From c1b361397f09ea93fd3bbb15f38585377b5a5fac Mon Sep 17 00:00:00 2001
From: "DESKTOP-T0O5CDB\\DESK-555BD" <ivancheahkf@gmail.com>
Date: Mon, 4 Nov 2024 11:57:27 -0700
Subject: [PATCH] require environment variable to be injected for security
 reasons.

---
 Controllers/HomeController.cs | 24 ++++++++++++++++++------
 Helper/ConfigHelper.cs        |  5 +++++
 wwwroot/js/settings.js        |  8 ++++++--
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/Controllers/HomeController.cs b/Controllers/HomeController.cs
index a210d0f7..10da7318 100644
--- a/Controllers/HomeController.cs
+++ b/Controllers/HomeController.cs
@@ -527,22 +527,34 @@ public ActionResult GetVehicleSelector(int vehicleId)
         [HttpGet]
         public IActionResult GetCustomWidgetEditor()
         {
-            var customWidgetData = _fileHelper.GetWidgets();
-            return PartialView("_WidgetEditor", customWidgetData);
+            if (_config.GetCustomWidgetsEnabled())
+            {
+                var customWidgetData = _fileHelper.GetWidgets();
+                return PartialView("_WidgetEditor", customWidgetData);
+            }
+            return Json(string.Empty);
         }
         [Authorize(Roles = nameof(UserData.IsRootUser))]
         [HttpPost]
         public IActionResult SaveCustomWidgets(string widgetsData)
         {
-            var saveResult = _fileHelper.SaveWidgets(widgetsData);
-            return Json(saveResult);
+            if (_config.GetCustomWidgetsEnabled())
+            {
+                var saveResult = _fileHelper.SaveWidgets(widgetsData);
+                return Json(saveResult);
+            }
+            return Json(false);
         }
         [Authorize(Roles = nameof(UserData.IsRootUser))]
         [HttpPost]
         public IActionResult DeleteCustomWidgets()
         {
-            var deleteResult = _fileHelper.DeleteWidgets();
-            return Json(deleteResult);
+            if (_config.GetCustomWidgetsEnabled())
+            {
+                var deleteResult = _fileHelper.DeleteWidgets();
+                return Json(deleteResult);
+            }
+            return Json(false);
         }
         [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
         public IActionResult Error()
diff --git a/Helper/ConfigHelper.cs b/Helper/ConfigHelper.cs
index d152700c..2fa13cfc 100644
--- a/Helper/ConfigHelper.cs
+++ b/Helper/ConfigHelper.cs
@@ -14,6 +14,7 @@ public interface IConfigHelper
         bool AuthenticateRootUser(string username, string password);
         bool AuthenticateRootUserOIDC(string email);
         string GetWebHookUrl();
+        bool GetCustomWidgetsEnabled();
         string GetMOTD();
         string GetLogoUrl();
         string GetServerLanguage();
@@ -45,6 +46,10 @@ public string GetWebHookUrl()
             }
             return webhook;
         }
+        public bool GetCustomWidgetsEnabled()
+        {
+            return bool.Parse(_config["LUBELOGGER_CUSTOM_WIDGETS"] ?? "false");
+        }
         public string GetMOTD()
         {
             var motd = _config["LUBELOGGER_MOTD"];
diff --git a/wwwroot/js/settings.js b/wwwroot/js/settings.js
index 8c54b3f0..86913a04 100644
--- a/wwwroot/js/settings.js
+++ b/wwwroot/js/settings.js
@@ -401,8 +401,12 @@ function showCustomWidgets() {
     }).then(function (result) {
         if (result.isConfirmed) {
             $.get('/Home/GetCustomWidgetEditor', function (data) {
-                $("#customWidgetModalContent").html(data);
-                $("#customWidgetModal").modal('show');
+                if (data.trim() != '') {
+                    $("#customWidgetModalContent").html(data);
+                    $("#customWidgetModal").modal('show');
+                } else {
+                    errorToast("Custom Widgets Not Enabled");
+                }
             });
         }
     });