admin/go-socket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcefea3cf538d297d733eadb8dbe2cdab7c3b899
go-socket/packages/httpRequest/hubs.go
T
cos bcefea3cf5 fix deleted :
2026-05-06 23:08:48 +02:00

1176 lines
33 KiB
Go
Raw Blame History

package httpRequest
import (
"context"
"encoding/json"
"net/http"
"strings"
"time"
"go-socket/packages/convertions"
"go-socket/packages/postgresql"
"go-socket/packages/cache"
"go-socket/packages/minio"
"go-socket/packages/types"
"go-socket/packages/wsServer"
"github.com/google/uuid"
)
func haveHubUserPermission(u *types.HubUser, h *types.Hub, needed types.Permissions) (id uint8, has bool) {
h.Mu.Lock()
defer h.Mu.Unlock()
for _, role := range h.Roles {
if role == nil {
continue
}
if !u.Roles.ContainsRoleId(role.Id) {
continue
}
if (needed&role.Permissions) == needed && role.Id > id {
id = role.Id
has = true
}
}
return id, has
}
func hubUserHighestRoleId(u *types.HubUser, h *types.Hub) (id uint8) {
h.Mu.Lock()
defer h.Mu.Unlock()
for _, role := range h.Roles {
if role == nil {
continue
}
if !u.Roles.ContainsRoleId(role.Id) {
continue
}
if role.Id > id {
id = role.Id
}
}
return id
}
func updateChannelCacheForSpecUserAndChannel(u *types.HubUser, c *types.HubChannel) {
c.Mu.Lock()
defer c.Mu.Unlock()
if u == nil {
delete(c.UsersCachedPermissions, c.Id)
return
}
if u.Roles.DoesIntersect(c.RolesCanView) {
c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanView
} else {
c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanView
}
if u.Roles.DoesIntersect(c.RolesCanReadHistory) {
c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanReadHistory
} else {
c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanReadHistory
}
if u.Roles.DoesIntersect(c.RolesCanMessage) {
c.UsersCachedPermissions[u.OriginalId] |= types.CachedUserCanMessage
} else {
c.UsersCachedPermissions[u.OriginalId] &^= types.CachedUserCanMessage
}
}
func updateChannelCacheForSpecChannel(c *types.HubChannel, h *types.Hub) {
h.Mu.RLock()
defer h.Mu.RUnlock()
for _, u := range h.Users {
updateChannelCacheForSpecUserAndChannel(u, c)
}
}
func updateChannelCacheForSpecUser(u *types.HubUser, h *types.Hub) {
h.Mu.RLock()
defer h.Mu.RUnlock()
for _, c := range h.Channels {
if c == nil {
continue
}
updateChannelCacheForSpecUserAndChannel(u, c)
}
}
func updateChannelCacheForSpecRole(r *types.HubRole, h *types.Hub) {
h.Mu.RLock()
var users []*types.HubUser
for _, u := range h.Users {
if u.Roles.ContainsRoleId(r.Id) {
users = append(users, u)
}
}
h.Mu.RUnlock()
for _, u := range users {
updateChannelCacheForSpecUser(u, h)
}
}
func haveHubUserCachedPermissions(needed types.CachedUserPermissions, user *types.HubUser, channel *types.HubChannel) bool {
channel.Mu.RLock()
checkAgainst, ok := channel.UsersCachedPermissions[user.OriginalId]
channel.Mu.RUnlock()
if !ok || (needed&checkAgainst) != needed {
return false
}
return true
}
func HandleHubCreate(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
user, err := getUserByToken(ctx, request.Header.Get("token"))
if err != nil {
http.Error(response, "invalid token", http.StatusUnauthorized)
return
}
hubName := request.FormValue("hub_name")
if hubName == "" {
http.Error(response, "hub name is required", http.StatusBadRequest)
return
}
hub := types.NewHub()
hub.Name = hubName
hub.Color = types.RandomRgba()
hub.Id = uuid.New()
hub.Creator = user.Id
hub.CreatedAt = time.Now()
user.Hubs[hub.Id] = hub
creator := types.NewHubUser()
creator.OriginalId = user.Id
creator.CreatedAt = hub.CreatedAt
hub.Users[creator.OriginalId] = creator
rootRole := &types.HubRole{
Id: types.HubBoundRolesMax,
Permissions: types.PermissionAll(),
Name: "root",
Color: types.RandomRgba(),
CreatedAt: hub.CreatedAt,
}
hub.Roles[rootRole.Id] = rootRole
creator.Roles.Add(rootRole.Id)
memberRole := &types.HubRole{
Id: uint8(0),
Name: "member",
Color: types.RandomRgba(),
CreatedAt: hub.CreatedAt,
}
hub.JoinRole = memberRole
hub.Roles[memberRole.Id] = memberRole
creator.Roles.Add(memberRole.Id)
channel := types.NewHubChannel()
channel.Name = "main channel"
channel.Id = uuid.New()
channel.Description = "The fist channel!"
