2017-11-20 06:10:04 +01:00
|
|
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2018-04-30 01:35:04 +02:00
|
|
|
"net/http"
|
2017-11-28 06:30:04 +01:00
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
"github.com/miniflux/miniflux/http/context"
|
|
|
|
"github.com/miniflux/miniflux/http/request"
|
|
|
|
"github.com/miniflux/miniflux/http/response/json"
|
2017-11-20 06:10:04 +01:00
|
|
|
)
|
|
|
|
|
2018-05-15 03:41:41 +02:00
|
|
|
// CurrentUser is the API handler to retrieve the authenticated user.
|
|
|
|
func (c *Controller) CurrentUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
|
|
|
user, err := c.store.UserByID(ctx.UserID())
|
|
|
|
if err != nil {
|
|
|
|
json.ServerError(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, user)
|
2018-05-15 03:41:41 +02:00
|
|
|
}
|
|
|
|
|
2017-11-20 06:10:04 +01:00
|
|
|
// CreateUser is the API handler to create a new user.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (c *Controller) CreateUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
2017-11-20 06:10:04 +01:00
|
|
|
if !ctx.IsAdminUser() {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Forbidden(w)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-06-24 01:16:54 +02:00
|
|
|
user, err := decodeUserCreationPayload(r.Body)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := user.ValidateUserCreation(); err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.store.UserExists(user.Username) {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, errors.New("This user already exists"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err = c.store.CreateUser(user)
|
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.ServerError(w, errors.New("Unable to create this user"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
user.Password = ""
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Created(w, user)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// UpdateUser is the API handler to update the given user.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (c *Controller) UpdateUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
2017-11-20 06:10:04 +01:00
|
|
|
if !ctx.IsAdminUser() {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Forbidden(w)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
userID, err := request.IntParam(r, "userID")
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-06-24 01:16:54 +02:00
|
|
|
userChanges, err := decodeUserModificationPayload(r.Body)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
originalUser, err := c.store.UserByID(userID)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if originalUser == nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.NotFound(w, errors.New("User not found"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-06-24 01:16:54 +02:00
|
|
|
userChanges.Update(originalUser)
|
|
|
|
if err := originalUser.ValidateUserModification(); err != nil {
|
|
|
|
json.BadRequest(w, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-20 06:10:04 +01:00
|
|
|
if err = c.store.UpdateUser(originalUser); err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.ServerError(w, errors.New("Unable to update this user"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Created(w, originalUser)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-12-26 21:10:48 +01:00
|
|
|
// Users is the API handler to get the list of users.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (c *Controller) Users(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
2017-11-20 06:10:04 +01:00
|
|
|
if !ctx.IsAdminUser() {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Forbidden(w)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
users, err := c.store.Users()
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.ServerError(w, errors.New("Unable to fetch the list of users"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-03-05 02:04:31 +01:00
|
|
|
users.UseTimezone(ctx.UserTimezone())
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, users)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-12-26 21:10:48 +01:00
|
|
|
// UserByID is the API handler to fetch the given user by the ID.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (c *Controller) UserByID(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
2017-11-20 06:10:04 +01:00
|
|
|
if !ctx.IsAdminUser() {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Forbidden(w)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
userID, err := request.IntParam(r, "userID")
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
user, err := c.store.UserByID(userID)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.NotFound(w, errors.New("User not found"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-03-05 02:04:31 +01:00
|
|
|
user.UseTimezone(ctx.UserTimezone())
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, user)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-12-26 21:10:48 +01:00
|
|
|
// UserByUsername is the API handler to fetch the given user by the username.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (c *Controller) UserByUsername(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
2017-12-26 21:10:48 +01:00
|
|
|
if !ctx.IsAdminUser() {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Forbidden(w)
|
2017-12-26 21:10:48 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
username := request.Param(r, "username", "")
|
2017-12-26 21:10:48 +01:00
|
|
|
user, err := c.store.UserByUsername(username)
|
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
|
2017-12-26 21:10:48 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.NotFound(w, errors.New("User not found"))
|
2017-12-26 21:10:48 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, user)
|
2017-12-26 21:10:48 +01:00
|
|
|
}
|
|
|
|
|
2017-11-20 06:10:04 +01:00
|
|
|
// RemoveUser is the API handler to remove an existing user.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (c *Controller) RemoveUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
ctx := context.New(r)
|
2017-11-20 06:10:04 +01:00
|
|
|
if !ctx.IsAdminUser() {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.Forbidden(w)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
userID, err := request.IntParam(r, "userID")
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
user, err := c.store.UserByID(userID)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.ServerError(w, errors.New("Unable to fetch this user from the database"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.NotFound(w, errors.New("User not found"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := c.store.RemoveUser(user.ID); err != nil {
|
2018-04-30 01:35:04 +02:00
|
|
|
json.BadRequest(w, errors.New("Unable to remove this user from the database"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
json.NoContent(w)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|