273 lines
8.0 KiB
Go
273 lines
8.0 KiB
Go
// api_users.go — JSON handlers for the user-management surface.
|
|
//
|
|
// All endpoints in this file are admin-only; gating happens at the
|
|
// route-mount site (server.go's admin band).
|
|
package http
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"errors"
|
|
"log/slog"
|
|
stdhttp "net/http"
|
|
"net/mail"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/oklog/ulid/v2"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
|
|
)
|
|
|
|
type listUsersResponse struct {
|
|
Users []apiUser `json:"users"`
|
|
}
|
|
|
|
type apiUser struct {
|
|
ID string `json:"id"`
|
|
Username string `json:"username"`
|
|
Role string `json:"role"`
|
|
Email *string `json:"email,omitempty"`
|
|
Disabled bool `json:"disabled"`
|
|
MustChangePassword bool `json:"must_change_password"`
|
|
CreatedAt string `json:"created_at"`
|
|
LastLoginAt *string `json:"last_login_at,omitempty"`
|
|
}
|
|
|
|
func (s *Server) handleAPIUsersList(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
users, err := s.deps.Store.ListUsers(r.Context())
|
|
if err != nil {
|
|
slog.Error("api users: list", "err", err)
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
out := make([]apiUser, len(users))
|
|
for i, u := range users {
|
|
var lastLogin *string
|
|
if u.LastLoginAt != nil {
|
|
s := u.LastLoginAt.UTC().Format("2006-01-02T15:04:05Z")
|
|
lastLogin = &s
|
|
}
|
|
out[i] = apiUser{
|
|
ID: u.ID, Username: u.Username, Role: string(u.Role),
|
|
Email: u.Email, Disabled: u.DisabledAt != nil,
|
|
MustChangePassword: u.MustChangePassword,
|
|
CreatedAt: u.CreatedAt.UTC().Format("2006-01-02T15:04:05Z"),
|
|
LastLoginAt: lastLogin,
|
|
}
|
|
}
|
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
|
_ = json.NewEncoder(w).Encode(listUsersResponse{Users: out})
|
|
}
|
|
|
|
type createUserRequest struct {
|
|
Username string `json:"username"`
|
|
Email string `json:"email,omitempty"`
|
|
Role string `json:"role"`
|
|
}
|
|
|
|
type createUserResponse struct {
|
|
ID string `json:"id"`
|
|
SetupURL string `json:"setup_url"`
|
|
}
|
|
|
|
// generateSetupToken returns 32 random bytes hex-encoded (64 chars).
|
|
func generateSetupToken() (string, error) {
|
|
var b [32]byte
|
|
if _, err := rand.Read(b[:]); err != nil {
|
|
return "", err
|
|
}
|
|
return hex.EncodeToString(b[:]), nil
|
|
}
|
|
|
|
// validRole maps a wire role string to the typed constant. Returns
|
|
// ("", false) for anything unknown.
|
|
func validRole(r string) (store.Role, bool) {
|
|
switch r {
|
|
case "admin":
|
|
return store.RoleAdmin, true
|
|
case "operator":
|
|
return store.RoleOperator, true
|
|
case "viewer":
|
|
return store.RoleViewer, true
|
|
}
|
|
return "", false
|
|
}
|
|
|
|
func (s *Server) handleAPIUserCreate(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
actor, _ := s.requireUser(r) // already gated by middleware
|
|
var req createUserRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error())
|
|
return
|
|
}
|
|
uname := strings.ToLower(strings.TrimSpace(req.Username))
|
|
if uname == "" {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "username_required", "")
|
|
return
|
|
}
|
|
role, ok := validRole(req.Role)
|
|
if !ok {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_role", "")
|
|
return
|
|
}
|
|
if req.Email != "" {
|
|
if _, err := mail.ParseAddress(req.Email); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_email", err.Error())
|
|
return
|
|
}
|
|
}
|
|
|
|
// Check for collision against existing user (case-insensitive).
