chatwoot admin panel fixes
All checks were successful
Deploy to VPS / deploy (push) Successful in 1m19s
All checks were successful
Deploy to VPS / deploy (push) Successful in 1m19s
This commit is contained in:
Tihon
@@ -70,13 +70,14 @@ location ~ ^/dfab0676b6cb6b257370fb5743d8ddac42ab8153c2661072e8ef2717a10fcfaa/(a
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Admin panel: allow embedding in Chatwoot iframe (frame-ancestors); do not set X-Frame-Options here so CSP applies
|
||||
location /dfab0676b6cb6b257370fb5743d8ddac42ab8153c2661072e8ef2717a10fcfaa/ {
|
||||
alias /opt/app/admin-panel/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /dfab0676b6cb6b257370fb5743d8ddac42ab8153c2661072e8ef2717a10fcfaa/index.html;
|
||||
expires 0;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Content-Security-Policy "frame-ancestors 'self' https://honey-support.online;" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
package com.honey.honey.controller;
|
||||
|
||||
import com.honey.honey.dto.*;
|
||||
import com.honey.honey.model.UserA;
|
||||
import com.honey.honey.service.AdminUserService;
|
||||
import com.honey.honey.service.UserService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.data.domain.Page;
|
||||
import org.springframework.data.domain.PageRequest;
|
||||
@@ -33,6 +35,7 @@ public class AdminUserController {
|
||||
private static final Set<String> WITHDRAWAL_SORT_FIELDS = Set.of("id", "usdAmount", "cryptoName", "amountToSend", "txhash", "status", "paymentId", "createdAt", "resolvedAt");
|
||||
|
||||
private final AdminUserService adminUserService;
|
||||
private final UserService userService;
|
||||
|
||||
private boolean isGameAdmin() {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
@@ -115,8 +118,24 @@ public class AdminUserController {
|
||||
return ResponseEntity.ok(response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolve Honey user ID from Telegram user ID.
|
||||
* Used by the Chatwoot embed when the contact has no honey_user_id set:
|
||||
* Chatwoot (Telegram channel) often uses Telegram user ID as contact identifier.
|
||||
*/
|
||||
@GetMapping("/by-telegram-id")
|
||||
@PreAuthorize("hasAnyRole('ADMIN', 'GAME_ADMIN', 'TICKETS_SUPPORT')")
|
||||
public ResponseEntity<Map<String, Integer>> getUserByTelegramId(@RequestParam("telegram_id") Long telegramId) {
|
||||
if (telegramId == null) {
|
||||
return ResponseEntity.badRequest().build();
|
||||
}
|
||||
return userService.getUserByTelegramId(telegramId)
|
||||
.map(user -> ResponseEntity.ok(Map.of("id", user.getId())))
|
||||
.orElse(ResponseEntity.notFound().build());
|
||||
}
|
||||
|
||||
@GetMapping("/{id}")
|
||||
@PreAuthorize("hasAnyRole('ADMIN', 'GAME_ADMIN')")
|
||||
@PreAuthorize("hasAnyRole('ADMIN', 'GAME_ADMIN', 'TICKETS_SUPPORT')")
|
||||
public ResponseEntity<AdminUserDetailDto> getUserDetail(@PathVariable Integer id) {
|
||||
AdminUserDetailDto userDetail = adminUserService.getUserDetail(id, isGameAdmin());
|
||||
if (userDetail == null) {
|
||||
|
||||
Reference in New Issue
Block a user