user.go 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399
  1. package main
  2. /*
  3. User Management System
  4. Entry points for handler user functions
  5. */
  6. import (
  7. "encoding/json"
  8. "log"
  9. "net/http"
  10. "strconv"
  11. "strings"
  12. uuid "github.com/satori/go.uuid"
  13. auth "imuslab.com/arozos/mod/auth"
  14. module "imuslab.com/arozos/mod/modules"
  15. prout "imuslab.com/arozos/mod/prouter"
  16. user "imuslab.com/arozos/mod/user"
  17. )
  18. func UserSystemInit() {
  19. //Create a new User Handler
  20. uh, err := user.NewUserHandler(sysdb, authAgent, permissionHandler, baseStoragePool, &shareEntryTable)
  21. if err != nil {
  22. panic(err)
  23. }
  24. userHandler = uh
  25. router := prout.NewModuleRouter(prout.RouterOption{
  26. ModuleName: "System Settings",
  27. AdminOnly: false,
  28. UserHandler: userHandler,
  29. DeniedHandler: func(w http.ResponseWriter, r *http.Request) {
  30. sendErrorResponse(w, "Permission Denied")
  31. },
  32. })
  33. //Create Endpoint Listeners
  34. router.HandleFunc("/system/users/list", user_handleList)
  35. //Everyone logged in should have permission to view their profile and change their password
  36. http.HandleFunc("/system/users/userinfo", func(w http.ResponseWriter, r *http.Request) {
  37. authAgent.HandleCheckAuth(w, r, user_handleUserInfo)
  38. })
  39. //Interface info should be able to view by everyone logged in
  40. http.HandleFunc("/system/users/interfaceinfo", func(w http.ResponseWriter, r *http.Request) {
  41. authAgent.HandleCheckAuth(w, r, user_getInterfaceInfo)
  42. })
  43. //Register setting interface for module configuration
  44. registerSetting(settingModule{
  45. Name: "My Account",
  46. Desc: "Manage your account and password",
  47. IconPath: "SystemAO/users/img/small_icon.png",
  48. Group: "Users",
  49. StartDir: "SystemAO/users/account.html",
  50. RequireAdmin: false,
  51. })
  52. registerSetting(settingModule{
  53. Name: "User List",
  54. Desc: "A list of users registered on this system",
  55. IconPath: "SystemAO/users/img/small_icon.png",
  56. Group: "Users",
  57. StartDir: "SystemAO/users/userList.html",
  58. RequireAdmin: true,
  59. })
  60. //Register auth management events that requires user handler
  61. adminRouter := prout.NewModuleRouter(prout.RouterOption{
  62. ModuleName: "System Settings",
  63. AdminOnly: true,
  64. UserHandler: userHandler,
  65. DeniedHandler: func(w http.ResponseWriter, r *http.Request) {
  66. sendErrorResponse(w, "Permission Denied")
  67. },
  68. })
  69. //Handle Authentication Unregister Handler
  70. adminRouter.HandleFunc("/system/auth/unregister", authAgent.HandleUnregister)
  71. adminRouter.HandleFunc("/system/users/editUser", user_handleUserEdit)
  72. adminRouter.HandleFunc("/system/users/removeUser", user_handleUserRemove)
  73. }
  74. //Remove a user from the system
  75. func user_handleUserRemove(w http.ResponseWriter, r *http.Request) {
  76. username, err := mv(r, "username", true)
  77. if err != nil {
  78. sendErrorResponse(w, "Username not defined")
  79. return
  80. }
  81. if !authAgent.UserExists(username) {
  82. sendErrorResponse(w, "User not exists")
  83. return
  84. }
  85. userinfo, err := userHandler.GetUserInfoFromUsername(username)
  86. if err != nil {
  87. sendErrorResponse(w, err.Error())
  88. return
  89. }
  90. currentUserinfo, err := userHandler.GetUserInfoFromRequest(w, r)
  91. if err != nil {
  92. //This user has not logged in
  93. sendErrorResponse(w, "User not logged in")
  94. return
  95. }
  96. if currentUserinfo.Username == userinfo.Username {
  97. //This user has not logged in
  98. sendErrorResponse(w, "You can't remove yourself")
  99. return
  100. }
  101. //Clear Core User Data
  102. userinfo.RemoveUser()
  103. //Clearn Up FileSystem preferences
  104. system_fs_removeUserPreferences(username)
  105. sendOK(w)
  106. }
  107. func user_handleUserEdit(w http.ResponseWriter, r *http.Request) {
  108. userinfo, err := userHandler.GetUserInfoFromRequest(w, r)
  109. if err != nil {
