alex/triggerssmith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add blocks

Browse Source
This commit is contained in:
Alexey
2025-12-17 10:14:13 +02:00
parent 18a31be0b1
commit d78a6bedd5
54 changed files with 2755 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
static/blocks/pages/ACL/content.md Normal file
View File

@@ -0,0 +1,23 @@
# Панель администратора ACL
## Создать роль
<input id="roleName" placeholder="имя роли" />
<button onclick="createRole()">Создавать</button>
## Создать разрешение
<input id="permKey" placeholder="ключ разрешения" />
<button onclick="createPerm()">Создавать</button>
## Назначить разрешение роли
<input id="roleIdPerm" placeholder="идентификатор роли" />
<input id="permIdRole" placeholder="идентификатор разрешения" />
<button onclick="assignPermission()">Назначать</button>
## Назначить роль пользователю
<input id="roleIdUser" placeholder="идентификатор роли" />
<input id="userIdRole" placeholder="идентификатор пользователя" />
<button onclick="assignRole()">Назначать</button>

27
static/blocks/pages/ACL/script.js Normal file
View File

@@ -0,0 +1,27 @@
const api = (url, data, m) => fetch(url, {
method: m,
headers: { "Content-Type": "application/json" },
body: JSON.stringify(data)
}).then(r => r.text());
function createRole() {
api('/api/acl-admin/create-role', { name: roleName.value }, "POST").then(alert);
}
function createPerm() {
api('/api/acl-admin/create-permission', { name: permKey.value }, "POST").then(alert);
}
function assignPermission() {
api('/api/acl-admin/assign-permission', {
role_id: Number(roleIdPerm.value),
perm_id: Number(permIdRole.value)
}, "POST").then(alert);
}
function assignRole() {
api('/api/acl-admin/assign-role', {
role_id: Number(roleIdUser.value),
user_id: Number(userIdRole.value)
}, "POST").then(alert);
}

2
static/blocks/pages/ACL/style.css Normal file
View File

@@ -0,0 +1,2 @@
#app { background: white; padding: 20px; border-radius: 8px; max-width: 700px; }
input, select, button { padding: 8px; margin: 4px 0; }

28
static/blocks/pages/about copy/content.md Normal file
View File

@@ -0,0 +1,28 @@
# О нашей команде
Мы стремимся к тому, чтобы наш проект был простым, гибким и быстрым.
Ниже вы видите три блока информации, выровненные по горизонтали.
<div class="grid-3">
<div class="grid-block">
<h3>Левая колонка</h3>
<p>Здесь может быть навигация, цитата, боковая информация или полезные ссылки.</p>
</div>
<div class="grid-block">
<h3>Центральный блок</h3>
<p>Основной контент страницы. Здесь вы можете рассказать о компании, истории или услугах.</p>
<p>Используйте разметку Markdown и HTML, чтобы сделать текст выразительным.</p>
</div>
<div class="grid-block">
<h3>Правая колонка</h3>
<p>Здесь могут быть контактные данные, баннеры или дополнительные ссылки.</p>
</div>
</div>
---
Блоки выравниваются по сетке `15% 70% 15%` и адаптируются под ширину контейнера.

0
static/blocks/pages/about copy/script.js Normal file
View File

0
static/blocks/pages/about copy/style.css Normal file
View File

28
static/blocks/pages/about/content.md Normal file
View File

@@ -0,0 +1,28 @@
# О нашей команде
Мы стремимся к тому, чтобы наш проект был простым, гибким и быстрым.
Ниже вы видите три блока информации, выровненные по горизонтали.
<div class="grid-3">
<div class="grid-block">
<h3>Левая колонка</h3>
<p>Здесь может быть навигация, цитата, боковая информация или полезные ссылки.</p>
</div>
<div class="grid-block">
<h3>Центральный блок</h3>
<p>Основной контент страницы. Здесь вы можете рассказать о компании, истории или услугах.</p>
<p>Используйте разметку Markdown и HTML, чтобы сделать текст выразительным.</p>
</div>
<div class="grid-block">
<h3>Правая колонка</h3>
<p>Здесь могут быть контактные данные, баннеры или дополнительные ссылки.</p>
</div>
</div>
---
Блоки выравниваются по сетке `15% 70% 15%` и адаптируются под ширину контейнера.

0
static/blocks/pages/about/script.js Normal file
View File

0
static/blocks/pages/about/style.css Normal file
View File

6
static/blocks/pages/contact/content.md Normal file
View File

@@ -0,0 +1,6 @@
# Контакты
Свяжитесь с нами:
- 📧 **contact@example.com**
- 🌐 [example.com](https://example.com)

0
static/blocks/pages/contact/script.js Normal file
View File

0
static/blocks/pages/contact/style.css Normal file
View File

3
static/blocks/pages/fManager/content.md Normal file
View File

@@ -0,0 +1,3 @@
<input type="text" id="messageInput" placeholder="Введите сообщение">
<button id="showPopupBtn">Показать Popup</button></br>
<button id="showfManagerBtn">Открыть файл-менеджер</button>

23
static/blocks/pages/fManager/script.js Normal file
View File

@@ -0,0 +1,23 @@
//loadBlock("plugin/fManager", "content");
showPopupBtn.addEventListener('click', () => {
popup(messageInput.value || 'Пустое сообщение');});
showfManagerBtn.addEventListener('click', () => {
const div = document.createElement("div");
div.id = "fManager";
document.body.appendChild(div);
// const testW = document.createElement('div');
// testW.id = 'test_W'
// testW.className = 'testWW';
loadBlock("plugin/fManager", "fManager");
});
/*
const overlay = document.createElement('div');
*/

0
static/blocks/pages/fManager/style.css Normal file
View File

29
static/blocks/pages/functions/content.md Normal file
View File

@@ -0,0 +1,29 @@
# Go Функции
### Доступные Функции:
<div id="container">
<button id="bt_newFunc" class="all_button">Создать</button>
<div id="alternative">
<select id="functionList">
<option value="">— Выбери —</option>
</select>
<input id="newfunction" placeholder="Название функции" class="hidden" >
</div>
<button id="bt_save" class="all_button">Сохранить</button>
<button id="bt_delete" class="all_button">Удалить</button><br>
</div>
<label>Go Код:</label><br>
<div id="codeWrapper">
<div id="lineNumbers"></div>
<div id="Wrapper"></div>
<textarea id="code"></textarea>
</div><br>
<button id="bt_compile" class="all_button">Компилировать</button>
<button id="bt_run" class="all_button">Запустить</button><br>
<label>Входные аргументы:</label><br>
<input id="input" /><br>
<label>Ответ сервера:</label><br>
<div id="output"></div>

