github.com/coincircle/mattermost-server@v4.8.1-0.20180321182714-9d701c704416+incompatible/app/plugin_api.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "encoding/json" 8 "net/http" 9 "strings" 10 11 "github.com/gorilla/mux" 12 "github.com/mattermost/mattermost-server/model" 13 "github.com/mattermost/mattermost-server/utils" 14 15 "github.com/mattermost/mattermost-server/plugin" 16 ) 17 18 type PluginAPI struct { 19 id string 20 app *App 21 keyValueStore *PluginKeyValueStore 22 } 23 24 type PluginKeyValueStore struct { 25 id string 26 app *App 27 } 28 29 func (api *PluginAPI) LoadPluginConfiguration(dest interface{}) error { 30 if b, err := json.Marshal(api.app.Config().PluginSettings.Plugins[api.id]); err != nil { 31 return err 32 } else { 33 return json.Unmarshal(b, dest) 34 } 35 } 36 37 func (api *PluginAPI) RegisterCommand(command *model.Command) error { 38 return api.app.RegisterPluginCommand(api.id, command) 39 } 40 41 func (api *PluginAPI) UnregisterCommand(teamId, trigger string) error { 42 api.app.UnregisterPluginCommand(api.id, teamId, trigger) 43 return nil 44 } 45 46 func (api *PluginAPI) CreateTeam(team *model.Team) (*model.Team, *model.AppError) { 47 return api.app.CreateTeam(team) 48 } 49 50 func (api *PluginAPI) DeleteTeam(teamId string) *model.AppError { 51 return api.app.SoftDeleteTeam(teamId) 52 } 53 54 func (api *PluginAPI) GetTeam(teamId string) (*model.Team, *model.AppError) { 55 return api.app.GetTeam(teamId) 56 } 57 58 func (api *PluginAPI) GetTeamByName(name string) (*model.Team, *model.AppError) { 59 return api.app.GetTeamByName(name) 60 } 61 62 func (api *PluginAPI) UpdateTeam(team *model.Team) (*model.Team, *model.AppError) { 63 return api.app.UpdateTeam(team) 64 } 65 66 func (api *PluginAPI) CreateUser(user *model.User) (*model.User, *model.AppError) { 67 return api.app.CreateUser(user) 68 } 69 70 func (api *PluginAPI) DeleteUser(userId string) *model.AppError { 71 user, err := api.app.GetUser(userId) 72 if err != nil { 73 return err 74 } 75 _, err = api.app.UpdateActive(user, false) 76 return err 77 } 78 79 func (api *PluginAPI) GetUser(userId string) (*model.User, *model.AppError) { 80 return api.app.GetUser(userId) 81 } 82 83 func (api *PluginAPI) GetUserByEmail(email string) (*model.User, *model.AppError) { 84 return api.app.GetUserByEmail(email) 85 } 86 87 func (api *PluginAPI) GetUserByUsername(name string) (*model.User, *model.AppError) { 88 return api.app.GetUserByUsername(name) 89 } 90 91 func (api *PluginAPI) UpdateUser(user *model.User) (*model.User, *model.AppError) { 92 return api.app.UpdateUser(user, true) 93 } 94 95 func (api *PluginAPI) CreateChannel(channel *model.Channel) (*model.Channel, *model.AppError) { 96 return api.app.CreateChannel(channel, false) 97 } 98 99 func (api *PluginAPI) DeleteChannel(channelId string) *model.AppError { 100 channel, err := api.app.GetChannel(channelId) 101 if err != nil { 102 return err 103 } 104 return api.app.DeleteChannel(channel, "") 105 } 106 107 func (api *PluginAPI) GetChannel(channelId string) (*model.Channel, *model.AppError) { 108 return api.app.GetChannel(channelId) 109 } 110 111 func (api *PluginAPI) GetChannelByName(name, teamId string) (*model.Channel, *model.AppError) { 112 return api.app.GetChannelByName(name, teamId) 113 } 114 115 func (api *PluginAPI) GetDirectChannel(userId1, userId2 string) (*model.Channel, *model.AppError) { 116 return api.app.GetDirectChannel(userId1, userId2) 117 } 118 119 func (api *PluginAPI) GetGroupChannel(userIds []string) (*model.Channel, *model.AppError) { 120 return api.app.CreateGroupChannel(userIds, "") 121 } 122 123 func (api *PluginAPI) UpdateChannel(channel *model.Channel) (*model.Channel, *model.AppError) { 124 return api.app.UpdateChannel(channel) 125 } 126 127 func (api *PluginAPI) GetChannelMember(channelId, userId string) (*model.ChannelMember, *model.AppError) { 128 return api.app.GetChannelMember(channelId, userId) 129 } 130 131 func (api *PluginAPI) CreatePost(post *model.Post) (*model.Post, *model.AppError) { 132 return api.app.CreatePostMissingChannel(post, true) 133 } 134 135 func (api *PluginAPI) DeletePost(postId string) *model.AppError { 136 _, err := api.app.DeletePost(postId) 137 return err 138 } 139 140 func (api *PluginAPI) GetPost(postId