github.com/keys-pub/mattermost-server@v4.10.10+incompatible/app/plugin_api.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "encoding/json" 8 "net/http" 9 "strings" 10 11 "github.com/gorilla/mux" 12 "github.com/mattermost/mattermost-server/model" 13 "github.com/mattermost/mattermost-server/utils" 14 15 "github.com/mattermost/mattermost-server/plugin" 16 ) 17 18 type PluginAPI struct { 19 id string 20 app *App 21 keyValueStore *PluginKeyValueStore 22 } 23 24 type PluginKeyValueStore struct { 25 id string 26 app *App 27 } 28 29 func (api *PluginAPI) LoadPluginConfiguration(dest interface{}) error { 30 if b, err := json.Marshal(api.app.Config().PluginSettings.Plugins[api.id]); err != nil { 31 return err 32 } else { 33 return json.Unmarshal(b, dest) 34 } 35 } 36 37 func (api *PluginAPI) RegisterCommand(command *model.Command) error { 38 return api.app.RegisterPluginCommand(api.id, command) 39 } 40 41 func (api *PluginAPI) UnregisterCommand(teamId, trigger string) error { 42 api.app.UnregisterPluginCommand(api.id, teamId, trigger) 43 return nil 44 } 45 46 func (api *PluginAPI) CreateTeam(team *model.Team) (*model.Team, *model.AppError) { 47 return api.app.CreateTeam(team) 48 } 49 50 func (api *PluginAPI) DeleteTeam(teamId string) *model.AppError { 51 return api.app.SoftDeleteTeam(teamId) 52 } 53 54 func (api *PluginAPI) GetTeam(teamId string) (*model.Team, *model.AppError) { 55 return api.app.GetTeam(teamId) 56 } 57 58 func (api *PluginAPI) GetTeamByName(name string) (*model.Team, *model.AppError) { 59 return api.app.GetTeamByName(name) 60 } 61 62 func (api *PluginAPI) UpdateTeam(team *model.Team) (*model.Team, *model.AppError) { 63 return api.app.UpdateTeam(team) 64 } 65 66 func (api *PluginAPI) CreateUser(user *model.User) (*model.User, *model.AppError) { 67 return api.app.CreateUser(user) 68 } 69 70 func (api *PluginAPI) DeleteUser(userId string) *model.AppError { 71 user, err := api.app.GetUser(userId) 72 if err != nil { 73 return err 74 } 75 _, err = api.app.UpdateActive(user, false) 76 return err 77 } 78 79 func (api *PluginAPI) GetUser(userId string) (*model.User, *model.AppError) { 80 return api.app.GetUser(userId) 81 } 82 83 func (api *PluginAPI) GetUserByEmail(email string) (*model.User, *model.AppError) { 84 return api.app.GetUserByEmail(email) 85 } 86 87 func (api *PluginAPI) GetUserByUsername(name string) (*model.User, *model.AppError) { 88 return api.app.GetUserByUsername(name) 89 } 90 91 func (api *PluginAPI) UpdateUser(user *model.User) (*model.User, *model.AppError) { 92 return api.app.UpdateUser(user, true) 93 } 94 95 func (api *PluginAPI) CreateChannel(channel *model.Channel) (*model.Channel, *model.AppError) { 96 return api.app.CreateChannel(channel, false) 97 } 98 99 func (api *PluginAPI) DeleteChannel(channelId string) *model.AppError { 100 channel, err := api.app.GetChannel(channelId) 101 if err != nil { 102 return err 103 } 104 return api.app.DeleteChannel(channel, "") 105 } 106 107 func (api *PluginAPI) GetChannel(channelId string) (*model.Channel, *model.AppError) { 108 return api.app.GetChannel(channelId) 109 } 110 111 func (api *PluginAPI) GetChannelByName(name, teamId string) (*model.Channel, *model.AppError) { 112 return api.app.GetChannelByName(name, teamId) 113 } 114 115 func (api *PluginAPI) GetDirectChannel(userId1, userId2 string) (*model.Channel, *model.AppError) { 116 return api.app.GetDirectChannel(userId1, userId2) 117 } 118 119 func (api *PluginAPI) GetGroupChannel(userIds []string) (*model.Channel, *model.AppError) { 120 return api.app.CreateGroupChannel(userIds, "") 121 } 122 123 func (api *PluginAPI) UpdateChannel(channel *model.Channel) (*model.Channel, *model.AppError) { 124 return api.app.UpdateChannel(channel) 125 } 126 127 func (api *PluginAPI) AddChannelMember(channelId, userId string) (*model.ChannelMember, *model.AppError) { 128 // For now, don't allow overriding these via the plugin API. 129 userRequestorId := "" 130 postRootId := "" 131 132 channel, err := api.GetChannel(channelId) 133 if err != nil { 134 return nil, err 135 } 136 137 return api.app.AddChannelMember(userId, channel, userRequestorId, postRootId) 138 } 139 140 func (api *PluginAPI) GetChannelMember(channelId, userId string) (*model.ChannelMember, *model.AppError) { 141 return api.app.GetChannelMember(channelId, userId) 142 } 143 144 func (api *PluginAPI) UpdateChannelMemberRoles(channelId, userId, newRoles string) (*model.ChannelMember, *model.AppError) { 145 return api.app.UpdateChannelMemberRoles(channelId, userId, newRoles) 146 } 147 148 func (api *PluginAPI) UpdateChannelMemberNotifications(channelId, userId string, notifications map[string]string) (*model.ChannelMember, *model.AppError) { 149 return api.app.UpdateChannelMemberNotifyProps(notifications, channelId, userId) 150 } 