + match pds_proxy::admin_xrpc_post_no_response( 863 + pds_url(&state), 864 + admin_password(&state), 865 + "com.atproto.admin.disableInviteCodes", 866 + &body, 867 + ) 868 + .await 869 + { 870 + Ok(()) => flash_redirect( 871 + "/admin/invite-codes", 872 + Some("Invite codes disabled"), 873 + None, 874 + ), 875 + Err(e) => flash_redirect( 876 + "/admin/invite-codes", 877 + None, 878 + Some(&format!("Failed: {}", e)), 879 + ), 880 + } 881 + } 882 + 883 + /// GET /admin/create-account — Form 884 + pub async fn get_create_account( 885 + State(state): State<AppState>, 886 + Extension(session): Extension<AdminSession>, 887 + Extension(permissions): Extension<AdminPermissions>, 888 + Query(flash): Query<FlashParams>, 889 + ) -> Response { 890 + let rbac = match &state.admin_rbac_config { 891 + Some(r) => r, 892 + None => return StatusCode::NOT_FOUND.into_response(), 893 + }; 894 + 895 + if !rbac.can_access_endpoint(&session.did, "com.atproto.server.createAccount") { 896 + return flash_redirect("/admin/", None, Some("Access denied")); 897 + } 898 + 899 + let mut data = serde_json::json!({ 900 + "pds_hostname": state.app_config.pds_hostname, 901 + "active_page": "create_account", 902 + }); 903 + 904 + if let Some(msg) = flash.flash_success { 905 + data["flash_success"] = msg.into(); 906 + } 907 + if let Some(msg) = flash.flash_error { 908 + data["flash_error"] = msg.into(); 909 + } 910 + 911 + inject_nav_data(&mut data, &session, &permissions); 912 + 913 + render_template(&state, "admin/create_account.hbs", data) 914 + } 915 + 916 + /// POST /admin/create-account — Create account 917 + pub async fn post_create_account( 918 + State(state): State<AppState>, 919 + Extension(session): Extension<AdminSession>, 920 + Extension(permissions): Extension<AdminPermissions>, 921 + axum::extract::Form(form): axum::extract::Form<CreateAccountForm>, 922 + ) -> Response { 923 + let rbac = match &state.admin_rbac_config { 924 + Some(r) => r, 925 + None => return StatusCode::NOT_FOUND.into_response(), 926 + }; 927 + 928 + if !rbac.can_access_endpoint(&session.did, "com.atproto.server.createAccount") { 929 + return flash_redirect("/admin/create-account", None, Some("Access denied")); 930 + } 931 + 932 + let pds = pds_url(&state); 933 + let password_str = admin_password(&state); 934 + 935 + // Step 1: Create invite code 936 + let invite_body = serde_json::json!({ "useCount": 1 }); 937 + let invite_res = match pds_proxy::admin_xrpc_post::<_, CreateInviteCodeResponse>( 938 + pds, 939 + password_str, 940 + "com.atproto.server.createInviteCode", 941 + &invite_body, 942 + ) 943 + .await 944 + { 945 + Ok(res) => res, 946 + Err(e) => { 947 + return flash_redirect( 948 + "/admin/create-account", 949 + None, 950 + Some(&format!("Failed to create invite code: {}", e)), 951 + ); 952 + } 953 + }; 954 + 955 + // Step 2: Create account 956 + let account_password = generate_random_password(); 957 + let account_body = serde_json::json!({ 958 + "email": form.email, 959 + "handle": form.handle, 960 + "password": account_password, 961 + "inviteCode": invite_res.code, 962 + }); 963 + 964 + match pds_proxy::admin_xrpc_post::<_, CreateAccountResponse>( 965 + pds, 966 + password_str, 967 + "com.atproto.server.createAccount", 968 + &account_body, 969 + ) 970 + .await 971 + { 972 + Ok(res) => { 973 + let mut data = serde_json::json!