admin/go-socket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
03c13a6e8ad4ec709a35b7b57f13c6ca19460c2c
go-socket/packages/httpRequest/hubs.go
T

1189 lines
32 KiB
Go
Raw Blame History

package httpRequest
import (
"context"
"encoding/json"
"net/http"
"strings"
"time"
"go-socket/packages/convertions"
"go-socket/packages/cache"
"go-socket/packages/minio"
"go-socket/packages/types"
"go-socket/packages/wsServer"
"github.com/google/uuid"
)
func haveHubUserPermission(u *types.HubUser, h *types.Hub, needed types.Permissions) (id uint8, has bool) {
h.Mu.Lock()
defer h.Mu.Unlock()
for _, role := range h.Roles {
if role == nil {
continue
}
if !u.Roles.ContainsRoleId(role.Id) {
continue
}
if (needed&role.Permissions) == needed && role.Id > id {
id = role.Id
has = true
}
}
return id, has
}
func hubUserHighestRoleId(u *types.HubUser, h *types.Hub) (id uint8) {
h.Mu.Lock()
defer h.Mu.Unlock()
for _, role := range h.Roles {
if role == nil {
continue
}
if !u.Roles.ContainsRoleId(role.Id) {
continue
}
if role.Id > id {
id = role.Id
}
}
return id
}
func updateChannelCacheForSpecUserAndChannel(u *types.HubUser, c *types.HubChannel) {
c.Mu.Lock()
defer c.Mu.Unlock()
if u == nil {
delete(c.UsersCachedPermissions, c.Id)
return
}
if u.Roles.DoesIntersect(c.RolesCanView) {
c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanView
} else {
c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanView
}
if u.Roles.DoesIntersect(c.RolesCanReadHistory) {
c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanReadHistory
} else {
c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanReadHistory
}
if u.Roles.DoesIntersect(c.RolesCanMessage) {
c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanMessage
} else {
c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanMessage
}
}
func updateChannelCacheForSpecChannel(c *types.HubChannel, h *types.Hub) {
h.Mu.RLock()
defer h.Mu.RUnlock()
for _, u := range h.Users {
updateChannelCacheForSpecUserAndChannel(u, c)
}
}
func updateChannelCacheForSpecUser(u *types.HubUser, h *types.Hub) {
h.Mu.RLock()
defer h.Mu.RUnlock()
for _, c := range h.Channels {
if c == nil {
continue
}
updateChannelCacheForSpecUserAndChannel(u, c)
}
}
func updateChannelCacheForSpecRole(r *types.HubRole, h *types.Hub) {
h.Mu.RLock()
var users []*types.HubUser
for _, u := range h.Users {
if u.Roles.ContainsRoleId(r.Id) {
users = append(users, u)
}
}
h.Mu.RUnlock()
for _, u := range users {
updateChannelCacheForSpecUser(u, h)
}
}
func haveHubUserCachedPermissions(needed types.CachedUserPermissions, user *types.HubUser, channel *types.HubChannel) bool {
channel.Mu.RLock()
checkAgainst, ok := channel.UsersCachedPermissions[user.OriginalId]
channel.Mu.RUnlock()
if !ok || (needed&checkAgainst) != needed {
return false
}
return true
}
func HandleHubCreate(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
user, err := getUserByToken(ctx, request.Header.Get("token"))
if err != nil {
http.Error(response, "invalid token", http.StatusUnauthorized)
return
}
hubName := request.FormValue("hub_name")
if hubName == "" {
http.Error(response, "hub name is required", http.StatusBadRequest)
return
}
hub := types.NewHub()
hub.Name = hubName
hub.Color = types.RandomRgba()
hub.Id = uuid.New()
hub.Creator = user.Id
hub.CreatedAt = time.Now()
user.Hubs[hub.Id] = hub
creator := types.NewHubUser()
creator.OriginalId = user.Id
creator.CreatedAt = hub.CreatedAt
hub.Users[creator.OriginalId] = creator
rootRole := &types.HubRole{
Id: types.HubBoundRolesMax,
Permissions: types.PermissionAll(),
Name: "root",
Color: types.RandomRgba(),
CreatedAt: hub.CreatedAt,
}
hub.Roles[rootRole.Id] = rootRole
creator.Roles.Add(rootRole.Id)
memberRole := &types.HubRole{
Id: uint8(0),
Name: "member",
Color: types.RandomRgba(),
CreatedAt: hub.CreatedAt,
}
hub.JoinRole = memberRole
hub.Roles[memberRole.Id] = memberRole
creator.Roles.Add(memberRole.Id)
channel := types.NewHubChannel()
channel.Name = "main channel"
channel.Id = uuid.New()
channel.Description = "The fist channel!"