channel.CreatedAt = hub.CreatedAt
channel.RolesCanMessage.Add(rootRole.Id)
channel.RolesCanMessage.Add(memberRole.Id)
channel.RolesCanView.Add(rootRole.Id)
channel.RolesCanView.Add(memberRole.Id)
channel.RolesCanReadHistory.Add(rootRole.Id)
channel.RolesCanReadHistory.Add(memberRole.Id)
channel.UsersCachedPermissions[creator.OriginalId] = types.CachedUserPermissionsAll
channel.Position = 0
hub.Channels[channel.Id] = channel
cache.SaveHub(hub)
err = postgresql.HubSave(ctx, hub)
if err != nil {
http.Error(response, "failed to save hub", http.StatusInternalServerError)
return
}
err = postgresql.HubUserSave(ctx, hub.Id, creator)
if err != nil {
http.Error(response, "failed to save hub user", http.StatusInternalServerError)
return
}
err = postgresql.HubRoleSave(ctx, hub.Id, rootRole)
if err != nil {
http.Error(response, "failed to save hub role", http.StatusInternalServerError)
return
}
err = postgresql.HubRoleSave(ctx, hub.Id, memberRole)
if err != nil {
http.Error(response, "failed to save hub role", http.StatusInternalServerError)
return
}
err = postgresql.HubChannelSave(ctx, hub.Id, channel)
if err != nil {
http.Error(response, "failed to save hub channel", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusCreated)
response.Write([]byte(hub.Id.String()))
}
func HandleHubJoin(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
user, err := getUserByToken(ctx, request.Header.Get("token"))
if err != nil {
http.Error(response, "invalid token", http.StatusUnauthorized)
return
}
hub, err := getHubByIdStr(ctx, request.Header.Get("hub_id"))
if err != nil {
http.Error(response, "invalid hub_id", http.StatusBadRequest)
return
}
_, ok := hub.Users[user.Id]
if ok {
http.Error(response, "hub already joined", http.StatusBadRequest)
return
}
user.Hubs[hub.Id] = hub
hubUser := types.NewHubUser()
hubUser.OriginalId = user.Id
if hub.JoinRole != nil {
hubUser.Roles.Add(hub.JoinRole.Id)
}
hubUser.CreatedAt = time.Now()
hub.Users[hubUser.OriginalId] = hubUser
updateChannelCacheForSpecUser(hubUser, hub)
if err = postgresql.HubUserSave(ctx, hub.Id, hubUser); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusCreated)
}
func HandleHubMessage(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
user, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
channel, err := getHubChannelIfValidWithResponseOnFail(ctx, response, hub, hubUser, request.Header.Get("channel_id"))
if err != nil {
return
}
if hubUser.IsMuted {
http.Error(response, "muted", http.StatusForbidden)
return
}
msgContent := request.FormValue("msg_content")
attachedFile := request.FormValue("attached_file")
if msgContent == "" && attachedFile == "" {
http.Error(response, "empty msgContent", http.StatusBadRequest)
return
}
if attachedFile != "" && !strings.HasPrefix(attachedFile, string(minio.HubChannelFilePrefix)+channel.Id.String()+"/") {
http.Error(response, "invalid attachedFile", http.StatusBadRequest)
return
}
channel.Mu.RLock()
perms := channel.UsersCachedPermissions
channel.Mu.RUnlock()
msg := &types.Message{
Id: uuid.New(),
AttachedFile: attachedFile,
Content: msgContent,
Sender: user.Id,
Receiver: channel.Id,
CreatedAt: time.Now(),
}
channel.AddMessageToBuff(msg)
for permId, perm := range perms {
if !perm.CanReadHistory() {
continue
}
target, err := cache.GetUserById(permId)
if err != nil {
continue
}
wsServer.WsSendMessageCloseIfTimeout(target, msg)
}
response.WriteHeader(http.StatusCreated)
}
func HandleGetChannels(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, requestor, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
channels := make([]uuid.UUID, 0)
hub.Mu.RLock()
for _, channel := range hub.Channels {
if channel == nil || !haveHubUserCachedPermissions(types.CachedUserCanView, requestor, channel) {
continue
}
channels = append(channels, channel.Id)
}
hub.Mu.RUnlock()
if len(channels) == 0 {
response.WriteHeader(http.StatusNoContent)
return
}
marshal, err := json.Marshal(channels)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func HandleGetHubUsers(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
users := make([]*types.HubUser, 0)
hub.Mu.RLock()
for _, user := range hub.Users {
users = append(users, user)
}
hub.Mu.RUnlock()
if len(users) == 0 {