|
|
existing, err := s.deps.Store.GetUserByUsername(r.Context(), uname)
|
|
if err == nil {
|
|
body := map[string]any{
|
|
"error": "username_taken",
|
|
"existing_user_id": existing.ID,
|
|
"disabled": existing.DisabledAt != nil,
|
|
}
|
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
|
w.WriteHeader(stdhttp.StatusConflict)
|
|
_ = json.NewEncoder(w).Encode(body)
|
|
return
|
|
} else if !errors.Is(err, store.ErrNotFound) {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
|
|
id := ulid.Make().String()
|
|
now := time.Now().UTC()
|
|
var emailPtr *string
|
|
if req.Email != "" {
|
|
em := strings.ToLower(strings.TrimSpace(req.Email))
|
|
emailPtr = &em
|
|
}
|
|
if err := s.deps.Store.CreateUser(r.Context(), store.User{
|
|
ID: id, Username: uname, PasswordHash: "",
|
|
Role: role, Email: emailPtr, CreatedAt: now,
|
|
MustChangePassword: true,
|
|
}); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
|
|
rawToken, err := generateSetupToken()
|
|
if err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
var actorID *string
|
|
if actor != nil {
|
|
actorID = &actor.ID
|
|
}
|
|
if err := s.deps.Store.SetSetupToken(r.Context(), store.SetupToken{
|
|
UserID: id, TokenHash: hashSetupToken(rawToken),
|
|
ExpiresAt: now.Add(time.Hour),
|
|
CreatedAt: now, CreatedBy: actorID,
|
|
}); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
_ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{
|
|
ID: ulid.Make().String(), UserID: actorID, Actor: "user",
|
|
Action: "user.created", TargetKind: ptr("user"), TargetID: &id,
|
|
TS: now,
|
|
})
|
|
|
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
|
w.WriteHeader(stdhttp.StatusCreated)
|
|
_ = json.NewEncoder(w).Encode(createUserResponse{
|
|
ID: id,
|
|
SetupURL: s.deps.Cfg.BaseURL + "/setup?token=" + rawToken,
|
|
})
|
|
}
|
|
|
|
func (s *Server) handleAPIUserGet(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
u, err := s.deps.Store.GetUserByID(r.Context(), id)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "user_not_found", "")
|
|
return
|
|
}
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
out := apiUser{
|
|
ID: u.ID, Username: u.Username, Role: string(u.Role),
|
|
Email: u.Email, Disabled: u.DisabledAt != nil,
|
|
MustChangePassword: u.MustChangePassword,
|
|
CreatedAt: u.CreatedAt.UTC().Format("2006-01-02T15:04:05Z"),
|
|
}
|
|
if u.LastLoginAt != nil {
|
|
ll := u.LastLoginAt.UTC().Format("2006-01-02T15:04:05Z")
|
|
out.LastLoginAt = &ll
|
|
}
|
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
|
_ = json.NewEncoder(w).Encode(out)
|
|
}
|
|
|
|
type patchUserRequest struct {
|
|
Role *string `json:"role,omitempty"`
|
|
Email *string `json:"email,omitempty"`
|
|
}
|
|
|
|
func (s *Server) handleAPIUserPatch(w stdhttp.ResponseWriter, r *stdhttp.Request) {
|
|
actor, _ := s.requireUser(r)
|
|
id := chi.URLParam(r, "id")
|
|
u, err := s.deps.Store.GetUserByID(r.Context(), id)
|
|
if err != nil {
|
|
writeJSONError(w, stdhttp.StatusNotFound, "user_not_found", "")
|
|
return
|
|
}
|
|
var req patchUserRequest
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error())
|
|
return
|
|
}
|
|
if req.Role != nil {
|
|
newRole, ok := validRole(*req.Role)
|
|
if !ok {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_role", "")
|
|
return
|
|
}
|
|
// Last-admin guard: cannot demote the only enabled admin.
|
|
if u.Role == store.RoleAdmin && newRole != store.RoleAdmin && u.DisabledAt == nil {
|
|
n, _ := s.deps.Store.CountEnabledAdmins(r.Context())
|
|
if n <= 1 {
|
|
writeJSONError(w, stdhttp.StatusConflict, "last_admin", "")
|
|
return
|
|
}
|
|
}
|
|
if err := s.deps.Store.SetUserRole(r.Context(), id, newRole); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
}
|
|
if req.Email != nil {
|
|
em := strings.TrimSpace(*req.Email)
|
|
if em != "" {
|
|
if _, err := mail.ParseAddress(em); err != nil {
|
|
writeJSONError(w, stdhttp.StatusBadRequest, "invalid_email", err.Error())
|
|
return
|
|
}
|
|
}
|
|
if err := s.deps.Store.SetUserEmail(r.Context(), id, em); err != nil {
|
|
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
|
|
return
|
|
}
|
|
}
|
|
var actorID *string
|
|
if actor != nil {
|
|
actorID = &actor.ID
|
|
}
|
|
_ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{
|
|
ID: ulid.Make().String(), UserID: actorID, Actor: "user",
|
|
Action: "user.updated", TargetKind: ptr("user"), TargetID: &id,
|
|
TS: time.Now().UTC(),
|
|
})
|
|
w.WriteHeader(stdhttp.StatusOK)
|
|
}
|