channel.CreatedAt = hub.CreatedAt
channel.RolesCanMessage.Add(rootRole.Id)
channel.RolesCanMessage.Add(memberRole.Id)
channel.RolesCanView.Add(rootRole.Id)
channel.RolesCanView.Add(memberRole.Id)
channel.RolesCanReadHistory.Add(rootRole.Id)
channel.RolesCanReadHistory.Add(memberRole.Id)
channel.UsersCachedPermissions[creator.OriginalId] = types.CachedUserPermissionsAll
channel.Position = 0
hub.Channels[channel.Id] = channel
cache.SaveHub(hub)
response.WriteHeader(http.StatusCreated)
response.Write([]byte(hub.Id.String()))
}
func HandleHubJoin(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
user, err := getUserByToken(ctx, request.Header.Get("token"))
if err != nil {
http.Error(response, "invalid token", http.StatusUnauthorized)
return
}
hub, err := getHubByIdStr(ctx, request.Header.Get("hub_id"))
if err != nil {
http.Error(response, "invalid hub_id", http.StatusBadRequest)
return
}
_, ok := hub.Users[user.Id]
if ok {
http.Error(response, "hub already joined", http.StatusBadRequest)
return
}
user.Hubs[hub.Id] = hub
hubUser := types.NewHubUser()
hubUser.OriginalId = user.Id
if hub.JoinRole != nil {
hubUser.Roles.Add(hub.JoinRole.Id)
}
hubUser.CreatedAt = time.Now()
hub.Users[hubUser.OriginalId] = hubUser
updateChannelCacheForSpecUser(hubUser, hub)
response.WriteHeader(http.StatusCreated)
}
func HandleHubMessage(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
user, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
channel, err := getHubChannelIfValidWithResponseOnFail(ctx, response, hub, hubUser, request.Header.Get("channel_id"))
if err != nil {
return
}
if hubUser.IsMuted {
http.Error(response, "muted", http.StatusForbidden)
return
}
msgContent := request.FormValue("msg_content")
attachedFile := request.FormValue("attached_file")
if msgContent == "" && attachedFile == "" {
http.Error(response, "empty msgContent", http.StatusBadRequest)
return
}
if attachedFile != "" && !strings.HasPrefix(attachedFile, channel.Id.String()+"/") {
http.Error(response, "invalid attachedFile", http.StatusBadRequest)
return
}
channel.Mu.RLock()
perms := channel.UsersCachedPermissions
channel.Mu.RUnlock()
msg := &types.Message{
Id: uuid.New(),
AttachedFile: attachedFile,
Content: msgContent,
Sender: user.Id,
Receiver: channel.Id,
CreatedAt: time.Now(),
}
for permId, perm := range perms {
if !perm.CanReadHistory() {
continue
}
target, err := cache.GetUserById(permId)
if err != nil {
continue
}
wsServer.WsSendMessageCloseIfTimeout(target, msg)
}
response.WriteHeader(http.StatusCreated)
}
func HandleGetChannels(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, requestor, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
channels := make([]uuid.UUID, 0)
hub.Mu.RLock()
for _, channel := range hub.Channels {
if channel == nil || !haveHubUserCachedPermissions(types.CachedUserCanView, requestor, channel) {
continue
}
channels = append(channels, channel.Id)
}
hub.Mu.RUnlock()
if len(channels) == 0 {
response.WriteHeader(http.StatusNoContent)
return
}
marshal, err := json.Marshal(channels)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func HandleGetHubUsers(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
users := make([]*types.HubUser, 0)
hub.Mu.RLock()
for _, user := range hub.Users {
users = append(users, user)
}
hub.Mu.RUnlock()
if len(users) == 0 {
response.WriteHeader(http.StatusNoContent)
return
}
marshal, err := json.Marshal(users)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func GetRoles(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
hub.Mu.RLock()
roles := make([]*types.HubRole, 0)
for _, role := range hub.Roles {
if role == nil {
continue
}
roles = append(roles, role)
}
hub.Mu.RUnlock()
marshal, err := json.Marshal(roles)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func GetHubData(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
marshal, err := json.Marshal(hub)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func GetChannelData(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
