2021-03-26 00:17:52 +08:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
2021-04-18 02:03:01 +08:00
|
|
|
"encoding/json"
|
|
|
|
|
"errors"
|
2021-10-26 02:51:52 +08:00
|
|
|
"fmt"
|
2021-04-18 02:03:01 +08:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
|
|
"github.com/gorilla/mux"
|
2022-09-14 03:25:56 +08:00
|
|
|
"github.com/gorilla/websocket"
|
2021-10-22 03:28:58 +08:00
|
|
|
"github.com/gravitl/netmaker/auth"
|
2024-04-03 13:50:19 +08:00
|
|
|
"github.com/gravitl/netmaker/database"
|
2021-12-07 04:31:08 +08:00
|
|
|
"github.com/gravitl/netmaker/logger"
|
2021-10-22 03:28:58 +08:00
|
|
|
"github.com/gravitl/netmaker/logic"
|
2021-04-18 02:03:01 +08:00
|
|
|
"github.com/gravitl/netmaker/models"
|
2023-10-02 12:57:58 +08:00
|
|
|
"github.com/gravitl/netmaker/mq"
|
2022-09-14 03:25:56 +08:00
|
|
|
"github.com/gravitl/netmaker/servercfg"
|
2023-09-01 16:57:08 +08:00
|
|
|
"golang.org/x/exp/slog"
|
2022-09-14 03:25:56 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
upgrader = websocket.Upgrader{}
|
2021-03-26 00:17:52 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func userHandlers(r *mux.Router) {
|
2023-09-01 16:57:08 +08:00
|
|
|
r.HandleFunc("/api/users/adm/hassuperadmin", hasSuperAdmin).Methods(http.MethodGet)
|
|
|
|
|
r.HandleFunc("/api/users/adm/createsuperadmin", createSuperAdmin).Methods(http.MethodPost)
|
2024-08-15 14:25:01 +08:00
|
|
|
r.HandleFunc("/api/users/adm/transfersuperadmin/{username}", logic.SecurityCheck(true, http.HandlerFunc(transferSuperAdmin))).
|
|
|
|
|
Methods(http.MethodPost)
|
2022-12-23 22:49:08 +08:00
|
|
|
r.HandleFunc("/api/users/adm/authenticate", authenticateUser).Methods(http.MethodPost)
|
2024-08-15 14:25:01 +08:00
|
|
|
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(updateUser))).
|
|
|
|
|
Methods(http.MethodPut)
|
|
|
|
|
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, checkFreeTierLimits(limitChoiceUsers, http.HandlerFunc(createUser)))).
|
|
|
|
|
Methods(http.MethodPost)
|
|
|
|
|
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(true, http.HandlerFunc(deleteUser))).
|
|
|
|
|
Methods(http.MethodDelete)
|
|
|
|
|
r.HandleFunc("/api/users/{username}", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(getUser)))).
|
|
|
|
|
Methods(http.MethodGet)
|
|
|
|
|
r.HandleFunc("/api/users", logic.SecurityCheck(true, http.HandlerFunc(getUsers))).
|
|
|
|
|
Methods(http.MethodGet)
|
|
|
|
|
r.HandleFunc("/api/users_pending", logic.SecurityCheck(true, http.HandlerFunc(getPendingUsers))).
|
|
|
|
|
Methods(http.MethodGet)
|
|
|
|
|
r.HandleFunc("/api/users_pending", logic.SecurityCheck(true, http.HandlerFunc(deleteAllPendingUsers))).
|
|
|
|
|
Methods(http.MethodDelete)
|
|
|
|
|
r.HandleFunc("/api/users_pending/user/{username}", logic.SecurityCheck(true, http.HandlerFunc(deletePendingUser))).
|
|
|
|
|
Methods(http.MethodDelete)
|
|
|
|
|
r.HandleFunc("/api/users_pending/user/{username}", logic.SecurityCheck(true, http.HandlerFunc(approvePendingUser))).