  110. //This user has not logged in
  111. sendErrorResponse(w, "User not logged in")
  112. return
  113. }
  114. if userinfo.IsAdmin() == false {
  115. //Require admin access
  116. sendErrorResponse(w, "Permission Denied")
  117. return
  118. }
  119. opr, _ := mv(r, "opr", true)
  120. username, _ := mv(r, "username", true)
  121. if !authAgent.UserExists(username) {
  122. sendErrorResponse(w, "User not exists")
  123. return
  124. }
  125. if opr == "" {
  126. //List this user information
  127. type returnValue struct {
  128. Username string
  129. Icondata string
  130. Usergroup []string
  131. Quota int64
  132. }
  133. iconData := getUserIcon(username)
  134. userGroup, err := permissionHandler.GetUsersPermissionGroup(username)
  135. if err != nil {
  136. sendErrorResponse(w, "Unable to get user group")
  137. return
  138. }
  139. //Parse the user permission groupts
  140. userGroupNames := []string{}
  141. for _, gp := range userGroup {
  142. userGroupNames = append(userGroupNames, gp.Name)
  143. }
  144. //Get the user's storaeg quota
  145. userinfo, _ := userHandler.GetUserInfoFromUsername(username)
  146. jsonString, _ := json.Marshal(returnValue{
  147. Username: username,
  148. Icondata: iconData,
  149. Usergroup: userGroupNames,
  150. Quota: userinfo.StorageQuota.GetUserStorageQuota(),
  151. })
  152. sendJSONResponse(w, string(jsonString))
  153. } else if opr == "updateUserGroup" {
  154. //Update the target user's group
  155. newgroup, err := mv(r, "newgroup", true)
  156. if err != nil {
  157. log.Println(err.Error())
  158. sendErrorResponse(w, "New Group not defined")
  159. return
  160. }
  161. newQuota, err := mv(r, "quota", true)
  162. if err != nil {
  163. log.Println(err.Error())
  164. sendErrorResponse(w, "Quota not defined")
  165. return
  166. }
  167. quotaInt, err := strconv.Atoi(newQuota)
  168. if err != nil {
  169. log.Println(err.Error())
  170. sendErrorResponse(w, "Invalid Quota Value")
  171. return
  172. }
  173. newGroupKeys := []string{}
  174. err = json.Unmarshal([]byte(newgroup), &newGroupKeys)
  175. if err != nil {
  176. log.Println(err.Error())
  177. sendErrorResponse(w, "Unable to parse new groups")
  178. return
  179. }
  180. if len(newGroupKeys) == 0 {
  181. sendErrorResponse(w, "User must be in at least one user permission group")
  182. return
  183. }
  184. //Check if each group exists
  185. for _, thisgp := range newGroupKeys {
  186. if !permissionHandler.GroupExists(thisgp) {
  187. sendErrorResponse(w, "Group not exists, given: "+thisgp)
  188. return
  189. }
  190. }
  191. //OK to proceed
  192. userinfo, err := userHandler.GetUserInfoFromUsername(username)
  193. if err != nil {
  194. sendErrorResponse(w, err.Error())
  195. return
  196. }
  197. //Get the permission groups by their ids
  198. newPermissioGroups := userHandler.GetPermissionHandler().GetPermissionGroupByNameList(newGroupKeys)
  199. //Set the user's permission to these groups
  200. userinfo.SetUserPermissionGroup(newPermissioGroups)
  201. if err != nil {
  202. sendErrorResponse(w, err.Error())
  203. return
  204. }
  205. //Write to quota handler
  206. userinfo.StorageQuota.SetUserStorageQuota(int64(quotaInt))
  207. sendOK(w)
  208. } else if opr == "resetPassword" {
  209. //Reset password for this user
  210. //Generate a random password for this user
  211. tmppassword := uuid.NewV4().String()
  212. hashedPassword := auth.Hash(tmppassword)
  213. err := sysdb.Write("auth", "passhash/"+username, hashedPassword)
  214. if err != nil {
  215. sendErrorResponse(w, err.Error())
  216. return
  217. }
  218. //Finish. Send back the reseted password
  219. sendJSONResponse(w, "\""+tmppassword+"\"")
  220. } else {
  221. sendErrorResponse(w, "Not supported opr")
  222. return
  223. }
  224. }
  225. //Get the user interface info for the user to launch into
  226. func user_getInterfaceInfo(w http.ResponseWriter, r *http.Request) {
  227. userinfo, err := userHandler.GetUserInfoFromRequest(w, r)
  228. if err != nil {
  229. //User not logged in