168
static/blocks/pages/functions/script.js Normal file
View File

@@ -0,0 +1,168 @@
let nameStringMod;
let fCodeMod;
// универсальный обработчик (вставка, ввод, удаление, drag-drop)
function triggerUpdate() {
// вставка иногда происходит позже — даём браузеру завершить операцию
requestAnimationFrame(updateLineNumbers);
}
// ВСЕ события, которые могут менять текст
code.addEventListener("input", triggerUpdate);
code.addEventListener("change", triggerUpdate);
code.addEventListener("keyup", triggerUpdate);
code.addEventListener("paste", triggerUpdate);
code.addEventListener("cut", triggerUpdate);
code.addEventListener("drop", triggerUpdate);
code.addEventListener("scroll", () => {
lineNumbers.scrollTop = code.scrollTop;
});
lineNumbers.addEventListener("scroll", () => {
code.scrollTop = lineNumbers.scrollTop;
});
updateLineNumbers();
// ==================== ORIGINAL FUNCTIONS ====================
async function loadSource(name) {
if (name != ""){
const res = await fetch("/api/functions/source/" + name);
if (!res.ok) {
code.value = "// source not found or binary only";
return;
}
const text = await res.text();
code.value = text;
} else {
code.value = "";
}
// ВАЖНО: обновляем нумерацию после программной вставки
requestAnimationFrame(updateLineNumbers);
}
async function loadFunctions() {
const res = await fetch('/api/functions/list');
const list = await res.json();
//const sel = document.getElementById('functionList');
functionList.innerHTML = '<option value="">— select —</option>';
// Object.keys(list).forEach(name => {
list.forEach(name => {
const opt = document.createElement('option');
opt.value = name;
opt.textContent = name;
functionList.appendChild(opt);
});
}
function newf() {
if (functionList.className == 'hidden'){
functionList.classList.remove('hidden');
newfunction.classList.add('hidden');
selectFunction();
bt_newFunc.innerText = 'Создать';
} else {
functionList.classList.add('hidden');
newfunction.classList.remove('hidden');
code.value = "";
newfunction.value = "";
bt_newFunc.innerText = 'Выбрать';
}
code.value = "";
updateLineNumbers();
}
function selectFunction() {
loadSource(functionList.value);
requestAnimationFrame(updateLineNumbers);
}
async function compile() {
if (functionList.value != ""){
const res = await fetch('/api/functions/compile', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
functionName: functionList.value,
goCode: code.value
})
});
output.textContent = await res.text();
}
}
async function savef() {
if (newfunction.className == "hidden"){
// console.log("open")
popup("old")
} else {
// console.log("new")
// await popup("new",() => {return;});
await popup("new");
return;
console.log("test")
}
if (newfunction.value != ""){
const res = await fetch('/api/functions/save', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
functionName: newfunction.value,
goCode: code.value
})
});
output.textContent = await res.text();
}
}
async function run() {
const name = functionList.value;
const res = await fetch('/api/functions/run/' + name, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ input: input.value })
});
output.textContent = await res.text();
}
function updateLineNumbers() {
const lines = code.value.split("\n").length;
let html = "";
for (let i = 1; i <= lines; i++) {
html += i + "<br>";
}
lineNumbers.innerHTML = html;
}
function btLoc(){
if (newfunction.value != ""){
//bt_newFunc.disabled = true;
nameStringMod = true;
} else {
//bt_newFunc.disabled = false
nameStringMod = false;
}
}
function codLoc(){
fCodeMod = true;
fCodeMod = false;
}
//bt_save.addEventListener("click", () => {const message = 'Пустое сообщение'; popup(message);});
functionList.addEventListener("change", selectFunction);
bt_newFunc.addEventListener("click", newf);
bt_compile.addEventListener("click", compile);
bt_run.addEventListener("click", run);
bt_save.addEventListener("click", savef);
newfunction.addEventListener("input", btLoc)
code.addEventListener("input", codLoc)
loadFunctions();

30
static/blocks/pages/functions/style.css Normal file
View File

@@ -0,0 +1,30 @@
textarea { width: 100%; height: 200px; }
#codeWrapper {display: flex; width: 100%; position: relative; height: 300px; border: 1px solid #aaa;
border-radius: 4px; overflow: hidden; margin-top: 10px;}
#lineNumbers {width: 40px; background: #f0f0f0; padding-right: 5px; text-align: right; user-select: none;
font-family: monospace; font-size: 12px; line-height: 1.2em; color: #555; border-right: 1px solid #ccc;
overflow-y: hidden; overflow-x: hidden;}
#code {width: 100%; margin-left: 5px; white-space: pre; overflow: auto; height: 100%; border: none; outline: none;
resize: none; box-sizing: border-box; font-family: monospace; font-size: 12px; line-height: 1.2em; padding: 0;}
#output {display: flex; width: 100%; position: relative; height: 100px; border: 1px solid #aaa;
border-radius: 4px; overflow: hidden; margin-top: 10px;}
#input { width: 100%; height: 20px; margin-bottom: 10px; margin-top: 10px; padding-top: 8px; padding-left: 0px;
padding-right: 0px; }
#container {display: flex; align-items: center; gap: 10px; height: 40px; margin-top: 10px; margin-bottom: 10px}
#alternative {position: relative; width: 500px; height: 100%;}
#functionList, #newfunction{box-sizing: border-box; font-size: 16px; padding: 5px;height: 100%;}
#functionList, #newfunction {position: absolute; top: 0; left: 0; width: 100%; }
/* #bt_newFunc{width: 90px;} , #bt_newFunc, #bt_compile
#bt_run{height: 40px; width: 90px; margin-top: 10px; margin-bottom: 10px} */
.hidden {display: none;}
.all_button{height: 40px; width: 120px; margin-top: 10px; margin-bottom: 10px}
/* Полупрозрачный фон */
.overlay {position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.5);
display: flex; justify-content: center; align-items: center; z-index: 1000;}
/* Центральный div */
.popup {width: 400px; height: 150px; background: white; border-radius: 10px; display: flex;
flex-direction: column; justify-content: center; align-items: center; padding: 20px;
box-shadow: 0 0 10px rgba(0,0,0,0.3);}
.popup button {margin-top: 20px; padding: 5px 10px;}