({ 974 + "pds_hostname": state.app_config.pds_hostname, 975 + "active_page": "create_account", 976 + "created": true, 977 + "created_did": res.did, 978 + "created_handle": res.handle, 979 + "created_email": form.email, 980 + "created_password": account_password, 981 + "created_invite_code": invite_res.code, 982 + }); 983 + 984 + inject_nav_data(&mut data, &session, &permissions); 985 + 986 + render_template(&state, "admin/create_account.hbs", data) 987 + } 988 + Err(e) => flash_redirect( 989 + "/admin/create-account", 990 + None, 991 + Some(&format!("Failed to create account: {}", e)), 992 + ), 993 + } 994 + } 995 + 996 + /// GET /admin/search — Search accounts 997 + pub async fn search_accounts( 998 + State(state): State<AppState>, 999 + Extension(session): Extension<AdminSession>, 1000 + Extension(permissions): Extension<AdminPermissions>, 1001 + Query(params): Query<SearchParams>, 1002 + ) -> Response { 1003 + let rbac = match &state.admin_rbac_config { 1004 + Some(r) => r, 1005 + None => return StatusCode::NOT_FOUND.into_response(), 1006 + }; 1007 + 1008 + if !rbac.can_access_endpoint(&session.did, "com.atproto.admin.searchAccounts") { 1009 + return flash_redirect("/admin/", None, Some("Access denied")); 1010 + } 1011 + 1012 + let query = params.q.unwrap_or_default(); 1013 + 1014 + let accounts = if !query.is_empty() { 1015 + match pds_proxy::admin_xrpc_get::<SearchAccountsResponse>( 1016 + pds_url(&state), 1017 + admin_password(&state), 1018 + "com.atproto.admin.searchAccounts", 1019 + &[("query", &query)], 1020 + ) 1021 + .await 1022 + { 1023 + Ok(res) => res.accounts, 1024 + Err(e) => { 1025 + tracing::error!("Search failed: {}", e); 1026 + vec![] 1027 + } 1028 + } 1029 + } else { 1030 + vec![] 1031 + }; 1032 + 1033 + let mut data = serde_json::json!({ 1034 + "accounts": accounts, 1035 + "account_count": accounts.len(), 1036 + "search_query": query, 1037 + "pds_hostname": state.app_config.pds_hostname, 1038 + "active_page": "accounts", 1039 + }); 1040 + 1041 + if let Some(msg) = params.flash_success { 1042 + data["flash_success"] = msg.into(); 1043 + } 1044 + if let Some(msg) = params.flash_error { 1045 + data["flash_error"] = msg.into(); 1046 + } 1047 + 1048 + inject_nav_data(&mut data, &session, &permissions); 1049 + 1050 + render_template(&state, "admin/accounts.hbs", data) 1051 + } 1052 + 1053 + /// POST /admin/logout — Clear session and redirect to login 1054 + pub async fn logout( 1055 + State(state): State<AppState>, 1056 + jar: SignedCookieJar, 1057 + ) -> Response { 1058 + if let Some(cookie) = jar.get("__gatekeeper_admin_session") { 1059 + let session_id = cookie.value().to_string(); 1060 + let _ = session::delete_session(&state.pds_gatekeeper_pool, &session_id).await; 1061 + } 1062 + 1063 + let mut removal = Cookie::build("__gatekeeper_admin_session") 1064 + .path("/admin/") 1065 + .build(); 1066 + removal.make_removal(); 1067 + 1068 + let updated_jar = jar.remove(removal); 1069 + 1070 + (updated_jar, Redirect::to("/admin/login")).into_response() 1071 + }

+79

src/admin/session.rs

