1
0
Fork 0
miniflux/internal/api/user.go

218 lines
5.2 KiB
Go
Raw Normal View History

// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
2017-11-20 00:10:04 -05:00
package api // import "miniflux.app/v2/internal/api"
2017-11-20 00:10:04 -05:00
import (
json_parser "encoding/json"
2017-11-20 00:10:04 -05:00
"errors"
"net/http"
2024-07-03 00:03:49 -04:00
"regexp"
"strings"
2017-11-28 00:30:04 -05:00
"miniflux.app/v2/internal/http/request"
"miniflux.app/v2/internal/http/response/json"
"miniflux.app/v2/internal/model"
"miniflux.app/v2/internal/validator"
2017-11-20 00:10:04 -05:00
)
func (h *handler) currentUser(w http.ResponseWriter, r *http.Request) {
user, err := h.store.UserByID(request.UserID(r))
2018-05-14 21:41:41 -04:00
if err != nil {
2018-10-07 21:42:43 -04:00
json.ServerError(w, r, err)
2018-05-14 21:41:41 -04:00
return
}
json.OK(w, r, user)
2018-05-14 21:41:41 -04:00
}
func (h *handler) createUser(w http.ResponseWriter, r *http.Request) {
2018-09-03 17:26:40 -04:00
if !request.IsAdminUser(r) {
2018-10-07 21:42:43 -04:00
json.Forbidden(w, r)
2017-11-20 00:10:04 -05:00
return
}
var userCreationRequest model.UserCreationRequest
if err := json_parser.NewDecoder(r.Body).Decode(&userCreationRequest); err != nil {
2018-10-07 21:42:43 -04:00
json.BadRequest(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
if validationErr := validator.ValidateUserCreationWithPassword(h.store, &userCreationRequest); validationErr != nil {
json.BadRequest(w, r, validationErr.Error())
2017-11-20 00:10:04 -05:00
return
}
user, err := h.store.CreateUser(&userCreationRequest)
2017-11-20 00:10:04 -05:00
if err != nil {
2018-10-07 21:42:43 -04:00
json.ServerError(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
2018-10-07 21:42:43 -04:00
json.Created(w, r, user)
2017-11-20 00:10:04 -05:00
}
func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
userID := request.RouteInt64Param(r, "userID")
var userModificationRequest model.UserModificationRequest
if err := json_parser.NewDecoder(r.Body).Decode(&userModificationRequest); err != nil {
2018-10-07 21:42:43 -04:00
json.BadRequest(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
originalUser, err := h.store.UserByID(userID)
2017-11-20 00:10:04 -05:00
if err != nil {
json.ServerError(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
if originalUser == nil {
2018-10-07 21:42:43 -04:00
json.NotFound(w, r)
2017-11-20 00:10:04 -05:00
return
}
if !request.IsAdminUser(r) {
if originalUser.ID != request.UserID(r) {
json.Forbidden(w, r)
return
}
if userModificationRequest.IsAdmin != nil && *userModificationRequest.IsAdmin {
json.BadRequest(w, r, errors.New("only administrators can change permissions of standard users"))
return
}
}
2024-07-03 00:03:49 -04:00
cleanEnd := regexp.MustCompile(`(?m)\r\n\s*$`)
if userModificationRequest.BlockFilterEntryRules != nil {
*userModificationRequest.BlockFilterEntryRules = cleanEnd.ReplaceAllLiteralString(*userModificationRequest.BlockFilterEntryRules, "")
// Clean carriage returns for Windows environments
*userModificationRequest.BlockFilterEntryRules = strings.ReplaceAll(*userModificationRequest.BlockFilterEntryRules, "\r\n", "\n")
2024-07-03 00:03:49 -04:00
}
if userModificationRequest.KeepFilterEntryRules != nil {
*userModificationRequest.KeepFilterEntryRules = cleanEnd.ReplaceAllLiteralString(*userModificationRequest.KeepFilterEntryRules, "")
// Clean carriage returns for Windows environments
