Merge pull request #696 from hargata/Hargata/custom.widgets

require environment variable to be injected for security reasons.
2024-11-04 11:58:00 -07:00
parent ada0715343 c1b361397f
commit 89ece413c8
3 changed files with 29 additions and 8 deletions
--- a/Controllers/HomeController.cs
+++ b/Controllers/HomeController.cs
@@ -527,22 +527,34 @@ namespace CarCareTracker.Controllers
        [HttpGet]
        public IActionResult GetCustomWidgetEditor()
        {
-            var customWidgetData = _fileHelper.GetWidgets();
-            return PartialView("_WidgetEditor", customWidgetData);
+            if (_config.GetCustomWidgetsEnabled())
+            {
+                var customWidgetData = _fileHelper.GetWidgets();
+                return PartialView("_WidgetEditor", customWidgetData);
+            }
+            return Json(string.Empty);
        }
        [Authorize(Roles = nameof(UserData.IsRootUser))]
        [HttpPost]
        public IActionResult SaveCustomWidgets(string widgetsData)
        {
-            var saveResult = _fileHelper.SaveWidgets(widgetsData);
-            return Json(saveResult);
+            if (_config.GetCustomWidgetsEnabled())
+            {
+                var saveResult = _fileHelper.SaveWidgets(widgetsData);
+                return Json(saveResult);
+            }
+            return Json(false);
        }
        [Authorize(Roles = nameof(UserData.IsRootUser))]
        [HttpPost]
        public IActionResult DeleteCustomWidgets()
        {
-            var deleteResult = _fileHelper.DeleteWidgets();
-            return Json(deleteResult);
+            if (_config.GetCustomWidgetsEnabled())
+            {
+                var deleteResult = _fileHelper.DeleteWidgets();
+                return Json(deleteResult);
+            }
+            return Json(false);
        }
        [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
        public IActionResult Error()
--- a/Helper/ConfigHelper.cs
+++ b/Helper/ConfigHelper.cs
@@ -14,6 +14,7 @@ namespace CarCareTracker.Helper
        bool AuthenticateRootUser(string username, string password);
        bool AuthenticateRootUserOIDC(string email);
        string GetWebHookUrl();
+        bool GetCustomWidgetsEnabled();
        string GetMOTD();
        string GetLogoUrl();
        string GetServerLanguage();
@@ -45,6 +46,10 @@ namespace CarCareTracker.Helper
            }
            return webhook;
        }
+        public bool GetCustomWidgetsEnabled()
+        {
+            return bool.Parse(_config["LUBELOGGER_CUSTOM_WIDGETS"] ?? "false");
+        }
        public string GetMOTD()
        {
            var motd = _config["LUBELOGGER_MOTD"];
--- a/wwwroot/js/settings.js
+++ b/wwwroot/js/settings.js
@@ -401,8 +401,12 @@ function showCustomWidgets() {
    }).then(function (result) {
        if (result.isConfirmed) {
            $.get('/Home/GetCustomWidgetEditor', function (data) {
-                $("#customWidgetModalContent").html(data);
-                $("#customWidgetModal").modal('show');
+                if (data.trim() != '') {
+                    $("#customWidgetModalContent").html(data);
+                    $("#customWidgetModal").modal('show');
+                } else {
+                    errorToast("Custom Widgets Not Enabled");
+                }
            });
        }
    });