From e760d58dd5e29de0278b6b9697dc6410c031213e Mon Sep 17 00:00:00 2001
From: 0xJacky <me@jackyu.cn>
Date: Sun, 27 Feb 2022 00:34:13 +0800
Subject: [PATCH] Not allow to change the root password in demo

---
 resources/demo/demo.db | Bin 32768 -> 32768 bytes
 server/api/user.go     |  12 ++++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/resources/demo/demo.db b/resources/demo/demo.db
index 0be7c5fb68beafb0ad2b6763143d86b7db43f8c2..52e8f2a52c214e42841996ca9b350b89fa72d7ef 100644
GIT binary patch
delta 88
zcmZo@U}|V!njp=nG*QNxQE6ks5`7Lv{yYZ$Jifb|1qH6~F;1HN(5{!ek)M%+Avl;p
oypeVCTzh3O*0Xoy;bLH5VC4V9!2gH;J5c>Qen!^Kzx`Pa0B4RF$N&HU

delta 155
zcmZo@U}|V!njp=nI8nx#QE_9!5`7LPzPk+k`FwXb3kqE1V`=1P;+Xu<u9v5@k&lss
zAvl;pw2^i49D8LD_9@EGFHtc{R53JA$q9(?DL2W`E6hj?_K5V)&#p+$_0#i>Gz!o0
zb4~RzD+<VP467=z$T9GYDz4No@-`?n&E;ZXU|{0^&cOeN|2xpW*ZeFj%nXd1fBUl<
F001qxF5>_I

diff --git a/server/api/user.go b/server/api/user.go
index a3bb3f61..2aea650a 100644
--- a/server/api/user.go
+++ b/server/api/user.go
@@ -3,6 +3,7 @@ package api
 import (
 	"errors"
 	"github.com/0xJacky/Nginx-UI/server/model"
+	"github.com/0xJacky/Nginx-UI/server/settings"
 	"github.com/gin-gonic/gin"
 	"github.com/spf13/cast"
 	"golang.org/x/crypto/bcrypt"
@@ -75,6 +76,13 @@ func AddUser(c *gin.Context) {
 }
 
 func EditUser(c *gin.Context) {
+	userId := cast.ToInt(c.Param("id"))
+
+	if settings.ServerSettings.Demo && userId == 1 {
+		ErrHandler(c, errors.New("not allow to change the root password in demo"))
+		return
+	}
+
 	var json UserJson
 	ok := BindAndValid(c, &json)
 	if !ok {
@@ -84,7 +92,7 @@ func EditUser(c *gin.Context) {
 
 	var user, edit model.Auth
 
-	err := curd.First(&user, c.Param("id"))
+	err := curd.First(&user, userId)
 
 	if err != nil {
 		ErrHandler(c, err)
@@ -117,7 +125,7 @@ func DeleteUser(c *gin.Context) {
 	id := c.Param("id")
 
 	if cast.ToInt(id) == 1 {
-		ErrHandler(c, errors.New("不允许删除默认账户"))
+		ErrHandler(c, errors.New("not allow to delete the default user"))
 		return
 	}
 	curd := model.NewCurd(&model.Auth{})