response.WriteHeader(http.StatusNoContent)
return
}
marshal, err := json.Marshal(users)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func GetRoles(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
hub.Mu.RLock()
roles := make([]*types.HubRole, 0)
for _, role := range hub.Roles {
if role == nil {
continue
}
roles = append(roles, role)
}
hub.Mu.RUnlock()
marshal, err := json.Marshal(roles)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func GetHubData(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
marshal, err := json.Marshal(hub)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func GetChannelData(response http.ResponseWriter, request *http.Request) {
if !validCheckWithResponseOnFail(response, request, normal) {
return
}
ctx := request.Context()
_, _, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
channel, ok := hub.Channels[channelId]
hub.Mu.RUnlock()
if !ok {
http.Error(response, "no such channel", http.StatusNotFound)
return
}
marshal, err := json.Marshal(channel)
if err != nil {
http.Error(response, "json error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusOK)
response.Write(marshal)
}
func hubPermissionContext(response http.ResponseWriter, request *http.Request, rt bodyLimit, needed types.Permissions) (*types.HubUser, *types.Hub, context.Context, uint8, bool) {
if !validCheckWithResponseOnFail(response, request, rt) {
return nil, nil, nil, 0, false
}
ctx := request.Context()
_, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
if err != nil {
return nil, nil, nil, 0, false
}
roleId, ok := haveHubUserPermission(hubUser, hub, needed)
if !ok {
http.Error(response, "", http.StatusForbidden)
return nil, nil, nil, 0, false
}
return hubUser, hub, ctx, roleId, true
}
func HandleHubSetName(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubName)
if !ok {
return
}
newName := request.FormValue("new_name")
if newName == "" {
http.Error(response, "empty name", http.StatusBadRequest)
return
}
hub.Name = newName
if err := postgresql.HubUpdate(ctx, hub, &types.HubUpdate{Name: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubSetColor(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubColor)
if !ok {
return
}
color, err := convertions.StringToRgba(request.FormValue("new_color"))
if err != nil {
http.Error(response, "bad color", http.StatusBadRequest)
return
}
hub.Color = color
if err = postgresql.HubUpdate(ctx, hub, &types.HubUpdate{Color: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubRemove(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveHub)
if !ok {
return
}
if err := postgresql.HubDelete(ctx, hub.Id); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
cache.DeleteHub(hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleHubToggleUserColorAllowed(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetUserColorAllowed)
if !ok {
return
}
hub.UserColorAllowed = !hub.UserColorAllowed
if err := postgresql.HubUpdate(ctx, hub, &types.HubUpdate{UserColorAllowed: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleSetHubJoinRole(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubJoinRole)
if !ok {
return
}
newRoleId, err := convertions.StringToUint8(request.FormValue("new_role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
newRole := hub.Roles[newRoleId]
if newRole == nil {
http.Error(response, "bad role_id", http.StatusNotFound)
return
}
hub.JoinRole = newRole
if err = postgresql.HubUpdate(ctx, hub, &types.HubUpdate{JoinRole: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubUserRemove(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveUser)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
hubTarget, exists := hub.Users[targetId]
hub.Mu.RUnlock()
if !exists {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if usedRoleId <= hubUserHighestRoleId(hubTarget, hub) {
http.Error(response, "target higher in hierarchy", http.StatusForbidden)
return
}
target, err := cache.GetUserById(targetId)
if err != nil {
http.Error(response, "target not found", http.StatusInternalServerError)
return
}
target.Mu.Lock()
delete(target.Hubs, hub.Id)
target.Mu.Unlock()
if err = postgresql.HubUserDelete(ctx, hub.Id, targetId); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