··· 1 + use anyhow::Result; 2 + use chrono::Utc; 3 + use sqlx::SqlitePool; 4 + use uuid::Uuid; 5 + 6 + #[derive(Debug, Clone, sqlx::FromRow)] 7 + pub struct AdminSessionRow { 8 + pub session_id: String, 9 + pub did: String, 10 + pub handle: String, 11 + pub created_at: String, 12 + pub expires_at: String, 13 + } 14 + 15 + /// Creates a new admin session and returns the generated session_id. 16 + pub async fn create_session( 17 + pool: &SqlitePool, 18 + did: &str, 19 + handle: &str, 20 + ttl_hours: u64, 21 + ) -> Result<String> { 22 + let session_id = Uuid::new_v4().to_string(); 23 + let now = Utc::now(); 24 + let created_at = now.to_rfc3339(); 25 + let expires_at = (now + chrono::Duration::hours(ttl_hours as i64)).to_rfc3339(); 26 + 27 + sqlx::query( 28 + "INSERT INTO admin_sessions (session_id, did, handle, created_at, expires_at) VALUES (?, ?, ?, ?, ?)", 29 + ) 30 + .bind(&session_id) 31 + .bind(did) 32 + .bind(handle) 33 + .bind(&created_at) 34 + .bind(&expires_at) 35 + .execute(pool) 36 + .await?; 37 + 38 + Ok(session_id) 39 + } 40 + 41 + /// Looks up a session by ID. Returns None if the session does not exist or has expired. 42 + pub async fn get_session( 43 + pool: &SqlitePool, 44 + session_id: &str, 45 + ) -> Result<Option<AdminSessionRow>> { 46 + let now = Utc::now().to_rfc3339(); 47 + 48 + let row = sqlx::query_as::<_, AdminSessionRow>( 49 + "SELECT session_id, did, handle, created_at, expires_at FROM admin_sessions WHERE session_id = ? AND expires_at > ?", 50 + ) 51 + .bind(session_id) 52 + .bind(&now) 53 + .fetch_optional(pool) 54 + .await?; 55 + 56 + Ok(row) 57 + } 58 + 59 + /// Deletes a session by ID. 60 + pub async fn delete_session(pool: &SqlitePool, session_id: &str) -> Result<()> { 61 + sqlx::query("DELETE FROM admin_sessions WHERE session_id = ?") 62 + .bind(session_id) 63 + .execute(pool) 64 + .await?; 65 + 66 + Ok(()) 67 + } 68 + 69 + /// Deletes all expired sessions and returns the number of rows removed. 70 + pub async fn cleanup_expired_sessions(pool: &SqlitePool) -> Result<u64> { 71 + let now = Utc::now().to_rfc3339(); 72 + 73 + let result = sqlx::query("DELETE FROM admin_sessions WHERE expires_at <= ?") 74 + .bind(&now) 75 + .execute(pool) 76 + .await?; 77 + 78 + Ok(result.rows_affected()) 79 + }

+94 -1

src/main.rs

··· 41 41 use tracing::{Span, log}; 42 42 use tracing_subscriber::{EnvFilter, fmt, prelude::*}; 43 43 44 + mod admin; 44 45 mod auth; 45 46 mod gate; 46 47 pub mod helpers; ··· 75 76 pds_service_did: Did<'static>, 76 77 gate_jwe_key: Vec<u8>, 77 78 captcha_success_redirects: Vec<String>, 79 + // Admin portal config 80 + pub pds_admin_password: Option<String>, 81 + pub pds_hostname: String, 82 + pub admin_session_ttl_hours: u64, 78 83 } 79 84 80 85 impl AppConfig { ··· 134 139 } 135 140 }; 136 141 142 + let pds_hostname = env::var("PDS_HOSTNAME").unwrap_or_else(|_| "localhost".to_string()); 143 + 144 + let pds_admin_password = env::var("PDS_ADMIN_PASSWORD").ok(); 145 + 146 + let admin_session_ttl_hours = env::var("GATEKEEPER_ADMIN_SESSION_TTL_HOURS") 147 + .ok() 148 + .and_then(|v| v.parse().ok()) 149 + .unwrap_or(24u64); 150 + 137 151 AppConfig { 138 152 pds_base_url, 139 153 mailer_from, ··· 147 161 .expect("PDS_SERVICE_DID is not a valid did or could not infer from PDS_HOSTNAME"), 148 162 gate_jwe_key, 149 163 captcha_success_redirects, 164 + pds_admin_password, 165 + pds_hostname, 166 + admin_session_ttl_hours, 150 167 } 151 168 } 152 169 } ··· 161 178 resolver: Arc<PublicResolver>, 162 179 handle_cache: auth::HandleCache, 163 180 app_config: AppConfig, 181 + // Admin portal 182 + admin_rbac_config: Option<Arc<admin::rbac::RbacConfig>>, 183 + admin_oauth_client: Option<Arc<admin::oauth::AdminOAuthClient>>, 184 + cookie_key: axum_extra::extract::cookie::Key, 