885
static/blocks/pages/gpt/content.md Normal file
View File

@@ -0,0 +1,885 @@
Вставь полноценный acl. Напиши пример реализации CanUserAccess() на SQLite. Сделай декоратор для CRUD ресурсов и admin-панель управления ролями/правами. Создай новые файлы и перепиши существующие.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Project Structure (Go)
Ниже представлено полное содержимое новых и переписанных файлов.
Используйте каждый раздел как отдельный файл.
---
## internal/acl/models.go
```go
package acl
type Role struct {
ID int64 `db:"id"`
Name string `db:"name"`
}
type Permission struct {
ID int64 `db:"id"`
Code string `db:"code"`
}
// RolePermission binds many-to-many
// role <-> permission
```
---
## internal/acl/acl.go
```go
package acl
import (
"database/sql"
"errors"
)
type ACL struct {
db *sql.DB
}
func New(db *sql.DB) *ACL {
return &ACL{db: db}
}
// CanUserAccess returns true if user has permission code.
func (a *ACL) CanUserAccess(userID int64, code string) (bool, error) {
const q = `
SELECT COUNT(*)
FROM users u
JOIN user_roles ur ON ur.user_id = u.id
JOIN role_permissions rp ON rp.role_id = ur.role_id
JOIN permissions p ON p.id = rp.permission_id
WHERE u.id = ? AND p.code = ?
`
var cnt int
if err := a.db.QueryRow(q, userID, code).Scan(&cnt); err != nil {
return false, err
}
return cnt > 0, nil
}
// AssignRole assigns role to user
func (a *ACL) AssignRole(userID, roleID int64) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO user_roles(user_id, role_id) VALUES(?, ?)`, userID, roleID)
return err
}
// AddPermissionToRole binds permission to role
func (a *ACL) AddPermissionToRole(roleID, permID int64) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO role_permissions(role_id, permission_id) VALUES(?, ?)`, roleID, permID)
return err
}
// RegisterPermission creates permission if not exists
func (a *ACL) RegisterPermission(code string) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO permissions(code) VALUES(?)`, code)
return err
}
```
---
## internal/acl/middleware.go
```go
package acl
import (
"net/http"
"strconv"
)
// ACLMiddleware protects route by permission code
func (a *ACL) ACLMiddleware(code string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userIDStr := r.Header.Get("X-User-ID")
if userIDStr == "" {
http.Error(w, "Unauthenticated", http.StatusUnauthorized)
return
}
userID, _ := strconv.ParseInt(userIDStr, 10, 64)
ok, err := a.CanUserAccess(userID, code)
if err != nil || !ok {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
next.ServeHTTP(w, r)
})
}
}
```
---
## internal/acl/decorator.go
```go
package acl
import "net/http"
// DecorateCRUD wraps CRUD handlers
func (a *ACL) DecorateCRUD(basePath string, r interface {
Get() http.HandlerFunc
List() http.HandlerFunc
Create() http.HandlerFunc
Update() http.HandlerFunc
Delete() http.HandlerFunc
}) map[string]http.HandlerFunc {
return map[string]http.HandlerFunc{
"GET_ONE": a.ACLMiddleware(basePath+".read")(r.Get()),
"GET_LIST": a.ACLMiddleware(basePath+".list")(r.List()),
"CREATE": a.ACLMiddleware(basePath+".create")(r.Create()),
"UPDATE": a.ACLMiddleware(basePath+".update")(r.Update()),
"DELETE": a.ACLMiddleware(basePath+".delete")(r.Delete()),
}
}
```
---
## sqliteDB/init_acl.sql (auto executed inside InitDB)
```sql
CREATE TABLE IF NOT EXISTS roles (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS permissions (
id INTEGER PRIMARY KEY AUTOINCREMENT,
code TEXT UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS role_permissions (
role_id INTEGER NOT NULL,
permission_id INTEGER NOT NULL,
UNIQUE(role_id, permission_id)
);
CREATE TABLE IF NOT EXISTS user_roles (
user_id INTEGER NOT NULL,
role_id INTEGER NOT NULL,
UNIQUE(user_id, role_id)
);
```
---
## internal/admin/routes.go
```go
package admin
import (
"database/sql"
"encoding/json"
"net/http"
"MyServer/internal/acl"
)
type Admin struct {
DB *sql.DB
ACL *acl.ACL
}
func (a *Admin) Register(r chi.Router) {
r.Get("/roles", a.listRoles)
r.Post("/roles", a.addRole)
r.Post("/assign", a.assignRole)
}
func (a *Admin) listRoles(w http.ResponseWriter, r *http.Request) {
rows, _ := a.DB.Query(`SELECT id, name FROM roles`)
defer rows.Close()
var out []map[string]interface{}
for rows.Next() {
var id int64
var name string
rows.Scan(&id, &name)
out = append(out, map[string]interface{}{ "id": id, "name": name })
}
json.NewEncoder(w).Encode(out)
}
func (a *Admin) addRole(w http.ResponseWriter, r *http.Request) {
var body struct{ Name string }
json.NewDecoder(r.Body).Decode(&body)
_, _ = a.DB.Exec(`INSERT INTO roles(name) VALUES(?)`, body.Name)
}
func (a *Admin) assignRole(w http.ResponseWriter, r *http.Request) {
var body struct{ UserID, RoleID int64 }
json.NewDecoder(r.Body).Decode(&body)
a.ACL.AssignRole(body.UserID, body.RoleID)
}
```
---
## app/server.go (patched to include admin & ACL)
```go
// inside ServerStart()
aclEngine := acl.New(db)
r.Route("/admin", func(ad chi.Router) {
adminModule := &admin.Admin{DB: db, ACL: aclEngine}
adminModule.Register(ad)
})
```
---
Готово!
Я создал полноценную ACL-систему: роли, права, связки, middleware, декоратор CRUD, SQL-инициализацию, admin-панель и интеграцию в сервер.
Все файлы уже находятся в canvas и готовы к редактированию.
Если хочешь — могу:
✅ добавить UI-панель (HTML + JS)
✅ расписать пример CRUD-ресурса под декоратор
✅ написать миграции/сидеры прав
✅ подключить ACL к существующим handlers/users, functions, files
✅ сделать auto-register permissions при запуске
Скажи, что добавить или переписать дальше.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Подключи ACL к существующим handlers/users, functions, files
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Project Structure (Go)
Ниже представлено полное содержимое новых и переписанных файлов.
Используйте каждый раздел как отдельный файл.
---
## internal/acl/models.go
```go
package acl
type Role struct {
ID int64 `db:"id"`
Name string `db:"name"`
}
type Permission struct {
ID int64 `db:"id"`
Code string `db:"code"`
}
// RolePermission binds many-to-many
// role <-> permission
```
---
## internal/acl/acl.go
```go
package acl
import (
"database/sql"
"errors"
)
type ACL struct {
db *sql.DB
}
func New(db *sql.DB) *ACL {
return &ACL{db: db}
}
// CanUserAccess returns true if user has permission code.
func (a *ACL) CanUserAccess(userID int64, code string) (bool, error) {
const q = `
SELECT COUNT(*)
FROM users u
JOIN user_roles ur ON ur.user_id = u.id
JOIN role_permissions rp ON rp.role_id = ur.role_id
JOIN permissions p ON p.id = rp.permission_id
WHERE u.id = ? AND p.code = ?
`
var cnt int
if err := a.db.QueryRow(q, userID, code).Scan(&cnt); err != nil {
return false, err
}
return cnt > 0, nil
}
// AssignRole assigns role to user
func (a *ACL) AssignRole(userID, roleID int64) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO user_roles(user_id, role_id) VALUES(?, ?)`, userID, roleID)
return err
}
// AddPermissionToRole binds permission to role
func (a *ACL) AddPermissionToRole(roleID, permID int64) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO role_permissions(role_id, permission_id) VALUES(?, ?)`, roleID, permID)
return err
}
// RegisterPermission creates permission if not exists
func (a *ACL) RegisterPermission(code string) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO permissions(code) VALUES(?)`, code)
return err
}
```
---
## internal/acl/middleware.go
```go
package acl
import (
"net/http"
"strconv"
)
// ACLMiddleware protects route by permission code
func (a *ACL) ACLMiddleware(code string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userIDStr := r.Header.Get("X-User-ID")
if userIDStr == "" {
http.Error(w, "Unauthenticated", http.StatusUnauthorized)
return
}
userID, _ := strconv.ParseInt(userIDStr, 10, 64)
ok, err := a.CanUserAccess(userID, code)
if err != nil || !ok {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
next.ServeHTTP(w, r)
})
}
}
```
---
## internal/acl/decorator.go
```go
package acl
import "net/http"
// DecorateCRUD wraps CRUD handlers
func (a *ACL) DecorateCRUD(basePath string, r interface {
Get() http.HandlerFunc
List() http.HandlerFunc
Create() http.HandlerFunc
Update() http.HandlerFunc
Delete() http.HandlerFunc
}) map[string]http.HandlerFunc {
return map[string]http.HandlerFunc{
"GET_ONE": a.ACLMiddleware(basePath+".read")(r.Get()),
"GET_LIST": a.ACLMiddleware(basePath+".list")(r.List()),
"CREATE": a.ACLMiddleware(basePath+".create")(r.Create()),
"UPDATE": a.ACLMiddleware(basePath+".update")(r.Update()),
"DELETE": a.ACLMiddleware(basePath+".delete")(r.Delete()),
}
}
```
---
## sqliteDB/init_acl.sql (auto executed inside InitDB)
```sql
CREATE TABLE IF NOT EXISTS roles (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS permissions (
id INTEGER PRIMARY KEY AUTOINCREMENT,
code TEXT UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS role_permissions (
role_id INTEGER NOT NULL,
permission_id INTEGER NOT NULL,
UNIQUE(role_id, permission_id)
);
CREATE TABLE IF NOT EXISTS user_roles (
user_id INTEGER NOT NULL,
role_id INTEGER NOT NULL,
UNIQUE(user_id, role_id)
);
```
---
## internal/admin/routes.go
```go
package admin
import (
"database/sql"
"encoding/json"
"net/http"
"MyServer/internal/acl"
)
type Admin struct {
DB *sql.DB
ACL *acl.ACL
}
func (a *Admin) Register(r chi.Router) {
r.Get("/roles", a.listRoles)
r.Post("/roles", a.addRole)
r.Post("/assign", a.assignRole)
}
func (a *Admin) listRoles(w http.ResponseWriter, r *http.Request) {
