2023-06-19 23:42:47 +02:00
|
|
|
// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2017-11-20 06:10:04 +01:00
|
|
|
|
2023-08-11 04:46:45 +02:00
|
|
|
package api // import "miniflux.app/v2/internal/api"
|
2017-11-20 06:10:04 +01:00
|
|
|
|
|
|
|
import (
|
2021-01-04 06:20:21 +01:00
|
|
|
json_parser "encoding/json"
|
2017-11-20 06:10:04 +01:00
|
|
|
"errors"
|
2018-04-30 01:35:04 +02:00
|
|
|
"net/http"
|
2017-11-28 06:30:04 +01:00
|
|
|
|
2023-08-11 04:46:45 +02:00
|
|
|
"miniflux.app/v2/internal/http/request"
|
|
|
|
"miniflux.app/v2/internal/http/response/json"
|
|
|
|
"miniflux.app/v2/internal/model"
|
|
|
|
"miniflux.app/v2/internal/validator"
|
2017-11-20 06:10:04 +01:00
|
|
|
)
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) currentUser(w http.ResponseWriter, r *http.Request) {
|
|
|
|
user, err := h.store.UserByID(request.UserID(r))
|
2018-05-15 03:41:41 +02:00
|
|
|
if err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.ServerError(w, r, err)
|
2018-05-15 03:41:41 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, user)
|
2018-05-15 03:41:41 +02:00
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) createUser(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 23:26:40 +02:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-01-04 06:20:21 +01:00
|
|
|
var userCreationRequest model.UserCreationRequest
|
|
|
|
if err := json_parser.NewDecoder(r.Body).Decode(&userCreationRequest); err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.BadRequest(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-01-04 06:20:21 +01:00
|
|
|
if validationErr := validator.ValidateUserCreationWithPassword(h.store, &userCreationRequest); validationErr != nil {
|
|
|
|
json.BadRequest(w, r, validationErr.Error())
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-01-04 06:20:21 +01:00
|
|
|
user, err := h.store.CreateUser(&userCreationRequest)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Created(w, r, user)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
|
2018-09-24 06:02:26 +02:00
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
2021-01-04 06:20:21 +01:00
|
|
|
|
|
|
|
var userModificationRequest model.UserModificationRequest
|
|
|
|
if err := json_parser.NewDecoder(r.Body).Decode(&userModificationRequest); err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.BadRequest(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
originalUser, err := h.store.UserByID(userID)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2021-01-04 06:20:21 +01:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if originalUser == nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.NotFound(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-12-23 00:10:42 +01:00
|
|
|
if !request.IsAdminUser(r) {
|
|
|
|
if originalUser.ID != request.UserID(r) {
|
|
|
|
json.Forbidden(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-01-04 06:20:21 +01:00
|
|
|
if userModificationRequest.IsAdmin != nil && *userModificationRequest.IsAdmin {
|
2024-02-25 05:44:40 +01:00
|
|
|
json.BadRequest(w, r, errors.New("only administrators can change permissions of standard users"))
|
2020-12-23 00:10:42 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-04 06:20:21 +01:00
|
|
|
if validationErr := validator.ValidateUserModification(h.store, originalUser.ID, &userModificationRequest); validationErr != nil {
|
|
|
|
json.BadRequest(w, r, validationErr.Error())
|
2018-06-24 01:16:54 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-01-04 06:20:21 +01:00
|
|
|
userModificationRequest.Patch(originalUser)
|
2018-11-11 19:22:47 +01:00
|
|
|
if err = h.store.UpdateUser(originalUser); err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Created(w, r, originalUser)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2020-11-25 20:46:05 +01:00
|
|
|
func (h *handler) markUserAsRead(w http.ResponseWriter, r *http.Request) {
|
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
|
|
|
if userID != request.UserID(r) {
|
|
|
|
json.Forbidden(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := h.store.UserByID(userID); err != nil {
|
|
|
|
json.NotFound(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := h.store.MarkAllAsRead(userID); err != nil {
|
|
|
|
json.ServerError(w, r, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
json.NoContent(w, r)
|
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) users(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 23:26:40 +02:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
users, err := h.store.Users()
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-03 23:26:40 +02:00
|
|
|
users.UseTimezone(request.UserTimezone(r))
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, users)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) userByID(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 23:26:40 +02:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-24 06:02:26 +02:00
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
2018-11-11 19:22:47 +01:00
|
|
|
user, err := h.store.UserByID(userID)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2024-02-25 05:44:40 +01:00
|
|
|
json.BadRequest(w, r, errors.New("unable to fetch this user from the database"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.NotFound(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-03 23:26:40 +02:00
|
|
|
user.UseTimezone(request.UserTimezone(r))
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, user)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) userByUsername(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 23:26:40 +02:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Forbidden(w, r)
|
2017-12-26 21:10:48 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-24 06:02:26 +02:00
|
|
|
username := request.RouteStringParam(r, "username")
|
2018-11-11 19:22:47 +01:00
|
|
|
user, err := h.store.UserByUsername(username)
|
2017-12-26 21:10:48 +01:00
|
|
|
if err != nil {
|
2024-02-25 05:44:40 +01:00
|
|
|
json.BadRequest(w, r, errors.New("unable to fetch this user from the database"))
|
2017-12-26 21:10:48 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.NotFound(w, r)
|
2017-12-26 21:10:48 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-07-20 04:27:05 +02:00
|
|
|
json.OK(w, r, user)
|
2017-12-26 21:10:48 +01:00
|
|
|
}
|
|
|
|
|
2018-11-11 19:22:47 +01:00
|
|
|
func (h *handler) removeUser(w http.ResponseWriter, r *http.Request) {
|
2018-09-03 23:26:40 +02:00
|
|
|
if !request.IsAdminUser(r) {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.Forbidden(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-24 06:02:26 +02:00
|
|
|
userID := request.RouteInt64Param(r, "userID")
|
2018-11-11 19:22:47 +01:00
|
|
|
user, err := h.store.UserByID(userID)
|
2017-11-20 06:10:04 +01:00
|
|
|
if err != nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.ServerError(w, r, err)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if user == nil {
|
2018-10-08 03:42:43 +02:00
|
|
|
json.NotFound(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-07-29 05:28:02 +02:00
|
|
|
if user.ID == request.UserID(r) {
|
2024-02-25 05:44:40 +01:00
|
|
|
json.BadRequest(w, r, errors.New("you cannot remove yourself"))
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-07-29 05:28:02 +02:00
|
|
|
h.store.RemoveUserAsync(user.ID)
|
2018-10-08 03:42:43 +02:00
|
|
|
json.NoContent(w, r)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|