*userModificationRequest.KeepFilterEntryRules = strings.ReplaceAll(*userModificationRequest.KeepFilterEntryRules, "\r\n", "\n")
2024-07-03 00:03:49 -04:00
}
if validationErr := validator.ValidateUserModification(h.store, originalUser.ID, &userModificationRequest); validationErr != nil {
json.BadRequest(w, r, validationErr.Error())
return
}
userModificationRequest.Patch(originalUser)
if err = h.store.UpdateUser(originalUser); err != nil {
2018-10-07 21:42:43 -04:00
json.ServerError(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
2018-10-07 21:42:43 -04:00
json.Created(w, r, originalUser)
2017-11-20 00:10:04 -05:00
}
2020-11-25 14:46:05 -05:00
func (h *handler) markUserAsRead(w http.ResponseWriter, r *http.Request) {
userID := request.RouteInt64Param(r, "userID")
if userID != request.UserID(r) {
json.Forbidden(w, r)
return
}
if _, err := h.store.UserByID(userID); err != nil {
json.NotFound(w, r)
return
}
if err := h.store.MarkAllAsRead(userID); err != nil {
json.ServerError(w, r, err)
return
}
json.NoContent(w, r)
}
func (h *handler) users(w http.ResponseWriter, r *http.Request) {
2018-09-03 17:26:40 -04:00
if !request.IsAdminUser(r) {
2018-10-07 21:42:43 -04:00
json.Forbidden(w, r)
2017-11-20 00:10:04 -05:00
return
}
users, err := h.store.Users()
2017-11-20 00:10:04 -05:00
if err != nil {
2018-10-07 21:42:43 -04:00
json.ServerError(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
2018-09-03 17:26:40 -04:00
users.UseTimezone(request.UserTimezone(r))
json.OK(w, r, users)
2017-11-20 00:10:04 -05:00
}
func (h *handler) userByID(w http.ResponseWriter, r *http.Request) {
2018-09-03 17:26:40 -04:00
if !request.IsAdminUser(r) {
2018-10-07 21:42:43 -04:00
json.Forbidden(w, r)
2017-11-20 00:10:04 -05:00
return
}
userID := request.RouteInt64Param(r, "userID")
user, err := h.store.UserByID(userID)
2017-11-20 00:10:04 -05:00
if err != nil {
json.BadRequest(w, r, errors.New("unable to fetch this user from the database"))
2017-11-20 00:10:04 -05:00
return
}
if user == nil {
2018-10-07 21:42:43 -04:00
json.NotFound(w, r)
2017-11-20 00:10:04 -05:00
return
}
2018-09-03 17:26:40 -04:00
user.UseTimezone(request.UserTimezone(r))
json.OK(w, r, user)
2017-11-20 00:10:04 -05:00
}
func (h *handler) userByUsername(w http.ResponseWriter, r *http.Request) {
2018-09-03 17:26:40 -04:00
if !request.IsAdminUser(r) {
2018-10-07 21:42:43 -04:00
json.Forbidden(w, r)
return
}
username := request.RouteStringParam(r, "username")
user, err := h.store.UserByUsername(username)
if err != nil {
json.BadRequest(w, r, errors.New("unable to fetch this user from the database"))
return
}
if user == nil {
2018-10-07 21:42:43 -04:00
json.NotFound(w, r)
return
}
json.OK(w, r, user)
}
func (h *handler) removeUser(w http.ResponseWriter, r *http.Request) {
2018-09-03 17:26:40 -04:00
if !request.IsAdminUser(r) {
2018-10-07 21:42:43 -04:00
json.Forbidden(w, r)
2017-11-20 00:10:04 -05:00
return
}
userID := request.RouteInt64Param(r, "userID")
user, err := h.store.UserByID(userID)
2017-11-20 00:10:04 -05:00
if err != nil {
2018-10-07 21:42:43 -04:00
json.ServerError(w, r, err)
2017-11-20 00:10:04 -05:00
return
}
if user == nil {
2018-10-07 21:42:43 -04:00
json.NotFound(w, r)
2017-11-20 00:10:04 -05:00
return
}
if user.ID == request.UserID(r) {
json.BadRequest(w, r, errors.New("you cannot remove yourself"))
2017-11-20 00:10:04 -05:00
return
}
h.store.RemoveUserAsync(user.ID)
2018-10-07 21:42:43 -04:00
json.NoContent(w, r)
2017-11-20 00:10:04 -05:00
}