Moved v3 code from NginxProxyManager/nginx-proxy-manager-3 to NginxProxyManager/nginx-proxy-manager
This commit is contained in:
Jamie Curnow
235
backend/internal/api/handler/users.go
Normal file
235
backend/internal/api/handler/users.go
Normal file
@ -0,0 +1,235 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
c "npm/internal/api/context"
|
||||
h "npm/internal/api/http"
|
||||
"npm/internal/api/middleware"
|
||||
"npm/internal/config"
|
||||
"npm/internal/entity/auth"
|
||||
"npm/internal/entity/user"
|
||||
"npm/internal/errors"
|
||||
"npm/internal/logger"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
)
|
||||
|
||||
// GetUsers returns all users
|
||||
// Route: GET /users
|
||||
func GetUsers() func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
pageInfo, err := getPageInfoFromRequest(r)
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
users, err := user.List(pageInfo, middleware.GetFiltersFromContext(r), getExpandFromContext(r))
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
h.ResultResponseJSON(w, r, http.StatusOK, users)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// GetUser returns a specific user
|
||||
// Route: GET /users/{userID}
|
||||
func GetUser() func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
userID, _, userIDErr := getUserIDFromRequest(r)
|
||||
if userIDErr != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, userIDErr.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
userObject, err := user.GetByID(userID)
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
// nolint: errcheck,gosec
|
||||
userObject.Expand(getExpandFromContext(r))
|
||||
h.ResultResponseJSON(w, r, http.StatusOK, userObject)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// UpdateUser updates a user
|
||||
// Route: PUT /users/{userID}
|
||||
func UpdateUser() func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
userID, self, userIDErr := getUserIDFromRequest(r)
|
||||
if userIDErr != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, userIDErr.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
userObject, err := user.GetByID(userID)
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
// nolint: errcheck,gosec
|
||||
userObject.Expand([]string{"capabilities"})
|
||||
bodyBytes, _ := r.Context().Value(c.BodyCtxKey).([]byte)
|
||||
err := json.Unmarshal(bodyBytes, &userObject)
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, h.ErrInvalidPayload.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
if userObject.IsDisabled && self {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, "You cannot disable yourself!", nil)
|
||||
return
|
||||
}
|
||||
|
||||
if err = userObject.Save(); err != nil {
|
||||
if err == errors.ErrDuplicateEmailUser || err == errors.ErrSystemUserReadonly {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
logger.Error("UpdateUserError", err)
|
||||
h.ResultErrorJSON(w, r, http.StatusInternalServerError, "Unable to save User", nil)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if !self {
|
||||
err = userObject.SaveCapabilities()
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// nolint: errcheck,gosec
|
||||
userObject.Expand(getExpandFromContext(r))
|
||||
|
||||
h.ResultResponseJSON(w, r, http.StatusOK, userObject)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// DeleteUser removes a user
|
||||
// Route: DELETE /users/{userID}
|
||||
func DeleteUser() func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
var userID int
|
||||
var err error
|
||||
if userID, err = getURLParamInt(r, "userID"); err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
myUserID, _ := r.Context().Value(c.UserIDCtxKey).(int)
|
||||
if myUserID == userID {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, "You cannot delete yourself!", nil)
|
||||
return
|
||||
}
|
||||
|
||||
user, err := user.GetByID(userID)
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
h.ResultResponseJSON(w, r, http.StatusOK, user.Delete())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// CreateUser creates a user
|
||||
// Route: POST /users
|
||||
func CreateUser() func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
bodyBytes, _ := r.Context().Value(c.BodyCtxKey).([]byte)
|
||||
|
||||
var newUser user.Model
|
||||
err := json.Unmarshal(bodyBytes, &newUser)
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, h.ErrInvalidPayload.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
if err = newUser.Save(); err != nil {
|
||||
if err == errors.ErrDuplicateEmailUser || err == errors.ErrSystemUserReadonly {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
logger.Error("UpdateUserError", err)
|
||||
h.ResultErrorJSON(w, r, http.StatusInternalServerError, "Unable to save User", nil)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Set the permissions to full-admin for this user
|
||||
if !config.IsSetup {
|
||||
newUser.Capabilities = []string{user.CapabilityFullAdmin}
|
||||
}
|
||||
|
||||
// nolint: errcheck,gosec
|
||||
err = newUser.SaveCapabilities()
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusInternalServerError, err.Error(), nil)
|
||||
return
|
||||
}
|
||||
|
||||
// newUser has been saved, now save their auth
|
||||
if newUser.Auth.Secret != "" && newUser.Auth.ID == 0 {
|
||||
newUser.Auth.UserID = newUser.ID
|
||||
if newUser.Auth.Type == auth.TypePassword {
|
||||
err = newUser.Auth.SetPassword(newUser.Auth.Secret)
|
||||
if err != nil {
|
||||
logger.Error("SetPasswordError", err)
|
||||
}
|
||||
}
|
||||
|
||||
if err = newUser.Auth.Save(); err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusInternalServerError, "Unable to save Authentication for User", nil)
|
||||
return
|
||||
}
|
||||
|
||||
newUser.Auth.Secret = ""
|
||||
}
|
||||
|
||||
if !config.IsSetup {
|
||||
config.IsSetup = true
|
||||
logger.Info("A new user was created, leaving Setup Mode")
|
||||
}
|
||||
|
||||
h.ResultResponseJSON(w, r, http.StatusOK, newUser)
|
||||
}
|
||||
}
|
||||
|
||||
// DeleteUsers is only available in debug mode for cypress tests
|
||||
// Route: DELETE /users
|
||||
func DeleteUsers() func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
err := user.DeleteAll()
|
||||
if err != nil {
|
||||
h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
|
||||
} else {
|
||||
// also change setup to true
|
||||
config.IsSetup = false
|
||||
logger.Info("Users have been wiped, entering Setup Mode")
|
||||
h.ResultResponseJSON(w, r, http.StatusOK, true)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func getUserIDFromRequest(r *http.Request) (int, bool, error) {
|
||||
userIDstr := chi.URLParam(r, "userID")
|
||||
selfUserID, _ := r.Context().Value(c.UserIDCtxKey).(int)
|
||||
|
||||
var userID int
|
||||
self := false
|
||||
if userIDstr == "me" {
|
||||
// Get user id from Token
|
||||
userID = selfUserID
|
||||
self = true
|
||||
} else {
|
||||
var userIDerr error
|
||||
if userID, userIDerr = getURLParamInt(r, "userID"); userIDerr != nil {
|
||||
return 0, false, userIDerr
|
||||
}
|
||||
self = selfUserID == userID
|
||||
}
|
||||
return userID, self, nil
|
||||
}
|
||||
Reference in New Issue
Block a user