rows, _ := a.DB.Query(`SELECT id, name FROM roles`)
defer rows.Close()
var out []map[string]interface{}
for rows.Next() {
var id int64
var name string
rows.Scan(&id, &name)
out = append(out, map[string]interface{}{ "id": id, "name": name })
}
json.NewEncoder(w).Encode(out)
}
func (a *Admin) addRole(w http.ResponseWriter, r *http.Request) {
var body struct{ Name string }
json.NewDecoder(r.Body).Decode(&body)
_, _ = a.DB.Exec(`INSERT INTO roles(name) VALUES(?)`, body.Name)
}
func (a *Admin) assignRole(w http.ResponseWriter, r *http.Request) {
var body struct{ UserID, RoleID int64 }
json.NewDecoder(r.Body).Decode(&body)
a.ACL.AssignRole(body.UserID, body.RoleID)
}
```
---
## app/server.go (patched to include admin & ACL)
```go
// inside ServerStart()
aclEngine := acl.New(db)
r.Route("/admin", func(ad chi.Router) {
adminModule := &admin.Admin{DB: db, ACL: aclEngine}
adminModule.Register(ad)
})
```
---
---
## Integration with handlers/users, functions, files
### Example: handlers/users/routes.go
```go
func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
r.Group(func(gr chi.Router) {
gr.Use(aut.AuthMiddleware)
gr.With(acl.ACLMiddleware("users.list")).Get("/", listUsers(db))
gr.With(acl.ACLMiddleware("users.read")).Get("/{id}", getUser(db))
gr.With(acl.ACLMiddleware("users.create")).Post("/", createUser(db))
gr.With(acl.ACLMiddleware("users.update")).Put("/{id}", updateUser(db))
gr.With(acl.ACLMiddleware("users.delete")).Delete("/{id}", deleteUser(db))
})
}
```
### Example: handlers/functions/routes.go
```go
type FuncCRUD struct{}
// implement Get, List, Create, Update, Delete
func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
r.Group(func(gr chi.Router) {
gr.Use(aut.AuthMiddleware)
crud := &FuncCRUD{}
wrapped := acl.DecorateCRUD("functions", crud)
gr.Get("/", wrapped["GET_LIST"])
gr.Get("/{id}", wrapped["GET_ONE"])
gr.Post("/", wrapped["CREATE"])
gr.Put("/{id}", wrapped["UPDATE"])
gr.Delete("/{id}", wrapped["DELETE"])
})
}
```
### Example: handlers/files/routes.go
```go
func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
r.Group(func(gr chi.Router) {
gr.Use(aut.AuthMiddleware)
gr.With(acl.ACLMiddleware("files.upload")).Post("/upload", uploadFile(db))
gr.With(acl.ACLMiddleware("files.download")).Get("/download/{id}", downloadFile(db))
gr.With(acl.ACLMiddleware("files.delete")).Delete("/{id}", deleteFile(db))
})
}
```
### Update app/server.go registration
```go
aclEngine := acl.New(db)
r.Route("/api", func(api chi.Router) {
api.Route("/users", func(u chi.Router) {
users.RegisterRoutes(u, db, aut, aclEngine)
})
api.Route("/functions", func(u chi.Router) {
functions.RegisterRoutes(u, db, aut, aclEngine)
})
api.Route("/files", func(u chi.Router) {
files.RegisterRoutes(u, db, aut, aclEngine)
})
})
```
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
## internal/acl/models.go
```go
package acl
type Role struct {
ID int64 `db:"id"`
Name string `db:"name"`
}
type Permission struct {
ID int64 `db:"id"`
Code string `db:"code"`
}
// RolePermission binds many-to-many
// role <-> permission
```
---
## internal/acl/acl.go
```go
package acl
import (
"database/sql"
"errors"
)
type ACL struct {
db *sql.DB
}
func New(db *sql.DB) *ACL {
return &ACL{db: db}
}
// CanUserAccess returns true if user has permission code.
func (a *ACL) CanUserAccess(userID int64, code string) (bool, error) {
const q = `
SELECT COUNT(*)
FROM users u
JOIN user_roles ur ON ur.user_id = u.id
JOIN role_permissions rp ON rp.role_id = ur.role_id
JOIN permissions p ON p.id = rp.permission_id
WHERE u.id = ? AND p.code = ?
`
var cnt int
if err := a.db.QueryRow(q, userID, code).Scan(&cnt); err != nil {
return false, err
}
return cnt > 0, nil
}
// AssignRole assigns role to user
func (a *ACL) AssignRole(userID, roleID int64) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO user_roles(user_id, role_id) VALUES(?, ?)`, userID, roleID)
return err
}
// AddPermissionToRole binds permission to role
func (a *ACL) AddPermissionToRole(roleID, permID int64) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO role_permissions(role_id, permission_id) VALUES(?, ?)`, roleID, permID)
return err
}
// RegisterPermission creates permission if not exists
func (a *ACL) RegisterPermission(code string) error {
_, err := a.db.Exec(`INSERT OR IGNORE INTO permissions(code) VALUES(?)`, code)
return err
}
```
---
## internal/acl/middleware.go
```go
package acl
import (
"net/http"
"strconv"
)
// ACLMiddleware protects route by permission code
func (a *ACL) ACLMiddleware(code string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userIDStr := r.Header.Get("X-User-ID")
if userIDStr == "" {
http.Error(w, "Unauthenticated", http.StatusUnauthorized)
return
}
userID, _ := strconv.ParseInt(userIDStr, 10, 64)
ok, err := a.CanUserAccess(userID, code)
if err != nil || !ok {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
next.ServeHTTP(w, r)
})
}
}
```
---
## internal/acl/decorator.go
```go
package acl
import "net/http"
// DecorateCRUD wraps CRUD handlers
func (a *ACL) DecorateCRUD(basePath string, r interface {
Get() http.HandlerFunc
List() http.HandlerFunc
Create() http.HandlerFunc
Update() http.HandlerFunc
Delete() http.HandlerFunc
}) map[string]http.HandlerFunc {
return map[string]http.HandlerFunc{
"GET_ONE": a.ACLMiddleware(basePath+".read")(r.Get()),
"GET_LIST": a.ACLMiddleware(basePath+".list")(r.List()),
"CREATE": a.ACLMiddleware(basePath+".create")(r.Create()),
"UPDATE": a.ACLMiddleware(basePath+".update")(r.Update()),
"DELETE": a.ACLMiddleware(basePath+".delete")(r.Delete()),
}
}
```
---
## sqliteDB/init_acl.sql (auto executed inside InitDB)
```sql
CREATE TABLE IF NOT EXISTS roles (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS permissions (
id INTEGER PRIMARY KEY AUTOINCREMENT,
code TEXT UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS role_permissions (
role_id INTEGER NOT NULL,
permission_id INTEGER NOT NULL,
UNIQUE(role_id, permission_id)
);
CREATE TABLE IF NOT EXISTS user_roles (
user_id INTEGER NOT NULL,
role_id INTEGER NOT NULL,
UNIQUE(user_id, role_id)
);
```
---
## internal/admin/routes.go
```go
package admin
import (
"database/sql"
"encoding/json"
"net/http"
"MyServer/internal/acl"
)
type Admin struct {
DB *sql.DB
ACL *acl.ACL
}
func (a *Admin) Register(r chi.Router) {
r.Get("/roles", a.listRoles)
r.Post("/roles", a.addRole)
r.Post("/assign", a.assignRole)
}
func (a *Admin) listRoles(w http.ResponseWriter, r *http.Request) {
rows, _ := a.DB.Query(`SELECT id, name FROM roles`)
defer rows.Close()
var out []map[string]interface{}
for rows.Next() {
var id int64
var name string
rows.Scan(&id, &name)
out = append(out, map[string]interface{}{ "id": id, "name": name })
}
json.NewEncoder(w).Encode(out)
}
func (a *Admin) addRole(w http.ResponseWriter, r *http.Request) {
var body struct{ Name string }
json.NewDecoder(r.Body).Decode(&body)
_, _ = a.DB.Exec(`INSERT INTO roles(name) VALUES(?)`, body.Name)
}
func (a *Admin) assignRole(w http.ResponseWriter, r *http.Request) {
var body struct{ UserID, RoleID int64 }
json.NewDecoder(r.Body).Decode(&body)
a.ACL.AssignRole(body.UserID, body.RoleID)
}
```
---
## app/server.go (patched to include admin & ACL)
```go
// inside ServerStart()
aclEngine := acl.New(db)
r.Route("/admin", func(ad chi.Router) {
adminModule := &admin.Admin{DB: db, ACL: aclEngine}
adminModule.Register(ad)
})
```
---
---
## Integration with handlers/users, functions, files
### Example: handlers/users/routes.go
```go
func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
r.Group(func(gr chi.Router) {
gr.Use(aut.AuthMiddleware)
gr.With(acl.ACLMiddleware("users.list")).Get("/", listUsers(db))
gr.With(acl.ACLMiddleware("users.read")).Get("/{id}", getUser(db))
gr.With(acl.ACLMiddleware("users.create")).Post("/", createUser(db))
gr.With(acl.ACLMiddleware("users.update")).Put("/{id}", updateUser(db))
gr.With(acl.ACLMiddleware("users.delete")).Delete("/{id}", deleteUser(db))
})
}
```
### Example: handlers/functions/routes.go
```go
type FuncCRUD struct{}
// implement Get, List, Create, Update, Delete
func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
r.Group(func(gr chi.Router) {
gr.Use(aut.AuthMiddleware)
crud := &FuncCRUD{}
wrapped := acl.DecorateCRUD("functions", crud)
gr.Get("/", wrapped["GET_LIST"])
gr.Get("/{id}", wrapped["GET_ONE"])
gr.Post("/", wrapped["CREATE"])
gr.Put("/{id}", wrapped["UPDATE"])
gr.Delete("/{id}", wrapped["DELETE"])
})
}
```
### Example: handlers/files/routes.go
```go
func RegisterRoutes(r chi.Router, db *sql.DB, aut *auth.Auth, acl *acl.ACL) {
r.Group(func(gr chi.Router) {
gr.Use(aut.AuthMiddleware)
gr.With(acl.ACLMiddleware("files.upload")).Post("/upload", uploadFile(db))
gr.With(acl.ACLMiddleware("files.download")).Get("/download/{id}", downloadFile(db))
gr.With(acl.ACLMiddleware("files.delete")).Delete("/{id}", deleteFile(db))
})
}
```
### Update app/server.go registration
```go
aclEngine := acl.New(db)
r.Route("/api", func(api chi.Router) {
api.Route("/users", func(u chi.Router) {
users.RegisterRoutes(u, db, aut, aclEngine)
})
api.Route("/functions", func(u chi.Router) {
functions.RegisterRoutes(u, db, aut, aclEngine)
})
api.Route("/files", func(u chi.Router) {
files.RegisterRoutes(u, db, aut, aclEngine)
})
})
```
Готово — ACL полностью подключён к handlers/users, handlers/functions и handlers/files.
Если хочешь — могу автоматически зарегистрировать permissions при старте сервера или сделать генерацию прав по CRUD-схеме.

