github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/license.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "bytes" 8 "encoding/json" 9 "fmt" 10 "io" 11 "io/ioutil" 12 "net/http" 13 14 "github.com/masterhung0112/hk_server/v5/audit" 15 "github.com/masterhung0112/hk_server/v5/model" 16 "github.com/masterhung0112/hk_server/v5/utils" 17 ) 18 19 func (api *API) InitLicense() { 20 api.BaseRoutes.ApiRoot.Handle("/trial-license", api.ApiSessionRequired(requestTrialLicense)).Methods("POST") 21 api.BaseRoutes.ApiRoot.Handle("/trial-license/prev", api.ApiSessionRequired(getPrevTrialLicense)).Methods("GET") 22 api.BaseRoutes.ApiRoot.Handle("/license", api.ApiSessionRequired(addLicense)).Methods("POST") 23 api.BaseRoutes.ApiRoot.Handle("/license", api.ApiSessionRequired(removeLicense)).Methods("DELETE") 24 api.BaseRoutes.ApiRoot.Handle("/license/renewal", api.ApiSessionRequired(requestRenewalLink)).Methods("GET") 25 api.BaseRoutes.ApiRoot.Handle("/license/client", api.ApiHandler(getClientLicense)).Methods("GET") 26 } 27 28 func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) { 29 format := r.URL.Query().Get("format") 30 31 if format == "" { 32 c.Err = model.NewAppError("getClientLicense", "api.license.client.old_format.app_error", nil, "", http.StatusNotImplemented) 33 return 34 } 35 36 if format != "old" { 37 c.SetInvalidParam("format") 38 return 39 } 40 41 var clientLicense map[string]string 42 43 if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_READ_LICENSE_INFORMATION) { 44 clientLicense = c.App.Srv().ClientLicense() 45 } else { 46 clientLicense = c.App.Srv().GetSanitizedClientLicense() 47 } 48 49 w.Write([]byte(model.MapToJson(clientLicense))) 50 } 51 52 func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { 53 auditRec := c.MakeAuditRecord("addLicense", audit.Fail) 54 defer c.LogAuditRec(auditRec) 55 c.LogAudit("attempt") 56 57 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_LICENSE_INFORMATION) { 58 c.SetPermissionError(model.PERMISSION_MANAGE_LICENSE_INFORMATION) 59 return 60 } 61 62 if *c.App.Config().ExperimentalSettings.RestrictSystemAdmin { 63 c.Err = model.NewAppError("addLicense", "api.restricted_system_admin", nil, "", http.StatusForbidden) 64 return 65 } 66 67 err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize) 68 if err != nil { 69 http.Error(w, err.Error(), http.StatusBadRequest) 70 return 71 } 72 73 m := r.MultipartForm 74 75 fileArray, ok := m.File["license"] 76 if !ok { 77 c.Err = model.NewAppError("addLicense", "api.license.add_license.no_file.app_error", nil, "", http.StatusBadRequest) 78 return 79 } 80 81 if len(fileArray) <= 0 { 82 c.Err = model.NewAppError("addLicense", "api.license.add_license.array.app_error", nil, "", http.StatusBadRequest) 83 return 84 } 85 86 fileData := fileArray[0] 87 auditRec.AddMeta("filename", fileData.Filename) 88 89 file, err := fileData.Open() 90 if err != nil { 91 c.Err = model.NewAppError("addLicense", "api.license.add_license.open.app_error", nil, err.Error(), http.StatusBadRequest) 92 return 93 } 94 defer file.Close() 95 96 buf := bytes.NewBuffer(nil) 97 io.Copy(buf, file) 98 99 licenseBytes := buf.Bytes() 100 license, appErr := utils.LicenseValidator.LicenseFromBytes(licenseBytes) 101 if appErr != nil { 102 c.Err = appErr 103 return 104 } 105 106 // skip the restrictions if license is a sanctioned trial 107 if !license.IsSanctionedTrial() && license.IsTrialLicense() { 108 canStartTrialLicense, err := c.App.Srv().LicenseManager.CanStartTrial() 109 if err != nil { 110 c.Err = model.NewAppError("addLicense", "api.license.add_license.open.app_error", nil, "", http.StatusInternalServerError) 111 return 112 } 113 114 if !canStartTrialLicense { 115 c.Err = model.NewAppError("addLicense", "api.license.request-trial.can-start-trial.not-allowed", nil, "", http.StatusBadRequest) 116 return 117 } 118 } 119 120 license, appErr = c.App.Srv().SaveLicense(licenseBytes) 121 if appErr != nil { 122 if appErr.Id == model.EXPIRED_LICENSE_ERROR { 123 c.LogAudit("failed - expired or non-started license") 124 } else if appErr.Id == model.INVALID_LICENSE_ERROR { 125 c.LogAudit("failed - invalid license") 126 } else { 127 c.LogAudit("failed - unable to save license") 128 } 129 c.Err = appErr 130 return 131 } 132 133 auditRec.Success() 134 c.LogAudit("success") 135 136 w.Write([]byte(license.ToJson())) 137 } 138 139 func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { 140 auditRec := c.MakeAuditRecord("removeLicense", audit.Fail) 141 defer c.LogAuditRec(auditRec) 142 c.LogAudit("attempt") 143 144 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_LICENSE_INFORMATION) { 145 c.SetPermissionError(model.PERMISSION_MANAGE_LICENSE_INFORMATION) 146 return 147 } 148 149 if *c.App.Config().ExperimentalSettings.RestrictSystemAdmin { 150 c.Err = model.NewAppError("removeLicense", "api.restricted_system_admin", nil, "", http.StatusForbidden) 151 return 152 } 153 154 if err := c.App.Srv().RemoveLicense(); err != nil { 155 c.Err = err 156 return 157 } 158 159 auditRec.Success() 160 c.LogAudit("success") 161 162 ReturnStatusOK(w) 163 } 164 165 func requestTrialLicense(c *Context, w http.ResponseWriter, r *http.Request) { 166 auditRec := c.MakeAuditRecord("requestTrialLicense", audit.Fail) 167 defer c.LogAuditRec(auditRec) 168 c.LogAudit("attempt") 169 170 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_LICENSE_INFORMATION) { 171 c.SetPermissionError(model.PERMISSION_MANAGE_LICENSE_INFORMATION) 172 return 173 } 174 175 if *c.App.Config().ExperimentalSettings.RestrictSystemAdmin { 176 c.Err = model.NewAppError("requestTrialLicense", "api.restricted_system_admin", nil, "", http.StatusForbidden) 177 return 178 } 179 180 canStartTrialLicense, err := c.App.Srv().LicenseManager.CanStartTrial() 181 if err != nil { 182 c.Err = model.NewAppError("requestTrialLicense", "api.license.request-trial.can-start-trial.error", nil, err.Error(), http.StatusInternalServerError) 183 return 184 } 185 186 if !canStartTrialLicense { 187 c.Err = model.NewAppError("requestTrialLicense", "api.license.request-trial.can-start-trial.not-allowed", nil, "", http.StatusBadRequest) 188 return 189 } 190 191 var trialRequest struct { 192 Users int `json:"users"` 193 TermsAccepted bool `json:"terms_accepted"` 194 ReceiveEmailsAccepted bool `json:"receive_emails_accepted"` 195 } 196 197 b, readErr := ioutil.ReadAll(r.Body) 198 if readErr != nil { 199 c.Err = model.NewAppError("requestTrialLicense", "api.license.request-trial.bad-request", nil, "", http.StatusBadRequest) 200 return 201 } 202 json.Unmarshal(b, &trialRequest) 203 if !trialRequest.TermsAccepted { 204 c.Err = model.NewAppError("requestTrialLicense", "api.license.request-trial.bad-request.terms-not-accepted", nil, "", http.StatusBadRequest) 205 return 206 } 207 if trialRequest.Users == 0 { 208 c.Err = model.NewAppError("requestTrialLicense", "api.license.request-trial.bad-request", nil, "", http.StatusBadRequest) 209 return 210 } 211 212 currentUser, appErr := c.App.GetUser(c.AppContext.Session().UserId) 213 if appErr != nil { 214 c.Err = appErr 215 return 216 } 217 218 trialLicenseRequest := &model.TrialLicenseRequest{ 219 ServerID: c.App.TelemetryId(), 220 Name: currentUser.GetDisplayName(model.SHOW_FULLNAME), 221 Email: currentUser.Email, 222 SiteName: *c.App.Config().TeamSettings.SiteName, 223 SiteURL: *c.App.Config().ServiceSettings.SiteURL, 224 Users: trialRequest.Users, 225 TermsAccepted: trialRequest.TermsAccepted, 226 ReceiveEmailsAccepted: trialRequest.ReceiveEmailsAccepted, 227 } 228 229 if trialLicenseRequest.SiteURL == "" { 230 c.Err = model.NewAppError("RequestTrialLicense", "api.license.request_trial_license.no-site-url.app_error", nil, "", http.StatusBadRequest) 231 return 232 } 233 234 if err := c.App.Srv().RequestTrialLicense(trialLicenseRequest); err != nil { 235 c.Err = err 236 return 237 } 238 239 auditRec.Success() 240 c.LogAudit("success") 241 242 ReturnStatusOK(w) 243 } 244 245 func requestRenewalLink(c *Context, w http.ResponseWriter, r *http.Request) { 246 auditRec := c.MakeAuditRecord("requestRenewalLink", audit.Fail) 247 defer c.LogAuditRec(auditRec) 248 c.LogAudit("attempt") 249 250 if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_LICENSE_INFORMATION) { 251 c.SetPermissionError(model.PERMISSION_MANAGE_LICENSE_INFORMATION) 252 return 253 } 254 255 if *c.App.Config().ExperimentalSettings.RestrictSystemAdmin { 256 c.Err = model.NewAppError("requestRenewalLink", "api.restricted_system_admin", nil, "", http.StatusForbidden) 257 return 258 } 259 260 renewalLink, err := c.App.Srv().GenerateLicenseRenewalLink() 261 if err != nil { 262 c.Err = err 263 return 264 } 265 266 auditRec.Success() 267 c.LogAudit("success") 268 269 _, werr := w.Write([]byte(fmt.Sprintf(`{"renewal_link": "%s"}`, renewalLink))) 270 if werr != nil { 271 c.Err = model.NewAppError("requestRenewalLink", "api.license.request_renewal_link.app_error", nil, werr.Error(), http.StatusForbidden) 272 return 273 } 274 } 275 276 func getPrevTrialLicense(c *Context, w http.ResponseWriter, r *http.Request) { 277 license, err := c.App.Srv().LicenseManager.GetPrevTrial() 278 if err != nil { 279 http.Error(w, err.Error(), http.StatusInternalServerError) 280 return 281 } 282 283 var clientLicense map[string]string 284 285 if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_READ_LICENSE_INFORMATION) { 286 clientLicense = utils.GetClientLicense(license) 287 } else { 288 clientLicense = utils.GetSanitizedClientLicense(utils.GetClientLicense(license)) 289 } 290 291 w.Write([]byte(model.MapToJson(clientLicense))) 292 }