  230. sendErrorResponse(w, "User not logged in")
  231. return
  232. }
  233. interfacingModules := userinfo.GetInterfaceModules()
  234. interfaceModuleInfos := []module.ModuleInfo{}
  235. for _, im := range interfacingModules {
  236. interfaceModuleInfos = append(interfaceModuleInfos, *moduleHandler.GetModuleInfoByID(im))
  237. }
  238. jsonString, _ := json.Marshal(interfaceModuleInfos)
  239. sendJSONResponse(w, string(jsonString))
  240. }
  241. func user_handleUserInfo(w http.ResponseWriter, r *http.Request) {
  242. username, err := authAgent.GetUserName(w, r)
  243. if err != nil {
  244. sendErrorResponse(w, "User not logged in")
  245. return
  246. }
  247. opr, _ := mv(r, "opr", true)
  248. if opr == "" {
  249. //Listing mode
  250. iconData := getUserIcon(username)
  251. userGroup, err := permissionHandler.GetUsersPermissionGroup(username)
  252. if err != nil {
  253. sendErrorResponse(w, "Unable to get user group")
  254. return
  255. }
  256. userGroupNames := []string{}
  257. for _, group := range userGroup {
  258. userGroupNames = append(userGroupNames, group.Name)
  259. }
  260. type returnValue struct {
  261. Username string
  262. Icondata string
  263. Usergroup []string
  264. }
  265. jsonString, _ := json.Marshal(returnValue{
  266. Username: username,
  267. Icondata: iconData,
  268. Usergroup: userGroupNames,
  269. })
  270. sendJSONResponse(w, string(jsonString))
  271. return
  272. } else if opr == "changepw" {
  273. oldpw, _ := mv(r, "oldpw", true)
  274. newpw, _ := mv(r, "newpw", true)
  275. if oldpw == "" || newpw == "" {
  276. sendErrorResponse(w, "Password cannot be empty")
  277. return
  278. }
  279. //valid the old password
  280. hashedPassword := auth.Hash(oldpw)
  281. var passwordInDB string
  282. err = sysdb.Read("auth", "passhash/"+username, &passwordInDB)
  283. if hashedPassword != passwordInDB {
  284. //Old password entry invalid.
  285. sendErrorResponse(w, "Invalid old password.")
  286. return
  287. }
  288. //OK! Change user password
  289. newHashedPassword := auth.Hash(newpw)
  290. sysdb.Write("auth", "passhash/"+username, newHashedPassword)
  291. sendOK(w)
  292. } else if opr == "changeprofilepic" {
  293. picdata, _ := mv(r, "picdata", true)
  294. if picdata != "" {
  295. setUserIcon(username, picdata)
  296. sendOK(w)
  297. } else {
  298. sendErrorResponse(w, "Empty image data received.")
  299. return
  300. }
  301. } else {
  302. sendErrorResponse(w, "Not supported opr")
  303. return
  304. }
  305. }
  306. func user_handleList(w http.ResponseWriter, r *http.Request) {
  307. userinfo, err := userHandler.GetUserInfoFromRequest(w, r)
  308. if err != nil {
  309. //This user has not logged in
  310. sendErrorResponse(w, "User not logged in")
  311. return
  312. }
  313. if userinfo.IsAdmin() == true {
  314. entries, _ := sysdb.ListTable("auth")
  315. var results [][]interface{}
  316. for _, keypairs := range entries {
  317. if strings.Contains(string(keypairs[0]), "group/") {
  318. username := strings.Split(string(keypairs[0]), "/")[1]
  319. group := []string{}
  320. //Get user icon if it exists in the database
  321. userIcon := getUserIcon(username)
  322. json.Unmarshal(keypairs[1], &group)
  323. var thisUserInfo []interface{}
  324. thisUserInfo = append(thisUserInfo, username)
  325. thisUserInfo = append(thisUserInfo, group)
  326. thisUserInfo = append(thisUserInfo, userIcon)
  327. thisUserInfo = append(thisUserInfo, username == userinfo.Username)
  328. results = append(results, thisUserInfo)
  329. }
  330. }
  331. jsonString, _ := json.Marshal(results)
  332. sendJSONResponse(w, string(jsonString))
  333. } else {
  334. sendErrorResponse(w, "Permission denied")
  335. return
  336. }
  337. }
  338. func getUserIcon(username string) string {
  339. var userIconpath []byte
  340. sysdb.Read("auth", "profilepic/"+username, &userIconpath)
  341. return string(userIconpath)
  342. }
  343. func setUserIcon(username string, base64data string) {
  344. sysdb.Write("auth", "profilepic/"+username, []byte(base64data))
  345. return
  346. }