channel, ok := hub.Channels[channelId]
hub.Mu.RUnlock()
if !ok {
http.Error(response, "no such channel", http.StatusNotFound)
return
}
marshal, err := json.Marshal(channel)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func hubPermissionContext(response http.ResponseWriter, request *http.Request, rt bodyLimit, needed types.Permissions) (*types.HubUser, *types.Hub, context.Context, uint8, bool) {
if !validCheckWithResponseOnFail(response, request, rt) {
return nil, nil, nil, 0, false
}
ctx := request.Context()
_, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return nil, nil, nil, 0, false
}
roleId, ok := haveHubUserPermission(hubUser, hub, needed)
if !ok {
http.Error(response, "", http.StatusForbidden)
return nil, nil, nil, 0, false
}
return hubUser, hub, ctx, roleId, true
}
func HandleHubSetName(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubName)
if !ok {
return
}
newName := request.FormValue("new_name")
if newName == "" {
http.Error(response, "empty name", http.StatusBadRequest)
return
}
hub.Name = newName
response.WriteHeader(http.StatusAccepted)
}
func HandleHubSetColor(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubColor)
if !ok {
return
}
color, err := convertions.StringToRgba(request.FormValue("new_color"))
if err != nil {
http.Error(response, "bad color", http.StatusBadRequest)
return
}
hub.Color = color
response.WriteHeader(http.StatusAccepted)
}
func HandleHubSetIcon(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, hubIcon, types.PermissionSetHubIcon)
if !ok {
return
}
file, header, err := request.FormFile("file")
if err != nil {
http.Error(response, "missing file", http.StatusBadRequest)
return
}
defer file.Close()
isImg, contentType, err := isImage(file)
if err != nil || !isImg {
http.Error(response, "invalid file", http.StatusBadRequest)
return
}
key := minio.GetKey(&minio.GetKeyOptions{
MimeType: contentType,
UploadType: minio.HubIcon,
HubId: hub.Id,
})
if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{
"originalName": header.Filename,
}); err != nil {
http.Error(response, "upload failed", http.StatusInternalServerError)
return
}
if hub.IconUrl != "" {
if err = minio.Delete(ctx, hub.IconUrl); err != nil {
minio.Delete(ctx, key)
http.Error(response, "internal server error", http.StatusInternalServerError)
return
}
}
hub.IconUrl = key
response.WriteHeader(http.StatusCreated)
}
func HandleHubSetBg(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, hubBackground, types.PermissionSetHubBg)
if !ok {
return
}
file, header, err := request.FormFile("file")
if err != nil {
http.Error(response, "missing file", http.StatusBadRequest)
return
}
defer file.Close()
isImg, contentType, err := isImage(file)
if err != nil || !isImg {
http.Error(response, "invalid file", http.StatusBadRequest)
return
}
key := minio.GetKey(&minio.GetKeyOptions{
MimeType: contentType,
UploadType: minio.HubBackground,
HubId: hub.Id,
})
if err = minio.Upload(ctx, key, file, header.Size, contentType, map[string]string{
"originalName": header.Filename,
}); err != nil {
http.Error(response, "upload failed", http.StatusInternalServerError)
return
}
if hub.BgUrl != "" {
if err = minio.Delete(ctx, hub.BgUrl); err != nil {
minio.Delete(ctx, key)
http.Error(response, "internal server error", http.StatusInternalServerError)
return
}
}
hub.BgUrl = key
response.WriteHeader(http.StatusCreated)
}
func HandleGetHubIcon(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
if hub.IconUrl == "" {
http.Error(response, "hub has no icon", http.StatusNoContent)
return
}
url, meta, err := minio.GetDownloadUrlAndMetadata(ctx, hub.IconUrl)
if err != nil {
http.Error(response, "internal server error", http.StatusInternalServerError)
return
}
iconData, err := json.Marshal(map[string]any{
"url": url.String(),
"metadata": meta,
})
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(iconData)
}
func HandleGetHubBg(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
