mirror of
https://github.com/usememos/memos.git
synced 2024-12-26 23:22:47 +08:00
52539fc130
* chore: add en-GB language
* chore: remove en-GB contents
* chore: prevent visitors from breaking demo
- prevent disabling password login
- prevent updating `memos-demo` user
- prevent setting additional style
- prevent setting additional script
- add some error feedback to system settings UI
* Revert "chore: add en-GB language"
This reverts commit 2716377b04
.
308 lines
12 KiB
Go
308 lines
12 KiB
Go
package v1
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/usememos/memos/store"
|
|
)
|
|
|
|
type SystemSettingName string
|
|
|
|
const (
|
|
// SystemSettingServerIDName is the name of server id.
|
|
SystemSettingServerIDName SystemSettingName = "server-id"
|
|
// SystemSettingSecretSessionName is the name of secret session.
|
|
SystemSettingSecretSessionName SystemSettingName = "secret-session"
|
|
// SystemSettingAllowSignUpName is the name of allow signup setting.
|
|
SystemSettingAllowSignUpName SystemSettingName = "allow-signup"
|
|
// SystemSettingDisablePasswordLoginName is the name of disable password login setting.
|
|
SystemSettingDisablePasswordLoginName SystemSettingName = "disable-password-login"
|
|
// SystemSettingDisablePublicMemosName is the name of disable public memos setting.
|
|
SystemSettingDisablePublicMemosName SystemSettingName = "disable-public-memos"
|
|
// SystemSettingMaxUploadSizeMiBName is the name of max upload size setting.
|
|
SystemSettingMaxUploadSizeMiBName SystemSettingName = "max-upload-size-mib"
|
|
// SystemSettingAdditionalStyleName is the name of additional style.
|
|
SystemSettingAdditionalStyleName SystemSettingName = "additional-style"
|
|
// SystemSettingAdditionalScriptName is the name of additional script.
|
|
SystemSettingAdditionalScriptName SystemSettingName = "additional-script"
|
|
// SystemSettingCustomizedProfileName is the name of customized server profile.
|
|
SystemSettingCustomizedProfileName SystemSettingName = "customized-profile"
|
|
// SystemSettingStorageServiceIDName is the name of storage service ID.
|
|
SystemSettingStorageServiceIDName SystemSettingName = "storage-service-id"
|
|
// SystemSettingLocalStoragePathName is the name of local storage path.
|
|
SystemSettingLocalStoragePathName SystemSettingName = "local-storage-path"
|
|
// SystemSettingTelegramBotTokenName is the name of Telegram Bot Token.
|
|
SystemSettingTelegramBotTokenName SystemSettingName = "telegram-bot-token"
|
|
// SystemSettingMemoDisplayWithUpdatedTsName is the name of memo display with updated ts.
|
|
SystemSettingMemoDisplayWithUpdatedTsName SystemSettingName = "memo-display-with-updated-ts"
|
|
// SystemSettingInstanceURLName is the name of instance url setting.
|
|
SystemSettingInstanceURLName SystemSettingName = "instance-url"
|
|
)
|
|
const systemSettingUnmarshalError = `failed to unmarshal value from system setting "%v"`
|
|
|
|
// CustomizedProfile is the struct definition for SystemSettingCustomizedProfileName system setting item.
|
|
type CustomizedProfile struct {
|
|
// Name is the server name, default is `memos`
|
|
Name string `json:"name"`
|
|
// LogoURL is the url of logo image.
|
|
LogoURL string `json:"logoUrl"`
|
|
// Description is the server description.
|
|
Description string `json:"description"`
|
|
// Locale is the server default locale.
|
|
Locale string `json:"locale"`
|
|
// Appearance is the server default appearance.
|
|
Appearance string `json:"appearance"`
|
|
// ExternalURL is the external url of server. e.g. https://usermemos.com
|
|
ExternalURL string `json:"externalUrl"`
|
|
}
|
|
|
|
func (key SystemSettingName) String() string {
|
|
return string(key)
|
|
}
|
|
|
|
type SystemSetting struct {
|
|
Name SystemSettingName `json:"name"`
|
|
// Value is a JSON string with basic value.