hub.Mu.Lock()
delete(hub.Users, targetId)
hub.Mu.Unlock()
updateChannelCacheForSpecUser(hubTarget, hub)
response.WriteHeader(http.StatusAccepted)
}
func HandleHubRenameUser(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRenameUser)
if !ok {
return
}
newName := request.FormValue("new_name")
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
target, exists := hub.Users[targetId]
hub.Mu.RUnlock()
if !exists {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if usedRoleId <= hubUserHighestRoleId(target, hub) {
http.Error(response, "target higher in hierarchy", http.StatusForbidden)
return
}
target.Name = newName
if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{Name: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubRenameSelf(response http.ResponseWriter, request *http.Request) {
requestor, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSelfRename)
if !ok {
return
}
requestor.Name = request.FormValue("new_name")
if err := postgresql.HubUserUpdate(ctx, hub.Id, requestor, &types.HubUserUpdate{Name: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubToggleMuteUser(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionMuteUser)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
hub.Mu.RLock()
target, exists := hub.Users[targetId]
hub.Mu.RUnlock()
if !exists {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if usedRoleId <= hubUserHighestRoleId(target, hub) {
http.Error(response, "target higher in hierarchy", http.StatusForbidden)
return
}
target.IsMuted = !target.IsMuted
if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{IsMuted: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubUserAddRole(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserAddRole)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.RLock()
target, ok := hub.Users[targetId]
role := hub.Roles[roleId]
hub.Mu.RUnlock()
if !ok {
http.Error(response, "user not found", http.StatusNotFound)
return
}
if role == nil {
http.Error(response, "role not found", http.StatusNotFound)
return
}
target.Roles.Add(roleId)
updateChannelCacheForSpecUser(target, hub)
if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{Roles: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubUserRemoveRole(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserRemoveRole)
if !ok {
return
}
targetId, err := convertions.StringToUuid(request.FormValue("target_id"))
if err != nil {
http.Error(response, "bad target_id", http.StatusBadRequest)
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.RLock()
target, ok := hub.Users[targetId]
hub.Mu.RUnlock()
if !ok {
http.Error(response, "user not found", http.StatusNotFound)
return
}
target.Roles.Remove(roleId)
updateChannelCacheForSpecUser(target, hub)
if err = postgresql.HubUserUpdate(ctx, hub.Id, target, &types.HubUserUpdate{Roles: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleHubCreateRole(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateRole)
if !ok {
return
}
name := request.FormValue("name")
if name == "" {
http.Error(response, "empty name", http.StatusBadRequest)
return
}
hub.Mu.Lock()
var freeId uint8
found := false
for i := uint8(1); i < types.HubBoundRolesMax; i++ {
if hub.Roles[i] == nil && usedRoleId > i {
freeId = i
found = true
break
}
}
if !found {
hub.Mu.Unlock()
http.Error(response, "no role slots available", http.StatusConflict)
return
}
newRole := &types.HubRole{
Id: freeId,
Name: name,
Color: types.RandomRgba(),
CreatedAt: time.Now(),
}
hub.Roles[freeId] = newRole
hub.Mu.Unlock()
if err := postgresql.HubRoleSave(ctx, hub.Id, newRole); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusCreated)
}
func HandleHubRemoveRole(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveRole)
if !ok {
return
}
targetRoleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if targetRoleId == 0 {
http.Error(response, "cannot remove root role", http.StatusForbidden)
return
}
if targetRoleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.Lock()
if hub.Roles[targetRoleId] == nil {
hub.Mu.Unlock()
http.Error(response, "role not found", http.StatusNotFound)
return
}
hub.Roles[targetRoleId] = nil
hub.Mu.Unlock()
