sum7/warehost
sum7
/
warehost
Archived
1
0
Fork 0
This repository has been archived on 2020-09-27. You can view files and clone it, but cannot push or open issues or pull requests.
warehost/system/api.go

352 lines
12 KiB
Go
Raw Permalink Normal View History

2016-08-13 11:03:03 +02:00
package system
import (
"net/http"
2016-08-24 23:02:25 +02:00
"strconv"
2016-08-23 22:56:12 +02:00
"strings"
2016-08-24 23:02:25 +02:00
"time"
2016-08-13 11:03:03 +02:00
2016-08-20 01:17:08 +02:00
"github.com/jinzhu/gorm"
2016-10-11 20:16:24 +02:00
"goji.io"
"goji.io/pat"
2016-08-13 11:03:03 +02:00
2016-10-11 20:16:24 +02:00
libapi "dev.sum7.eu/sum7/warehost/lib/api"
liblog "dev.sum7.eu/sum7/warehost/lib/log"
libpassword "dev.sum7.eu/sum7/warehost/lib/password"
libsession "dev.sum7.eu/sum7/warehost/lib/session"
2016-08-13 11:03:03 +02:00
)
2016-08-14 18:29:25 +02:00
//MODULNAME to get global name for the modul
const MODULNAME = "system"
2016-10-11 20:16:24 +02:00
var dbconnection *gorm.DB
var log *liblog.ModulLog
2016-08-13 11:03:03 +02:00
2016-10-11 20:16:24 +02:00
// BindAPI sets the routes to the api functions
func BindAPI(db *gorm.DB, router *goji.Mux, prefix string) {
dbconnection = db
log = liblog.NewModulLog(MODULNAME)
2016-12-19 12:24:18 +01:00
router.HandleFunc(pat.Get(prefix+"/status"), libapi.SessionHandler(status))
router.HandleFunc(pat.Post(prefix+"/login"), libapi.SessionHandler(login))
router.HandleFunc(pat.Get(prefix+"/logout"), libapi.SessionHandler(LoginHandler(logout)))
router.HandleFunc(pat.Post(prefix+"/password"), libapi.SessionHandler(LoginHandler(password)))
router.HandleFunc(pat.Get(prefix+"/delete"), libapi.SessionHandler(LoginHandler(delete)))
router.HandleFunc(pat.Get(prefix+"/invite"), libapi.SessionHandler(LoginHandler(inviteList)))
router.HandleFunc(pat.Post(prefix+"/invite"), libapi.SessionHandler(LoginHandler(inviteAdd)))
router.HandleFunc(pat.Get(prefix+"/user"), libapi.SessionHandler(LoginHandler(loginList)))
router.HandleFunc(pat.Post(prefix+"/user"), libapi.SessionHandler(LoginHandler(loginAdd)))
router.HandleFunc(pat.Patch(prefix+"/user/:id"), libapi.SessionHandler(LoginHandler(loginEdit)))
router.HandleFunc(pat.Delete(prefix+"/user/:id"), libapi.SessionHandler(LoginHandler(loginDelete)))
router.HandleFunc(pat.Get(prefix+"/invitor"), libapi.SessionHandler(LoginHandler(invitor)))
router.HandleFunc(pat.Patch(prefix+"/invitor"), libapi.SessionHandler(LoginHandler(invitorAdminToggle)))
2016-08-13 11:03:03 +02:00
}
// Status to get Login and Server status
2016-12-19 12:24:18 +01:00
func status(w http.ResponseWriter, r *http.Request) {
2016-10-11 20:16:24 +02:00
logger := log.GetLog(r, "status")
2016-08-20 01:17:08 +02:00
var result int64
2016-10-11 20:16:24 +02:00
dbconnection.Model(&Login{}).Count(&result)
2016-08-20 01:17:08 +02:00
if result > 0 {
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
return
2016-08-13 11:03:03 +02:00
}
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, nil)
2016-08-13 11:03:03 +02:00
}
// Logout current user
2016-12-19 12:24:18 +01:00
func logout(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
sess := ctx.Value("session").(libsession.Session)
libsession.SessionDestroy(w, r)
logger := log.GetLog(r, "logout")
2016-08-14 15:29:54 +02:00
if login := sess.Get("login"); login != nil {
2016-10-12 22:28:10 +02:00
logger = logger.WithField("user", login.(*Login).Username)
2016-08-14 15:29:54 +02:00
}
sess.Delete("login")
sess.Delete("profil")
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-13 11:03:03 +02:00
}
// Login of system
2016-12-19 12:24:18 +01:00
func login(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
sess := ctx.Value("session").(libsession.Session)
