mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-06 22:30:56 +03:00
8d4964c16d
Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
153 lines
4.1 KiB
Go
153 lines
4.1 KiB
Go
package api
|
|
|
|
import (
|
|
"database/sql"
|
|
"errors"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/drakkan/sftpgo/dataprovider"
|
|
"github.com/go-chi/chi"
|
|
"github.com/go-chi/render"
|
|
)
|
|
|
|
func getUsers(w http.ResponseWriter, r *http.Request) {
|
|
limit := 100
|
|
offset := 0
|
|
order := "ASC"
|
|
username := ""
|
|
var err error
|
|
if _, ok := r.URL.Query()["limit"]; ok {
|
|
limit, err = strconv.Atoi(r.URL.Query().Get("limit"))
|
|
if err != nil {
|
|
err = errors.New("Invalid limit")
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if limit > 500 {
|
|
limit = 500
|
|
}
|
|
}
|
|
if _, ok := r.URL.Query()["offset"]; ok {
|
|
offset, err = strconv.Atoi(r.URL.Query().Get("offset"))
|
|
if err != nil {
|
|
err = errors.New("Invalid offset")
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
}
|
|
if _, ok := r.URL.Query()["order"]; ok {
|
|
order = r.URL.Query().Get("order")
|
|
if order != "ASC" && order != "DESC" {
|
|
err = errors.New("Invalid order")
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
}
|
|
if _, ok := r.URL.Query()["username"]; ok {
|
|
username = r.URL.Query().Get("username")
|
|
}
|
|
users, err := dataprovider.GetUsers(dataProvider, limit, offset, order, username)
|
|
if err == nil {
|
|
render.JSON(w, r, users)
|
|
} else {
|
|
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
|
}
|
|
}
|
|
|
|
func getUserByID(w http.ResponseWriter, r *http.Request) {
|
|
userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)
|
|
if err != nil {
|
|
err = errors.New("Invalid userID")
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user, err := dataprovider.GetUserByID(dataProvider, userID)
|
|
if err == nil {
|
|
user.Password = ""
|
|
user.PublicKey = []string{}
|
|
render.JSON(w, r, user)
|
|
} else if err == sql.ErrNoRows {
|
|
sendAPIResponse(w, r, err, "", http.StatusNotFound)
|
|
} else {
|
|
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
|
}
|
|
}
|
|
|
|
func addUser(w http.ResponseWriter, r *http.Request) {
|
|
var user dataprovider.User
|
|
err := render.DecodeJSON(r.Body, &user)
|
|
if err != nil {
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
err = dataprovider.AddUser(dataProvider, user)
|
|
if err == nil {
|
|
user, err = dataprovider.UserExists(dataProvider, user.Username)
|
|
if err == nil {
|
|
user.Password = ""
|
|
user.PublicKey = []string{}
|
|
render.JSON(w, r, user)
|
|
} else {
|
|
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
|
}
|
|
} else {
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
}
|
|
}
|
|
|
|
func updateUser(w http.ResponseWriter, r *http.Request) {
|
|
userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)
|
|
if err != nil {
|
|
err = errors.New("Invalid userID")
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user, err := dataprovider.GetUserByID(dataProvider, userID)
|
|
if err == sql.ErrNoRows {
|
|
sendAPIResponse(w, r, err, "", http.StatusNotFound)
|
|
return
|
|
} else if err != nil {
|
|
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
err = render.DecodeJSON(r.Body, &user)
|
|
if err != nil {
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if user.ID != userID {
|
|
sendAPIResponse(w, r, err, "user ID in request body does not match user ID in path parameter", http.StatusBadRequest)
|
|
return
|
|
}
|
|
err = dataprovider.UpdateUser(dataProvider, user)
|
|
if err != nil {
|
|
sendAPIResponse(w, r, err, "", getRespStatus(err))
|
|
} else {
|
|
sendAPIResponse(w, r, err, "User updated", http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func deleteUser(w http.ResponseWriter, r *http.Request) {
|
|
userID, err := strconv.ParseInt(chi.URLParam(r, "userID"), 10, 64)
|
|
if err != nil {
|
|
err = errors.New("Invalid userID")
|
|
sendAPIResponse(w, r, err, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
user, err := dataprovider.GetUserByID(dataProvider, userID)
|
|
if err == sql.ErrNoRows {
|
|
sendAPIResponse(w, r, err, "", http.StatusNotFound)
|
|
return
|
|
} else if err != nil {
|
|
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
err = dataprovider.DeleteUser(dataProvider, user)
|
|
if err != nil {
|
|
sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
|
|
} else {
|
|
sendAPIResponse(w, r, err, "User deleted", http.StatusOK)
|
|
}
|
|
}
|