185 + } 186 + 187 + impl axum::extract::FromRef<AppState> for axum_extra::extract::cookie::Key { 188 + fn from_ref(state: &AppState) -> Self { 189 + state.cookie_key.clone() 190 + } 164 191 } 165 192 166 193 async fn root_handler() -> impl axum::response::IntoResponse { ··· 277 304 let mut resolver = PublicResolver::default(); 278 305 resolver = resolver.with_plc_source(plc_source.clone()); 279 306 307 + let app_config = AppConfig::new(); 308 + 309 + // Admin portal setup (opt-in via GATEKEEPER_ADMIN_RBAC_CONFIG) 310 + let admin_rbac_config = env::var("GATEKEEPER_ADMIN_RBAC_CONFIG") 311 + .ok() 312 + .map(|path| { 313 + let config = admin::rbac::RbacConfig::load_from_file(&path) 314 + .unwrap_or_else(|e| panic!("Failed to load RBAC config from {}: {}", path, e)); 315 + log::info!("Loaded admin RBAC config from {} ({} members)", path, config.members.len()); 316 + Arc::new(config) 317 + }); 318 + 319 + let admin_oauth_client = if admin_rbac_config.is_some() { 320 + match admin::oauth::init_oauth_client(&app_config.pds_hostname) { 321 + Ok(client) => { 322 + log::info!("Admin OAuth client initialized for {}", app_config.pds_hostname); 323 + Some(Arc::new(client)) 324 + } 325 + Err(e) => { 326 + log::error!("Failed to initialize admin OAuth client: {}. Admin portal will be disabled.", e); 327 + None 328 + } 329 + } 330 + } else { 331 + None 332 + }; 333 + 334 + // Cookie signing key for admin sessions 335 + let cookie_key = env::var("GATEKEEPER_ADMIN_COOKIE_SECRET") 336 + .ok() 337 + .and_then(|hex_str| hex::decode(hex_str).ok()) 338 + .unwrap_or_else(|| app_config.gate_jwe_key.clone()); 339 + let cookie_key = { 340 + // Key::from requires at least 64 bytes; derive by repeating if needed 341 + let mut key_bytes = cookie_key.clone(); 342 + while key_bytes.len() < 64 { 343 + key_bytes.extend_from_slice(&cookie_key); 344 + } 345 + axum_extra::extract::cookie::Key::from(&key_bytes[..64]) 346 + }; 347 + 280 348 let state = AppState { 281 349 account_pool, 282 350 pds_gatekeeper_pool, ··· 285 353 template_engine: Engine::from(hbs), 286 354 resolver: Arc::new(resolver), 287 355 handle_cache: auth::HandleCache::new(), 288 - app_config: AppConfig::new(), 356 + app_config, 357 + admin_rbac_config, 358 + admin_oauth_client, 359 + cookie_key, 289 360 }; 290 361 291 362 // Rate limiting ··· 388 459 get(get_gate).post(post_gate.layer(GovernorLayer::new(captcha_governor_conf))), 389 460 ); 390 461 } 462 + 463 + // Mount admin portal if RBAC config is loaded 464 + if state.admin_rbac_config.is_some() { 465 + let admin_router = admin::router(state.clone()); 466 + app = app.nest("/admin", admin_router); 467 + log::info!("Admin portal mounted at /admin/"); 468 + } 469 + 470 + // Background cleanup for admin sessions 471 + let cleanup_pool = state.pds_gatekeeper_pool.clone(); 472 + let admin_enabled = state.admin_rbac_config.is_some(); 473 + tokio::spawn(async move { 474 + let mut interval = tokio::time::interval(Duration::from_secs(300)); 475 + loop { 476 + interval.tick().await; 477 + if admin_enabled { 478 + if let Err(e) = admin::session::cleanup_expired_sessions(&cleanup_pool).await { 479 + tracing::error!("Failed to cleanup expired admin sessions: {}", e); 480 + } 481 + } 482 + } 483 + }); 391 484 392 485 let request_logging = env::var("GATEKEEPER_REQUEST_LOGGING") 393 486 .map(|v| v.eq_ignore_ascii_case("true") || v == "1")