chore: Handle read-only mode more efficiently in UI routes

2026-05-24 09:28:37 +00:00 · 2024-05-25 12:58:06 +01:00 · 2024-05-25 12:58:06 +01:00 · fa3ea8622c
commit fa3ea8622c
parent e21b616d0d
1 changed files with 23 additions and 4 deletions
--- a/src/ui/main.py
+++ b/src/ui/main.py
@ -520,6 +520,9 @@ def setup():
            return redirect(url_for("login"), 301)

    if request.method == "POST":
+        if app.config["DB"].readonly:
+            return redirect_flash_error("Database is in read-only mode", "setup")
+
        is_request_form("setup")

        required_keys = ["server_name", "ui_host", "ui_url"]
@ -607,7 +610,6 @@ def setup():
@login_required
 def totp():
    if request.method == "POST":
-
        is_request_form("totp")

        is_request_params(["totp_token"], "totp")
@ -693,6 +695,9 @@ def home():
@login_required
 def account():
    if request.method == "POST":
+        if app.config["DB"].readonly:
+            return redirect_flash_error("Database is in read-only mode", "account")
+
        # Check form data validity
        is_request_form("account")

@ -891,6 +896,8 @@ def instances():
@login_required
 def services():
    if request.method == "POST":
+        if app.config["DB"].readonly:
+            return redirect_flash_error("Database is in read-only mode", "services")

        is_request_params(["operation", "is_draft"], "services", True)

@ -1092,6 +1099,9 @@ def services():
@login_required
 def global_config():
    if request.method == "POST":
+        if app.config["DB"].readonly:
+            return redirect_flash_error("Database is in read-only mode", "global_config")
+
        # Check variables
        variables = request.form.to_dict().copy()
        del variables["csrf_token"]
@ -1177,6 +1187,9 @@ def configs():
    db_configs = app.config["DB"].get_custom_configs()

    if request.method == "POST":
+        if app.config["DB"].readonly:
+            return redirect_flash_error("Database is in read-only mode", "configs")
+
        operation = ""

        is_request_params(["operation"], "configs", True)
@ -1294,6 +1307,9 @@ def plugins():
    tmp_ui_path = TMP_DIR.joinpath("ui")

    if request.method == "POST":
+        if app.config["DB"].readonly:
+            return redirect_flash_error("Database is in read-only mode", "plugins")
+
        error = 0
        # Delete plugin
        if "operation" in request.form and request.form["operation"] == "delete":
@ -1589,6 +1605,9 @@ def plugins():
@app.route("/plugins/upload", methods=["POST"])
@login_required
 def upload_plugin():
+    if app.config["DB"].readonly:
+        return {"status": "ko", "message": "Database is in read-only mode"}, 403
+
    if not request.files:
        return {"status": "ko"}, 400

@ -2077,6 +2096,9 @@ def reports():
@app.route("/bans", methods=["GET", "POST"])
@login_required
 def bans():
+    if request.method == "POST" and app.config["DB"].readonly:
+        return redirect_flash_error("Database is in read-only mode", "bans")
+
    redis_client = None
    db_config = app.config["CONFIG"].get_config(methods=False)
    use_redis = db_config.get("USE_REDIS", "no") == "yes"
@ -2148,9 +2170,6 @@ def bans():
            flash("Couldn't connect to redis, ban list might be incomplete", "error")

    if request.method == "POST":
-        if app.config["DB"].readonly:
-            return redirect_flash_error("Read only mode is enabled", "bans")
-
        # Check variables
        is_request_form("bans")