|
|
|
|
|
Methods(http.MethodPost)
|
2024-04-03 13:50:19 +08:00
|
|
|
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Authenticate a user to retrieve an authorization token
|
|
|
|
|
// @Router /api/users/adm/authenticate [post]
|
|
|
|
|
// @Tags Auth
|
|
|
|
|
// @Accept json
|
|
|
|
|
// @Param body body models.UserAuthParams true "Authentication parameters"
|
|
|
|
|
// @Success 200 {object} models.SuccessResponse
|
|
|
|
|
// @Failure 400 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 401 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
|
|
|
|
|
2021-10-16 20:01:38 +08:00
|
|
|
// Auth request consists of Mac Address and Password (from node that is authorizing
|
|
|
|
|
// in case of Master, auth is ignored and mac is set to "mastermac"
|
2021-04-18 02:03:01 +08:00
|
|
|
var authRequest models.UserAuthParams
|
|
|
|
|
var errorResponse = models.ErrorResponse{
|
|
|
|
|
Code: http.StatusInternalServerError, Message: "W1R3: It's not you it's me.",
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-14 03:25:56 +08:00
|
|
|
if !servercfg.IsBasicAuthEnabled() {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
response,
|
|
|
|
|
request,
|
|
|
|
|
logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"),
|
|
|
|
|
)
|
2022-09-14 03:25:56 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-18 02:03:01 +08:00
|
|
|
decoder := json.NewDecoder(request.Body)
|
|
|
|
|
decoderErr := decoder.Decode(&authRequest)
|
|
|
|
|
defer request.Body.Close()
|
|
|
|
|
if decoderErr != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, "error decoding request body: ",
|
|
|
|
|
decoderErr.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
2021-03-27 04:13:51 +08:00
|
|
|
return
|
2021-04-30 06:14:13 +08:00
|
|
|
}
|
2023-12-20 13:08:55 +08:00
|
|
|
if val := request.Header.Get("From-Ui"); val == "true" {
|
|
|
|
|
// request came from UI, if normal user block Login
|
|
|
|
|
user, err := logic.GetUser(authRequest.UserName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Log(0, authRequest.UserName, "user validation failed: ",
|
|
|
|
|
err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "unauthorized"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !(user.IsAdmin || user.IsSuperAdmin) {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
response,
|
|
|
|
|
request,
|
|
|
|
|
logic.FormatError(errors.New("only admins can access dashboard"), "unauthorized"),
|
|
|
|
|
)
|
2023-12-20 13:08:55 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-12 18:49:49 +08:00
|
|
|
username := authRequest.UserName
|
2021-10-22 08:32:23 +08:00
|
|
|
jwt, err := logic.VerifyAuthRequest(authRequest)
|
2021-04-30 06:14:13 +08:00
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, username, "user validation failed: ",
|
|
|
|
|
err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "badrequest"))
|
2021-04-30 23:30:19 +08:00
|
|
|
return
|
2021-04-30 06:14:13 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if jwt == "" {
|
2021-10-16 20:01:38 +08:00
|
|
|
// very unlikely that err is !nil and no jwt returned, but handle it anyways.
