package httpRequest import ( "context" "encoding/json" "net/http" "strings" "time" "go-socket/packages/Enums/WsEventType" "go-socket/packages/config" "go-socket/packages/convertions" "go-socket/packages/postgresql" "go-socket/packages/cache" "go-socket/packages/minio" "go-socket/packages/types" "go-socket/packages/wsServer" "github.com/google/uuid" ) func haveHubUserPermission(u *types.HubUser, h *types.Hub, needed types.Permissions) (id uint8, has bool) { h.Mu.Lock() defer h.Mu.Unlock() for _, role := range h.Roles { if role == nil { continue } if !u.Roles.ContainsRoleId(role.Id) { continue } if (needed&role.Permissions) == needed && role.Id > id { id = role.Id has = true } } return id, has } func hubUserHighestRoleId(u *types.HubUser, h *types.Hub) (id uint8) { h.Mu.Lock() defer h.Mu.Unlock() for _, role := range h.Roles { if role == nil { continue } if !u.Roles.ContainsRoleId(role.Id) { continue } if role.Id > id { id = role.Id } } return id } func updateChannelCacheForSpecUserAndChannel(u *types.HubUser, c *types.HubChannel) { c.Mu.Lock() defer c.Mu.Unlock() if u == nil { delete(c.UsersCachedPermissions, c.Id) return } if u.Roles.DoesIntersect(c.RolesCanView) { c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanView } else { c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanView } if u.Roles.DoesIntersect(c.RolesCanReadHistory) { c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanReadHistory } else { c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanReadHistory } if u.Roles.DoesIntersect(c.RolesCanMessage) { c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanMessage } else { c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanMessage } } func updateChannelCacheForSpecChannel(c *types.HubChannel, h *types.Hub) { h.Mu.RLock() defer h.Mu.RUnlock() for _, u := range h.Users { updateChannelCacheForSpecUserAndChannel(u, c) } } func updateChannelCacheForSpecUser(u *types.HubUser, h *types.Hub) { h.Mu.RLock() defer h.Mu.RUnlock() for _, c := range h.Channels { if c == nil { continue } updateChannelCacheForSpecUserAndChannel(u, c) } } func updateChannelCacheForSpecRole(r *types.HubRole, h *types.Hub) { h.Mu.RLock() var users []*types.HubUser for _, u := range h.Users { if u.Roles.ContainsRoleId(r.Id) { users = append(users, u) } } h.Mu.RUnlock() for _, u := range users { updateChannelCacheForSpecUser(u, h) } } func haveHubUserCachedPermissions(needed types.CachedUserPermissions, user *types.HubUser, channel *types.HubChannel) bool { channel.Mu.RLock() checkAgainst, ok := channel.UsersCachedPermissions[user.OriginalId] channel.Mu.RUnlock() if !ok || (needed&checkAgainst) != needed { return false } return true } func sendChannelUpdatesToUser(target *types.User, hub *types.Hub) { hub.Mu.RLock() channels := make([]*types.HubChannel, 0, len(hub.Channels)) for _, ch := range hub.Channels { channels = append(channels, ch) } hub.Mu.RUnlock() for _, ch := range channels { ch.Mu.RLock() perm, ok := ch.UsersCachedPermissions[target.Id] ch.Mu.RUnlock() if ok && perm.CanView() { wsServer.WsSendMessageCloseIfTimeout(target, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubChannelUpdate, HubId: hub.Id, Event: ch, }) } } } func HandleHubCreate(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } hubName := request.FormValue("hub_name") if hubName == "" { http.Error(response, "hub name is required", http.StatusBadRequest) return } hub := types.NewHub() hub.Name = hubName hub.Color = types.RandomRgba() hub.Id = uuid.New() hub.Creator = user.Id hub.CreatedAt = time.Now() user.Hubs[hub.Id] = hub creator := types.NewHubUser() creator.OriginalId = user.Id creator.CreatedAt = hub.CreatedAt hub.Users[creator.OriginalId] = creator rootRole := &types.HubRole{ Id: types.HubBoundRolesMax, Permissions: types.PermissionAll(), Name: "root", Color: types.RandomRgba(), CreatedAt: hub.CreatedAt, } hub.Roles[rootRole.Id] = rootRole creator.Roles.Add(rootRole.Id) memberRole := &types.HubRole{ Id: uint8(0), Name: "member", Color: types.RandomRgba(), CreatedAt: hub.CreatedAt, } hub.JoinRole = memberRole hub.Roles[memberRole.Id] = memberRole creator.Roles.Add(memberRole.Id) channel := types.NewHubChannel() channel.Name = "main channel" channel.Id = uuid.New() channel.Description = "The fist channel!" channel.CreatedAt = hub.CreatedAt channel.RolesCanMessage.Add(rootRole.Id) channel.RolesCanMessage.Add(memberRole.Id) channel.RolesCanView.Add(rootRole.Id) channel.RolesCanView.Add(memberRole.Id) channel.RolesCanReadHistory.Add(rootRole.Id) channel.RolesCanReadHistory.Add(memberRole.Id) channel.UsersCachedPermissions[creator.OriginalId] = types.CachedUserPermissionsAll