string) (*model.Post, *model.AppError) { 141 return api.app.GetSinglePost(postId) 142 } 143 144 func (api *PluginAPI) UpdatePost(post *model.Post) (*model.Post, *model.AppError) { 145 return api.app.UpdatePost(post, false) 146 } 147 148 func (api *PluginAPI) KeyValueStore() plugin.KeyValueStore { 149 return api.keyValueStore 150 } 151 152 func (s *PluginKeyValueStore) Set(key string, value []byte) *model.AppError { 153 return s.app.SetPluginKey(s.id, key, value) 154 } 155 156 func (s *PluginKeyValueStore) Get(key string) ([]byte, *model.AppError) { 157 return s.app.GetPluginKey(s.id, key) 158 } 159 160 func (s *PluginKeyValueStore) Delete(key string) *model.AppError { 161 return s.app.DeletePluginKey(s.id, key) 162 } 163 164 type BuiltInPluginAPI struct { 165 id string 166 router *mux.Router 167 app *App 168 } 169 170 func (api *BuiltInPluginAPI) LoadPluginConfiguration(dest interface{}) error { 171 if b, err := json.Marshal(api.app.Config().PluginSettings.Plugins[api.id]); err != nil { 172 return err 173 } else { 174 return json.Unmarshal(b, dest) 175 } 176 } 177 178 func (api *BuiltInPluginAPI) PluginRouter() *mux.Router { 179 return api.router 180 } 181 182 func (api *BuiltInPluginAPI) GetTeamByName(name string) (*model.Team, *model.AppError) { 183 return api.app.GetTeamByName(name) 184 } 185 186 func (api *BuiltInPluginAPI) GetUserByName(name string) (*model.User, *model.AppError) { 187 return api.app.GetUserByUsername(name) 188 } 189 190 func (api *BuiltInPluginAPI) GetChannelByName(teamId, name string) (*model.Channel, *model.AppError) { 191 return api.app.GetChannelByName(name, teamId) 192 } 193 194 func (api *BuiltInPluginAPI) GetDirectChannel(userId1, userId2 string) (*model.Channel, *model.AppError) { 195 return api.app.GetDirectChannel(userId1, userId2) 196 } 197 198 func (api *BuiltInPluginAPI) CreatePost(post *model.Post) (*model.Post, *model.AppError) { 199 return api.app.CreatePostMissingChannel(post, true) 200 } 201 202 func (api *BuiltInPluginAPI) GetLdapUserAttributes(userId string, attributes []string) (map[string]string, *model.AppError) { 203 if api.app.Ldap == nil { 204 return nil, model.NewAppError("GetLdapUserAttributes", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented) 205 } 206 207 user, err := api.app.GetUser(userId) 208 if err != nil { 209 return nil, err 210 } 211 212 if user.AuthData == nil { 213 return map[string]string{}, nil 214 } 215 216 return api.app.Ldap.GetUserAttributes(*user.AuthData, attributes) 217 } 218 219 func (api *BuiltInPluginAPI) GetSessionFromRequest(r *http.Request) (*model.Session, *model.AppError) { 220 token := "" 221 isTokenFromQueryString := false 222 223 // Attempt to parse token out of the header 224 authHeader := r.Header.Get(model.HEADER_AUTH) 225 if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER { 226 // Default session token 227 token = authHeader[7:] 228 229 } else if len(authHeader) > 5 && strings.ToLower(authHeader[0:5]) == model.HEADER_TOKEN { 230 // OAuth token 231 token = authHeader[6:] 232 } 233 234 // Attempt to parse the token from the cookie 235 if len(token) == 0 { 236 if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { 237 token = cookie.Value 238 239 if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML { 240 return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token+" Appears to be a CSRF attempt", http.StatusUnauthorized) 241 } 242 } 243 } 244 245 // Attempt to parse token out of the query string 246 if len(token) == 0 { 247 token = r.URL.Query().Get("access_token") 248 isTokenFromQueryString = true 249 } 250 251 if len(token) == 0 { 252 return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized) 253 } 254 255 session, err := api.app.GetSession(token) 256 257 if err != nil { 258 return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized) 259 } else if !session.IsOAuth && isTokenFromQueryString { 260 return nil, model.NewAppError("ServeHTTP", "api.context.token_provided.app_error", nil, "token="+token, http.StatusUnauthorized) 261 } 262 263 return session, nil 264 } 265 266 func (api *BuiltInPluginAPI) I18n(id string, r *http.Request) string { 267 if r != nil { 268 f, _ := utils.GetTranslationsAndLocale(nil, r) 269 return f(id) 270 } 271 f, _ := utils.GetTranslationsBySystemLocale() 272 return f(id) 273 }