if hub.BgUrl == "" {
http.Error(response, "hub has no background", http.StatusNoContent)
return
}
url, meta, err := minio.GetDownloadUrlAndMetadata(ctx, hub.BgUrl)
if err != nil {
http.Error(response, "internal server error", http.StatusInternalServerError)
return
}
bgData, err := json.Marshal(map[string]any{
"url": url.String(),
"metadata": meta,
})
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(bgData)
}
func HandleHubRemove(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveHub)
if !ok {
return
}
cache.DeleteHub(hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleHubToggleUserColorAllowed(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetUserColorAllowed)
if !ok {
return
}
hub.UserColorAllowed = !hub.UserColorAllowed
response.WriteHeader(http.StatusAccepted)
}
func HandleHubUserRemove(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveUser)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
hubTarget, exists := hub.Users[targetId]
hub.Mu.RUnlock()
if !exists {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if usedRoleId <= hubUserHighestRoleId(hubTarget, hub) {
http.Error(response, "target higher in hierarchy", http.StatusForbidden)
return
}
target, err := cache.GetUserById(targetId)
if err != nil {
http.Error(response, "target not found", http.StatusInternalServerError)
return
}
target.Mu.Lock()
delete(target.Hubs, hub.Id)
target.Mu.Unlock()
hub.Mu.Lock()
delete(hub.Users, targetId)
hub.Mu.Unlock()
updateChannelCacheForSpecUser(hubTarget, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleHubRenameUser(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRenameUser)
if !ok {
return
}
newName := request.FormValue("new_name")
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
target, exists := hub.Users[targetId]
hub.Mu.RUnlock()
if !exists {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if usedRoleId <= hubUserHighestRoleId(target, hub) {
http.Error(response, "target higher in hierarchy", http.StatusForbidden)
return
}
target.Name = newName
response.WriteHeader(http.StatusAccepted)
}
func HandleHubRenameSelf(response http.ResponseWriter, request *http.Request) {
requestor, _, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSelfRename)
if !ok {
return
}
requestor.Name = request.FormValue("new_name")
response.WriteHeader(http.StatusAccepted)
}
func HandleHubToggleMuteUser(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionMuteUser)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
target, exists := hub.Users[targetId]
hub.Mu.RUnlock()
if !exists {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if usedRoleId <= hubUserHighestRoleId(target, hub) {
http.Error(response, "target higher in hierarchy", http.StatusForbidden)
return
}
target.IsMuted = !target.IsMuted
response.WriteHeader(http.StatusAccepted)
}
func HandleHubUserAddRole(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserAddRole)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.RLock()
target, ok := hub.Users[targetId]
role := hub.Roles[roleId]
hub.Mu.RUnlock()
if !ok {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if role == nil {
http.Error(response, "role not found", http.StatusNotFound)
return
}
target.Roles.Add(roleId)
updateChannelCacheForSpecUser(target, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleHubUserRemoveRole(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserRemoveRole)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.RLock()
target, ok := hub.Users[targetId]
hub.Mu.RUnlock()
if !ok {
http.Error(response, "user not found", http.StatusNotFound)
return
}
target.Roles.Remove(roleId)
updateChannelCacheForSpecUser(target, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleHubCreateRole(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateRole)
if !ok {
return
}
name := request.FormValue("name")
if name == "" {
http.Error(response, "empty name", http.StatusBadRequest)
return
}
hub.Mu.Lock()
var freeId uint8
found := false