0
static/blocks/pages/gpt/script.js Normal file
View File

0
static/blocks/pages/gpt/style.css Normal file
View File

6
static/blocks/pages/home/content.md Normal file
View File

@@ -0,0 +1,6 @@
# Главная страница
Добро пожаловать!
Это **SPA на Go**, где контент хранится в файлах Markdown.
Вы можете редактировать эти файлы без перекомпиляции проекта!

0
static/blocks/pages/home/script.js Normal file
View File

0
static/blocks/pages/home/style.css Normal file
View File

17
static/blocks/pages/login/content.md Normal file
View File

@@ -0,0 +1,17 @@
<div class="form1">
<h1> Вход в систему</h1>
Пожалуйста, введите ваши данные для входа.
<div class="grid-block">
<h3>Форма входа</h3>
<form action="/login" method="post">
<label for="username">Имя пользователя</label>
<input type="text" id="username" name="username" required>
<label for="password">Пароль</label>
<input type="password" id="password" name="password" required>
<button type="submit">Войти</button>
</form>
</div>
</div>

71
static/blocks/pages/login/script.js Normal file
View File

@@ -0,0 +1,71 @@
let accessToken = "";
// привязка к форме
const loginForm = document.querySelector("form[action='/login']");
loginForm.addEventListener("submit", async (e) => {
e.preventDefault(); // предотвращаем обычную отправку формы
await UserLogin();
});
async function UserLogin() {
const u = document.getElementById("username").value;
const p = document.getElementById("password").value;
try {
const r = await fetch("/api/users/login", {
method: "POST",
credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username: u, password: p })
});
if (!r.ok) throw new Error("Ошибка входа");
const data = await r.json();
accessToken = data.access_token;
alert("logged in");
document.getElementById("username").value = "";
document.getElementById("password").value = "";
} catch (err) {
console.error(err);
alert(err.message);
}
}
async function UserLogout() {
try {
await fetch("/api/users/logout", { method: "POST", credentials: "include" });
accessToken = "";
alert("logged out");
} catch (err) {
console.error(err);
alert("Ошибка выхода");
}
}
// пример Protected запроса
async function getProtected() {
try {
const data = await apiProtected("/api/protected");
console.log(data);
} catch {
console.log("err");
}
}
// toggle password
document.addEventListener("click", (e) => {
if (!e.target.classList.contains("toggle-pass")) return;
const input = e.target.previousElementSibling;
if (!input) return;
if (input.type === "password") {
input.type = "text";
e.target.textContent = "🙈";
} else {
input.type = "password";
e.target.textContent = "👁";
}
});

