github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/config.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 "reflect" 9 10 "github.com/mattermost/mattermost-server/config" 11 "github.com/mattermost/mattermost-server/model" 12 "github.com/mattermost/mattermost-server/utils" 13 ) 14 15 func (api *API) InitConfig() { 16 api.BaseRoutes.ApiRoot.Handle("/config", api.ApiSessionRequired(getConfig)).Methods("GET") 17 api.BaseRoutes.ApiRoot.Handle("/config", api.ApiSessionRequired(updateConfig)).Methods("PUT") 18 api.BaseRoutes.ApiRoot.Handle("/config/reload", api.ApiSessionRequired(configReload)).Methods("POST") 19 api.BaseRoutes.ApiRoot.Handle("/config/client", api.ApiHandler(getClientConfig)).Methods("GET") 20 api.BaseRoutes.ApiRoot.Handle("/config/environment", api.ApiSessionRequired(getEnvironmentConfig)).Methods("GET") 21 } 22 23 func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { 24 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 25 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 26 return 27 } 28 29 cfg := c.App.GetSanitizedConfig() 30 31 w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") 32 w.Write([]byte(cfg.ToJson())) 33 } 34 35 func configReload(c *Context, w http.ResponseWriter, r *http.Request) { 36 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 37 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 38 return 39 } 40 41 if *c.App.Config().ExperimentalSettings.RestrictSystemAdmin { 42 c.Err = model.NewAppError("configReload", "api.restricted_system_admin", nil, "", http.StatusBadRequest) 43 return 44 } 45 46 c.App.ReloadConfig() 47 48 w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") 49 ReturnStatusOK(w) 50 } 51 52 func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { 53 cfg := model.ConfigFromJson(r.Body) 54 if cfg == nil { 55 c.SetInvalidParam("config") 56 return 57 } 58 59 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 60 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 61 return 62 } 63 64 appCfg := c.App.Config() 65 if *c.App.Config().ExperimentalSettings.RestrictSystemAdmin { 66 // Start with the current configuration, and only merge values not marked as being 67 // restricted. 68 var err error 69 cfg, err = config.Merge(appCfg, cfg, &utils.MergeConfig{ 70 StructFieldFilter: func(structField reflect.StructField, base, patch reflect.Value) bool { 71 restricted := structField.Tag.Get("restricted") == "true" 72 73 return !restricted 74 }, 75 }) 76 if err != nil { 77 c.Err = model.NewAppError("updateConfig", "api.config.update_config.restricted_merge.app_error", nil, err.Error(), http.StatusInternalServerError) 78 } 79 } 80 81 // Do not allow plugin uploads to be toggled through the API 82 cfg.PluginSettings.EnableUploads = appCfg.PluginSettings.EnableUploads 83 84 // If the Message Export feature has been toggled in the System Console, rewrite the ExportFromTimestamp field to an 85 // appropriate value. The rewriting occurs here to ensure it doesn't affect values written to the config file 86 // directly and not through the System Console UI. 87 if *cfg.MessageExportSettings.EnableExport != *appCfg.MessageExportSettings.EnableExport { 88 if *cfg.MessageExportSettings.EnableExport && *cfg.MessageExportSettings.ExportFromTimestamp == int64(0) { 89 // When the feature is toggled on, use the current timestamp as the start time for future exports. 90 cfg.MessageExportSettings.ExportFromTimestamp = model.NewInt64(model.GetMillis()) 91 } else if !*cfg.MessageExportSettings.EnableExport { 92 // When the feature is disabled, reset the timestamp so that the timestamp will be set if 93 // the feature is re-enabled from the System Console in future. 94 cfg.MessageExportSettings.ExportFromTimestamp = model.NewInt64(0) 95 } 96 } 97 98 err := cfg.IsValid() 99 if err != nil { 100 c.Err = err 101 return 102 } 103 104 err = c.App.SaveConfig(cfg, true) 105 if err != nil { 106 c.Err = err 107 return 108 } 109 110 c.LogAudit("updateConfig") 111 112 cfg = c.App.GetSanitizedConfig() 113 114 w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") 115 w.Write([]byte(cfg.ToJson())) 116 } 117 118 func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) { 119 format := r.URL.Query().Get("format") 120 121 if format == "" { 122 c.Err = model.NewAppError("getClientConfig", "api.config.client.old_format.app_error", nil, "", http.StatusNotImplemented) 123 return 124 } 125 126 if format != "old" { 127 c.SetInvalidParam("format") 128 return 129 } 130 131 var config map[string]string 132 if len(c.App.Session.UserId) == 0 { 133 config = c.App.LimitedClientConfigWithComputed() 134 } else { 135 config = c.App.ClientConfigWithComputed() 136 } 137 138 w.Write([]byte(model.MapToJson(config))) 139 } 140 141 func getEnvironmentConfig(c *Context, w http.ResponseWriter, r *http.Request) { 142 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) { 143 c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) 144 return 145 } 146 147 envConfig := c.App.GetEnvironmentConfig() 148 149 w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") 150 w.Write([]byte(model.StringInterfaceToJson(envConfig))) 151 }