fixes lol

2026-01-07 03:38:34 -05:00 · 2026-01-07 03:38:34 -05:00 · c2bfa06faa
commit c2bfa06faa
parent c358db55aa
5 changed files with 149 additions and 4 deletions
--- a/backend/src/controllers/AdminController.cpp
+++ b/backend/src/controllers/AdminController.cpp
@ -2336,6 +2336,41 @@ void AdminController::updateSiteSettings(const HttpRequestPtr &req,
                  };
    }

+    // Update announcement_enabled if provided
+    if (json->isMember("announcement_enabled")) {
+        bool enabled = (*json)["announcement_enabled"].asBool();
+        std::string value = enabled ? "true" : "false";
+        *dbClient << "INSERT INTO site_settings (setting_key, setting_value) VALUES ('announcement_enabled', $1) "
+                     "ON CONFLICT (setting_key) DO UPDATE SET setting_value = $1, updated_at = CURRENT_TIMESTAMP"
+                  << value
+                  >> [](const Result&) {
+                      LOG_INFO << "Announcement enabled setting updated successfully";
+                  }
+                  >> [](const DrogonDbException& e) {
+                      LOG_ERROR << "Failed to update announcement_enabled: " << e.base().what();
+                  };
+    }
+
+    // Update announcement_text if provided
+    if (json->isMember("announcement_text")) {
+        std::string text = (*json)["announcement_text"].asString();
+        // Limit to 500 characters
+        if (text.length() > 500) {
+            text = text.substr(0, 500);
+        }
+        // Sanitize to prevent XSS
+        text = htmlEscape(text);
+        *dbClient << "INSERT INTO site_settings (setting_key, setting_value) VALUES ('announcement_text', $1) "
+                     "ON CONFLICT (setting_key) DO UPDATE SET setting_value = $1, updated_at = CURRENT_TIMESTAMP"
+                  << text
+                  >> [](const Result&) {
+                      LOG_INFO << "Announcement text updated successfully";
+                  }
+                  >> [](const DrogonDbException& e) {
+                      LOG_ERROR << "Failed to update announcement_text: " << e.base().what();
+                  };
+    }
+
    // Update censored_words if provided (comma-separated list)
    if (json->isMember("censored_words")) {
        // Rate limit: 10 updates per minute per admin
@ -2464,7 +2499,8 @@ void AdminController::getPublicSiteSettings(const HttpRequestPtr &,
              >> [callback](const Result& r) {
                  // Whitelist of publicly-safe settings
                  static const std::unordered_set<std::string> publicKeys = {
-                      "site_title", "logo_path", "logo_display_mode"
+                      "site_title", "logo_path", "logo_display_mode",
+                      "announcement_enabled", "announcement_text"
                  };

                  Json::Value resp;