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, username, "jwt token is empty")
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
response,
|
|
|
|
|
request,
|
|
|
|
|
logic.FormatError(errors.New("no token returned"), "internal"),
|
|
|
|
|
)
|
2021-04-30 06:14:13 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var successResponse = models.SuccessResponse{
|
|
|
|
|
Code: http.StatusOK,
|
2021-07-19 23:30:27 +08:00
|
|
|
Message: "W1R3: Device " + username + " Authorized",
|
2021-04-30 06:14:13 +08:00
|
|
|
Response: models.SuccessfulUserLoginResponse{
|
|
|
|
|
AuthToken: jwt,
|
2021-07-19 23:30:27 +08:00
|
|
|
UserName: username,
|
2021-04-30 06:14:13 +08:00
|
|
|
},
|
|
|
|
|
}
|
2021-10-16 20:01:38 +08:00
|
|
|
// Send back the JWT
|
2021-04-30 06:14:13 +08:00
|
|
|
successJSONResponse, jsonError := json.Marshal(successResponse)
|
|
|
|
|
if jsonError != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, username,
|
2024-05-08 15:14:39 +08:00
|
|
|
"error marshalling resp: ", jsonError.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(response, request, errorResponse)
|
2021-04-30 06:14:13 +08:00
|
|
|
return
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, username, "was authenticated")
|
2021-04-30 06:14:13 +08:00
|
|
|
response.Header().Set("Content-Type", "application/json")
|
|
|
|
|
response.Write(successJSONResponse)
|
2023-10-02 12:57:58 +08:00
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
|
if servercfg.IsPro && servercfg.GetRacAutoDisable() {
|
|
|
|
|
// enable all associeated clients for the user
|
|
|
|
|
clients, err := logic.GetAllExtClients()
|
|
|
|
|
if err != nil {
|
|
|
|
|
slog.Error("error getting clients: ", "error", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
for _, client := range clients {
|
|
|
|
|
if client.OwnerID == username && !client.Enabled {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Info(
|
|
|
|
|
fmt.Sprintf(
|
|
|
|
|
"enabling ext client %s for user %s due to RAC autodisabling feature",
|
|
|
|
|
client.ClientID,
|
|
|
|
|
client.OwnerID,
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-10-02 12:57:58 +08:00
|
|
|
if newClient, err := logic.ToggleExtClientConnectivity(&client, true); err != nil {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"error enabling ext client in RAC autodisable hook",
|
|
|
|
|
"error",
|
|
|
|
|
err,
|
|
|
|
|
)
|
2023-10-02 12:57:58 +08:00
|
|
|
continue // dont return but try for other clients
|
|
|
|
|
} else {
|
|
|
|
|
// publish peer update to ingress gateway
|
|
|
|
|
if ingressNode, err := logic.GetNodeByID(newClient.IngressGatewayID); err == nil {
|
2024-01-11 18:29:19 +08:00
|
|
|
if err = mq.PublishPeerUpdate(false); err != nil {
|
2023-10-02 12:57:58 +08:00
|
|
|
slog.Error("error updating ext clients on", "ingress", ingressNode.ID.String(), "err", err.Error())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}()
|
2021-04-30 06:14:13 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Check if the server has a super admin
|
|
|
|
|
// @Router /api/users/adm/hassuperadmin [get]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Success 200 {object} bool
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2023-09-01 16:57:08 +08:00
|
|
|
func hasSuperAdmin(w http.ResponseWriter, r *http.Request) {
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
hasSuperAdmin, err := logic.HasSuperAdmin()
|
2021-08-10 01:30:40 +08:00
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, "failed to check for admin: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-08-10 01:30:40 +08:00
|
|
|
return
|
2021-09-06 22:36:14 +08:00
|
|
|
}
|
2021-03-26 00:17:52 +08:00
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
json.NewEncoder(w).Encode(hasSuperAdmin)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Get an individual user
|
|
|
|
|
// @Router /api/users/{username} [get]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the user to fetch"
|
|
|
|
|
// @Success 200 {object} models.User
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func getUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
2021-04-18 02:03:01 +08:00
|
|
|
var params = mux.Vars(r)
|
2021-07-19 23:30:27 +08:00
|
|
|
usernameFetched := params["username"]
|
2023-06-26 13:23:00 +08:00