if err := postgresql.HubRoleDelete(ctx, hub.Id, targetRoleId); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSetName(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleName)
if !ok {
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
newName := request.FormValue("new_name")
if newName == "" {
http.Error(response, "name empty", http.StatusBadRequest)
return
}
hub.Mu.Lock()
role := hub.Roles[roleId]
if role == nil {
hub.Mu.Unlock()
http.Error(response, "no such role", http.StatusNotFound)
return
}
role.Name = newName
hub.Mu.Unlock()
if err = postgresql.HubRoleUpdate(ctx, hub.Id, role, &types.HubRoleUpdate{Name: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSetColor(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleColor)
if !ok {
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
color, err := convertions.StringToRgba(request.FormValue("new_color"))
if err != nil {
http.Error(response, "invalid new_color", http.StatusBadRequest)
return
}
hub.Mu.Lock()
role := hub.Roles[roleId]
if role == nil {
hub.Mu.Unlock()
http.Error(response, "no such role", http.StatusNotFound)
return
}
role.Color = color
hub.Mu.Unlock()
if err = postgresql.HubRoleUpdate(ctx, hub.Id, role, &types.HubRoleUpdate{Color: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSetPermissions(response http.ResponseWriter, request *http.Request) {
requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRolePermissions)
if !ok {
return
}
targetRoleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "bad role_id", http.StatusBadRequest)
return
}
if targetRoleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
hub.Mu.Lock()
targetRole := hub.Roles[targetRoleId]
hub.Mu.Unlock()
if targetRole == nil {
http.Error(response, "no such role", http.StatusNotFound)
return
}
madeChange := false
query := request.URL.Query()
for key, values := range query {
permission, ok := types.PermissionLookup(key)
if !ok {
continue
}
permRoleId, ok := haveHubUserPermission(requestor, hub, permission)
if !ok {
http.Error(response, "permission needed: "+key, http.StatusNotFound)
}
if permRoleId <= targetRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
if convertions.StringToBool(values[0]) {
if !targetRole.Permissions.Has(permission) {
madeChange = true
targetRole.Permissions.Grant(permission)
}
} else {
if targetRole.Permissions.Has(permission) {
madeChange = true
targetRole.Permissions.Revoke(permission)
}
}
}
if !madeChange {
response.WriteHeader(http.StatusNoContent)
response.Write([]byte("no changes made"))
return
}
updateChannelCacheForSpecRole(targetRole, hub)
if err := postgresql.HubRoleUpdate(ctx, hub.Id, targetRole, &types.HubRoleUpdate{Permissions: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleRoleSelfRemove(response http.ResponseWriter, request *http.Request) {
requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserSelfRoleRemove)
if !ok {
return
}
requestor.Roles.Remove(usedRoleId)
updateChannelCacheForSpecUser(requestor, hub)
if err := postgresql.HubUserUpdate(ctx, hub.Id, requestor, &types.HubUserUpdate{Roles: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelCreate(response http.ResponseWriter, request *http.Request) {
requestor, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateChannel)
if !ok {
return
}
name := request.FormValue("name")
if name == "" { // TODO think about some restriction to not be too big
http.Error(response, "name empty", http.StatusBadRequest)
return
}
newHubChannel := types.NewHubChannel()
newHubChannel.Name = name
newHubChannel.Id = uuid.New()
newHubChannel.CreatedAt = time.Now()
newHubChannel.RolesCanView.Add(usedRoleId)
newHubChannel.RolesCanMessage.Add(usedRoleId)
newHubChannel.RolesCanReadHistory.Add(usedRoleId)
if requestor.Roles.ContainsRoleId(types.HubBoundRolesMax) {
newHubChannel.RolesCanView.Add(types.HubBoundRolesMax)
newHubChannel.RolesCanMessage.Add(types.HubBoundRolesMax)
newHubChannel.RolesCanReadHistory.Add(types.HubBoundRolesMax)
}
hub.Mu.Lock()
usedPositions := make(map[uint8]bool, len(hub.Channels))
for _, ch := range hub.Channels {
usedPositions[ch.Position] = true
}
var position uint8
for usedPositions[position] {
position++
}
newHubChannel.Position = position
hub.Channels[newHubChannel.Id] = newHubChannel
hub.Mu.Unlock()
