miniflux/api/user.go

201 lines
4.2 KiB
Go
Raw Normal View History

2017-11-20 06:10:04 +01:00
// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
2018-08-25 06:51:50 +02:00
package api // import "miniflux.app/api"
2017-11-20 06:10:04 +01:00
import (
"errors"
"net/http"
2017-11-28 06:30:04 +01:00
2018-08-25 06:51:50 +02:00
"miniflux.app/http/request"
"miniflux.app/http/response/json"
2017-11-20 06:10:04 +01:00
)
2018-05-15 03:41:41 +02:00
// CurrentUser is the API handler to retrieve the authenticated user.
func (c *Controller) CurrentUser(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
user, err := c.store.UserByID(request.UserID(r))
2018-05-15 03:41:41 +02:00
if err != nil {
json.ServerError(w, err)
return
}
json.OK(w, r, user)
2018-05-15 03:41:41 +02:00
}
2017-11-20 06:10:04 +01:00
// CreateUser is the API handler to create a new user.
func (c *Controller) CreateUser(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
if !request.IsAdminUser(r) {
json.Forbidden(w)
2017-11-20 06:10:04 +01:00
return
}
user, err := decodeUserCreationPayload(r.Body)
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, err)
2017-11-20 06:10:04 +01:00
return
}
if err := user.ValidateUserCreation(); err != nil {
json.BadRequest(w, err)
2017-11-20 06:10:04 +01:00
return
}
if c.store.UserExists(user.Username) {
json.BadRequest(w, errors.New("This user already exists"))
2017-11-20 06:10:04 +01:00
return
}
err = c.store.CreateUser(user)
if err != nil {
json.ServerError(w, err)
2017-11-20 06:10:04 +01:00
return
}
user.Password = ""
json.Created(w, user)
2017-11-20 06:10:04 +01:00
}
// UpdateUser is the API handler to update the given user.
func (c *Controller) UpdateUser(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
if !request.IsAdminUser(r) {
json.Forbidden(w)
2017-11-20 06:10:04 +01:00
return
}
userID, err := request.IntParam(r, "userID")
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, err)
2017-11-20 06:10:04 +01:00
return
}
userChanges, err := decodeUserModificationPayload(r.Body)
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
originalUser, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
if originalUser == nil {
json.NotFound(w, errors.New("User not found"))
2017-11-20 06:10:04 +01:00
return
}
userChanges.Update(originalUser)
if err := originalUser.ValidateUserModification(); err != nil {
json.BadRequest(w, err)
return
}
2017-11-20 06:10:04 +01:00
if err = c.store.UpdateUser(originalUser); err != nil {
json.ServerError(w, err)
2017-11-20 06:10:04 +01:00
return
}
json.Created(w, originalUser)
2017-11-20 06:10:04 +01:00
}
// Users is the API handler to get the list of users.
func (c *Controller) Users(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
if !request.IsAdminUser(r) {
json.Forbidden(w)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
users, err := c.store.Users()
2017-11-20 06:10:04 +01:00
if err != nil {
json.ServerError(w, err)
2017-11-20 06:10:04 +01:00
return
}
2018-09-03 23:26:40 +02:00
users.UseTimezone(request.UserTimezone(r))
json.OK(w, r, users)
2017-11-20 06:10:04 +01:00
}
// UserByID is the API handler to fetch the given user by the ID.
func (c *Controller) UserByID(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
if !request.IsAdminUser(r) {
json.Forbidden(w)
2017-11-20 06:10:04 +01:00
return
}
userID, err := request.IntParam(r, "userID")
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
user, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
if user == nil {
json.NotFound(w, errors.New("User not found"))
2017-11-20 06:10:04 +01:00
return
}
2018-09-03 23:26:40 +02:00
user.UseTimezone(request.UserTimezone(r))
json.OK(w, r, user)
2017-11-20 06:10:04 +01:00
}
// UserByUsername is the API handler to fetch the given user by the username.
func (c *Controller) UserByUsername(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
if !request.IsAdminUser(r) {
json.Forbidden(w)
return
}
username := request.Param(r, "username", "")
user, err := c.store.UserByUsername(username)
if err != nil {
json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
return
}
if user == nil {
json.NotFound(w, errors.New("User not found"))
return
}
json.OK(w, r, user)
}
2017-11-20 06:10:04 +01:00
// RemoveUser is the API handler to remove an existing user.
func (c *Controller) RemoveUser(w http.ResponseWriter, r *http.Request) {
2018-09-03 23:26:40 +02:00
if !request.IsAdminUser(r) {
json.Forbidden(w)
2017-11-20 06:10:04 +01:00
return
}
userID, err := request.IntParam(r, "userID")
2017-11-20 06:10:04 +01:00
if err != nil {
json.BadRequest(w, err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
user, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
json.ServerError(w, err)
2017-11-20 06:10:04 +01:00
return
}
if user == nil {
json.NotFound(w, errors.New("User not found"))
2017-11-20 06:10:04 +01:00
return
}
if err := c.store.RemoveUser(user.ID); err != nil {
json.BadRequest(w, errors.New("Unable to remove this user from the database"))
2017-11-20 06:10:04 +01:00
return
}
json.NoContent(w)
2017-11-20 06:10:04 +01:00
}