From e96ae5ca518a50a5b06634d516e58aaf9cba81ec Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sun, 24 Jul 2022 08:10:23 +0200 Subject: [PATCH] add folders to data provider actions Signed-off-by: Nicola Murino --- common/protocol_test.go | 2 +- dataprovider/actions.go | 1 + dataprovider/dataprovider.go | 28 ++++++++++++++++++++++++++-- dataprovider/memory.go | 2 +- docs/custom-actions.md | 1 + docs/full-configuration.md | 2 +- httpd/api_folder.go | 10 ++++++++-- httpd/api_maintenance.go | 2 +- httpd/internal_test.go | 10 ++++++++++ httpd/webadmin.go | 9 +++++++-- openapi/openapi.yaml | 4 ++++ 11 files changed, 61 insertions(+), 10 deletions(-) diff --git a/common/protocol_test.go b/common/protocol_test.go index b63dd93a..3044145e 100644 --- a/common/protocol_test.go +++ b/common/protocol_test.go @@ -2717,7 +2717,7 @@ func TestDelayedQuotaUpdater(t *testing.T) { Name: "folder", MappedPath: filepath.Join(os.TempDir(), "p"), } - err = dataprovider.AddFolder(&folder) + err = dataprovider.AddFolder(&folder, "", "") assert.NoError(t, err) err = dataprovider.UpdateVirtualFolderQuota(&folder, 10, 6000, false) diff --git a/dataprovider/actions.go b/dataprovider/actions.go index 3517812e..5a98abf4 100644 --- a/dataprovider/actions.go +++ b/dataprovider/actions.go @@ -43,6 +43,7 @@ const ( const ( actionObjectUser = "user" + actionObjectFolder = "folder" actionObjectGroup = "group" actionObjectAdmin = "admin" actionObjectAPIKey = "api_key" diff --git a/dataprovider/dataprovider.go b/dataprovider/dataprovider.go index 23a233d7..3f21438a 100644 --- a/dataprovider/dataprovider.go +++ b/dataprovider/dataprovider.go @@ -255,6 +255,24 @@ type PasswordValidation struct { Users PasswordValidationRules `json:"users" mapstructure:"users"` } +type wrappedFolder struct { + Folder vfs.BaseVirtualFolder +} + +func (w *wrappedFolder) RenderAsJSON(reload bool) ([]byte, error) { + if reload { + folder, err := provider.getFolderByName(w.Folder.Name) + if err != nil { + providerLog(logger.LevelError, "unable to reload folder before rendering as json: %v", err) + return nil, err + } + folder.PrepareForRendering() + return json.Marshal(folder) + } + w.Folder.PrepareForRendering() + return json.Marshal(w.Folder) +} + // ObjectsActions defines the action to execute on user create, update, delete for the specified objects type ObjectsActions struct { // Valid values are add, update, delete. Empty slice to disable @@ -1854,15 +1872,20 @@ func GetUsersForQuotaCheck(toFetch map[string]bool) ([]User, error) { } // AddFolder adds a new virtual folder. -func AddFolder(folder *vfs.BaseVirtualFolder) error { +func AddFolder(folder *vfs.BaseVirtualFolder, executor, ipAddress string) error { folder.Name = config.convertName(folder.Name) - return provider.addFolder(folder) + err := provider.addFolder(folder) + if err == nil { + executeAction(operationAdd, executor, ipAddress, actionObjectFolder, folder.Name, &wrappedFolder{Folder: *folder}) + } + return err } // UpdateFolder updates the specified virtual folder func UpdateFolder(folder *vfs.BaseVirtualFolder, users []string, groups []string, executor, ipAddress string) error { err := provider.updateFolder(folder) if err == nil { + executeAction(operationUpdate, executor, ipAddress, actionObjectFolder, folder.Name, &wrappedFolder{Folder: *folder}) usersInGroups, errGrp := provider.getUsersInGroups(groups) if errGrp == nil { users = append(users, usersInGroups...) @@ -1893,6 +1916,7 @@ func DeleteFolder(folderName, executor, ipAddress string) error { } err = provider.deleteFolder(folder) if err == nil { + executeAction(operationDelete, executor, ipAddress, actionObjectFolder, folder.Name, &wrappedFolder{Folder: folder}) users := folder.Users usersInGroups, errGrp := provider.getUsersInGroups(folder.Groups) if errGrp == nil { diff --git a/dataprovider/memory.go b/dataprovider/memory.go index 2f4aa4bb..3d5ac776 100644 --- a/dataprovider/memory.go +++ b/dataprovider/memory.go @@ -2504,7 +2504,7 @@ func (p *MemoryProvider) restoreFolders(dump BackupData) error { } } else { folder.Users = nil - err = AddFolder(&folder) + err = AddFolder(&folder, ActionExecutorSystem, "") if err != nil { providerLog(logger.LevelError, "error adding folder %#v: %v", folder.Name, err) return err diff --git a/docs/custom-actions.md b/docs/custom-actions.md index 107f21b9..6abb00c6 100644 --- a/docs/custom-actions.md +++ b/docs/custom-actions.md @@ -85,6 +85,7 @@ The `actions` struct inside the `data_provider` configuration section allows you The supported object types are: - `user` +- `folder` - `group` - `admin` - `api_key` diff --git a/docs/full-configuration.md b/docs/full-configuration.md index 44c9a0ef..4fb26a99 100644 --- a/docs/full-configuration.md +++ b/docs/full-configuration.md @@ -220,7 +220,7 @@ The configuration file contains the following sections: - `users_base_dir`, string. Users default base directory. If no home dir is defined while adding a new user, and this value is a valid absolute path, then the user home dir will be automatically defined as the path obtained joining the base dir and the username - `actions`, struct. It contains the command to execute and/or the HTTP URL to notify and the trigger conditions. See [Custom Actions](./custom-actions.md) for more details - `execute_on`, list of strings. Valid values are `add`, `update`, `delete`. `update` action will not be fired for internal updates such as the last login or the user quota fields. - - `execute_for`, list of strings. Defines the provider objects that trigger the action. Valid values are `user`, `admin`, `api_key`, `share`, `event_action`, `event_rule`. + - `execute_for`, list of strings. Defines the provider objects that trigger the action. Valid values are `user`, `folder`, `group`, `admin`, `api_key`, `share`, `event_action`, `event_rule`. - `hook`, string. Absolute path to the command to execute or HTTP URL to notify. - `external_auth_hook`, string. Absolute path to an external program or an HTTP URL to invoke for users authentication. See [External Authentication](./external-auth.md) for more details. Leave empty to disable. - `external_auth_scope`, integer. 0 means all supported authentication scopes (passwords, public keys and keyboard interactive). 1 means passwords only. 2 means public keys only. 4 means key keyboard interactive only. 8 means TLS certificate. The flags can be combined, for example 6 means public keys and keyboard interactive diff --git a/httpd/api_folder.go b/httpd/api_folder.go index b8ed4589..3132866c 100644 --- a/httpd/api_folder.go +++ b/httpd/api_folder.go @@ -42,13 +42,19 @@ func getFolders(w http.ResponseWriter, r *http.Request) { func addFolder(w http.ResponseWriter, r *http.Request) { r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize) + claims, err := getTokenClaims(r) + if err != nil || claims.Username == "" { + sendAPIResponse(w, r, err, "Invalid token claims", http.StatusBadRequest) + return + } + var folder vfs.BaseVirtualFolder - err := render.DecodeJSON(r.Body, &folder) + err = render.DecodeJSON(r.Body, &folder) if err != nil { sendAPIResponse(w, r, err, "", http.StatusBadRequest) return } - err = dataprovider.AddFolder(&folder) + err = dataprovider.AddFolder(&folder, claims.Username, util.GetIPFromRemoteAddress(r.RemoteAddr)) if err != nil { sendAPIResponse(w, r, err, "", getRespStatus(err)) return diff --git a/httpd/api_maintenance.go b/httpd/api_maintenance.go index 94ae31e7..e971d381 100644 --- a/httpd/api_maintenance.go +++ b/httpd/api_maintenance.go @@ -258,7 +258,7 @@ func RestoreFolders(folders []vfs.BaseVirtualFolder, inputFile string, mode, sca logger.Debug(logSender, "", "restoring existing folder %#v, dump file: %#v, error: %v", folder.Name, inputFile, err) } else { folder.Users = nil - err = dataprovider.AddFolder(&folder) + err = dataprovider.AddFolder(&folder, executor, ipAddress) logger.Debug(logSender, "", "adding new folder %#v, dump file: %#v, error: %v", folder.Name, inputFile, err) } if err != nil { diff --git a/httpd/internal_test.go b/httpd/internal_test.go index f86c9ea1..6723d5ce 100644 --- a/httpd/internal_test.go +++ b/httpd/internal_test.go @@ -570,6 +570,11 @@ func TestInvalidToken(t *testing.T) { assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Contains(t, rr.Body.String(), "invalid token claims") + rr = httptest.NewRecorder() + addFolder(rr, req) + assert.Equal(t, http.StatusBadRequest, rr.Code) + assert.Contains(t, rr.Body.String(), "Invalid token claims") + rr = httptest.NewRecorder() updateFolder(rr, req) assert.Equal(t, http.StatusBadRequest, rr.Code) @@ -580,6 +585,11 @@ func TestInvalidToken(t *testing.T) { assert.Equal(t, http.StatusBadRequest, rr.Code) assert.Contains(t, rr.Body.String(), "Invalid token claims") + rr = httptest.NewRecorder() + server.handleWebAddFolderPost(rr, req) + assert.Equal(t, http.StatusBadRequest, rr.Code) + assert.Contains(t, rr.Body.String(), "invalid token claims") + rr = httptest.NewRecorder() server.handleWebUpdateFolderPost(rr, req) assert.Equal(t, http.StatusBadRequest, rr.Code) diff --git a/httpd/webadmin.go b/httpd/webadmin.go index 5470971b..5a19e918 100644 --- a/httpd/webadmin.go +++ b/httpd/webadmin.go @@ -2654,8 +2654,13 @@ func (s *httpdServer) handleWebAddFolderGet(w http.ResponseWriter, r *http.Reque func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Request) { r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize) + claims, err := getTokenClaims(r) + if err != nil || claims.Username == "" { + s.renderBadRequestPage(w, r, errors.New("invalid token claims")) + return + } folder := vfs.BaseVirtualFolder{} - err := r.ParseMultipartForm(maxRequestSize) + err = r.ParseMultipartForm(maxRequestSize) if err != nil { s.renderFolderPage(w, r, folder, folderPageModeAdd, err.Error()) return @@ -2678,7 +2683,7 @@ func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Requ folder.FsConfig = fsConfig folder = getFolderFromTemplate(folder, folder.Name) - err = dataprovider.AddFolder(&folder) + err = dataprovider.AddFolder(&folder, claims.Username, ipAddr) if err == nil { http.Redirect(w, r, webFoldersPath, http.StatusSeeOther) } else { diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index 65d71cc6..40bc4f7f 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -4526,9 +4526,13 @@ components: type: string enum: - user + - folder + - group - admin - api_key - share + - event_action + - event_rule SSHAuthentications: type: string enum: