diff --git a/src/web.lisp b/src/web.lisp index 3ad1f47..1b38ab8 100644 --- a/src/web.lisp +++ b/src/web.lisp @@ -1505,6 +1505,44 @@ "error") (redirect "/login"))))))) +(defroute ("/danger/reset-website" :method :POST) () + (destructuring-bind + (&key authenticity-token &allow-other-keys) + (utils:request-params (lack.request:request-body-parameters ningle:*request*)) + (cond ((not (string= authenticity-token (auth:csrf-token))) + `(,+forbidden+ (:content-type "text/plain") ("Denied"))) + (t (hermetic:auth + (:administrator) + ;; Authorised + (progn + ;; The 'when' checks are just a pre-caution. These directories + ;; were created during the site's first-run/initial set-up. If + ;; they are missing, though, whilst this function is executing, + ;; an error is thrown -- hence the check. + (when (storage:directory-exists-p "" "media") + (storage:remove-directory "" "media")) + (when (storage:directory-exists-p "" "archive") + (storage:remove-directory "" "archive")) + (when (storage:directory-exists-p "" "pages") + (storage:remove-directory "" "pages")) + (when (storage:directory-exists-p "" "snippets") + (storage:remove-directory "" "snippets")) + ;; If the database doesn't exist, the site is in a much worse + ;; state than anticipated and needs someone to SSH into the host + ;; and look at it -- hence no 'when' check. + (storage:remove-file-with-raw-path + (ritherdon-archive.config:database-name)) + ;; If Meilisearch service is down, you need to SSH into + ;; host. That is a separate service which this website utilises + ;; but doesn't control. + (search:delete-all-entries) + (redirect "/")) + ;; Not Authorised + (progn (utils:set-alert + "You are not authorised to use this feature." + "error") + (redirect "/login"))))))) + ;; ;; Error pages