for i := uint8(1); i < types.HubBoundRolesMax; i++ {
if hub.Roles[i] == nil && usedRoleId > i {
freeId = i
found = true
break
}
}
if !found {
hub.Mu.Unlock()
http.Error(response, "no role slots available", http.StatusConflict)
return
}
hub.Roles[freeId] = &types.HubRole{
Id: freeId,
Name: name,
Color: types.RandomRgba(),
CreatedAt: time.Now(),
}
hub.Mu.Unlock()
response.WriteHeader(http.StatusCreated)
}
func HandleHubRemoveRole(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveRole)
if !ok {
return
}
targetRoleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if targetRoleId == 0 {
http.Error(response, "cannot remove root role", http.StatusForbidden)
return
}
if targetRoleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.Lock()
if hub.Roles[targetRoleId] == nil {
hub.Mu.Unlock()
http.Error(response, "role not found", http.StatusNotFound)
return
}
hub.Roles[targetRoleId] = nil
hub.Mu.Unlock()
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSetName(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleName)
if !ok {
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
newName := request.FormValue("new_name")
if newName == "" {
http.Error(response, "name empty", http.StatusBadRequest)
return
}
hub.Mu.Lock()
role := hub.Roles[roleId]
if role == nil {
hub.Mu.Unlock()
http.Error(response, "no such role", http.StatusNotFound)
return
}
role.Name = newName
hub.Mu.Unlock()
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSetColor(response http.ResponseWriter, request *http.Request) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleColor)
if !ok {
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
color, err := convertions.StringToRgba(request.FormValue("new_color"))
if err != nil {
http.Error(response, "invalid new_color", http.StatusBadRequest)
return
}
hub.Mu.Lock()
role := hub.Roles[roleId]
if role == nil {
hub.Mu.Unlock()
http.Error(response, "no such role", http.StatusNotFound)
return
}
role.Color = color
hub.Mu.Unlock()
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSetPermissions(response http.ResponseWriter, request *http.Request) {
requestor, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRolePermissions)
if !ok {
return
}
targetRoleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if targetRoleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.Lock()
targetRole := hub.Roles[targetRoleId]
hub.Mu.Unlock()
if targetRole == nil {
http.Error(response, "no such role", http.StatusNotFound)
return
}
madeChange := false
query := request.URL.Query()
for key, values := range query {
permission, ok := types.PermissionLookup(key)
if !ok {
continue
}
permRoleId, ok := haveHubUserPermission(requestor, hub, permission)
if !ok {
http.Error(response, "permission needed: "+key, http.StatusNotFound)
}
if permRoleId <= targetRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
if convertions.StringToBool(values[0]) {
if !targetRole.Permissions.Has(permission) {
madeChange = true
targetRole.Permissions.Grant(permission)
}
} else {
if targetRole.Permissions.Has(permission) {
madeChange = true
targetRole.Permissions.Revoke(permission)
}
}
}
if !madeChange {
response.WriteHeader(http.StatusNoContent)
response.Write([]byte("no changes made"))
return
}
updateChannelCacheForSpecRole(targetRole, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSelfRemove(response http.ResponseWriter, request *http.Request) {
requestor, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserSelfRoleRemove)
if !ok {
return
}
requestor.Roles.Remove(usedRoleId)
updateChannelCacheForSpecUser(requestor, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelCreate(response http.ResponseWriter, request *http.Request) {
requestor, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateChannel)
if !ok {
return
}
name := request.FormValue("name")
if name == "" { // TODO think about some restriction to not be too big
http.Error(response, "name empty", http.StatusBadRequest)
return
}
newHubChannel := types.NewHubChannel()
