From 66b84f8de6e855033bf302a492745878dd1c0207 Mon Sep 17 00:00:00 2001
From: Craig Oates <craig@craigoates.net>
Date: Sat, 22 Oct 2022 19:50:44 +0100
Subject: [PATCH] implement the /danger/reset-website defroute (back-end
 feature).

This feature deletes all the user created content stored in the /storage
directory, the website's database (so User Accounts) and wipes the
Meilisearch database clear of the Archive Entries stored in it.

This is part of the 'danger zone' features and intension is to allow the site's
Admin. to clear out the website and start with a fresh clean install.
---
 src/web.lisp | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/src/web.lisp b/src/web.lisp
index 3ad1f47..1b38ab8 100644
--- a/src/web.lisp
+++ b/src/web.lisp
@@ -1505,6 +1505,44 @@
 		      "error")
 		     (redirect "/login")))))))
 
+(defroute ("/danger/reset-website" :method :POST) ()
+  (destructuring-bind
+      (&key authenticity-token &allow-other-keys)
+      (utils:request-params (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  (t (hermetic:auth
+	      (:administrator)
+	      ;; Authorised
+              (progn
+                ;; The 'when' checks are just a pre-caution. These directories
+                ;; were created during the site's first-run/initial set-up. If
+                ;; they are missing, though, whilst this function is executing,
+                ;; an error is thrown -- hence the check.
+                (when (storage:directory-exists-p "" "media")
+                  (storage:remove-directory "" "media"))
+                (when (storage:directory-exists-p "" "archive")
+                  (storage:remove-directory "" "archive"))
+                (when (storage:directory-exists-p "" "pages")
+                  (storage:remove-directory "" "pages"))
+                (when (storage:directory-exists-p "" "snippets")
+                  (storage:remove-directory "" "snippets"))
+                ;; If the database doesn't exist, the site is in a much worse
+                ;; state than anticipated and needs someone to SSH into the host
+                ;; and look at it -- hence no 'when' check.
+                (storage:remove-file-with-raw-path
+                 (ritherdon-archive.config:database-name))
+                ;; If Meilisearch service is down, you need to SSH into
+                ;; host. That is a separate service which this website utilises
+                ;; but doesn't control.
+                (search:delete-all-entries)
+                (redirect "/"))
+	      ;; Not Authorised
+	      (progn (utils:set-alert
+                      "You are not authorised to use this feature."
+		      "error")
+		     (redirect "/login")))))))
+
 ;;
 ;; Error pages