|
|
|
user, err := logic.GetReturnUser(usernameFetched)
|
2021-03-26 00:17:52 +08:00
|
|
|
|
|
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, usernameFetched, "failed to fetch user: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-03-26 00:17:52 +08:00
|
|
|
return
|
|
|
|
|
}
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched user", usernameFetched)
|
2021-03-26 00:17:52 +08:00
|
|
|
json.NewEncoder(w).Encode(user)
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Get all users
|
|
|
|
|
// @Router /api/users [get]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Success 200 {array} models.User
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2021-07-02 12:03:46 +08:00
|
|
|
func getUsers(w http.ResponseWriter, r *http.Request) {
|
2021-07-15 04:47:05 +08:00
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2021-07-02 12:03:46 +08:00
|
|
|
|
2021-10-22 03:28:58 +08:00
|
|
|
users, err := logic.GetUsers()
|
2021-07-02 12:03:46 +08:00
|
|
|
|
2021-07-15 04:47:05 +08:00
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, "failed to fetch users: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-07-15 04:47:05 +08:00
|
|
|
return
|
|
|
|
|
}
|
2021-07-02 12:03:46 +08:00
|
|
|
|
2023-04-04 02:36:38 +08:00
|
|
|
logic.SortUsers(users[:])
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched users")
|
2021-07-15 04:47:05 +08:00
|
|
|
json.NewEncoder(w).Encode(users)
|
2021-07-02 12:03:46 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Create a super admin
|
|
|
|
|
// @Router /api/users/adm/createsuperadmin [post]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param body body models.User true "User details"
|
|
|
|
|
// @Success 200 {object} models.User
|
|
|
|
|
// @Failure 400 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2023-09-01 16:57:08 +08:00
|
|
|
func createSuperAdmin(w http.ResponseWriter, r *http.Request) {
|
2021-03-26 00:17:52 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
var u models.User
|
2021-10-15 04:36:14 +08:00
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
err := json.NewDecoder(r.Body).Decode(&u)
|
2022-07-12 18:49:49 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
slog.Error("error decoding request body", "error", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2022-07-12 18:49:49 +08:00
|
|
|
return
|
|
|
|
|
}
|
2021-04-30 23:30:19 +08:00
|
|
|
|
2022-09-14 03:25:56 +08:00
|
|
|
if !servercfg.IsBasicAuthEnabled() {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"),
|
|
|
|
|
)
|
2022-09-14 03:25:56 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
err = logic.CreateSuperAdmin(&u)
|
2021-04-18 02:03:01 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
slog.Error("failed to create admin", "error", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-04-18 02:03:01 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
logger.Log(1, u.UserName, "was made a super admin")
|
|
|
|
|
json.NewEncoder(w).Encode(logic.ToReturnUser(u))
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Transfer super admin role to another admin user
|
|
|
|
|
// @Router /api/users/adm/transfersuperadmin/{username} [post]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the user to transfer super admin role"
|
|
|
|
|
// @Success 200 {object} models.User
|
|
|
|
|
// @Failure 403 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2023-09-01 16:57:08 +08:00
|
|
|
func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
|
2021-07-15 04:47:05 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2023-09-01 16:57:08 +08:00
|
|
|
caller, err := logic.GetUser(r.Header.Get("user"))
|
2022-07-12 18:49:49 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
}
|
|
|
|
|
if !caller.IsSuperAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("only superadmin can assign the superadmin role to another user"),
|
|
|
|
|
"forbidden",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
username := params["username"]
|
|
|
|
|
u, err := logic.GetUser(username)
|
|
|
|
|
if err != nil {
|
|
|
|
|
slog.Error("error getting user", "user", u.UserName, "error", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2022-07-12 18:49:49 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
