+11
-7
@@ -626,6 +626,9 @@ async function api(path, opts = {}) {
|
||||
if (opts.body) {
|
||||
headers['Content-Type'] = 'application/json';
|
||||
}
|
||||
if (opts.method && opts.method !== 'GET' && !opts.noCsrf && !csrfToken) {
|
||||
await fetchCsrf();
|
||||
}
|
||||
if (opts.method && opts.method !== 'GET' && !opts.noCsrf && csrfToken) {
|
||||
headers['X-CSRF-TOKEN'] = csrfToken;
|
||||
}
|
||||
@@ -1044,11 +1047,10 @@ async function loadSettings() {
|
||||
|
||||
try {
|
||||
const res = await api('/config/telegram');
|
||||
if (res.bot_token) {
|
||||
document.getElementById('telegramBotToken').value = res.bot_token;
|
||||
} else {
|
||||
document.getElementById('telegramBotToken').placeholder = res.bot_token_masked || 'Enter bot token';
|
||||
}
|
||||
document.getElementById('telegramBotToken').value = '';
|
||||
document.getElementById('telegramBotToken').placeholder = res.bot_token_configured
|
||||
? (res.bot_token_masked || 'Token configured')
|
||||
: 'Enter bot token';
|
||||
document.getElementById('telegramChatId').value = res.chat_id || '';
|
||||
} catch (e) { console.error('load telegram error', e); }
|
||||
|
||||
@@ -1090,13 +1092,15 @@ document.getElementById('saveTokensBtn').addEventListener('click', async () => {
|
||||
document.getElementById('saveTelegramBtn').addEventListener('click', async () => {
|
||||
const botToken = document.getElementById('telegramBotToken').value.trim();
|
||||
const chatId = document.getElementById('telegramChatId').value.trim();
|
||||
const payload = { chat_id: chatId };
|
||||
if (botToken) payload.bot_token = botToken;
|
||||
const statusEl = document.getElementById('telegramSaveStatus');
|
||||
statusEl.textContent = 'Saving...';
|
||||
statusEl.className = 'ms-2 text-secondary';
|
||||
try {
|
||||
await api('/config/telegram', {
|
||||
method: 'PUT',
|
||||
body: JSON.stringify({ bot_token: botToken, chat_id: chatId }),
|
||||
body: JSON.stringify(payload),
|
||||
});
|
||||
statusEl.textContent = 'Saved';
|
||||
statusEl.className = 'ms-2 text-success';
|
||||
@@ -1445,4 +1449,4 @@ function initApp() {
|
||||
checkAuth();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
|
||||
+7
-1
@@ -67,6 +67,12 @@ $repo = new Repository($db);
|
||||
$allowedTokens = $repo->getAllowedUserTokens();
|
||||
|
||||
if (empty($allowedTokens)) {
|
||||
$bootstrapAllowed = filter_var(getenv('ALLOW_FIRST_USER_BOOTSTRAP') ?: 'false', FILTER_VALIDATE_BOOL);
|
||||
if (!$bootstrapAllowed) {
|
||||
$_SESSION['auth_error'] = 'No users are authorized for this system. Set allowed_user_tokens or enable first-user bootstrap during initial setup.';
|
||||
header('Location: ' . $errorRedirect);
|
||||
exit;
|
||||
}
|
||||
$repo->setAllowedUserTokens([$userToken]);
|
||||
} elseif (!in_array($userToken, $allowedTokens, true)) {
|
||||
$_SESSION['auth_error'] = 'Your Jakach account is not authorized to access this system. Contact an administrator.';
|
||||
@@ -86,4 +92,4 @@ unset($_SESSION['auth_error']);
|
||||
|
||||
$redirect = isSafeRedirect($rawRedirect) ? $rawRedirect : '/';
|
||||
header('Location: ' . $redirect);
|
||||
exit;
|
||||
exit;
|
||||
|
||||
Reference in New Issue
Block a user