puerta/internal/server/admin.go

203 lines
4.6 KiB
Go
Raw Permalink Normal View History

// SPDX-License-Identifier: Apache-2.0
// Copyright © 2022 Roberto Hidalgo <nidito@un.rob.mx>
package server
import (
"encoding/json"
2023-04-16 21:17:36 +00:00
"fmt"
"net/http"
2023-01-04 04:21:49 +00:00
"git.rob.mx/nidito/puerta/internal/user"
2023-04-16 21:17:36 +00:00
"github.com/SherClockHolmes/webpush-go"
"github.com/julienschmidt/httprouter"
"github.com/sirupsen/logrus"
"github.com/upper/db/v4"
"golang.org/x/crypto/bcrypt"
)
func sendError(w http.ResponseWriter, err error) {
logrus.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
func writeJSON(w http.ResponseWriter, data any) error {
res, err := json.Marshal(data)
if err != nil {
return err
}
w.Header().Add("content-type", "application/json")
w.WriteHeader(http.StatusOK)
_, err = w.Write(res)
return err
}
func listUsers(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
2023-01-04 04:21:49 +00:00
users := []*user.User{}
if err := _db.Collection("user").Find().All(&users); err != nil {
sendError(w, err)
return
}
writeJSON(w, users)
}
2023-01-04 04:21:49 +00:00
func userFromRequest(r *http.Request, u *user.User) (*user.User, error) {
2023-01-03 07:40:38 +00:00
dec := json.NewDecoder(r.Body)
2023-01-04 04:21:49 +00:00
res := &user.User{}
2023-01-03 07:40:38 +00:00
if err := dec.Decode(&res); err != nil {
return nil, err
}
2023-01-03 07:40:38 +00:00
logrus.Debugf("Unserialized user data: %v", res)
2023-01-04 04:21:49 +00:00
if u == nil {
u = &user.User{
2023-01-03 07:40:38 +00:00
Handle: res.Handle,
}
}
2023-01-04 04:21:49 +00:00
u.Name = res.Name
u.Expires = res.Expires
u.Greeting = res.Greeting
u.IsAdmin = res.IsAdmin
2023-04-16 22:40:40 +00:00
u.IsNotified = res.IsNotified
2023-01-04 04:21:49 +00:00
u.Require2FA = res.Require2FA
u.Schedule = res.Schedule
u.TTL = res.TTL
2023-01-03 07:40:38 +00:00
if res.Password != "" {
password, err := bcrypt.GenerateFromPassword([]byte(res.Password), bcrypt.DefaultCost)
if err != nil {
return nil, err
}
2023-01-04 04:21:49 +00:00
u.Password = string(password)
}
2023-01-04 04:21:49 +00:00
return u, nil
}
func createUser(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
user, err := userFromRequest(r, nil)
if err != nil {
sendError(w, err)
return
}
if _, err := _db.Collection("user").Insert(user); err != nil {
sendError(w, err)
return
}
w.WriteHeader(http.StatusCreated)
}
func getUser(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
2023-01-04 06:30:32 +00:00
this := user.User{}
idString := params.ByName("id")
2023-01-04 06:30:32 +00:00
if err := _db.Get(&this, db.Cond{"handle": idString}); err != nil {
sendError(w, err)
return
}
2023-01-04 06:30:32 +00:00
writeJSON(w, this)
}
func updateUser(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
2023-01-04 04:21:49 +00:00
logrus.Infof("updating user: %s", params.ByName("id"))
2023-01-04 06:30:32 +00:00
user := user.User{}
if err := _db.Get(&user, db.Cond{"handle": params.ByName("id")}); err != nil {
logrus.Error(err)
http.NotFound(w, r)
return
}
2023-01-04 06:30:32 +00:00
modified, err := userFromRequest(r, &user)
if err != nil {
sendError(w, err)
return
}
2023-01-04 06:30:32 +00:00
if err := _db.Collection("user").UpdateReturning(modified); err != nil {
sendError(w, err)
return
}
w.WriteHeader(http.StatusNoContent)
}
func deleteUser(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
err := _db.Collection("user").Find(db.Cond{"handle": params.ByName("id")}).Delete()
if err != nil {
sendError(w, err)
return
}
w.WriteHeader(http.StatusNoContent)
}
2023-01-03 07:40:38 +00:00
2023-04-16 21:17:36 +00:00
func createSubscription(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
u := user.FromContext(r)
dec := json.NewDecoder(r.Body)
res := &webpush.Subscription{}
if err := dec.Decode(&res); err != nil {
sendError(w, err)
return
}
logrus.Infof("Unserialized subscription data: %v", res)
sub := &user.Subscription{
UserID: u.ID,
Data: &user.WPS{Subscription: res},
}
ins, err := _db.Collection("subscription").Insert(sub)
if err != nil {
sendError(w, err)
return
}
logrus.Infof("Created subscription for: %s (%v)", u.Handle, ins)
w.WriteHeader(http.StatusCreated)
w.Write([]byte(`{"status": "ok"}`))
}
func deleteSubscription(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
u := user.FromContext(r)
dec := json.NewDecoder(r.Body)
res := &webpush.Subscription{}
if err := dec.Decode(&res); err != nil {
sendError(w, err)
return
}
encoded, err := json.Marshal(res)
if err != nil {
sendError(w, err)
return
}
err = _db.Collection("subscription").Find(db.Cond{"user": u.ID, "data": db.Like(fmt.Sprintf("%%%s%%", encoded))}).Delete()
if err != nil {
sendError(w, fmt.Errorf("could not delete subscription: %s", err))
return
}
logrus.Infof("Deleted subscription for: %s (%s)", u.Handle, encoded)
w.WriteHeader(http.StatusCreated)
w.Write([]byte(`{"status": "ok"}`))
}
2023-01-03 07:40:38 +00:00
func rexRecords(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
records := []*auditLog{}
err := _db.Collection("log").Find().OrderBy("-timestamp").Limit(20).All(&records)
if err != nil {
sendError(w, err)
return
}
writeJSON(w, records)
}