if !u.IsAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("only admins can be promoted to superadmin role"),
|
|
|
|
|
"forbidden",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !servercfg.IsBasicAuthEnabled() {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(fmt.Errorf("basic auth is disabled"), "badrequest"),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
2022-09-14 03:25:56 +08:00
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
u.IsSuperAdmin = true
|
|
|
|
|
u.IsAdmin = false
|
|
|
|
|
err = logic.UpsertUser(*u)
|
2021-07-15 04:47:05 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
slog.Error("error updating user to superadmin: ", "user", u.UserName, "error", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-07-15 04:47:05 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
caller.IsSuperAdmin = false
|
|
|
|
|
caller.IsAdmin = true
|
|
|
|
|
err = logic.UpsertUser(*caller)
|
|
|
|
|
if err != nil {
|
|
|
|
|
slog.Error("error demoting user to admin: ", "user", caller.UserName, "error", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
slog.Info("user was made a super admin", "user", u.UserName)
|
|
|
|
|
json.NewEncoder(w).Encode(logic.ToReturnUser(*u))
|
2021-07-02 12:03:46 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Create a user
|
|
|
|
|
// @Router /api/users/{username} [post]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the user to create"
|
|
|
|
|
// @Param body body models.User true "User details"
|
|
|
|
|
// @Success 200 {object} models.User
|
|
|
|
|
// @Failure 400 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 403 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2023-09-01 16:57:08 +08:00
|
|
|
func createUser(w http.ResponseWriter, r *http.Request) {
|
2021-10-26 02:51:52 +08:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
2023-09-01 16:57:08 +08:00
|
|
|
caller, err := logic.GetUser(r.Header.Get("user"))
|
2021-10-26 02:51:52 +08:00
|
|
|
if err != nil {
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2024-01-04 00:29:38 +08:00
|
|
|
return
|
2021-10-26 02:51:52 +08:00
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
var user models.User
|
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&user)
|
2021-10-26 02:51:52 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
logger.Log(0, user.UserName, "error decoding request body: ",
|
2022-07-12 18:49:49 +08:00
|
|
|
err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-10-26 02:51:52 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
if !caller.IsSuperAdmin && user.IsAdmin {
|
|
|
|
|
err = errors.New("only superadmin can create admin users")
|
|
|
|
|
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
2021-10-26 02:51:52 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
if user.IsSuperAdmin {
|
|
|
|
|
err = errors.New("additional superadmins cannot be created")
|
|
|
|
|
slog.Error("error creating new user: ", "user", user.UserName, "error", err)
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
2023-12-01 02:37:00 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !servercfg.IsPro && !user.IsAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("non-admins users can only be created on Pro version"),
|
|
|
|
|
"forbidden",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = logic.CreateUser(&user)
|
2023-06-26 13:23:00 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
slog.Error("error creating new user: ", "user", user.UserName, "error", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2023-05-23 05:57:32 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
slog.Info("user was created", "username", user.UserName)
|
|
|
|
|
json.NewEncoder(w).Encode(logic.ToReturnUser(user))
|
2021-10-26 02:51:52 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Update a user
|
|
|
|
|
// @Router /api/users/{username} [put]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the user to update"
|
|
|
|
|
// @Param body body models.User true "User details"
|
|
|
|
|
// @Success 200 {object} models.User
|
|
|
|
|
// @Failure 400 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 403 {object} models.ErrorResponse
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func updateUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
var params = mux.Vars(r)
|
2021-10-16 20:01:38 +08:00
