filebrowser/http/users.go

package http

import (
	"encoding/json"
	"log"
	"net/http"
	"sort"
	"strconv"
	"strings"

	"github.com/gorilla/mux"

	"github.com/filebrowser/filebrowser/v2/errors"
	"github.com/filebrowser/filebrowser/v2/users"
)

type modifyUserRequest struct {
	modifyRequest
	Data *users.User `json:"data"`
}

func getUserID(r *http.Request) (uint, error) {
	vars := mux.Vars(r)
	i, err := strconv.ParseUint(vars["id"], 10, 0)
	if err != nil {
		return 0, err
	}
	return uint(i), err
}

func getUser(_ http.ResponseWriter, r *http.Request) (*modifyUserRequest, error) {
	if r.Body == nil {
		return nil, errors.ErrEmptyRequest
	}

	req := &modifyUserRequest{}
	err := json.NewDecoder(r.Body).Decode(req)
	if err != nil {
		return nil, err
	}

	if req.What != "user" {
		return nil, errors.ErrInvalidDataType
	}

	return req, nil
}

func withSelfOrAdmin(fn handleFunc) handleFunc {
	return withUser(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
		id, err := getUserID(r)
		if err != nil {
			return http.StatusInternalServerError, err
		}

		if d.user.ID != id && !d.user.Perm.Admin {
			return http.StatusForbidden, nil
		}

		d.raw = id
		return fn(w, r, d)
	})
}

var usersGetHandler = withAdmin(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
	users, err := d.store.Users.Gets(d.server.Root)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	for _, u := range users {
		u.Password = ""
	}

	sort.Slice(users, func(i, j int) bool {
		return users[i].ID < users[j].ID
	})

	return renderJSON(w, r, users)
})

var userGetHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
	u, err := d.store.Users.Get(d.server.Root, d.raw.(uint))
	if err == errors.ErrNotExist {
		return http.StatusNotFound, err
	}

	if err != nil {
		return http.StatusInternalServerError, err
	}

	u.Password = ""
	return renderJSON(w, r, u)
})

var userDeleteHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
	err := d.store.Users.Delete(d.raw.(uint))
	if err == errors.ErrNotExist {
		return http.StatusNotFound, err
	}

	return http.StatusOK, nil
})

var userPostHandler = withAdmin(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
	req, err := getUser(w, r)
	if err != nil {
		return http.StatusBadRequest, err
	}

	if len(req.Which) != 0 {
		return http.StatusBadRequest, nil
	}

	if req.Data.Password == "" {
		return http.StatusBadRequest, errors.ErrEmptyPassword
	}

	req.Data.Password, err = users.HashPwd(req.Data.Password)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	userHome, err := d.settings.MakeUserDir(req.Data.Username, req.Data.Scope, d.server.Root)
	if err != nil {
		log.Printf("create user: failed to mkdir user home dir: [%s]", userHome)
		return http.StatusInternalServerError, err
	}
	req.Data.Scope = userHome
	log.Printf("user: %s, home dir: [%s].", req.Data.Username, userHome)

	err = d.store.Users.Save(req.Data)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	w.Header().Set("Location", "/settings/users/"+strconv.FormatUint(uint64(req.Data.ID), 10))
	return http.StatusCreated, nil
})

var userPutHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request, d *data) (int, error) {
	req, err := getUser(w, r)
	if err != nil {
		return http.StatusBadRequest, err
	}

	if req.Data.ID != d.raw.(uint) {
		return http.StatusBadRequest, nil
	}

	if len(req.Which) == 1 && req.Which[0] == "all" {
		if !d.user.Perm.Admin {
			return http.StatusForbidden, err
		}

		if req.Data.Password != "" {
			req.Data.Password, err = users.HashPwd(req.Data.Password)
		} else {
			var suser *users.User
			suser, err = d.store.Users.Get(d.server.Root, d.raw.(uint))
			req.Data.Password = suser.Password
		}

		if err != nil {
			return http.StatusInternalServerError, err
		}

		req.Which = []string{}
	}

	for k, v := range req.Which {
		if v == "password" {
			if !d.user.Perm.Admin && d.user.LockPassword {
				return http.StatusForbidden, nil
			}

			req.Data.Password, err = users.HashPwd(req.Data.Password)
			if err != nil {
				return http.StatusInternalServerError, err
			}
		}

		if !d.user.Perm.Admin && (v == "scope" || v == "perm" || v == "username") {
			return http.StatusForbidden, nil
		}

		req.Which[k] = strings.Title(v)
	}

	err = d.store.Users.Update(req.Data, req.Which...)
	if err != nil {
		return http.StatusInternalServerError, err
	}

	return http.StatusOK, nil
})
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`package http`