channel.Position = 0 hub.Channels[channel.Id] = channel cache.SaveHub(hub) err = postgresql.HubSave(ctx, hub) if err != nil { http.Error(response, "failed to save hub", http.StatusInternalServerError) return } err = postgresql.HubUserSave(ctx, hub.Id, creator) if err != nil { http.Error(response, "failed to save hub user", http.StatusInternalServerError) return } err = postgresql.HubRoleSave(ctx, hub.Id, rootRole) if err != nil { http.Error(response, "failed to save hub role", http.StatusInternalServerError) return } err = postgresql.HubRoleSave(ctx, hub.Id, memberRole) if err != nil { http.Error(response, "failed to save hub role", http.StatusInternalServerError) return } err = postgresql.HubChannelSave(ctx, hub.Id, channel) if err != nil { http.Error(response, "failed to save hub channel", http.StatusInternalServerError) return } response.WriteHeader(http.StatusCreated) response.Write([]byte(hub.Id.String())) } func HandleHubJoin(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } hub, err := getHubByIdStr(ctx, request.Header.Get("hub_id")) if err != nil { http.Error(response, "invalid hub_id", http.StatusBadRequest) return } _, ok := hub.Users[user.Id] if ok { http.Error(response, "hub already joined", http.StatusBadRequest) return } user.Hubs[hub.Id] = hub hubUser := types.NewHubUser() hubUser.OriginalId = user.Id if hub.JoinRole != nil { hubUser.Roles.Add(hub.JoinRole.Id) } hubUser.CreatedAt = time.Now() hub.Users[hubUser.OriginalId] = hubUser updateChannelCacheForSpecUser(hubUser, hub) if err = postgresql.HubUserSave(ctx, hub.Id, hubUser); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusCreated) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(user.Id, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserJoin, Event: &map[string]any{ "userId": user.Id, }, }) } func HandleHubMessage(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() user, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } channel, err := getHubChannelIfValidWithResponseOnFail(ctx, response, hub, hubUser, request.Header.Get("channel_id")) if err != nil { return } if hubUser.IsMuted { http.Error(response, "muted", http.StatusForbidden) return } msgContent := request.FormValue("msg_content") attachedFile := request.FormValue("attached_file") if msgContent == "" && attachedFile == "" { http.Error(response, "empty msgContent", http.StatusBadRequest) return } if attachedFile != "" && !strings.HasPrefix(attachedFile, string(minio.HubChannelFilePrefix)+channel.Id.String()+"/") { http.Error(response, "invalid attachedFile", http.StatusBadRequest) return } msg := &types.Message{ Id: uuid.New(), AttachedFile: attachedFile, Content: msgContent, Sender: user.Id, Receiver: channel.Id, CreatedAt: time.Now(), } channel.AddMessageToBuff(msg) wsServer.WsSendEventMessageToPermittedChannelUsersCloseIfTimeout(user.Id, channel, types.CachedUserCanReadHistory, &types.WsEventMessage{ Type: WsEventType.HubMessage, Event: msg, }) response.WriteHeader(http.StatusCreated) } func HandleHubChannelGetMessages(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() user, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } channel, err := getHubChannelIfValidWithResponseOnFail(ctx, response, hub, hubUser, request.FormValue("channel_id")) if err != nil { return } channel.Mu.RLock() canReadHistory := channel.UsersCachedPermissions[user.Id].CanReadHistory() channel.Mu.RUnlock() if !canReadHistory { http.Error(response, "forbidden", http.StatusForbidden) return } before, err := convertions.StringToTimestamp(request.URL.Query().Get("before")) if err != nil { before = time.Now() } messagesCap, err := convertions.StringToUint32(request.URL.Query().Get("messages")) if err != nil { messagesCap = config.MaxDirectMsgCache } buffer, bufferSize := channel.GetSortedMessagesBuff() var validBufCount uint32 for validBufCount < bufferSize && buffer[validBufCount].CreatedAt.Before(before) { validBufCount++ } var messages []*types.Message if validBufCount >= messagesCap { start := validBufCount - messagesCap messages = make([]*types.Message, messagesCap) for i := uint32(0); i < messagesCap; i++ { messages[i] = buffer[start+i] } } else { remaining := messagesCap - validBufCount cutoff := before if validBufCount > 0 { cutoff = buffer[0].CreatedAt } dbMessages, err := postgresql.HubChannelGetMessagesBefore(ctx, cutoff, channel.Id, remaining) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } messages = make([]*types.Message, 0, uint32(len(dbMessages))+validBufCount) messages = append(messages, dbMessages...) for i := uint32(0); i < validBufCount; i++ { messages = append(messages, buffer[i]) } } data, err := json.Marshal(messages) if err != nil { http.Error(response, "internal server error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusOK) response.Write(data) } func HandleGetChannels(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() _, requestor, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } channels := make([]uuid.UUID, 0) hub.Mu.RLock() for _, channel := range hub.Channels { if channel == nil || !haveHubUserCachedPermissions(types.CachedUserCanView, requestor, channel) { continue } channels = append(channels, channel.Id) } hub.Mu.RUnlock() if len(channels) == 0 { response.WriteHeader(http.StatusNoContent) return } marshal, err := json.Marshal(channels) if err != nil { http.Error(response, "json error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusOK) response.Write(marshal) } func HandleGetHubUsers(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() _, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } users := make([]*types.HubUser, 0) hub.Mu.RLock() for _, user := range hub.Users { users = append(users, user) } hub.Mu.RUnlock() if len(users) == 0 { response.WriteHeader(http.StatusNoContent) return } marshal, err := json.Marshal(users) if err != nil { http.Error(response, "json error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusOK) response.Write(marshal) } func GetRoles(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() _, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } hub.Mu.RLock() roles := make([]*types.HubRole, 0) for _, role := range hub.Roles { if role == nil { continue } roles = append(roles, role) } hub.Mu.RUnlock() marshal, err := json.Marshal(roles) if err != nil { http.Error(response, "json error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusOK) response.Write(marshal) } func GetHubData(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() _, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } marshal, err := json.Marshal(hub) if err != nil { http.Error(response, "json error", http.StatusInternalServerError) } response.WriteHeader(http.StatusOK) response.Write(marshal) } func GetChannelData(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(response, request, normal) { return } ctx := request.Context() _, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return } channelId, err := convertions.StringToUuid(request.FormValue("channel_id")) if err != nil { http.Error(response, "invalid channel_id", http.StatusBadRequest) return } hub.Mu.RLock() channel, ok := hub.Channels[channelId] hub.Mu.RUnlock() if !ok { http.Error(response, "no such channel", http.StatusNotFound) return } marshal, err := json.Marshal(channel) if err != nil { http.Error(response, "json error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusOK) response.Write(marshal) } func hubPermissionContext(response http.ResponseWriter, request *http.Request, rt bodyLimit, needed types.Permissions) (*types.HubUser, *types.Hub, context.Context, uint8, bool) { if !validCheckWithResponseOnFail(response, request, rt) { return nil, nil, nil, 0, false } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request) if err != nil { return nil, nil, nil, 0, false } roleId, ok := haveHubUserPermission(hubUser, hub, needed) if !ok { http.Error(response, "", http.StatusForbidden) return nil, nil, nil, 0, false } return hubUser, hub, ctx, roleId, true } func HandleHubSetName(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubName) if !ok { return } newName := request.FormValue("new_name") if newName == "" { http.Error(response, "empty name", http.StatusBadRequest) return } hub.Name = newName if err := postgresql.HubUpdate(ctx, hub, &types.HubUpdate{Name: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUpdate, Event: &map[string]any{"name": newName}, }) } func HandleHubSetColor(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubColor) if !ok { return } color, err := convertions.StringToRgba(request.FormValue("new_color")) if err != nil { http.Error(response, "bad color", http.StatusBadRequest) return } hub.Color = color if err = postgresql.HubUpdate(ctx, hub, &types.HubUpdate{Color: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUpdate, Event: &map[string]any{"color": color}, }) } func HandleHubRemove(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveHub) if !ok { return } if err := postgresql.HubDelete(ctx, hub.Id); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubRemove, }) cache.DeleteHub(hub) response.WriteHeader(http.StatusAccepted) } func