151 152 func (api *PluginAPI) DeleteChannelMember(channelId, userId string) *model.AppError { 153 return api.app.LeaveChannel(channelId, userId) 154 } 155 156 func (api *PluginAPI) CreatePost(post *model.Post) (*model.Post, *model.AppError) { 157 return api.app.CreatePostMissingChannel(post, true) 158 } 159 160 func (api *PluginAPI) DeletePost(postId string) *model.AppError { 161 _, err := api.app.DeletePost(postId) 162 return err 163 } 164 165 func (api *PluginAPI) GetPost(postId string) (*model.Post, *model.AppError) { 166 return api.app.GetSinglePost(postId) 167 } 168 169 func (api *PluginAPI) UpdatePost(post *model.Post) (*model.Post, *model.AppError) { 170 return api.app.UpdatePost(post, false) 171 } 172 173 func (api *PluginAPI) KeyValueStore() plugin.KeyValueStore { 174 return api.keyValueStore 175 } 176 177 func (s *PluginKeyValueStore) Set(key string, value []byte) *model.AppError { 178 return s.app.SetPluginKey(s.id, key, value) 179 } 180 181 func (s *PluginKeyValueStore) Get(key string) ([]byte, *model.AppError) { 182 return s.app.GetPluginKey(s.id, key) 183 } 184 185 func (s *PluginKeyValueStore) Delete(key string) *model.AppError { 186 return s.app.DeletePluginKey(s.id, key) 187 } 188 189 type BuiltInPluginAPI struct { 190 id string 191 router *mux.Router 192 app *App 193 } 194 195 func (api *BuiltInPluginAPI) LoadPluginConfiguration(dest interface{}) error { 196 if b, err := json.Marshal(api.app.Config().PluginSettings.Plugins[api.id]); err != nil { 197 return err 198 } else { 199 return json.Unmarshal(b, dest) 200 } 201 } 202 203 func (api *BuiltInPluginAPI) PluginRouter() *mux.Router { 204 return api.router 205 } 206 207 func (api *BuiltInPluginAPI) GetTeamByName(name string) (*model.Team, *model.AppError) { 208 return api.app.GetTeamByName(name) 209 } 210 211 func (api *BuiltInPluginAPI) GetUserByName(name string) (*model.User, *model.AppError) { 212 return api.app.GetUserByUsername(name) 213 } 214 215 func (api *BuiltInPluginAPI) GetChannelByName(teamId, name string) (*model.Channel, *model.AppError) { 216 return api.app.GetChannelByName(name, teamId) 217 } 218 219 func (api *BuiltInPluginAPI) GetDirectChannel(userId1, userId2 string) (*model.Channel, *model.AppError) { 220 return api.app.GetDirectChannel(userId1, userId2) 221 } 222 223 func (api *BuiltInPluginAPI) CreatePost(post *model.Post) (*model.Post, *model.AppError) { 224 return api.app.CreatePostMissingChannel(post, true) 225 } 226 227 func (api *BuiltInPluginAPI) GetLdapUserAttributes(userId string, attributes []string) (map[string]string, *model.AppError) { 228 if api.app.Ldap == nil { 229 return nil, model.NewAppError("GetLdapUserAttributes", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented) 230 } 231 232 user, err := api.app.GetUser(userId) 233 if err != nil { 234 return nil, err 235 } 236 237 if user.AuthData == nil { 238 return map[string]string{}, nil 239 } 240 241 return api.app.Ldap.GetUserAttributes(*user.AuthData, attributes) 242 } 243 244 func (api *BuiltInPluginAPI) GetSessionFromRequest(r *http.Request) (*model.Session, *model.AppError) { 245 token := "" 246 isTokenFromQueryString := false 247 248 // Attempt to parse token out of the header 249 authHeader := r.Header.Get(model.HEADER_AUTH) 250 if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER { 251 // Default session token 252 token = authHeader[7:] 253 254 } else if len(authHeader) > 5 && strings.ToLower(authHeader[0:5]) == model.HEADER_TOKEN { 255 // OAuth token 256 token = authHeader[6:] 257 } 258 259 // Attempt to parse the token from the cookie 260 if len(token) == 0 { 261 if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { 262 token = cookie.Value 263 264 if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML { 265 return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token+" Appears to be a CSRF attempt", http.StatusUnauthorized) 266 } 267 } 268 } 269 270 // Attempt to parse token out of the query string 271 if len(token) == 0 { 272 token = r.URL.Query().Get("access_token") 273 isTokenFromQueryString = true 274 } 275 276 if len(token) == 0 { 277 return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized) 278 } 279 280 session, err := api.app.GetSession(token) 281 282 if err != nil { 283 return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized) 284 } else if !session.IsOAuth && isTokenFromQueryString { 285 return nil, model.NewAppError("ServeHTTP", "api.context.token_provided.app_error", nil, "token="+token, http.StatusUnauthorized) 286 } 287 288 return session, nil 289 } 290 291 func (api *BuiltInPluginAPI) I18n(id string, r *http.Request) string { 292 if r != nil { 293 f, _ := utils.GetTranslationsAndLocale(nil, r) 294 return f(id) 295 } 296 f, _ := utils.GetTranslationsBySystemLocale() 297 return f(id) 298 }