logger := log.GetLog(r, "login")
2016-08-13 11:03:03 +02:00
var requestlogin RequestLogin
2016-12-19 12:24:18 +01:00
returnerr := libapi.JSONDecoder(w, r, logger, &requestlogin)
2016-10-17 14:07:17 +02:00
if returnerr != nil {
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, returnerr)
2016-08-13 11:03:03 +02:00
return
}
2016-10-17 14:07:17 +02:00
2016-08-14 15:29:54 +02:00
logger = logger.WithField("user", requestlogin.Username)
2016-08-13 11:03:03 +02:00
var login = Login{Username: requestlogin.Username}
2016-10-11 20:16:24 +02:00
dbconnection.Where("mail = ?", requestlogin.Username).First(&login)
if login.ID <= 0 {
2016-08-14 15:29:54 +02:00
logger.Warn("user not found")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"})
2016-08-14 13:33:53 +02:00
return
2016-08-13 11:03:03 +02:00
}
2016-08-14 13:33:53 +02:00
if login.Active {
output, _ := libpassword.Validate(login.Password, requestlogin.Password)
if output {
2016-10-11 20:16:24 +02:00
dbconnection.Model(&login).Update("LastLoginAt", time.Now())
2016-10-12 22:28:10 +02:00
sess.Set("login", &login)
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
return
2016-08-14 13:33:53 +02:00
}
2016-12-19 12:24:18 +01:00
logger.Warn("wrong password")
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"})
return
2016-08-13 11:03:03 +02:00
}
2016-12-19 12:24:18 +01:00
logger.Warn("not active")
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Fields: []string{"active"}, Message: "Not a active User"})
2016-08-16 08:30:02 +02:00
return
}
//Password to change the password
2016-12-19 12:24:18 +01:00
func password(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
sess := ctx.Value("session").(libsession.Session)
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "password")
var changePasswordRequest ChangePasswordRequest
2016-12-19 12:24:18 +01:00
returnerr := libapi.JSONDecoder(w, r, logger, &changePasswordRequest)
2016-10-17 14:07:17 +02:00
if returnerr != nil {
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, returnerr)
return
}
2016-10-17 14:07:17 +02:00
output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)
if !output {
logger.Warn("wrong current password")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"})
return
}
if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {
logger.Warn("wrong new password")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"})
return
}
2016-08-24 23:02:25 +02:00
login.Password = libpassword.NewHash(changePasswordRequest.NewPassword)
2016-10-11 20:16:24 +02:00
if err := dbconnection.Save(login).Error; err != nil {
2016-08-23 22:56:12 +02:00
logger.Warn("error save new password to database")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error save new password"})
2016-08-23 22:56:12 +02:00
return
}
2016-10-12 22:28:10 +02:00
sess.Set("login", login)
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-16 08:30:02 +02:00
}
//Delete of login on warehost
2016-12-19 12:24:18 +01:00
func delete(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
sess := ctx.Value("session").(libsession.Session)
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "delete")
sess.Delete("login")
2016-10-11 20:16:24 +02:00
if err := dbconnection.Unscoped().Delete(login).Error; err != nil {
2016-08-23 22:56:12 +02:00
logger.Warn("error detete login")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error delete login"})
2016-08-23 22:56:12 +02:00
return
}
2016-09-11 18:40:33 +02:00
logger.Warn("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-13 11:03:03 +02:00
}
2016-08-20 01:17:08 +02:00
2016-08-23 22:56:12 +02:00
// InviteList list all of your invites
2016-12-19 12:24:18 +01:00
func inviteList(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "invitelist")
if err := dbconnection.Model(login).Preload("Invites.Invited").First(login).Error; err != nil {
2016-08-23 22:56:12 +02:00
logger.Warn("error load own invites")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Could not load invites!"})
2016-08-23 22:56:12 +02:00
return
}
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, login.Invites, nil)
2016-08-20 01:17:08 +02:00
}
2016-08-23 22:56:12 +02:00
// InviteAdd invite a new user to warehost
2016-12-19 12:24:18 +01:00
func inviteAdd(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "inviteadd")
2016-08-23 22:56:12 +02:00
var newLogin RequestLogin
2016-12-19 12:24:18 +01:00
returnerr := libapi.JSONDecoder(w, r, logger, &newLogin)
2016-10-17 14:07:17 +02:00
if returnerr != nil {
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, returnerr)
2016-08-23 22:56:12 +02:00
return
}
2016-10-17 14:07:17 +02:00
2016-08-23 22:56:12 +02:00
invite := &Invite{
Login: *login,
Invited: Login{
Username: strings.ToLower(newLogin.Username),
2016-08-24 23:02:25 +02:00
Password: libpassword.NewHash(newLogin.Password),
2016-08-23 22:56:12 +02:00
Active: true,
},
}
2016-10-11 20:16:24 +02:00
if err := dbconnection.Create(invite).Error; err != nil {
2016-08-23 22:56:12 +02:00
logger.Warn("error create invite")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Username exists already"})
2016-08-23 22:56:12 +02:00
return
}
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-09-11 18:40:33 +02:00
}
// LoginList list all users in system
2016-12-19 12:24:18 +01:00
func loginList(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "loginlist")
2016-09-11 18:40:33 +02:00
var logins []Login
selectfield := "ID, mail"
if login.Superadmin {
2016-10-12 08:14:06 +02:00
selectfield = "ID, mail, superadmin, active"
2016-09-11 18:40:33 +02:00
}
2016-10-11 20:16:24 +02:00
if err := dbconnection.Select(selectfield).Find(&logins).Error; err != nil {
2016-10-12 22:28:10 +02:00
logger.Warn("sql list login")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error during list login"})
2016-09-11 18:40:33 +02:00
return
}
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, logins, nil)
2016-09-11 18:40:33 +02:00
}
// LoginAdd add a new Login
2016-12-19 12:24:18 +01:00
func loginAdd(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "loginadd")
2016-09-11 18:40:33 +02:00
if !login.Superadmin {
logger.Error("no superadmin")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error no permission to edit this invite"})
2016-09-11 18:40:33 +02:00
return
}
var newLogin RequestLogin
2016-12-19 12:24:18 +01:00
returnerr := libapi.JSONDecoder(w, r, logger, &newLogin)
2016-10-17 14:07:17 +02:00
if returnerr != nil {
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, returnerr)
2016-09-11 18:40:33 +02:00
return
}
2016-10-17 14:07:17 +02:00
2016-09-11 18:40:33 +02:00
loginObj := Login{
Username: strings.ToLower(newLogin.Username),
Password: libpassword.NewHash(newLogin.Password),
Active: true,
}
2016-10-17 14:07:17 +02:00
if err := dbconnection.Create(&loginObj).Error; err != nil {
2016-09-11 18:40:33 +02:00
logger.Warn("error create login")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Username exists already"})
2016-09-11 18:40:33 +02:00
return
}
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-20 01:17:08 +02:00
}
2016-08-24 23:02:25 +02:00
// LoginEdit edit a login by invite or superadmin
2016-12-19 12:24:18 +01:00
func loginEdit(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "loginedit")
2016-12-19 12:24:18 +01:00
id, err := strconv.ParseInt(pat.Param(r, "id"), 10, 64)
2016-08-24 23:02:25 +02:00
if err != nil {
logger.Warn("invalid userinput, no integer")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error invalid input"})