HandleHubToggleUserColorAllowed(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetUserColorAllowed) if !ok { return } hub.UserColorAllowed = !hub.UserColorAllowed if err := postgresql.HubUpdate(ctx, hub, &types.HubUpdate{UserColorAllowed: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUpdate, Event: &map[string]any{"userColorAllowed": hub.UserColorAllowed}, }) } func HandleSetHubJoinRole(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubJoinRole) if !ok { return } newRoleId, err := convertions.StringToUint8(request.FormValue("new_role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } newRole := hub.Roles[newRoleId] if newRole == nil { http.Error(response, "bad role_id", http.StatusNotFound) return } hub.JoinRole = newRole if err = postgresql.HubUpdate(ctx, hub, &types.HubUpdate{JoinRole: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUpdate, Event: &map[string]any{"joinRole": newRole}, }) } func HandleHubUserRemove(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveUser) if !ok { return } targetId, err := convertions.StringToUuid(request.FormValue("target_id")) if err != nil { http.Error(response, "bad target_id", http.StatusBadRequest) return } hub.Mu.RLock() hubTarget, exists := hub.Users[targetId] hub.Mu.RUnlock() if !exists { http.Error(response, "user not found", http.StatusNotFound) return } if usedRoleId <= hubUserHighestRoleId(hubTarget, hub) { http.Error(response, "target higher in hierarchy", http.StatusForbidden) return } target, err := cache.GetUserById(targetId) if err != nil { http.Error(response, "target not found", http.StatusInternalServerError) return } target.Mu.Lock() delete(target.Hubs, hub.Id) target.Mu.Unlock() if err = postgresql.HubUserDelete(ctx, hub.Id, targetId); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } hub.Mu.Lock() delete(hub.Users, targetId) hub.Mu.Unlock() updateChannelCacheForSpecUser(hubTarget, hub) response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserRemove, Event: &map[string]any{"userId": targetId}, }) wsServer.WsSendMessageCloseIfTimeout(target, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserRemove, HubId: hub.Id, Event: &map[string]any{"userId": targetId}, }) } func HandleHubRenameUser(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRenameUser) if !ok { return } newName := request.FormValue("new_name") targetId, err := convertions.StringToUuid(request.FormValue("target_id")) if err != nil { http.Error(response, "bad target_id", http.StatusBadRequest) return } hub.Mu.RLock() target, exists := hub.Users[targetId] hub.Mu.RUnlock() if !exists { http.Error(response, "user not found", http.StatusNotFound) return } if usedRoleId <= hubUserHighestRoleId(target, hub) { http.Error(response, "target higher in hierarchy", http.StatusForbidden) return } target.Name = newName if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{Name: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserUpdate, Event: target, }) } func HandleHubRenameSelf(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSelfRename) if !ok { return } requestor.Name = request.FormValue("new_name") if err := postgresql.HubUserUpdate(ctx, hub.Id, requestor, &types.HubUserUpdate{Name: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserUpdate, Event: requestor, }) } func HandleHubToggleMuteUser(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionMuteUser) if !ok { return } targetId, err := convertions.StringToUuid(request.FormValue("target_id")) if err != nil { http.Error(response, "bad target_id", http.StatusBadRequest) return } hub.Mu.RLock() target, exists := hub.Users[targetId] hub.Mu.RUnlock() if !exists { http.Error(response, "user not found", http.StatusNotFound) return } if usedRoleId <= hubUserHighestRoleId(target, hub) { http.Error(response, "target higher in hierarchy", http.StatusForbidden) return } target.IsMuted = !target.IsMuted if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{IsMuted: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserUpdate, Event: target, }) } func HandleHubUserAddRole(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserAddRole) if !ok { return } targetId, err := convertions.StringToUuid(request.FormValue("target_id")) if err != nil { http.Error(response, "bad target_id", http.StatusBadRequest) return } roleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } if roleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } hub.Mu.RLock() target, ok := hub.Users[targetId] role := hub.Roles[roleId] hub.Mu.RUnlock() if !ok { http.Error(response, "user not found", http.StatusNotFound) return } if role == nil { http.Error(response, "role