|
|
Value string `json:"value"`
|
|
Description string `json:"description"`
|
|
}
|
|
|
|
type UpsertSystemSettingRequest struct {
|
|
Name SystemSettingName `json:"name"`
|
|
Value string `json:"value"`
|
|
Description string `json:"description"`
|
|
}
|
|
|
|
func (s *APIV1Service) registerSystemSettingRoutes(g *echo.Group) {
|
|
g.GET("/system/setting", s.GetSystemSettingList)
|
|
g.POST("/system/setting", s.CreateSystemSetting)
|
|
}
|
|
|
|
// GetSystemSettingList godoc
|
|
//
|
|
// @Summary Get a list of system settings
|
|
// @Tags system-setting
|
|
// @Produce json
|
|
// @Success 200 {object} []SystemSetting "System setting list"
|
|
// @Failure 401 {object} nil "Missing user in session | Unauthorized"
|
|
// @Failure 500 {object} nil "Failed to find user | Failed to find system setting list"
|
|
// @Router /api/v1/system/setting [GET]
|
|
func (s *APIV1Service) GetSystemSettingList(c echo.Context) error {
|
|
ctx := c.Request().Context()
|
|
userID, ok := c.Get(userIDContextKey).(int32)
|
|
if !ok {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
|
}
|
|
|
|
user, err := s.Store.GetUser(ctx, &store.FindUser{
|
|
ID: &userID,
|
|
})
|
|
if err != nil {
|
|
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
|
|
}
|
|
if user == nil || user.Role != store.RoleHost {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
|
|
}
|
|
|
|
list, err := s.Store.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
|
|
if err != nil {
|
|
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting list").SetInternal(err)
|
|
}
|
|
|
|
systemSettingList := make([]*SystemSetting, 0, len(list))
|
|
for _, systemSetting := range list {
|
|
systemSettingList = append(systemSettingList, convertSystemSettingFromStore(systemSetting))
|
|
}
|
|
return c.JSON(http.StatusOK, systemSettingList)
|
|
}
|
|
|
|
// CreateSystemSetting godoc
|
|
//
|
|
// @Summary Create system setting
|
|
// @Tags system-setting
|
|
// @Accept json
|
|
// @Produce json
|
|
// @Param body body UpsertSystemSettingRequest true "Request object."
|
|
// @Success 200 {object} store.SystemSetting "Created system setting"
|
|
// @Failure 400 {object} nil "Malformatted post system setting request | invalid system setting"
|
|
// @Failure 401 {object} nil "Missing user in session | Unauthorized"
|
|
// @Failure 403 {object} nil "Cannot disable passwords if no SSO identity provider is configured."
|
|
// @Failure 500 {object} nil "Failed to find user | Failed to upsert system setting"
|
|
// @Router /api/v1/system/setting [POST]
|
|
func (s *APIV1Service) CreateSystemSetting(c echo.Context) error {
|
|
ctx := c.Request().Context()
|
|
userID, ok := c.Get(userIDContextKey).(int32)
|
|
if !ok {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
|
}
|
|
|
|
user, err := s.Store.GetUser(ctx, &store.FindUser{
|
|
ID: &userID,
|
|
})
|
|
if err != nil {
|
|
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
|
|
}
|
|
if user == nil || user.Role != store.RoleHost {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
|
|
}
|
|
|
|
systemSettingUpsert := &UpsertSystemSettingRequest{}
|
|
if err := json.NewDecoder(c.Request().Body).Decode(systemSettingUpsert); err != nil {
|
|
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post system setting request").SetInternal(err)
|
|
}
|
|
if err := systemSettingUpsert.Validate(); err != nil {
|
|
return echo.NewHTTPError(http.StatusBadRequest, "invalid system setting").SetInternal(err)
|
|
}
|
|
if s.Profile.Mode == "demo" {
|
|
switch systemSettingUpsert.Name {
|
|
case SystemSettingAdditionalStyleName:
|
|
return echo.NewHTTPError(http.StatusForbidden, "additional style is not allowed in demo mode")
|
|
case SystemSettingAdditionalScriptName:
|
|
return echo.NewHTTPError(http.StatusForbidden, "additional script is not allowed in demo mode")
|
|
case SystemSettingDisablePasswordLoginName:
|
|
return echo.NewHTTPError(http.StatusForbidden, "disabling password login is not allowed in demo mode")
|
|
}
|
|
}
|
|
if systemSettingUpsert.Name == SystemSettingDisablePasswordLoginName {
|
|
var disablePasswordLogin bool
|
|
if err := json.Unmarshal([]byte(systemSettingUpsert.Value), &disablePasswordLogin); err != nil {
|
|
return echo.NewHTTPError(http.StatusBadRequest, "invalid system setting").SetInternal(err)
|
|
}
|
|
|
|
identityProviderList, err := s.Store.ListIdentityProviders(ctx, &store.FindIdentityProvider{})
|
|
if err != nil {
|
|
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert system setting").SetInternal(err)
|
|
}
|
|
if disablePasswordLogin && len(identityProviderList) == 0 {
|
|
return echo.NewHTTPError(http.StatusForbidden, "Cannot disable passwords if no SSO identity provider is configured.")