			`import (`
			`"encoding/json"`
global settings: add createUserDir option. new feature: auto create user home dir while adding user. Former-commit-id: 331a76abdc611236ccc761d0fd9a814ed1ee0c35 [formerly 0c1024a5b8109c84d213e0cbdbe05e10eb5793d4] [formerly 467e1789f55c410ff2ca9e9ef125d9fe28410bc9 [formerly e8570e4dba58d15fae0c5bbd33a531573582fc59]] Former-commit-id: 1eed58870b6e009d84806db6b55efc5fc3983e2a [formerly 3e9083f7758e72bd307ed23c4b512a8ab5adc523] Former-commit-id: 5023ef77eb92636e62fde511ea609114e667a7d7 2019-02-15 15:12:02 +00:00			`"log"`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`"net/http"`
			`"sort"`
			`"strconv"`
			`"strings"`

refactor: add more go linters (#970) 2020-05-31 23:12:36 +00:00			`"github.com/gorilla/mux"`

feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`"github.com/filebrowser/filebrowser/v2/errors"`
			`"github.com/filebrowser/filebrowser/v2/users"`
			`)`

			`type modifyUserRequest struct {`
			`modifyRequest`
			Data *users.User `json:"data"`
			`}`

			`func getUserID(r *http.Request) (uint, error) {`
			`vars := mux.Vars(r)`
			`i, err := strconv.ParseUint(vars["id"], 10, 0)`
			`if err != nil {`
			`return 0, err`
			`}`
			`return uint(i), err`
			`}`

refactor: add more go linters (#970) 2020-05-31 23:12:36 +00:00			`func getUser(_ http.ResponseWriter, r http.Request) (modifyUserRequest, error) {`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`if r.Body == nil {`
			`return nil, errors.ErrEmptyRequest`
			`}`

			`req := &modifyUserRequest{}`
			`err := json.NewDecoder(r.Body).Decode(req)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if req.What != "user" {`
			`return nil, errors.ErrInvalidDataType`
			`}`

			`return req, nil`
			`}`

			`func withSelfOrAdmin(fn handleFunc) handleFunc {`
			`return withUser(func(w http.ResponseWriter, r http.Request, d data) (int, error) {`
			`id, err := getUserID(r)`
			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`if d.user.ID != id && !d.user.Perm.Admin {`
			`return http.StatusForbidden, nil`
			`}`

			`d.raw = id`
			`return fn(w, r, d)`
			`})`
			`}`

			`var usersGetHandler = withAdmin(func(w http.ResponseWriter, r http.Request, d data) (int, error) {`
feat: make server options a struct (#615) Former-commit-id: a54bc7c8a0fb700d4f90f78c54d6cb028e8acea7 [formerly a0946a1d5b82ce5681684bc0f871bd892c4d6c3f] [formerly 6b23b0abbe5cde6a6348f982975d15a1161359de [formerly 0e7abaa7fb4b293e933d233750cf057c48b298bf]] Former-commit-id: cf9ea1110bcb8b5eb30ecd25db1928659ecea922 [formerly 38cebeff1f9e6b03760f7b277a3941f7bd733fb5] Former-commit-id: db44c1d5ff8fed361849b5bf1fe48e04c75d7ce7 2019-01-08 10:29:09 +00:00			`users, err := d.store.Users.Gets(d.server.Root)`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`for _, u := range users {`
			`u.Password = ""`
			`}`

			`sort.Slice(users, func(i, j int) bool {`
			`return users[i].ID < users[j].ID`
			`})`

			`return renderJSON(w, r, users)`
			`})`

			`var userGetHandler = withSelfOrAdmin(func(w http.ResponseWriter, r http.Request, d data) (int, error) {`
feat: make server options a struct (#615) Former-commit-id: a54bc7c8a0fb700d4f90f78c54d6cb028e8acea7 [formerly a0946a1d5b82ce5681684bc0f871bd892c4d6c3f] [formerly 6b23b0abbe5cde6a6348f982975d15a1161359de [formerly 0e7abaa7fb4b293e933d233750cf057c48b298bf]] Former-commit-id: cf9ea1110bcb8b5eb30ecd25db1928659ecea922 [formerly 38cebeff1f9e6b03760f7b277a3941f7bd733fb5] Former-commit-id: db44c1d5ff8fed361849b5bf1fe48e04c75d7ce7 2019-01-08 10:29:09 +00:00			`u, err := d.store.Users.Get(d.server.Root, d.raw.(uint))`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`if err == errors.ErrNotExist {`
			`return http.StatusNotFound, err`
			`}`

			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`u.Password = ""`
			`return renderJSON(w, r, u)`
			`})`

			`var userDeleteHandler = withSelfOrAdmin(func(w http.ResponseWriter, r http.Request, d data) (int, error) {`
			`err := d.store.Users.Delete(d.raw.(uint))`
			`if err == errors.ErrNotExist {`
			`return http.StatusNotFound, err`
			`}`

			`return http.StatusOK, nil`
			`})`

			`var userPostHandler = withAdmin(func(w http.ResponseWriter, r http.Request, d data) (int, error) {`
			`req, err := getUser(w, r)`
			`if err != nil {`
			`return http.StatusBadRequest, err`
			`}`

			`if len(req.Which) != 0 {`
			`return http.StatusBadRequest, nil`
			`}`

			`if req.Data.Password == "" {`
			`return http.StatusBadRequest, errors.ErrEmptyPassword`
			`}`

