github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/compliance.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "strconv" 9 10 "github.com/avct/uasurfer" 11 "github.com/mattermost/mattermost-server/model" 12 ) 13 14 func (api *API) InitCompliance() { 15 api.BaseRoutes.Compliance.Handle("/reports", api.ApiSessionRequired(createComplianceReport)).Methods("POST") 16 api.BaseRoutes.Compliance.Handle("/reports", api.ApiSessionRequired(getComplianceReports)).Methods("GET") 17 api.BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getComplianceReport)).Methods("GET") 18 api.BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}/download", api.ApiSessionRequiredTrustRequester(downloadComplianceReport)).Methods("GET") 19 } 20 21 func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { 22 job := model.ComplianceFromJson(r.Body) 23 if job == nil { 24 c.SetInvalidParam("compliance") 25 return 26 } 27 28 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 29 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 30 return 31 } 32 33 job.UserId = c.App.Session.UserId 34 35 rjob, err := c.App.SaveComplianceReport(job) 36 if err != nil { 37 c.Err = err 38 return 39 } 40 41 c.LogAudit("") 42 w.WriteHeader(http.StatusCreated) 43 w.Write([]byte(rjob.ToJson())) 44 } 45 46 func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) { 47 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 48 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 49 return 50 } 51 52 crs, err := c.App.GetComplianceReports(c.Params.Page, c.Params.PerPage) 53 if err != nil { 54 c.Err = err 55 return 56 } 57 58 w.Write([]byte(crs.ToJson())) 59 } 60 61 func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { 62 c.RequireReportId() 63 if c.Err != nil { 64 return 65 } 66 67 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 68 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 69 return 70 } 71 72 job, err := c.App.GetComplianceReport(c.Params.ReportId) 73 if err != nil { 74 c.Err = err 75 return 76 } 77 78 w.Write([]byte(job.ToJson())) 79 } 80 81 func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { 82 c.RequireReportId() 83 if c.Err != nil { 84 return 85 } 86 87 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 88 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 89 return 90 } 91 92 job, err := c.App.GetComplianceReport(c.Params.ReportId) 93 if err != nil { 94 c.Err = err 95 return 96 } 97 98 reportBytes, err := c.App.GetComplianceFile(job) 99 if err != nil { 100 c.Err = err 101 return 102 } 103 104 c.LogAudit("downloaded " + job.Desc) 105 106 w.Header().Set("Cache-Control", "max-age=2592000, public") 107 w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes))) 108 w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer 109 110 // attach extra headers to trigger a download on IE, Edge, and Safari 111 ua := uasurfer.Parse(r.UserAgent()) 112 113 w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"") 114 115 if ua.Browser.Name == uasurfer.BrowserIE || ua.Browser.Name == uasurfer.BrowserSafari { 116 // trim off anything before the final / so we just get the file's name 117 w.Header().Set("Content-Type", "application/octet-stream") 118 } 119 120 w.Write(reportBytes) 121 }