|
|
|
// start here
|
2023-09-01 16:57:08 +08:00
|
|
|
var caller *models.User
|
|
|
|
|
var err error
|
|
|
|
|
var ismaster bool
|
|
|
|
|
if r.Header.Get("user") == logic.MasterUser {
|
|
|
|
|
ismaster = true
|
|
|
|
|
} else {
|
|
|
|
|
caller, err = logic.GetUser(r.Header.Get("user"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
}
|
2023-03-31 03:10:17 +08:00
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
|
2021-07-19 23:30:27 +08:00
|
|
|
username := params["username"]
|
2022-12-21 04:10:40 +08:00
|
|
|
user, err := logic.GetUser(username)
|
2021-04-18 02:03:01 +08:00
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, username,
|
|
|
|
|
"failed to update user info: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-04-18 02:03:01 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
var userchange models.User
|
|
|
|
|
// we decode our body request params
|
|
|
|
|
err = json.NewDecoder(r.Body).Decode(&userchange)
|
2021-03-26 00:17:52 +08:00
|
|
|
if err != nil {
|
2023-09-01 16:57:08 +08:00
|
|
|
slog.Error("failed to decode body", "error ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-04-18 02:03:01 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
if user.UserName != userchange.UserName {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("user in param and request body not matching"),
|
|
|
|
|
"badrequest",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-03-31 03:10:17 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
selfUpdate := false
|
|
|
|
|
if !ismaster && caller.UserName == user.UserName {
|
|
|
|
|
selfUpdate = true
|
2021-03-26 00:17:52 +08:00
|
|
|
}
|
|
|
|
|
|
2023-09-01 16:57:08 +08:00
|
|
|
if !ismaster && !selfUpdate {
|
|
|
|
|
if caller.IsAdmin && user.IsSuperAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"non-superadmin user",
|
|
|
|
|
"caller",
|
|
|
|
|
caller.UserName,
|
|
|
|
|
"attempted to update superadmin user",
|
|
|
|
|
username,
|
|
|
|
|
)
|
|
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !caller.IsAdmin && !caller.IsSuperAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"operation not allowed",
|
|
|
|
|
"caller",
|
|
|
|
|
caller.UserName,
|
|
|
|
|
"attempted to update user",
|
|
|
|
|
username,
|
|
|
|
|
)
|
|
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(errors.New("cannot update superadmin user"), "forbidden"),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if caller.IsAdmin && user.IsAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"admin user cannot update another admin",
|
|
|
|
|
"caller",
|
|
|
|
|
caller.UserName,
|
|
|
|
|
"attempted to update admin user",
|
|
|
|
|
username,
|
|
|
|
|
)
|
|
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("admin user cannot update another admin"),
|
|
|
|
|
"forbidden",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if caller.IsAdmin && userchange.IsAdmin {
|
|
|
|
|
err = errors.New("admin user cannot update role of an another user to admin")
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"failed to update user",
|
|
|
|
|
"caller",
|
|
|
|
|
caller.UserName,
|
|
|
|
|
"attempted to update user",
|
|
|
|
|
username,
|
|
|
|
|
"error",
|
|
|
|
|
err,
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
if !ismaster && selfUpdate {
|
|
|
|
|
if user.IsAdmin != userchange.IsAdmin || user.IsSuperAdmin != userchange.IsSuperAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"user cannot change his own role",
|
|
|
|
|
"caller",
|
|
|
|
|
caller.UserName,
|
|
|
|
|
"attempted to update user role",
|
|
|
|
|
username,
|
|
|
|
|
)
|
|
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(errors.New("user not allowed to self assign role"), "forbidden"),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
}
|
2021-07-15 04:47:05 +08:00
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
if ismaster {
|
|
|
|
|
if !user.IsSuperAdmin && userchange.IsSuperAdmin {
|
2024-08-15 14:25:01 +08:00
|
|
|
slog.Error(
|
|
|
|
|
"operation not allowed",
|
|
|
|
|
"caller",
|
|
|
|
|
logic.MasterUser,
|
|
|
|
|
"attempted to update user role to superadmin",
|
|
|
|
|
username,
|
|
|
|
|
)
|
|
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("attempted to update user role to superadmin"),
|
|
|
|
|
