feat(admin): add user rate limit approval interface

Turbasen · Jul 20, 2016 · db19788 · db19788
1 parent 0c2d525
commit db19788
Show file tree

Hide file tree

Showing 4 changed files with 160 additions and 3 deletions.
diff --git a/apps/admin/controller.js b/apps/admin/controller.js
@@ -33,6 +33,87 @@ app.get('/users', (req, res, next) => {
   });
 });
 
+app.get('/limits', (req, res, next) => {
+  const error = req.session.message;
+  delete req.session.message;
+
+  const query = {
+    apps: {
+      $elemMatch: {
+        $or: [
+          { prodRequest: { $exists: true } },
+          { devRequest: { $exists: true } },
+        ],
+      },
+    },
+  };
+
+  ApiUser.find(query).exec((err, users) => {
+    if (err) { return next(err); }
+    return res.render('admin/limits.html', { req, error, users });
+  });
+});
+
+app.post('/limits/:userId/:appId', (req, res, next) => {
+  ApiUser.findOne({ _id: req.params.userId }, (err, user) => {
+    if (err) { return next(err); }
+
+    const app = user.apps.id(req.params.appId);
+
+    // Unknown application
+    if (!app) {
+      req.session.message = {
+        title: 'Ukjent app',
+        message: `App ${req.params.appId} ble ikke funnet`,
+      };
+
+      return res.redirect(303, '/admin/limits');
+    }
+
+    // Approve new limits
+    if (req.body.approve === 'true') {
+      if (req.body.limit_prod) {
+        app.set('limit.prod', parseInt(req.body.limit_prod, 10));
+      }
+
+      if (req.body.limit_dev) {
+        app.set('limit.dev', parseInt(req.body.limit_dev, 10));
+      }
+
+      app.set('limit.prodRequest', undefined);
+      app.set('limit.devRequest', undefined);
+
+      req.session.message = {
+        class: 'positive',
+        title: 'Ny grense godkjent',
+        message: `Ny grense for "${app.name}" er godkjent.`,
+      };
+
+    // Reject new limits
+    } else if (req.body.reject === 'true') {
+      app.set('limit.prodRequest', undefined);
+      app.set('limit.devRequest', undefined);
+
+      req.session.message = {
+        class: 'positive',
+        title: 'Ny grense avslått',
+        message: `Ny grense for "${app.name}" er avslått.`,
+      };
+
+    // Unknown action
+    } else {
+      req.session.message = {
+        title: 'Ukjent valg',
+        message: 'Operasjonen ble ikke gjennkjennt som et gyldig valg.',
+      };
+
+      return res.redirect(303, '/admin/limits');
+    }
+
+    user.save().catch(next).then(() => res.redirect(303, '/admin/limits'));
+  });
+});
+
 app.get('/email', (req, res) => {
   const error = req.session.message;
 

diff --git a/views/admin/limits.html b/views/admin/limits.html
@@ -0,0 +1,76 @@
+{% set page = 'limits' %}
+{% set cclass = 'limits' %}
+{% extends "admin/layout.html" %}
+
+{% block title %}Nye apps - {{ super() }}{% endblock %}
+
+{% block content %}
+<h2 class="ui header">
+  <i class="line chart icon"></i>
+  <div class="content">
+    Nye grenser
+    <div class="sub header">Nye API grenser til godkjenning</div>
+  </div>
+</h2>
+
+{% if not users.length %}
+  <div class="ui info message">
+    <p>Det er ingen nye grenser til godkjenning. Godt jobba!</p>
+  </div>
+{% endif %}
+
+<div class="ui three cards">
+  {% for user in users %}
+    {% for app in user.apps %}
+      {% if app.limit.prodRequest or app.limit.devRequest %}
+        <form class="ui form card" method="post"
+          action="/admin/limits/{{ user._id }}/{{ app._id }}">
+
+          <div class="content">
+            <img class="right floated mini ui image"
+              src="{{ user.owner[0].avatarUrl|d("/static/images/image.png") }}">
+
+            <div class="header">{{ app.name }}</div>
+            <div class="meta">{{ user.provider }}</div>
+            <div class="description">
+              <div class="field">
+                <label>Prod grense</label>
+                <input type="number" step="1000" name="limit_prod"
+                  placeholder="{{ app.limit.prod }}"
+                  value="{{ app.limit.prodRequest }}">
+              </div>
+
+              <div class="field">
+                <label>Dev grense</label>
+                <input type="number" step="1000" name="limit_dev"
+                  placeholder="{{ app.limit.dev }}"
+                  value="{{ app.limit.devRequest }}">
+              </div>
+
+              <div class="field">
+                <label>Melding</label>
+                <textarea name="message" rows="2"></textarea>
+              </div>
+            </div>
+          </div>
+          <div class="extra content">
+            <div class="ui two buttons">
+              <button
+                type="submit"
+                name="approve"
+                value="true"
+                class="ui basic green button">Godkjenn</button>
+
+              <button
+                type="submit"
+                name="reject"
+                value="true"
+                class="ui basic red button">Avslå</button>
+            </div>
+          </div>
+        </form>
+      {% endif %}
+    {% endfor %}
+  {% endfor %}
+</div>
+{% endblock %}
diff --git a/views/admin/navigation.html b/views/admin/navigation.html
@@ -13,9 +13,9 @@ <h4 class="ui header">
   </a>
   <a class="item {% if page == 'limits' %}active{% endif %}" href="/admin/limits">
     <h4 class="ui header">
-      <i class="line chart icon"></i> Nye limits
+      <i class="line chart icon"></i> Nye grenser
     </h4>
-    <p>Nye rate limits til godkjenning</p>
+    <p>Nye API grenser til godkjenning</p>
   </a>
   <a class="item {% if page == 'email' %}active{% endif %}" href="/admin/email">
     <h4 class="ui header">

diff --git a/views/nav.html b/views/nav.html
@@ -27,7 +27,7 @@
           </a>
           <a href="/admin/limits" class="item">
             <span class="description">{{ req.session.stats.request|d(0) }} apps</span>
-            <span class="text">Nye limits</span>
+            <span class="text">Nye grenser</span>
           </a>
           <a href="/admin/email" class="item">
             <span class="text">Epostliste</span>