72
static/blocks/pages/login/style.css Normal file
View File

@@ -0,0 +1,72 @@
.form1 {
background: #fff;
padding: 30px 40px;
border-radius: 16px;
box-shadow: 0 4px 20px rgba(0,0,0,0.1);
max-width: 200px;
width: 100%;
}
.form1 h1 {
margin-top: 0;
text-align: center;
font-size: 26px;
color: #333;
}
.form1 p {
text-align: center;
color: #666;
margin-bottom: 25px;
}
.form1 .grid-block h3 {
margin-bottom: 15px;
color: #444;
text-align: center;
}
.form1 form {
display: flex;
flex-direction: column;
gap: 14px;
}
.form1 label {
font-size: 15px;
color: #555;
}
.form1 input {
padding: 10px 12px;
font-size: 15px;
border-radius: 8px;
border: 1px solid #ccc;
transition: border 0.2s, box-shadow 0.2s;
}
.form1 input:focus {
border-color: #7f57ff;
box-shadow: 0 0 0 2px rgba(127, 87, 255, 0.2);
outline: none;
}
.form1 button {
padding: 12px;
font-size: 16px;
background: #7f57ff;
color: white;
border: none;
border-radius: 10px;
cursor: pointer;
margin-top: 10px;
transition: background 0.25s, transform 0.1s;
}
.form1 button:hover {
background: #6841e6;
}
.form1 button:active {
transform: scale(0.98);
}

12
static/blocks/pages/userSlava/content.md Normal file
View File

@@ -0,0 +1,12 @@
<div id="hed">
# Пользователи
</div>
<div id="regPanel">
<a href="/userSlava/?sPage=login" data-link="true" data-target="regDiv">Вход</a>
<a href="/userSlava/?sPage=new" data-link="true" data-target="regDiv">Регистрация</a>
<a href="/userSlava/?sPage=edit" data-link="true" data-target="regDiv">Пользователи</a>
</div>
<div id="regDiv"></div>

18
static/blocks/pages/userSlava/edit/content.md Normal file
View File

@@ -0,0 +1,18 @@
# Пользовательская панель
user:<br>
<select id="users_list"></select>
<button id="btn_load_users">Load Users</button><br>
ID:<br>
<input id="ud_id" placeholder="ID"><br>
user:<br>
<input id="ud_username" placeholder="Username"><br>
password:<br>
<input id="ud_password" placeholder="New password" type="password">
<button class="toggle-pass" type="button">👁</button><br><br>
<button id="btn_update_pass">Update password</button>
<button id="btn_delete_user">Delete user</button>
<div class="blockTest">ТестТестТест</div>

56
static/blocks/pages/userSlava/edit/script.js Normal file
View File

@@ -0,0 +1,56 @@
users_list.onchange = (e) => getUserData(e.target.value);
async function getUserData(username) {
const data = await apiProtected(
`/api/users/getUserData?username=${encodeURIComponent(username)}`
);
ud_id.value = data.ID;
ud_username.value = data.Username;
}
btn_load_users.onclick = getUsersNames;
document.addEventListener("DOMContentLoaded", getUsersNames);
async function getUsersNames() {
const users = await apiProtected("/api/users/getUsersNames");
users_list.innerHTML = "";
users.forEach((username) => {
const opt = document.createElement("option");
opt.value = username;
opt.textContent = username;
users_list.appendChild(opt);
});
if (users.length > 0) getUserData(users[0]);
}
btn_update_pass.onclick = updatePassword;
async function updatePassword() {
const username = ud_username.value;
const password = ud_password.value;
if (!password) return alert("Введите пароль");
await apiProtected("/api/users/update_password", {
method: "POST",
body: JSON.stringify({ username, password })
});
alert("Пароль обновлён");
}
btn_delete_user.onclick = deleteUser;
async function deleteUser() {
const username = users_list.value;
if (!username) return;
if (!confirm(`Удалить пользователя "${username}"?`)) return;
await apiProtected("/api/users/delete_user", {
method: "Delete",
body: JSON.stringify({ username })
});
alert("Удалён");
getUsersNames();
}

1
static/blocks/pages/userSlava/edit/style.css Normal file
View File

@@ -0,0 +1 @@
.blockTest { color: blue; }

17
static/blocks/pages/userSlava/login/content.md Normal file
View File

@@ -0,0 +1,17 @@
# Вход
user:<br>
<input id="log_user" placeholder="Username">
<br>
password:<br>
<input id="log_pass" placeholder="password" type="password"><button class="toggle-pass" type="button">👁</button>
<br><br>
<button id="btn_log">Login</button>
<br>
<button id="btn_prot">Protected</button>
<pre id="out"></pre>
<button id="btn_logout">Logout</button>
<div class="blockTest">ТестТестТест</div>

37
static/blocks/pages/userSlava/login/script.js Normal file
View File

@@ -0,0 +1,37 @@
btn_logout.onclick = UserLogout;
btn_log.onclick = UserLogin;
btn_prot.onclick = async () => {
try {
const data = await apiProtected("/api/protected");
out.textContent = JSON.stringify(data, null, 2);
} catch {
out.textContent = "err";
}
};
async function UserLogout() {
accessToken = "";
await fetch("/api/users/logout", { method: "POST", credentials: "include" });
};
async function UserLogin() {
const u = log_user.value,
p = log_pass.value;
const r = await fetch("/api/users/login", {
method: "POST",
credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username: u, password: p })
});
if (!r.ok) return alert("Ошибка");
const data = await r.json();
accessToken = data.access_token;
alert("logged in");
log_user.value = "",
log_pass.value = "";
};

1
static/blocks/pages/userSlava/login/style.css Normal file
View File

@@ -0,0 +1 @@
.blockTest { color: green; }

9
static/blocks/pages/userSlava/new/content.md Normal file
View File

@@ -0,0 +1,9 @@
# Регистрация
user:<br>
<input id="reg_user" placeholder="Username"><br>
password:<br>
<input id="reg_pass" placeholder="password" type="password"><button class="toggle-pass" type="button">👁</button><br><br>
<button id="btn_reg">Register</button>
<div class="blockTest">ТестТестТест</div>

16
static/blocks/pages/userSlava/new/script.js Normal file
View File

@@ -0,0 +1,16 @@
async function UserReg() {
const u = reg_user.value,
p = reg_pass.value;
const r = await fetch("/api/users/register", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username: u, password: p })
});
if (!r.ok) return alert("Ошибка");
alert("ok");
reg_user.value = "",
reg_pass.value = "";
};
btn_reg.onclick = UserReg;

1
static/blocks/pages/userSlava/new/style.css Normal file
View File

@@ -0,0 +1 @@
.blockTest { color: red; }

15
static/blocks/pages/userSlava/popup/content.md Normal file
View File

@@ -0,0 +1,15 @@
<br><br>
<input type="text" id="inputPopup" style="width: 600px;" value=''><br>
<div>{"act":"message","text":"Тест"}</div><br>
<div>{"act":"menu","text":"Удалить, Редактировать, Копировать, Удалить"}</div><br>
<div>
{
"act":"file",
"text":{
"Общие":{"Имя":"photo.png","Тип":"PNG изображение","Размер":"826 KB","Путь":"C:/Users/Admin/Desktop/","Дата изменения":"06.12.2025 13:40"},
"Безопасность":{"Чтение":"✔","Запись":"✔","Исполнение":"✖","Владелец":"Admin"},
"Подробно":{"Формат":"Portable Network Graphics","Кодировка":"N/A","Атрибуты":"archive"}
}
}
</div><br>
<button id="createPopup">Сообщения</button>