"forbidden",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-04 14:15:41 +08:00
|
|
|
if auth.IsOauthUser(user) == nil && userchange.Password != "" {
|
|
|
|
|
err := fmt.Errorf("cannot update user's password for an oauth user %s", username)
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
|
2021-10-26 02:51:52 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
|
2022-12-21 04:10:40 +08:00
|
|
|
user, err = logic.UpdateUser(&userchange, user)
|
2021-07-15 04:47:05 +08:00
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, username,
|
2023-09-01 16:57:08 +08:00
|
|
|
"failed to update user info: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-07-15 04:47:05 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-09-01 16:57:08 +08:00
|
|
|
logger.Log(1, username, "was updated")
|
2023-06-26 13:23:00 +08:00
|
|
|
json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
|
2021-07-02 12:03:46 +08:00
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Delete a user
|
|
|
|
|
// @Router /api/users/{username} [delete]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the user to delete"
|
|
|
|
|
// @Success 200 {string} string
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2021-03-26 00:17:52 +08:00
|
|
|
func deleteUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// Set header
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
// get params
|
|
|
|
|
var params = mux.Vars(r)
|
2023-09-01 16:57:08 +08:00
|
|
|
caller, err := logic.GetUser(r.Header.Get("user"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
}
|
2021-07-19 23:30:27 +08:00
|
|
|
username := params["username"]
|
2023-09-01 16:57:08 +08:00
|
|
|
user, err := logic.GetUser(username)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Log(0, username,
|
|
|
|
|
"failed to update user info: ", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if user.IsSuperAdmin {
|
|
|
|
|
slog.Error(
|
|
|
|
|
"failed to delete user: ", "user", username, "error", "superadmin cannot be deleted")
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(fmt.Errorf("superadmin cannot be deleted"), "internal"),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !caller.IsSuperAdmin {
|
|
|
|
|
if caller.IsAdmin && user.IsAdmin {
|
|
|
|
|
slog.Error(
|
2024-08-15 14:25:01 +08:00
|
|
|
"failed to delete user: ",
|
|
|
|
|
"user",
|
|
|
|
|
username,
|
|
|
|
|
"error",
|
|
|
|
|
"admin cannot delete another admin user, including oneself",
|
|
|
|
|
)
|
|
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
fmt.Errorf("admin cannot delete another admin user, including oneself"),
|
|
|
|
|
"internal",
|
|
|
|
|
),
|
|
|
|
|
)
|
2023-09-01 16:57:08 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-12 18:49:49 +08:00
|
|
|
success, err := logic.DeleteUser(username)
|
2021-04-15 10:59:25 +08:00
|
|
|
if err != nil {
|
2022-07-12 18:49:49 +08:00
|
|
|
logger.Log(0, username,
|
|
|
|
|
"failed to delete user: ", err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
2021-03-26 00:17:52 +08:00
|
|
|
return
|
2021-04-15 10:59:25 +08:00
|
|
|
} else if !success {
|
2022-07-12 18:49:49 +08:00
|
|
|
err := errors.New("delete unsuccessful")
|
|
|
|
|
logger.Log(0, username, err.Error())
|
2022-09-15 01:26:31 +08:00
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
2021-04-18 02:03:01 +08:00
|
|
|
return
|
|
|
|
|
}
|
2023-10-18 03:22:17 +08:00
|
|
|
// check and delete extclient with this ownerID
|
|
|
|
|
go func() {
|
|
|
|
|
extclients, err := logic.GetAllExtClients()
|
|
|
|
|
if err != nil {
|
|
|
|
|
slog.Error("failed to get extclients", "error", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
for _, extclient := range extclients {
|
|
|
|
|
if extclient.OwnerID == user.UserName {
|
|
|
|
|
err = logic.DeleteExtClient(extclient.Network, extclient.ClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
slog.Error("failed to delete extclient",
|
|
|
|
|
"id", extclient.ClientID, "owner", user.UserName, "error", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-12-20 14:24:53 +08:00
|
|
|
if servercfg.IsDNSMode() {
|
|
|
|
|
logic.SetDNS()
|
|
|
|
|
}
|
2023-10-18 03:22:17 +08:00
|
|
|
}()
|
2021-12-07 04:31:08 +08:00
|
|
|
logger.Log(1, username, "was deleted")
|
2021-03-26 00:17:52 +08:00
|
|
|
json.NewEncoder(w).Encode(params["username"] + " deleted.")
