server_admin.go 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. package server
  2. import (
  3. "heckel.io/ntfy/user"
  4. "net/http"
  5. )
  6. func (s *Server) handleUsersGet(w http.ResponseWriter, r *http.Request, v *visitor) error {
  7. users, err := s.userManager.Users()
  8. if err != nil {
  9. return err
  10. }
  11. grants, err := s.userManager.AllGrants()
  12. if err != nil {
  13. return err
  14. }
  15. usersResponse := make([]*apiUserResponse, len(users))
  16. for i, u := range users {
  17. tier := ""
  18. if u.Tier != nil {
  19. tier = u.Tier.Code
  20. }
  21. userGrants := make([]*apiUserGrantResponse, len(grants[u.ID]))
  22. for i, g := range grants[u.ID] {
  23. userGrants[i] = &apiUserGrantResponse{
  24. Topic: g.TopicPattern,
  25. Permission: g.Allow.String(),
  26. }
  27. }
  28. usersResponse[i] = &apiUserResponse{
  29. Username: u.Name,
  30. Role: string(u.Role),
  31. Tier: tier,
  32. Grants: userGrants,
  33. }
  34. }
  35. return s.writeJSON(w, usersResponse)
  36. }
  37. func (s *Server) handleUsersAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
  38. req, err := readJSONWithLimit[apiUserAddRequest](r.Body, jsonBodyBytesLimit, false)
  39. if err != nil {
  40. return err
  41. } else if !user.AllowedUsername(req.Username) || req.Password == "" {
  42. return errHTTPBadRequest.Wrap("username invalid, or password missing")
  43. }
  44. u, err := s.userManager.User(req.Username)
  45. if err != nil && err != user.ErrUserNotFound {
  46. return err
  47. } else if u != nil {
  48. return errHTTPConflictUserExists
  49. }
  50. var tier *user.Tier
  51. if req.Tier != "" {
  52. tier, err = s.userManager.Tier(req.Tier)
  53. if err == user.ErrTierNotFound {
  54. return errHTTPBadRequestTierInvalid
  55. } else if err != nil {
  56. return err
  57. }
  58. }
  59. if err := s.userManager.AddUser(req.Username, req.Password, user.RoleUser); err != nil {
  60. return err
  61. }
  62. if tier != nil {
  63. if err := s.userManager.ChangeTier(req.Username, req.Tier); err != nil {
  64. return err
  65. }
  66. }
  67. return s.writeJSON(w, newSuccessResponse())
  68. }
  69. func (s *Server) handleUsersDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
  70. req, err := readJSONWithLimit[apiUserDeleteRequest](r.Body, jsonBodyBytesLimit, false)
  71. if err != nil {
  72. return err
  73. }
  74. u, err := s.userManager.User(req.Username)
  75. if err == user.ErrUserNotFound {
  76. return errHTTPBadRequestUserNotFound
  77. } else if err != nil {
  78. return err
  79. } else if !u.IsUser() {
  80. return errHTTPUnauthorized.Wrap("can only remove regular users from API")
  81. }
  82. if err := s.userManager.RemoveUser(req.Username); err != nil {
  83. return err
  84. }
  85. if err := s.killUserSubscriber(u, "*"); err != nil { // FIXME super inefficient
  86. return err
  87. }
  88. return s.writeJSON(w, newSuccessResponse())
  89. }
  90. func (s *Server) handleAccessAllow(w http.ResponseWriter, r *http.Request, v *visitor) error {
  91. req, err := readJSONWithLimit[apiAccessAllowRequest](r.Body, jsonBodyBytesLimit, false)
  92. if err != nil {
  93. return err
  94. }
  95. _, err = s.userManager.User(req.Username)
  96. if err == user.ErrUserNotFound {
  97. return errHTTPBadRequestUserNotFound
  98. } else if err != nil {
  99. return err
  100. }
  101. permission, err := user.ParsePermission(req.Permission)
  102. if err != nil {
  103. return errHTTPBadRequestPermissionInvalid
  104. }
  105. if err := s.userManager.AllowAccess(req.Username, req.Topic, permission); err != nil {
  106. return err
  107. }
  108. return s.writeJSON(w, newSuccessResponse())
  109. }
  110. func (s *Server) handleAccessReset(w http.ResponseWriter, r *http.Request, v *visitor) error {
  111. req, err := readJSONWithLimit[apiAccessResetRequest](r.Body, jsonBodyBytesLimit, false)
  112. if err != nil {
  113. return err
  114. }
  115. u, err := s.userManager.User(req.Username)
  116. if err != nil {
  117. return err
  118. }
  119. if err := s.userManager.ResetAccess(req.Username, req.Topic); err != nil {
  120. return err
  121. }
  122. if err := s.killUserSubscriber(u, req.Topic); err != nil { // This may be a pattern
  123. return err
  124. }
  125. return s.writeJSON(w, newSuccessResponse())
  126. }
  127. func (s *Server) killUserSubscriber(u *user.User, topicPattern string) error {
  128. topics, err := s.topicsFromPattern(topicPattern)
  129. if err != nil {
  130. return err
  131. }
  132. for _, t := range topics {
  133. t.CancelSubscriberUser(u.ID)
  134. }
  135. return nil
  136. }