arozos/mod/auth/batch.go

package auth

/*
	Auth batch operation handler
	author: tobychui

	This handler handles batch operations related to authentications
	Allowing easy management of the user lists

*/

import (
	"encoding/json"
	"log"
	"net/http"
	"strings"

	"imuslab.com/arozos/mod/utils"
)

/*
	CreateUserAccountsFromCSV

	This function allow mass import of user accounts for organization purpses.
	Must be in the format of:{ username, default password, default group } format.
	Each user occupied one new line
*/
func (a *AuthAgent) HandleCreateUserAccountsFromCSV(w http.ResponseWriter, r *http.Request) {
	csvContent, err := utils.Mv(r, "csv", true)
	if err != nil {
		sendErrorResponse(w, "Invalid csv")
		return
	}

	//Process the csv and create user accounts
	newusers := [][]string{}
	csvContent = strings.ReplaceAll(csvContent, "\r\n", "\n")
	lines := strings.Split(csvContent, "\n")
	for _, line := range lines {
		data := strings.Split(line, ",")
		if len(data) >= 3 {
			newusers = append(newusers, data)
		}
	}

	errors := []string{}

	//Ok. Add the valid users to the system
	for _, userCreationSetting := range newusers {
		//Check if this user already exists
		if a.UserExists(userCreationSetting[0]) {
			errors = append(errors, "User "+userCreationSetting[0]+" already exists! Skipping.")
			continue
		}

		a.CreateUserAccount(userCreationSetting[0], userCreationSetting[1], []string{userCreationSetting[2]})
	}

	js, _ := json.Marshal(errors)
	sendJSONResponse(w, string(js))

}

/*
	HandleUserDeleteByGroup handles user batch delete request by group name
	Set exact = true will only delete users which the user is
	1. inside the given group and
	2. that group is his / her only group

	Require paramter: group, exact
*/
func (a *AuthAgent) HandleUserDeleteByGroup(w http.ResponseWriter, r *http.Request) {
	group, err := utils.Mv(r, "group", true)
	if err != nil {
		sendErrorResponse(w, "Invalid group")
	}

	requireExact := true //Default true
	exact, _ := utils.Mv(r, "exact", true)
	if exact == "false" {
		requireExact = false
	}

	entries, _ := a.Database.ListTable("auth")
	deletePendingUsernames := []string{}

	for _, keypairs := range entries {
		if strings.Contains(string(keypairs[0]), "group/") {
			//Get username
			username := strings.Split(string(keypairs[0]), "/")[1]
			usergroup := []string{}
			a.Database.Read("auth", "group/"+username, &usergroup)

			if requireExact {
				if len(usergroup) == 1 && usergroup[0] == group {
					deletePendingUsernames = append(deletePendingUsernames, username)
				}
			} else {
				if inSlice(usergroup, group) {
					deletePendingUsernames = append(deletePendingUsernames, username)
				}
			}
		}

	}

	for _, username := range deletePendingUsernames {
		a.UnregisterUser(username)
	}

	sendOK(w)

}

/*
	Export all the users into a csv file. Should only be usable via command line as a form of db backup.
	DO NOT EXPOSE THIS TO HTTP SERVER
*/
func (a *AuthAgent) ExportUserListAsCSV() string {
	entries, _ := a.Database.ListTable("auth")
	results := [][]string{}
	for _, keypairs := range entries {
		if strings.Contains(string(keypairs[0]), "passhash/") {

			//This is a user registry
			key := string(keypairs[0])

			//Get username
			username := strings.Split(key, "/")[1]

			//Get usergroup
			usergroup := []string{}
			a.Database.Read("auth", "group/"+username, &usergroup)
			log.Println(usergroup)
			//Get user password hash
			passhash := string(keypairs[1])

			results = append(results, []string{username, passhash, strings.Join(usergroup, ",")})
		}
	}

	//Parse the results as csv
	csv := "Username,Password Hash,Group(s)\n"
	for _, line := range results {
		csv += line[0] + "," + line[1] + "," + line[2] + "\n"
	}

	csv = strings.TrimSpace(csv)

	return csv
}