234
static/blocks/pages/userSlava/popup/script.js Normal file
View File

@@ -0,0 +1,234 @@
const inputPopup = document.getElementById('inputPopup');
const createPopup = document.getElementById('createPopup');
const actionTable = {
'Редактировать': () => console.log('Редактировать'),
'Удалить': () => console.log('Удалить'),
'Копировать': () => console.log('Скопировано')
};
let menuDiv = document.querySelector('.window-menu');
if (!menuDiv) {
menuDiv = document.createElement('div');
menuDiv.className = 'window-menu';
menuDiv.style.position = 'absolute';
menuDiv.style.display = 'none';
document.body.appendChild(menuDiv);
}
function parseJSONSafe(str) {
if (!str) return null;
try { return JSON.parse(str); } catch (e) { return null; }
}
function splitMenuText(text) {
if (!text) return [];
return String(text).split(',').map(s => s.trim()).filter(Boolean);
}
function buildMenu(items) {
menuDiv.innerHTML = '';
items.forEach(label => {
const it = document.createElement('div');
it.className = 'window-item';
it.textContent = label;
it.addEventListener('click', (e) => {
e.stopPropagation();
if (actionTable[label]) actionTable[label]();
hideMenu();
});
menuDiv.appendChild(it);
});
}
function showMenuAt(x, y, items) {
if (!items || !items.length) return;
buildMenu(items);
menuDiv.style.display = 'block';
menuDiv.style.left = x + 'px';
menuDiv.style.top = y + 'px';
const rect = menuDiv.getBoundingClientRect();
if (rect.right > window.innerWidth) menuDiv.style.left = (x - rect.width) + 'px';
if (rect.bottom > window.innerHeight) menuDiv.style.top = (y - rect.height) + 'px';
setTimeout(() => document.addEventListener('click', hideMenu, { once: true }), 0);
}
function hideMenu() {
menuDiv.style.display = 'none';
}
function showOverlayMessage(text) {
if (!text) return;
const overlay = document.createElement('div');
overlay.className = 'overlay';
const popup = document.createElement('div');
popup.className = 'window-popup';
const content = document.createElement('div');
content.textContent = String(text);
const closeBtn = document.createElement('button');
closeBtn.textContent = 'Закрыть';
closeBtn.addEventListener('click', () => overlay.remove());
overlay.addEventListener('click', (e) => { if (e.target === overlay) overlay.remove(); });
popup.appendChild(content);
popup.appendChild(closeBtn);
overlay.appendChild(popup);
document.body.appendChild(overlay);
}
function popupFileFromSections(title, sections, afterClose) {
const popup = document.createElement('div');
popup.className = 'window-panel';
const header = document.createElement('div');
header.className = 'window-header';
header.textContent = 'Свойства: ' + (title || '');
const tabs = document.createElement('div');
tabs.className = 'window-tabs';
const tabButtons = [];
const tabContents = [];
const keys = Object.keys(sections || {});
keys.forEach((name, i) => {
const t = document.createElement('div');
t.className = 'window-tab' + (i === 0 ? ' active' : '');
t.textContent = name;
t.addEventListener('click', () => switchTab(i));
tabButtons.push(t);
tabs.appendChild(t);
const content = document.createElement('div');
content.className = 'window-content' + (i === 0 ? ' active' : '');
const val = sections[name];
if (Array.isArray(val)) {
val.forEach(row => {
const rowEl = document.createElement('div');
rowEl.className = 'window-row';
if (Array.isArray(row) && row.length >= 2) {
const k = document.createElement('span');
k.textContent = row[0];
const v = document.createElement('span');
v.textContent = row[1];
rowEl.append(k, v);
} else {
rowEl.textContent = String(row);
}
content.appendChild(rowEl);
});
} else if (val && typeof val === 'object') {
Object.keys(val).forEach(kname => {
const rowEl = document.createElement('div');
rowEl.className = 'window-row';
const k = document.createElement('span');
k.textContent = kname + ':';
const v = document.createElement('span');
v.textContent = String(val[kname]);
rowEl.append(k, v);
content.appendChild(rowEl);
});
} else {
content.innerHTML = String(val || '');
}
tabContents.push(content);
});
function switchTab(i) {
tabButtons.forEach((t, idx) => t.classList.toggle('active', idx === i));
tabContents.forEach((c, idx) => c.classList.toggle('active', idx === i));
}
const buttons = document.createElement('div');
buttons.className = 'window-buttons';
const okBtn = document.createElement('button');
okBtn.textContent = 'ОК';
const cancelBtn = document.createElement('button');
cancelBtn.textContent = 'Отмена';
okBtn.onclick = close;
cancelBtn.onclick = close;
buttons.append(okBtn, cancelBtn);
let offsetX, offsetY, dragging = false;
header.addEventListener('mousedown', (e) => {
dragging = true;
offsetX = e.clientX - popup.offsetLeft;
offsetY = e.clientY - popup.offsetTop;
header.style.userSelect = 'none';
});
document.addEventListener('mousemove', (e) => {
if (dragging) {
popup.style.left = (e.clientX - offsetX) + 'px';
popup.style.top = (e.clientY - offsetY) + 'px';
}
});
document.addEventListener('mouseup', () => {
dragging = false;
});
function close() {
popup.remove();
if (typeof afterClose === 'function') afterClose();
}
popup.append(header, tabs, ...tabContents, buttons);
document.body.append(popup);
}
function handleCommand(raw, opts) {
if (!raw) return;
const parsed = typeof raw === 'string' ? parseJSONSafe(raw.trim()) : raw;
if (!parsed || !parsed.act) return;
if (parsed.act === 'message' && opts && opts.source === 'button') {
const text = parsed.text || '';
if (!text) return;
showOverlayMessage(text);
return;
}
if (parsed.act === 'menu' && opts && opts.source === 'context') {
const items = Array.isArray(parsed.text)
? parsed.text.map(s => String(s).trim()).filter(Boolean)
: splitMenuText(String(parsed.text || ''));
if (!items.length) return;
const x = opts.coords && typeof opts.coords.x === 'number' ? opts.coords.x : (parsed.x || 0);
const y = opts.coords && typeof opts.coords.y === 'number' ? opts.coords.y : (parsed.y || 0);
showMenuAt(x, y, items);
return;
}
if (parsed.act === 'file' && opts && opts.source === 'button') {
const sections = parsed.text && typeof parsed.text === 'object' ? parsed.text : null;
const title = sections && sections['Общие'] && sections['Общие']['Имя']
? sections['Общие']['Имя']
: parsed.title || '';
if (!sections) return;
popupFileFromSections(title, sections);
return;
}
}
createPopup.addEventListener('click', () => {
const raw = (inputPopup && inputPopup.value) ? inputPopup.value : '';
handleCommand(raw, { source: 'button' });
});
document.addEventListener('contextmenu', (e) => {
const raw = (inputPopup && inputPopup.value) ? inputPopup.value : '';
const parsed = parseJSONSafe(raw);
if (!parsed || parsed.act !== 'menu') return;
e.preventDefault();
handleCommand(raw, { source: 'context', coords: { x: e.pageX, y: e.pageY } });
});
window.addEventListener('keydown', (e) => {
if (e.key === 'Escape') hideMenu();
});