|
|
|
|
|
}
|
2022-09-14 03:25:56 +08:00
|
|
|
|
|
|
|
|
// Called when vpn client dials in to start the auth flow and first stage is to get register URL itself
|
|
|
|
|
func socketHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// Upgrade our raw HTTP connection to a websocket based one
|
|
|
|
|
conn, err := upgrader.Upgrade(w, r, nil)
|
|
|
|
|
if err != nil {
|
2022-09-15 22:23:19 +08:00
|
|
|
logger.Log(0, "error during connection upgrade for node sign-in:", err.Error())
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if conn == nil {
|
|
|
|
|
logger.Log(0, "failed to establish web-socket connection during node sign-in")
|
2022-09-14 03:25:56 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
// Start handling the session
|
2023-04-13 23:36:13 +08:00
|
|
|
go auth.SessionHandler(conn)
|
2022-09-14 03:25:56 +08:00
|
|
|
}
|
2024-04-03 13:50:19 +08:00
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Get all pending users
|
|
|
|
|
// @Router /api/users_pending [get]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Success 200 {array} models.User
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2024-04-03 13:50:19 +08:00
|
|
|
func getPendingUsers(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
|
|
|
|
users, err := logic.ListPendingUsers()
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Log(0, "failed to fetch users: ", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logic.SortUsers(users[:])
|
|
|
|
|
logger.Log(2, r.Header.Get("user"), "fetched pending users")
|
|
|
|
|
json.NewEncoder(w).Encode(users)
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Approve a pending user
|
|
|
|
|
// @Router /api/users_pending/user/{username} [post]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the pending user to approve"
|
|
|
|
|
// @Success 200 {string} string
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2024-04-03 13:50:19 +08:00
|
|
|
func approvePendingUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
username := params["username"]
|
|
|
|
|
users, err := logic.ListPendingUsers()
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Log(0, "failed to fetch users: ", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
for _, user := range users {
|
|
|
|
|
if user.UserName == username {
|
|
|
|
|
var newPass, fetchErr = auth.FetchPassValue("")
|
|
|
|
|
if fetchErr != nil {
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(fetchErr, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err = logic.CreateUser(&models.User{
|
|
|
|
|
UserName: user.UserName,
|
|
|
|
|
Password: newPass,
|
|
|
|
|
}); err != nil {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(fmt.Errorf("failed to create user: %s", err), "internal"),
|
|
|
|
|
)
|
2024-04-03 13:50:19 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
err = logic.DeletePendingUser(username)
|
|
|
|
|
if err != nil {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
fmt.Errorf("failed to delete pending user: %s", err),
|
|
|
|
|
"internal",
|
|
|
|
|
),
|
|
|
|
|
)
|
2024-04-03 13:50:19 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
logic.ReturnSuccessResponse(w, r, "approved "+username)
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Delete a pending user
|
|
|
|
|
// @Router /api/users_pending/user/{username} [delete]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Param username path string true "Username of the pending user to delete"
|
|
|
|
|
// @Success 200 {string} string
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2024-04-03 13:50:19 +08:00
|
|
|
func deletePendingUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
var params = mux.Vars(r)
|
|
|
|
|
username := params["username"]
|
|
|
|
|
users, err := logic.ListPendingUsers()
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Log(0, "failed to fetch users: ", err.Error())
|
|
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
for _, user := range users {
|
|
|
|
|
if user.UserName == username {
|
|
|
|
|
err = logic.DeletePendingUser(username)
|
|
|
|
|
if err != nil {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
fmt.Errorf("failed to delete pending user: %s", err),
|
|
|
|
|
"internal",
|
|
|
|
|
),
|
|
|
|
|
)
|
2024-04-03 13:50:19 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
logic.ReturnSuccessResponse(w, r, "deleted pending "+username)
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 14:25:01 +08:00
|
|
|
// @Summary Delete all pending users
|
|
|
|
|
// @Router /api/users_pending [delete]
|
|
|
|
|
// @Tags Users
|
|
|
|
|
// @Success 200 {string} string
|
|
|
|
|
// @Failure 500 {object} models.ErrorResponse
|
2024-04-03 13:50:19 +08:00
|
|
|
func deleteAllPendingUsers(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// set header.
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
err := database.DeleteAllRecords(database.PENDING_USERS_TABLE_NAME)
|
|
|
|
|
if err != nil {
|
2024-08-15 14:25:01 +08:00
|
|
|
logic.ReturnErrorResponse(
|
|
|
|
|
w,
|
|
|
|
|
r,
|
|
|
|
|
logic.FormatError(
|
|
|
|
|
errors.New("failed to delete all pending users "+err.Error()),
|
|
|
|
|
"internal",
|
|
|
|
|
),
|
|
|
|
|
)
|
2024-04-03 13:50:19 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
logic.ReturnSuccessResponse(w, r, "cleared all pending users")
|
|
|
|
|
}
|