not found", http.StatusNotFound) return } target.Roles.Add(roleId) updateChannelCacheForSpecUser(target, hub) if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{Roles: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserUpdate, Event: target, }) if targetUser, err := cache.GetUserById(targetId); err == nil { sendChannelUpdatesToUser(targetUser, hub) } } func HandleHubUserRemoveRole(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserRemoveRole) if !ok { return } targetId, err := convertions.StringToUuid(request.FormValue("target_id")) if err != nil { http.Error(response, "bad target_id", http.StatusBadRequest) return } roleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } if roleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } hub.Mu.RLock() target, ok := hub.Users[targetId] hub.Mu.RUnlock() if !ok { http.Error(response, "user not found", http.StatusNotFound) return } target.Roles.Remove(roleId) updateChannelCacheForSpecUser(target, hub) if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{Roles: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserUpdate, Event: target, }) if targetUser, err := cache.GetUserById(targetId); err == nil { sendChannelUpdatesToUser(targetUser, hub) } } func HandleHubCreateRole(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateRole) if !ok { return } name := request.FormValue("name") if name == "" { http.Error(response, "empty name", http.StatusBadRequest) return } hub.Mu.Lock() var freeId uint8 found := false for i := uint8(1); i < types.HubBoundRolesMax; i++ { if hub.Roles[i] == nil && usedRoleId > i { freeId = i found = true break } } if !found { hub.Mu.Unlock() http.Error(response, "no role slots available", http.StatusConflict) return } newRole := &types.HubRole{ Id: freeId, Name: name, Color: types.RandomRgba(), CreatedAt: time.Now(), } hub.Roles[freeId] = newRole hub.Mu.Unlock() if err := postgresql.HubRoleSave(ctx, hub.Id, newRole); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusCreated) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubRoleCreate, Event: newRole, }) } func HandleHubRemoveRole(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveRole) if !ok { return } targetRoleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } if targetRoleId == 0 { http.Error(response, "cannot remove root role", http.StatusForbidden) return } if targetRoleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } hub.Mu.Lock() if hub.Roles[targetRoleId] == nil { hub.Mu.Unlock() http.Error(response, "role not found", http.StatusNotFound) return } hub.Roles[targetRoleId] = nil hub.Mu.Unlock() if err := postgresql.HubRoleDelete(ctx, hub.Id, targetRoleId); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubRoleRemove, Event: &map[string]any{"roleId": targetRoleId}, }) } func HandleRoleSetName(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleName) if !ok { return } roleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } if roleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } newName := request.FormValue("new_name") if newName == "" { http.Error(response, "name empty", http.StatusBadRequest) return } hub.Mu.Lock() role := hub.Roles[roleId] if role == nil { hub.Mu.Unlock() http.Error(response, "no such role", http.StatusNotFound) return } role.Name = newName hub.Mu.Unlock() if err = postgresql.HubRoleUpdate(ctx, hub.Id, role, &types.HubRoleUpdate{Name: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubRoleUpdate, Event: role, }) } func HandleRoleSetColor(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleColor) if !ok { return } roleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } if roleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } color, err := convertions.StringToRgba(request.FormValue("new_color")) if err != nil { http.Error(response, "invalid new_color", http.StatusBadRequest) return } hub.Mu.Lock() role := hub.Roles[roleId] if role == nil { hub.Mu.Unlock() http.Error(response, "no such role", http.StatusNotFound) return } role.Color = color hub.Mu.Unlock() if err = postgresql.HubRoleUpdate(ctx, hub.Id, role, &types.HubRoleUpdate{Color: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubRoleUpdate, Event: role, }) } func HandleRoleSetPermissions(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRolePermissions) if !ok { return } targetRoleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "bad role_id", http.StatusBadRequest) return } if targetRoleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } hub.Mu.RLock() targetRole := hub.Roles[targetRoleId] hub.Mu.RUnlock() if targetRole == nil { http.Error(response, "no such role", http.StatusNotFound) return } madeChange := false query := request.URL.Query() for key, values := range query { permission, ok := types.PermissionLookup(key) if !ok { continue } permRoleId, ok := haveHubUserPermission(requestor, hub, permission) if !ok { http.Error(response, "permission needed: "+key, http.StatusNotFound) } if permRoleId <= targetRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } if convertions.StringToBool(values[0]) { if !targetRole.Permissions.Has(permission) { madeChange = true targetRole.Permissions.Grant(permission) } } else { if targetRole.Permissions.Has(permission) { madeChange = true targetRole.Permissions.Revoke(permission) } } } if !madeChange { response.WriteHeader(http.StatusNoContent) response.Write([]byte("no changes made")) return } updateChannelCacheForSpecRole(targetRole, hub) if err := postgresql.HubRoleUpdate(ctx, hub.Id, targetRole, &types.HubRoleUpdate{Permissions: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubRoleUpdate, Event: targetRole, }) hub.Mu.RLock() affectedHubUsers := make([]*types.HubUser, 0) for _, u := range hub.Users { if u.OriginalId != requestor.OriginalId && u.Roles.ContainsRoleId(targetRole.Id) { affectedHubUsers = append(affectedHubUsers, u) } } hub.Mu.RUnlock() for _, u := range affectedHubUsers { if targetUser, err := cache.GetUserById(u.OriginalId); err == nil { sendChannelUpdatesToUser(targetUser, hub) } } } func HandleRoleSelfRemove(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserSelfRoleRemove) if !ok { return } requestor.Roles.Remove(usedRoleId) updateChannelCacheForSpecUser(requestor, hub) if err := postgresql.HubUserUpdate(ctx, hub.Id, requestor, &types.HubUserUpdate{Roles: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToHubUsersCloseIfTimeout(requestor.OriginalId, hub, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubUserUpdate, Event: requestor, }) if selfUser, err := cache.GetUserById(requestor.OriginalId); err == nil { sendChannelUpdatesToUser(selfUser, hub) } } func HandleChannelCreate(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateChannel) if !ok { return } name := request.FormValue("name") if name == "" { // TODO think about some restriction to not be too big http.Error(response, "name empty", http.StatusBadRequest) return } newHubChannel := types.NewHubChannel() newHubChannel.Name = name newHubChannel.Id = uuid.New() newHubChannel.CreatedAt = time.Now() newHubChannel.RolesCanView.Add(usedRoleId) newHubChannel.RolesCanMessage.Add(usedRoleId) newHubChannel.RolesCanReadHistory.Add(usedRoleId) if requestor.Roles.ContainsRoleId(types.HubBoundRolesMax) { newHubChannel.RolesCanView.Add(types.HubBoundRolesMax) newHubChannel.RolesCanMessage.Add(types.HubBoundRolesMax) newHubChannel.RolesCanReadHistory.Add(types.HubBoundRolesMax) } hub.Mu.Lock() usedPositions := make(map[uint8]bool, len(hub.Channels)) for _, ch := range hub.Channels { usedPositions[ch.Position] = true } var position uint8 for usedPositions[position] { position++ } newHubChannel.Position = position hub.Channels[newHubChannel.Id] = newHubChannel hub.Mu.Unlock() updateChannelCacheForSpecChannel(newHubChannel, hub) if err := postgresql.HubChannelSave(ctx, hub.Id, newHubChannel); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToPermittedChannelUsersCloseIfTimeout(requestor.OriginalId, newHubChannel, types.CachedUserCanView, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubChannelCreate, HubId: hub.Id, Event: newHubChannel, }) } func HandleChannelRemove(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveChannel) if !ok { return } channelId, err := convertions.StringToUuid(request.FormValue("channel_id")) if err != nil { http.Error(response, "invalid channel_id", http.StatusBadRequest) return } var channel *types.HubChannel hub.Mu.RLock() channel, ok = hub.Channels[channelId] hub.Mu.RUnlock() if !ok { http.Error(response, "no such channel", http.StatusNotFound) return } wsServer.WsSendEventMessageToPermittedChannelUsersCloseIfTimeout(requestor.OriginalId, channel, types.CachedUserCanView, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubChannelRemove, HubId: hub.Id, Event: &map[string]any{"channelId": channelId}, }) hub.Mu.Lock() delete(hub.Channels, channelId) hub.Mu.Unlock() if err = postgresql.HubChannelDelete(ctx, channelId); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) } func HandleChannelSetName(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetChannelName) if !ok { return } newName := request.FormValue("new_name") if newName == "" { http.Error(response, "newname empty", http.StatusBadRequest) return } channelId, err := convertions.StringToUuid(request.FormValue("channel_id")) if err != nil { http.Error(response, "invalid channel_id", http.StatusBadRequest) return } hub.Mu.Lock() channel, ok := hub.Channels[channelId] if !ok { hub.Mu.Unlock() http.Error(response, "no such channel", http.StatusNotFound) return } channel.Name = newName hub.Mu.Unlock() if err = postgresql.HubChannelUpdate(ctx, channel, &types.HubChannelUpdate{Name: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToPermittedChannelUsersCloseIfTimeout(requestor.OriginalId, channel, types.CachedUserCanView, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubChannelUpdate, HubId: hub.Id, Event: &map[string]any{"channelId": channelId, "name": newName}, }) } func HandleChannelSetDescription(response http.ResponseWriter, request *http.Request) { requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetChannelDescription) if !ok { return } newDescription := request.FormValue("description") channelId, err := convertions.StringToUuid(request.FormValue("channel_id")) if err != nil { http.Error(response, "invalid channel_id", http.StatusBadRequest) return } hub.Mu.Lock() channel, ok := hub.Channels[channelId] if !ok { hub.Mu.Unlock() http.Error(response, "no such channel", http.StatusNotFound) return } channel.Description = newDescription hub.Mu.Unlock() if err = postgresql.HubChannelUpdate(ctx, channel, &types.HubChannelUpdate{Description: true}); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) wsServer.WsSendEventMessageToPermittedChannelUsersCloseIfTimeout(requestor.OriginalId, channel, types.CachedUserCanView, &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubChannelUpdate, HubId: hub.Id, Event: &map[string]any{"channelId": channelId, "description": newDescription}, }) } func handleChannelRolePermission(response http.ResponseWriter, request *http.Request, perm types.Permissions, updateList *types.HubChannelUpdate, modify func(*types.HubChannel, uint8, bool)) { requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, perm) if !ok { return } channelId, err := convertions.StringToUuid(request.FormValue("channel_id")) if err != nil { http.Error(response, "invalid channel_id", http.StatusBadRequest) return } roleId, err := convertions.StringToUint8(request.FormValue("role_id")) if err != nil { http.Error(response, "invalid role_id", http.StatusBadRequest) return } if roleId > usedRoleId { http.Error(response, "target role higher in hierarchy", http.StatusForbidden) return } allow := convertions.StringToBool(request.URL.Query().Get("allow")) hub.Mu.Lock() channel, ok := hub.Channels[channelId] if !ok { hub.Mu.Unlock() http.Error(response, "channel not found", http.StatusNotFound) return } modify(channel, roleId, allow) hub.Mu.Unlock() channel.Mu.RLock() viewers := make([]uuid.UUID, 0, len(channel.UsersCachedPermissions)) for id, perm := range channel.UsersCachedPermissions { if id != requestor.OriginalId && perm.CanView() { viewers = append(viewers, id) } } channel.Mu.RUnlock() updateChannelCacheForSpecChannel(channel, hub) if err = postgresql.HubChannelUpdate(ctx, channel, updateList); err != nil { http.Error(response, "db error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusAccepted) msg := &types.WsHubSpecificHubEventMessage{ Type: WsEventType.HubChannelUpdate, HubId: hub.Id, Event: channel, } for _, id := range viewers { target, err := cache.GetUserById(id) if err != nil { continue } wsServer.WsSendMessageCloseIfTimeout(target, msg) } } func HandleChannelSetPermittedVisibleRole(response http.ResponseWriter, request *http.Request) { handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedVisibleRoles, &types.HubChannelUpdate{RolesCanView: true}, func(c *types.HubChannel, roleId uint8, allow bool) { if allow { c.RolesCanView.Add(roleId) } else { c.RolesCanView.Remove(roleId) } }) } func HandleChannelSetPermittedSendRole(response http.ResponseWriter, request *http.Request) { handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedSendMessageRoles, &types.HubChannelUpdate{RolesCanMessage: true}, func(c *types.HubChannel, roleId uint8, allow bool) { if allow { c.RolesCanMessage.Add(roleId) } else { c.RolesCanMessage.Remove(roleId) } }) } func HandleChannelSetPermittedHistoryRole(response http.ResponseWriter, request *http.Request) { handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedReadHistoryRoles, &types.HubChannelUpdate{RolesCanReadHistory: true}, func(c *types.HubChannel, roleId uint8, allow bool) { if allow { c.RolesCanReadHistory.Add(roleId) } else { c.RolesCanReadHistory.Remove(roleId) } }) }