|
|
}
|
|
}
|
|
|
|
systemSetting, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
|
|
Name: systemSettingUpsert.Name.String(),
|
|
Value: systemSettingUpsert.Value,
|
|
Description: systemSettingUpsert.Description,
|
|
})
|
|
if err != nil {
|
|
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to upsert system setting").SetInternal(err)
|
|
}
|
|
return c.JSON(http.StatusOK, convertSystemSettingFromStore(systemSetting))
|
|
}
|
|
|
|
func (upsert UpsertSystemSettingRequest) Validate() error {
|
|
switch settingName := upsert.Name; settingName {
|
|
case SystemSettingServerIDName:
|
|
return errors.Errorf("updating %v is not allowed", settingName)
|
|
case SystemSettingAllowSignUpName:
|
|
var value bool
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingDisablePasswordLoginName:
|
|
var value bool
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingDisablePublicMemosName:
|
|
var value bool
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingMaxUploadSizeMiBName:
|
|
var value int
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingAdditionalStyleName:
|
|
var value string
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingAdditionalScriptName:
|
|
var value string
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingCustomizedProfileName:
|
|
customizedProfile := CustomizedProfile{
|
|
Name: "memos",
|
|
LogoURL: "",
|
|
Description: "",
|
|
Locale: "en",
|
|
Appearance: "system",
|
|
ExternalURL: "",
|
|
}
|
|
if err := json.Unmarshal([]byte(upsert.Value), &customizedProfile); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingStorageServiceIDName:
|
|
// Note: 0 is the default value(database) for storage service ID.
|
|
value := 0
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
return nil
|
|
case SystemSettingLocalStoragePathName:
|
|
value := ""
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
|
|
trimmedValue := strings.TrimSpace(value)
|
|
switch {
|
|
case trimmedValue != value:
|
|
return errors.New("local storage path must not contain leading or trailing whitespace")
|
|
case trimmedValue == "":
|
|
return errors.New("local storage path can't be empty")
|
|
case strings.Contains(trimmedValue, "\\"):
|
|
return errors.New("local storage path must use forward slashes `/`")
|
|
case strings.Contains(trimmedValue, "../"):
|
|
return errors.New("local storage path is not allowed to contain `../`")
|
|
case strings.HasPrefix(trimmedValue, "./"):
|
|
return errors.New("local storage path is not allowed to start with `./`")
|
|
case filepath.IsAbs(trimmedValue) || trimmedValue[0] == '/':
|
|
return errors.New("local storage path must be a relative path")
|
|
case !strings.Contains(trimmedValue, "{filename}"):
|
|
return errors.New("local storage path must contain `{filename}`")
|
|
}
|
|
case SystemSettingTelegramBotTokenName:
|
|
if upsert.Value == "" {
|
|
return nil
|
|
}
|
|
// Bot Token with Reverse Proxy shoule like `http.../bot<token>`
|
|
if strings.HasPrefix(upsert.Value, "http") {
|
|
slashIndex := strings.LastIndexAny(upsert.Value, "/")
|
|
if strings.HasPrefix(upsert.Value[slashIndex:], "/bot") {
|
|
return nil
|
|
}
|
|
return errors.New("token start with `http` must end with `/bot<token>`")
|
|
}
|
|
fragments := strings.Split(upsert.Value, ":")
|
|
if len(fragments) != 2 {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingMemoDisplayWithUpdatedTsName:
|
|
var value bool
|
|
if err := json.Unmarshal([]byte(upsert.Value), &value); err != nil {
|
|
return errors.Errorf(systemSettingUnmarshalError, settingName)
|
|
}
|
|
case SystemSettingInstanceURLName:
|
|
default:
|
|
return errors.New("invalid system setting name")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func convertSystemSettingFromStore(systemSetting *store.WorkspaceSetting) *SystemSetting {
|
|
return &SystemSetting{
|
|
Name: SystemSettingName(systemSetting.Name),
|
|
Value: systemSetting.Value,
|
|
Description: systemSetting.Description,
|
|
}
|
|
}
|