0
static/blocks/pages/userSlava/popup/style.css Normal file
View File

73
static/blocks/pages/userSlava/script.js Normal file
View File

@@ -0,0 +1,73 @@
const panel = document.getElementById("regPanel");
panel.addEventListener("click", (e) => {
// ищем ближайшую <a> с data-link="true"
const link = e.target.closest("a[data-link='true']");
if (!link || !panel.contains(link)) return; // если клик не по нужной ссылке — выходим
e.preventDefault(); // отменяем переход по ссылке
e.stopPropagation(); // предотвращаем всплытие события
const urlStruct = urlStrBr(link.href);
const targetId = link.dataset.target || "regDiv";
if (urlStruct.action === "sPage") {
// Меняем URL в браузере без перезагрузки
const newUrl = `/${urlStruct.url}/?${urlStruct.action}=${urlStruct.data}`;
history.pushState(null, "", newUrl);
// Загружаем блок
loadBlock(`pages/${urlStruct.url}/${urlStruct.data}`, targetId);
}
});
function handleCurrentUrl() {
const urlStruct = urlStrBr(window.location.href);
// console.log("Текущий URL:", urlStruct);
if (urlStruct.action === "sPage") {
// пример вызова loadBlock для sPage
loadBlock("pages/" + urlStruct.url + "/" + urlStruct.data, "regDiv");
}
}
function urlStrBr(url){
// Создаём объект URL
const parsedUrl = new URL(url);
// 1. firstPart — берём путь до "?" и удаляем "/"
const firstPart = parsedUrl.pathname.replace(/^\/|\/$/g, "");
// 2. secondPart — берём ключ последнего параметра
const searchParams = parsedUrl.searchParams;
const secondPart = Array.from(searchParams.keys()).pop(); // берём последний ключ
// 3. thirdPart — берём значение последнего параметра
const thirdPart = searchParams.get(secondPart);
// Формируем структуру
return {
url: firstPart,
action: secondPart,
data: thirdPart
};
}
// При загрузке страницы
handleCurrentUrl();
// При переходах по истории (назад/вперед)
window.addEventListener("popstate", handleCurrentUrl);
document.addEventListener("click", (e) => {
if (!e.target.classList.contains("toggle-pass")) return;
const input = e.target.previousElementSibling;
if (!input) return;
if (input.type === "password") {
input.type = "text";
e.target.textContent = "🙈";
} else {
input.type = "password";
e.target.textContent = "👁";
}
});

36
static/blocks/pages/userSlava/style.css Normal file
View File

@@ -0,0 +1,36 @@
#content {
display: grid;
width: 70%;
min-height: calc(100vh - 100px); /* чтобы footer/header не ломали сетку */
grid-template-rows: 200px 1fr;
grid-template-columns: 200px 1fr;
gap: 10px;
}
/* Верхний блок */
#hed {
grid-row: 1;
grid-column: 1 / 3; /* растягиваем на две колонки */
background: #eee;
padding: 20px;
}
/* Левая нижняя колонка */
#regPanel {
grid-row: 2;
grid-column: 1;
background: #f0f0f0;
padding: 20px;
display: flex;
flex-direction: column;
gap: 10px;
}
/* Правая нижняя колонка */
#regDiv {
grid-row: 2;
grid-column: 2;
background: #fff;
padding: 20px;
overflow-y: auto;
}

42
static/blocks/pages/users/content.md Normal file
View File

@@ -0,0 +1,42 @@
<div class="box">
<h1>Auth demo</h1>
<div>
<h3>Register</h3>
user:<br>
<input id="reg_user" placeholder="Username"><br>
password:<br>
<input id="reg_pass" placeholder="password" type="password"><button class="toggle-pass" type="button">👁</button><br><br>
<button id="btn_reg">Register</button>
<h3>Users</h3>
user:<br>
<select id="users_list"></select>
<button id="btn_load_users">Load Users</button><br>
<!-- <button id="btn_user_data">Get User Data</button> -->
ID:<br>
<input id="ud_id" placeholder="ID"><br>
user:<br>
<input id="ud_username" placeholder="Username"><br>
password:<br>
<input id="ud_password" placeholder="New password" type="password"><button class="toggle-pass" type="button">👁</button><br>
<br>
<button id="btn_update_pass">Update password</button>
<button id="btn_delete_user">Delete user</button>
<h3>Login</h3>
user:<br>
<input id="log_user" placeholder="Username">
<br>
password:<br>
<input id="log_pass" placeholder="password" type="password"><button class="toggle-pass" type="button">👁</button>
<br><br>
<button id="btn_log">Login</button>
</div><br>
<button id="btn_prot">Protected</button>
<pre id="out"></pre>
<button id="btn_logout">Logout</button>
</div>

125
static/blocks/pages/users/script.js Normal file
View File

@@ -0,0 +1,125 @@
/* ------------------- Регистрация (не защищена) ------------------- */
async function UserReg() {
const u = reg_user.value,
p = reg_pass.value;
const r = await fetch("/api/users/register", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username: u, password: p })
});
if (!r.ok) return alert("Ошибка");
alert("ok");
reg_user.value = "",
reg_pass.value = "";
};
/* ------------------- Логин (не защищён) ------------------- */
async function UserLogin() {
const u = log_user.value,
p = log_pass.value;
const r = await fetch("/api/users/login", {
method: "POST",
credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username: u, password: p })
});
if (!r.ok) return alert("Ошибка");
const data = await r.json();
accessToken = data.access_token;
alert("logged in");
log_user.value = "",
log_pass.value = "";
};
/* ------------------- Логоут (не защищён) ------------------- */
async function UserLogout() {
accessToken = "";
await fetch("/api/users/logout", { method: "POST", credentials: "include" });
};
/* ------------------- Защищённые операции ------------------- */
async function getUsersNames() {
const users = await apiProtected("/api/users/getUsersNames");
users_list.innerHTML = "";
users.forEach((username) => {
const opt = document.createElement("option");
opt.value = username;
opt.textContent = username;
users_list.appendChild(opt);
});
if (users.length > 0) getUserData(users[0]);
}
async function getUserData(username) {
const data = await apiProtected(
`/api/users/getUserData?username=${encodeURIComponent(username)}`
);
ud_id.value = data.ID;
ud_username.value = data.Username;
}
async function updatePassword() {
const username = ud_username.value;
const password = ud_password.value;
if (!password) return alert("Введите пароль");
await apiProtected("/api/users/update_password", {
method: "POST",
body: JSON.stringify({ username, password })
});
alert("Пароль обновлён");
}
async function deleteUser() {
const username = users_list.value;
if (!username) return;
if (!confirm(`Удалить пользователя "${username}"?`)) return;
await apiProtected("/api/users/delete_user", {
method: "POST",
body: JSON.stringify({ username })
});
alert("Удалён");
getUsersNames();
}
/* ------------------- Кнопки ------------------- */
btn_reg.onclick = UserReg;
btn_logout.onclick = UserLogout;
btn_log.onclick = UserLogin;
btn_delete_user.onclick = deleteUser;
btn_update_pass.onclick = updatePassword;
btn_load_users.onclick = getUsersNames;
users_list.onchange = (e) => getUserData(e.target.value);
btn_prot.onclick = async () => {
try {
const data = await apiProtected("/api/protected");
out.textContent = JSON.stringify(data, null, 2);
} catch {
out.textContent = "err";
}
};
document.addEventListener("DOMContentLoaded", getUsersNames);

0
static/blocks/pages/users/style.css Normal file
View File