2016-08-24 23:02:25 +02:00
return
}
logger = logger.WithField("id", id)
var invitedLogin = Login{ID: id}
var changeLogin RequestLogin
2016-12-19 12:24:18 +01:00
returnerr := libapi.JSONDecoder(w, r, logger, &changeLogin)
2016-10-17 14:07:17 +02:00
if returnerr != nil {
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, returnerr)
2016-08-24 23:02:25 +02:00
return
}
2016-10-11 20:16:24 +02:00
dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)
invite := invitedLogin.GetInvitedby(dbconnection)
2016-08-24 23:02:25 +02:00
if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {
logger.Warn("no permission")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error no permission to edit this login"})
2016-08-24 23:02:25 +02:00
return
}
if len(changeLogin.Password) > 0 {
invitedLogin.Password = libpassword.NewHash(changeLogin.Password)
}
if login.Superadmin {
invitedLogin.Username = changeLogin.Username
2016-09-11 18:40:33 +02:00
invitedLogin.Superadmin = changeLogin.Superadmin
2016-10-21 21:32:30 +02:00
invitedLogin.Active = changeLogin.Active
2016-08-24 23:02:25 +02:00
}
2016-10-11 20:16:24 +02:00
if err := dbconnection.Save(invitedLogin).Error; err != nil {
2016-08-24 23:02:25 +02:00
logger.Warn("sql edit login")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error during edit login"})
2016-08-24 23:02:25 +02:00
return
}
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-24 23:02:25 +02:00
}
// LoginDelete delete a login by invite or superadmin
2016-12-19 12:24:18 +01:00
func loginDelete(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "logindelete")
2016-12-19 12:24:18 +01:00
id, err := strconv.ParseInt(pat.Param(r, "id"), 10, 64)
2016-08-24 23:02:25 +02:00
if err != nil {
logger.Warn("invalid userinput, no integer")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error invalid input"})
2016-08-24 23:02:25 +02:00
return
}
logger = logger.WithField("id", id)
var invitedLogin = Login{ID: id}
2016-10-11 20:16:24 +02:00
dbconnection.Where("id = ?", invitedLogin.ID).First(&invitedLogin)
invite := invitedLogin.GetInvitedby(dbconnection)
2016-08-24 23:02:25 +02:00
if !login.Superadmin && !invite.Admin && invitedLogin.CreateAt.Before(invitedLogin.LastLoginAt) {
logger.Warn("no permission")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error no permission to delete this login"})
2016-08-24 23:02:25 +02:00
return
}
2016-10-11 20:16:24 +02:00
if err := dbconnection.Unscoped().Delete(invitedLogin).Error; err != nil {
2016-08-24 23:02:25 +02:00
logger.Warn("sql detete login")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, false, &libapi.ErrorResult{Message: "Error during delete login"})
2016-08-24 23:02:25 +02:00
return
}
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-24 23:02:25 +02:00
}
// Invitor get Invite of current login
2016-12-19 12:24:18 +01:00
func invitor(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "invitor")
invite := login.GetInvitedby(dbconnection)
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, invite, nil)
2016-08-20 01:17:08 +02:00
}
2016-09-03 10:18:46 +02:00
// InvitorAdminToggle toggle admin of current login
2016-12-19 12:24:18 +01:00
func invitorAdminToggle(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
2016-10-11 20:16:24 +02:00
login := ctx.Value("login").(*Login)
logger := log.GetLog(r, "invitoradmintoggle")
invite := login.GetInvitedby(dbconnection)
2016-08-24 23:02:25 +02:00
invite.Admin = !invite.Admin
2016-10-11 20:16:24 +02:00
dbconnection.Model(invite).Save(&invite)
2016-09-11 18:40:33 +02:00
logger.Info("done")
2016-12-19 12:24:18 +01:00
libapi.JSONWrite(w, r, true, nil)
2016-08-20 01:17:08 +02:00
}