newHubChannel.Name = name
newHubChannel.Id = uuid.New()
newHubChannel.CreatedAt = time.Now()
newHubChannel.RolesCanView.Add(usedRoleId)
newHubChannel.RolesCanMessage.Add(usedRoleId)
newHubChannel.RolesCanReadHistory.Add(usedRoleId)
if requestor.Roles.ContainsRoleId(types.HubBoundRolesMax) {
newHubChannel.RolesCanView.Add(types.HubBoundRolesMax)
newHubChannel.RolesCanMessage.Add(types.HubBoundRolesMax)
newHubChannel.RolesCanReadHistory.Add(types.HubBoundRolesMax)
}
hub.Mu.Lock()
usedPositions := make(map[uint8]bool, len(hub.Channels))
for _, ch := range hub.Channels {
usedPositions[ch.Position] = true
}
var position uint8
for usedPositions[position] {
position++
}
newHubChannel.Position = position
hub.Channels[newHubChannel.Id] = newHubChannel
hub.Mu.Unlock()
updateChannelCacheForSpecChannel(newHubChannel, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelRemove(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveChannel)
if !ok {
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.Lock()
if _, ok := hub.Channels[channelId]; !ok {
hub.Mu.Unlock()
http.Error(response, "no such channel", http.StatusNotFound)
return
}
delete(hub.Channels, channelId)
hub.Mu.Unlock()
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelSetName(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetChannelName)
if !ok {
return
}
newName := request.FormValue("new_name")
if newName == "" {
http.Error(response, "newname empty", http.StatusBadRequest)
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.Lock()
channel, ok := hub.Channels[channelId]
if !ok {
hub.Mu.Unlock()
http.Error(response, "no such channel", http.StatusNotFound)
return
}
channel.Name = newName
hub.Mu.Unlock()
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelSetDescription(response http.ResponseWriter, request *http.Request) {
_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetChannelDescription)
if !ok {
return
}
newDescription := request.FormValue("description")
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.Lock()
channel, ok := hub.Channels[channelId]
if !ok {
hub.Mu.Unlock()
http.Error(response, "no such channel", http.StatusNotFound)
return
}
channel.Description = newDescription
hub.Mu.Unlock()
response.WriteHeader(http.StatusAccepted)
}
func handleChannelRolePermission(response http.ResponseWriter, request *http.Request, perm types.Permissions, modify func(*types.HubChannel, uint8, bool)) {
_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, perm)
if !ok {
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "invalid role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
allow := convertions.StringToBool(request.URL.Query().Get("allow"))
hub.Mu.Lock()
channel, ok := hub.Channels[channelId]
if !ok {
hub.Mu.Unlock()
http.Error(response, "channel not found", http.StatusNotFound)
return
}
modify(channel, roleId, allow)
hub.Mu.Unlock()
updateChannelCacheForSpecChannel(channel, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelSetPermittedVisibleRole(response http.ResponseWriter, request *http.Request) {
handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedVisibleRoles, func(c *types.HubChannel, roleId uint8, allow bool) {
if allow {
c.RolesCanView.Add(roleId)
} else {
c.RolesCanView.Remove(roleId)
}
})
}
func HandleChannelSetPermittedSendRole(response http.ResponseWriter, request *http.Request) {
handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedSendMessageRoles, func(c *types.HubChannel, roleId uint8, allow bool) {
if allow {
c.RolesCanMessage.Add(roleId)
} else {
c.RolesCanMessage.Remove(roleId)
}
})
}
func HandleChannelSetPermittedHistoryRole(response http.ResponseWriter, request *http.Request) {
handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedReadHistoryRoles, func(c *types.HubChannel, roleId uint8, allow bool) {
if allow {
c.RolesCanReadHistory.Add(roleId)
} else {
c.RolesCanReadHistory.Remove(roleId)
}
})
}
Reference in New Issue View Git Blame Copy Permalink