server_admin.go 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. package server
  2. import (
  3. "errors"
  4. "heckel.io/ntfy/v2/user"
  5. "net/http"
  6. )
  7. func (s *Server) handleUsersGet(w http.ResponseWriter, r *http.Request, v *visitor) error {
  8. users, err := s.userManager.Users()
  9. if err != nil {
  10. return err
  11. }
  12. grants, err := s.userManager.AllGrants()
  13. if err != nil {
  14. return err
  15. }
  16. usersResponse := make([]*apiUserResponse, len(users))
  17. for i, u := range users {
  18. tier := ""
  19. if u.Tier != nil {
  20. tier = u.Tier.Code
  21. }
  22. userGrants := make([]*apiUserGrantResponse, len(grants[u.ID]))
  23. for i, g := range grants[u.ID] {
  24. userGrants[i] = &apiUserGrantResponse{
  25. Topic: g.TopicPattern,
  26. Permission: g.Allow.String(),
  27. }
  28. }
  29. usersResponse[i] = &apiUserResponse{
  30. Username: u.Name,
  31. Role: string(u.Role),
  32. Tier: tier,
  33. Grants: userGrants,
  34. }
  35. }
  36. return s.writeJSON(w, usersResponse)
  37. }
  38. func (s *Server) handleUsersAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
  39. req, err := readJSONWithLimit[apiUserAddRequest](r.Body, jsonBodyBytesLimit, false)
  40. if err != nil {
  41. return err
  42. } else if !user.AllowedUsername(req.Username) || req.Password == "" {
  43. return errHTTPBadRequest.Wrap("username invalid, or password missing")
  44. }
  45. u, err := s.userManager.User(req.Username)
  46. if err != nil && !errors.Is(err, user.ErrUserNotFound) {
  47. return err
  48. } else if u != nil {
  49. return errHTTPConflictUserExists
  50. }
  51. var tier *user.Tier
  52. if req.Tier != "" {
  53. tier, err = s.userManager.Tier(req.Tier)
  54. if errors.Is(err, user.ErrTierNotFound) {
  55. return errHTTPBadRequestTierInvalid
  56. } else if err != nil {
  57. return err
  58. }
  59. }
  60. if err := s.userManager.AddUser(req.Username, req.Password, user.RoleUser); err != nil {
  61. return err
  62. }
  63. if tier != nil {
  64. if err := s.userManager.ChangeTier(req.Username, req.Tier); err != nil {
  65. return err
  66. }
  67. }
  68. return s.writeJSON(w, newSuccessResponse())
  69. }
  70. func (s *Server) handleUsersDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
  71. req, err := readJSONWithLimit[apiUserDeleteRequest](r.Body, jsonBodyBytesLimit, false)
  72. if err != nil {
  73. return err
  74. }
  75. u, err := s.userManager.User(req.Username)
  76. if errors.Is(err, user.ErrUserNotFound) {
  77. return errHTTPBadRequestUserNotFound
  78. } else if err != nil {
  79. return err
  80. } else if !u.IsUser() {
  81. return errHTTPUnauthorized.Wrap("can only remove regular users from API")
  82. }
  83. if err := s.userManager.RemoveUser(req.Username); err != nil {
  84. return err
  85. }
  86. if err := s.killUserSubscriber(u, "*"); err != nil { // FIXME super inefficient
  87. return err
  88. }
  89. return s.writeJSON(w, newSuccessResponse())
  90. }
  91. func (s *Server) handleAccessAllow(w http.ResponseWriter, r *http.Request, v *visitor) error {
  92. req, err := readJSONWithLimit[apiAccessAllowRequest](r.Body, jsonBodyBytesLimit, false)
  93. if err != nil {
  94. return err
  95. }
  96. _, err = s.userManager.User(req.Username)
  97. if errors.Is(err, user.ErrUserNotFound) {
  98. return errHTTPBadRequestUserNotFound
  99. } else if err != nil {
  100. return err
  101. }
  102. permission, err := user.ParsePermission(req.Permission)
  103. if err != nil {
  104. return errHTTPBadRequestPermissionInvalid
  105. }
  106. if err := s.userManager.AllowAccess(req.Username, req.Topic, permission); err != nil {
  107. return err
  108. }
  109. return s.writeJSON(w, newSuccessResponse())
  110. }
  111. func (s *Server) handleAccessReset(w http.ResponseWriter, r *http.Request, v *visitor) error {
  112. req, err := readJSONWithLimit[apiAccessResetRequest](r.Body, jsonBodyBytesLimit, false)
  113. if err != nil {
  114. return err
  115. }
  116. u, err := s.userManager.User(req.Username)
  117. if err != nil {
  118. return err
  119. }
  120. if err := s.userManager.ResetAccess(req.Username, req.Topic); err != nil {
  121. return err
  122. }
  123. if err := s.killUserSubscriber(u, req.Topic); err != nil { // This may be a pattern
  124. return err
  125. }
  126. return s.writeJSON(w, newSuccessResponse())
  127. }
  128. func (s *Server) killUserSubscriber(u *user.User, topicPattern string) error {
  129. topics, err := s.topicsFromPattern(topicPattern)
  130. if err != nil {
  131. return err
  132. }
  133. for _, t := range topics {
  134. t.CancelSubscriberUser(u.ID)
  135. }
  136. return nil
  137. }