happyDomain/admin/db-auth.go

// Copyright or © or Copr. happyDNS (2020)
//
// contact@happydomain.org
//
// This software is a computer program whose purpose is to provide a modern
// interface to interact with DNS systems.
//
// This software is governed by the CeCILL license under French law and abiding
// by the rules of distribution of free software.  You can use, modify and/or
// redistribute the software under the terms of the CeCILL license as
// circulated by CEA, CNRS and INRIA at the following URL
// "http://www.cecill.info".
//
// As a counterpart to the access to the source code and rights to copy, modify
// and redistribute granted by the license, users are provided only with a
// limited warranty and the software's author, the holder of the economic
// rights, and the successive licensors have only limited liability.
//
// In this respect, the user's attention is drawn to the risks associated with
// loading, using, modifying and/or developing or reproducing the software by
// the user in light of its specific status of free software, that may mean
// that it is complicated to manipulate, and that also therefore means that it
// is reserved for developers and experienced professionals having in-depth
// computer knowledge. Users are therefore encouraged to load and test the
// software's suitability as regards their requirements in conditions enabling
// the security of their systems and/or data to be ensured and, more generally,
// to use and operate it in the same conditions as regards security.
//
// The fact that you are presently reading this means that you have had
// knowledge of the CeCILL license and that you accept its terms.

package admin

import (
	"fmt"
	"net/http"
	"time"

	"github.com/gin-gonic/gin"

	"git.happydns.org/happydomain/actions"
	"git.happydns.org/happydomain/api"
	"git.happydns.org/happydomain/config"
	"git.happydns.org/happydomain/model"
	"git.happydns.org/happydomain/storage"
	"git.happydns.org/happydomain/utils"
)

func declareUserAuthsRoutes(opts *config.Options, router *gin.RouterGroup) {
	router.GET("/auth", getAuthUsers)
	router.POST("/auth", newAuthUser)
	router.DELETE("/auth", deleteAuthUsers)

	apiUsersRoutes := router.Group("/auth/:uid")
	apiUsersRoutes.Use(authHandler)

	apiUsersRoutes.GET("", getAuthUser)
	apiUsersRoutes.PUT("", updateAuthUser)
	apiUsersRoutes.DELETE("", deleteAuthUser)

	apiUsersRoutes.POST("/recover_link", func(c *gin.Context) {
		recoverUserAcct(opts, c)
	})
	apiUsersRoutes.POST("/reset_password", resetUserPasswd)
	apiUsersRoutes.POST("/send_recover_email", func(c *gin.Context) {
		sendRecoverUserAcct(opts, c)
	})
	apiUsersRoutes.POST("/send_validation_email", func(c *gin.Context) {
		sendValidateUserEmail(opts, c)
	})
	apiUsersRoutes.POST("/validation_link", func(c *gin.Context) {
		emailValidationLink(opts, c)
	})
	apiUsersRoutes.POST("/validate_email", validateEmail)
}

func authHandler(c *gin.Context) {
	user, err := api.UserAuthHandlerBase(c)
	if err != nil {
		user, err = storage.MainStore.GetAuthUserByEmail(c.Param("uid"))
		if err != nil {
			c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"errmsg": "User not found"})
			return
		}
	}

	c.Set("authuser", user)

	c.Next()
}

func getAuthUsers(c *gin.Context) {
	users, err := storage.MainStore.GetAuthUsers()
	ApiResponse(c, users, err)
}

func newAuthUser(c *gin.Context) {
	uu := &happydns.UserAuth{}
	err := c.ShouldBindJSON(&uu)
	if err != nil {
		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": fmt.Sprintf("Something is wrong in received data: %s", err.Error())})
		return
	}
	uu.Id = []byte{}

	ApiResponse(c, uu, storage.MainStore.CreateAuthUser(uu))
}

func deleteAuthUsers(c *gin.Context) {
	ApiResponse(c, true, storage.MainStore.ClearAuthUsers())
}

func getAuthUser(c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	c.JSON(http.StatusOK, user)
}

func updateAuthUser(c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	uu := &happydns.UserAuth{}
	err := c.ShouldBindJSON(&uu)
	if err != nil {
		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": fmt.Sprintf("Something is wrong in received data: %s", err.Error())})
		return
	}
	uu.Id = user.Id

	ApiResponse(c, uu, storage.MainStore.UpdateAuthUser(uu))
}

func deleteAuthUser(c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	ApiResponse(c, true, storage.MainStore.DeleteAuthUser(user))
}

func emailValidationLink(opts *config.Options, c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	ApiResponse(c, opts.GetRegistrationURL(user), nil)
}

func recoverUserAcct(opts *config.Options, c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	ApiResponse(c, opts.GetAccountRecoveryURL(user), nil)
}

type resetPassword struct {
	Password string
}

func resetUserPasswd(c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	urp := &resetPassword{}
	err := c.ShouldBindJSON(&urp)
	if err != nil {
		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": fmt.Sprintf("Something is wrong in received data: %s", err.Error())})
		return
	}

	if urp.Password == "" {
		urp.Password, err = utils.GeneratePassword()
		if err != nil {
			c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
			return
		}
	}

	err = user.DefinePassword(urp.Password)
	if err != nil {
		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
		return
	}

	ApiResponse(c, urp, storage.MainStore.UpdateAuthUser(user))
}

func sendRecoverUserAcct(opts *config.Options, c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	ApiResponse(c, true, actions.SendRecoveryLink(opts, user))
}

func sendValidateUserEmail(opts *config.Options, c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	ApiResponse(c, true, actions.SendValidationLink(opts, user))
}

func validateEmail(c *gin.Context) {
	user := c.MustGet("authuser").(*happydns.UserAuth)

	now := time.Now()
	user.EmailVerification = &now
	ApiResponse(c, user, storage.MainStore.UpdateAuthUser(user))
}