2017-11-20 00:10:04 -05:00
|
|
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
2018-08-25 00:51:50 -04:00
|
|
|
package api // import "miniflux.app/api"
|
2017-11-20 00:10:04 -05:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
2018-04-29 19:35:04 -04:00
|
|
|
"net/http"
|
2017-11-28 00:30:04 -05:00
|
|
|
|
2018-08-25 00:51:50 -04:00
|
|
|
"miniflux.app/http/request"
|
|
|
|
|
"miniflux.app/http/response/json"
|
2017-11-20 00:10:04 -05:00
|
|
|
)
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) currentUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
user, err := h.store.UserByID(request.UserID(r))
|
2018-05-14 21:41:41 -04:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.ServerError(w, r, err)
|
2018-05-14 21:41:41 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-19 22:27:05 -04:00
|
|
|
json.OK(w, r, user)
|
2018-05-14 21:41:41 -04:00
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) createUser(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 17:26:40 -04:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-23 19:16:54 -04:00
|
|
|
user, err := decodeUserCreationPayload(r.Body)
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := user.ValidateUserCreation(); err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
if h.store.UserExists(user.Username) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, errors.New("This user already exists"))
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
err = h.store.CreateUser(user)
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user.Password = ""
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Created(w, r, user)
|
2017-11-20 00:10:04 -05:00
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 17:26:40 -04:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-24 00:02:26 -04:00
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
2018-06-23 19:16:54 -04:00
|
|
|
userChanges, err := decodeUserModificationPayload(r.Body)
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
originalUser, err := h.store.UserByID(userID)
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, errors.New("Unable to fetch this user from the database"))
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if originalUser == nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.NotFound(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-23 19:16:54 -04:00
|
|
|
userChanges.Update(originalUser)
|
|
|
|
|
if err := originalUser.ValidateUserModification(); err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, err)
|
2018-06-23 19:16:54 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
if err = h.store.UpdateUser(originalUser); err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Created(w, r, originalUser)
|
2017-11-20 00:10:04 -05:00
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) users(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 17:26:40 -04:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
users, err := h.store.Users()
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-03 17:26:40 -04:00
|
|
|
users.UseTimezone(request.UserTimezone(r))
|
2018-07-19 22:27:05 -04:00
|
|
|
json.OK(w, r, users)
|
2017-11-20 00:10:04 -05:00
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) userByID(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 17:26:40 -04:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-24 00:02:26 -04:00
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
2018-11-11 13:22:47 -05:00
|
|
|
user, err := h.store.UserByID(userID)
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, errors.New("Unable to fetch this user from the database"))
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user == nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.NotFound(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-03 17:26:40 -04:00
|
|
|
user.UseTimezone(request.UserTimezone(r))
|
2018-07-19 22:27:05 -04:00
|
|
|
json.OK(w, r, user)
|
2017-11-20 00:10:04 -05:00
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) userByUsername(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 17:26:40 -04:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Forbidden(w, r)
|
2017-12-26 15:10:48 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-24 00:02:26 -04:00
|
|
|
username := request.RouteStringParam(r, "username")
|
2018-11-11 13:22:47 -05:00
|
|
|
user, err := h.store.UserByUsername(username)
|
2017-12-26 15:10:48 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.BadRequest(w, r, errors.New("Unable to fetch this user from the database"))
|
2017-12-26 15:10:48 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user == nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.NotFound(w, r)
|
2017-12-26 15:10:48 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-19 22:27:05 -04:00
|
|
|
json.OK(w, r, user)
|
2017-12-26 15:10:48 -05:00
|
|
|
}
|
|
|
|
|
|
2018-11-11 13:22:47 -05:00
|
|
|
func (h *handler) removeUser(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 17:26:40 -04:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-24 00:02:26 -04:00
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
2018-11-11 13:22:47 -05:00
|
|
|
user, err := h.store.UserByID(userID)
|
2017-11-20 00:10:04 -05:00
|
|
|
if err != nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user == nil {
|
2018-10-07 21:42:43 -04:00
|
|
|
json.NotFound(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-28 23:28:02 -04:00
|
|
|
if user.ID == request.UserID(r) {
|
|
|
|
|
json.BadRequest(w, r, errors.New("You cannot remove yourself"))
|
2017-11-20 00:10:04 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-28 23:28:02 -04:00
|
|
|
h.store.RemoveUserAsync(user.ID)
|
2018-10-07 21:42:43 -04:00
|
|
|
json.NoContent(w, r)
|
2017-11-20 00:10:04 -05:00
|
|
|
}
|