			`req.Data.Password, err = users.HashPwd(req.Data.Password)`
			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

lint: lint the code License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> Former-commit-id: 984c56e0b9a9169b10c6017fbd68ab4fbd3868d7 [formerly 27c43314222c723a220b9b1d2141e1509ed05627] [formerly 0a9f6c47bff2d653035c93765ea08ade73ec450c [formerly b7fdcc3ee944723e886e2c41bceee730b00974f8]] Former-commit-id: c27e7fa41f20f433a9a0a97ecc40ab78968b43dc [formerly 185db4a17969cd4fb76cc2b06bd58221c9c6c100] Former-commit-id: 9b26d1b0642c61cd38f7cdf422f95b2bf9a9614d 2019-04-20 13:15:28 +00:00			`userHome, err := d.settings.MakeUserDir(req.Data.Username, req.Data.Scope, d.server.Root)`
global settings: add createUserDir option. new feature: auto create user home dir while adding user. Former-commit-id: 331a76abdc611236ccc761d0fd9a814ed1ee0c35 [formerly 0c1024a5b8109c84d213e0cbdbe05e10eb5793d4] [formerly 467e1789f55c410ff2ca9e9ef125d9fe28410bc9 [formerly e8570e4dba58d15fae0c5bbd33a531573582fc59]] Former-commit-id: 1eed58870b6e009d84806db6b55efc5fc3983e2a [formerly 3e9083f7758e72bd307ed23c4b512a8ab5adc523] Former-commit-id: 5023ef77eb92636e62fde511ea609114e667a7d7 2019-02-15 15:12:02 +00:00			`if err != nil {`
			`log.Printf("create user: failed to mkdir user home dir: [%s]", userHome)`
			`return http.StatusInternalServerError, err`
			`}`
			`req.Data.Scope = userHome`
			`log.Printf("user: %s, home dir: [%s].", req.Data.Username, userHome)`

feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`err = d.store.Users.Save(req.Data)`
			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`w.Header().Set("Location", "/settings/users/"+strconv.FormatUint(uint64(req.Data.ID), 10))`
			`return http.StatusCreated, nil`
			`})`

			`var userPutHandler = withSelfOrAdmin(func(w http.ResponseWriter, r http.Request, d data) (int, error) {`
			`req, err := getUser(w, r)`
			`if err != nil {`
			`return http.StatusBadRequest, err`
			`}`

			`if req.Data.ID != d.raw.(uint) {`
			`return http.StatusBadRequest, nil`
			`}`

			`if len(req.Which) == 1 && req.Which[0] == "all" {`
			`if !d.user.Perm.Admin {`
			`return http.StatusForbidden, err`
			`}`

			`if req.Data.Password != "" {`
			`req.Data.Password, err = users.HashPwd(req.Data.Password)`
			`} else {`
			`var suser *users.User`
feat: make server options a struct (#615) Former-commit-id: a54bc7c8a0fb700d4f90f78c54d6cb028e8acea7 [formerly a0946a1d5b82ce5681684bc0f871bd892c4d6c3f] [formerly 6b23b0abbe5cde6a6348f982975d15a1161359de [formerly 0e7abaa7fb4b293e933d233750cf057c48b298bf]] Former-commit-id: cf9ea1110bcb8b5eb30ecd25db1928659ecea922 [formerly 38cebeff1f9e6b03760f7b277a3941f7bd733fb5] Former-commit-id: db44c1d5ff8fed361849b5bf1fe48e04c75d7ce7 2019-01-08 10:29:09 +00:00			`suser, err = d.store.Users.Get(d.server.Root, d.raw.(uint))`
feat: v2 (#599) Read https://github.com/filebrowser/filebrowser/pull/575. Former-commit-id: 7aedcaaf72b863033e3f089d6df308d41a3fd00c [formerly bdbe4d49161b901c4adf9c245895a1be2d62e4a7] [formerly acfc1ec67c423e0b3e065a8c1f8897c5249af65b [formerly d309066def8319e9da89d00ca6463ec4aea62d34]] Former-commit-id: 0c7d925a38a68ccabdf2c4bbd8c302ee89b93509 [formerly a6173925a1382955d93b334ded93f70d6dddd694] Former-commit-id: e032e0804dd051df86f42962de2b39caec5318b7 2019-01-05 22:44:33 +00:00			`req.Data.Password = suser.Password`
			`}`

			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`req.Which = []string{}`
			`}`

			`for k, v := range req.Which {`
			`if v == "password" {`
			`if !d.user.Perm.Admin && d.user.LockPassword {`
			`return http.StatusForbidden, nil`
			`}`

			`req.Data.Password, err = users.HashPwd(req.Data.Password)`
			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`
			`}`

			`if !d.user.Perm.Admin && (v == "scope" \|\| v == "perm" \|\| v == "username") {`
			`return http.StatusForbidden, nil`
			`}`

			`req.Which[k] = strings.Title(v)`
			`}`

			`err = d.store.Users.Update(req.Data, req.Which...)`
			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`return http.StatusOK, nil`
			`})`