implement the /danger/reset-website defroute (back-end feature).

This feature deletes all the user created content stored in the /storage directory, the website's database (so User Accounts) and wipes the Meilisearch database clear of the Archive Entries stored in it. This is part of the 'danger zone' features and intension is to allow the site's Admin. to clear out the website and start with a fresh clean install.
2 years ago · 66b84f8de6
1 changed files with 38 additions and 0 deletions
--- a/src/web.lisp
+++ b/src/web.lisp
@ -1505,6 +1505,44 @@
 		      "error")
 		     (redirect "/login")))))))

+(defroute ("/danger/reset-website" :method :POST) ()
+  (destructuring-bind
+      (&key authenticity-token &allow-other-keys)
+      (utils:request-params (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  (t (hermetic:auth
+	      (:administrator)
+	      ;; Authorised
+              (progn
+                ;; The 'when' checks are just a pre-caution. These directories
+                ;; were created during the site's first-run/initial set-up. If
+                ;; they are missing, though, whilst this function is executing,
+                ;; an error is thrown -- hence the check.
+                (when (storage:directory-exists-p "" "media")
+                  (storage:remove-directory "" "media"))
+                (when (storage:directory-exists-p "" "archive")
+                  (storage:remove-directory "" "archive"))
+                (when (storage:directory-exists-p "" "pages")
+                  (storage:remove-directory "" "pages"))
+                (when (storage:directory-exists-p "" "snippets")
+                  (storage:remove-directory "" "snippets"))
+                ;; If the database doesn't exist, the site is in a much worse
+                ;; state than anticipated and needs someone to SSH into the host
+                ;; and look at it -- hence no 'when' check.
+                (storage:remove-file-with-raw-path
+                 (ritherdon-archive.config:database-name))
+                ;; If Meilisearch service is down, you need to SSH into
+                ;; host. That is a separate service which this website utilises
+                ;; but doesn't control.
+                (search:delete-all-entries)
+                (redirect "/"))
+	      ;; Not Authorised
+	      (progn (utils:set-alert
+                      "You are not authorised to use this feature."
+		      "error")
+		     (redirect "/login")))))))
+
 ;;
 ;; Error pages