updateChannelCacheForSpecChannel(newHubChannel, hub)
if err := postgresql.HubChannelSave(ctx, hub.Id, newHubChannel); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelRemove(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveChannel)
if !ok {
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.Lock()
if _, ok = hub.Channels[channelId]; !ok {
hub.Mu.Unlock()
http.Error(response, "no such channel", http.StatusNotFound)
return
}
delete(hub.Channels, channelId)
hub.Mu.Unlock()
if err = postgresql.HubChannelDelete(ctx, channelId); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelSetName(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetChannelName)
if !ok {
return
}
newName := request.FormValue("new_name")
if newName == "" {
http.Error(response, "newname empty", http.StatusBadRequest)
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.Lock()
channel, ok := hub.Channels[channelId]
if !ok {
hub.Mu.Unlock()
http.Error(response, "no such channel", http.StatusNotFound)
return
}
channel.Name = newName
hub.Mu.Unlock()
if err = postgresql.HubChannelUpdate(ctx, channel, &types.HubChannelUpdate{Name: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelSetDescription(response http.ResponseWriter, request *http.Request) {
_, hub, ctx, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetChannelDescription)
if !ok {
return
}
newDescription := request.FormValue("description")
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
hub.Mu.Lock()
channel, ok := hub.Channels[channelId]
if !ok {
hub.Mu.Unlock()
http.Error(response, "no such channel", http.StatusNotFound)
return
}
channel.Description = newDescription
hub.Mu.Unlock()
if err = postgresql.HubChannelUpdate(ctx, channel, &types.HubChannelUpdate{Description: true}); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func handleChannelRolePermission(response http.ResponseWriter, request *http.Request, perm types.Permissions, updateList *types.HubChannelUpdate, modify func(*types.HubChannel, uint8, bool)) {
_, hub, ctx, usedRoleId, ok := hubPermissionContext(response, request, normal, perm)
if !ok {
return
}
channelId, err := convertions.StringToUuid(request.FormValue("channel_id"))
if err != nil {
http.Error(response, "invalid channel_id", http.StatusBadRequest)
return
}
roleId, err := convertions.StringToUint8(request.FormValue("role_id"))
if err != nil {
http.Error(response, "invalid role_id", http.StatusBadRequest)
return
}
if roleId > usedRoleId {
http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
return
}
allow := convertions.StringToBool(request.URL.Query().Get("allow"))
hub.Mu.Lock()
channel, ok := hub.Channels[channelId]
if !ok {
hub.Mu.Unlock()
http.Error(response, "channel not found", http.StatusNotFound)
return
}
modify(channel, roleId, allow)
hub.Mu.Unlock()
updateChannelCacheForSpecChannel(channel, hub)
if err = postgresql.HubChannelUpdate(ctx, channel, updateList); err != nil {
http.Error(response, "db error", http.StatusInternalServerError)
return
}
response.WriteHeader(http.StatusAccepted)
}
func HandleChannelSetPermittedVisibleRole(response http.ResponseWriter, request *http.Request) {
handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedVisibleRoles, &types.HubChannelUpdate{RolesCanView: true}, func(c *types.HubChannel, roleId uint8, allow bool) {
if allow {
c.RolesCanView.Add(roleId)
} else {
c.RolesCanView.Remove(roleId)
}
})
}
func HandleChannelSetPermittedSendRole(response http.ResponseWriter, request *http.Request) {
handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedSendMessageRoles, &types.HubChannelUpdate{RolesCanMessage: true}, func(c *types.HubChannel, roleId uint8, allow bool) {
if allow {
c.RolesCanMessage.Add(roleId)
} else {
c.RolesCanMessage.Remove(roleId)
}
})
}
func HandleChannelSetPermittedHistoryRole(response http.ResponseWriter, request *http.Request) {
handleChannelRolePermission(response, request, types.PermissionSetChannelPermittedReadHistoryRoles, &types.HubChannelUpdate{RolesCanReadHistory: true}, func(c *types.HubChannel, roleId uint8, allow bool) {
if allow {
c.RolesCanReadHistory.Add(roleId)
} else {
c.RolesCanReadHistory.Remove(roleId)
}
})
}
Reference in New Issue View Git Blame Copy Permalink