github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/oauth.go

github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/oauth.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"net/http"
     8  
     9  	"github.com/masterhung0112/hk_server/v5/audit"
    10  	"github.com/masterhung0112/hk_server/v5/model"
    11  )
    12  
    13  func (api *API) InitOAuth() {
    14  	api.BaseRoutes.OAuthApps.Handle("", api.ApiSessionRequired(createOAuthApp)).Methods("POST")
    15  	api.BaseRoutes.OAuthApp.Handle("", api.ApiSessionRequired(updateOAuthApp)).Methods("PUT")
    16  	api.BaseRoutes.OAuthApps.Handle("", api.ApiSessionRequired(getOAuthApps)).Methods("GET")
    17  	api.BaseRoutes.OAuthApp.Handle("", api.ApiSessionRequired(getOAuthApp)).Methods("GET")
    18  	api.BaseRoutes.OAuthApp.Handle("/info", api.ApiSessionRequired(getOAuthAppInfo)).Methods("GET")
    19  	api.BaseRoutes.OAuthApp.Handle("", api.ApiSessionRequired(deleteOAuthApp)).Methods("DELETE")
    20  	api.BaseRoutes.OAuthApp.Handle("/regen_secret", api.ApiSessionRequired(regenerateOAuthAppSecret)).Methods("POST")
    21  
    22  	api.BaseRoutes.User.Handle("/oauth/apps/authorized", api.ApiSessionRequired(getAuthorizedOAuthApps)).Methods("GET")
    23  }
    24  
    25  func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
    26  	oauthApp := model.OAuthAppFromJson(r.Body)
    27  
    28  	if oauthApp == nil {
    29  		c.SetInvalidParam("oauth_app")
    30  		return
    31  	}
    32  
    33  	auditRec := c.MakeAuditRecord("createOAuthApp", audit.Fail)
    34  	defer c.LogAuditRec(auditRec)
    35  
    36  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
    37  		c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
    38  		return
    39  	}
    40  
    41  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) {
    42  		oauthApp.IsTrusted = false
    43  	}
    44  
    45  	oauthApp.CreatorId = c.AppContext.Session().UserId
    46  
    47  	rapp, err := c.App.CreateOAuthApp(oauthApp)
    48  	if err != nil {
    49  		c.Err = err
    50  		return
    51  	}
    52  
    53  	auditRec.Success()
    54  	auditRec.AddMeta("oauth_app", rapp)
    55  	c.LogAudit("client_id=" + rapp.Id)
    56  
    57  	w.WriteHeader(http.StatusCreated)
    58  	w.Write([]byte(rapp.ToJson()))
    59  }
    60  
    61  func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
    62  	c.RequireAppId()
    63  	if c.Err != nil {
    64  		return
    65  	}
    66  
    67  	auditRec := c.MakeAuditRecord("updateOAuthApp", audit.Fail)
    68  	defer c.LogAuditRec(auditRec)
    69  	auditRec.AddMeta("oauth_app_id", c.Params.AppId)
    70  	c.LogAudit("attempt")
    71  
    72  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
    73  		c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
    74  		return
    75  	}
    76  
    77  	oauthApp := model.OAuthAppFromJson(r.Body)
    78  	if oauthApp == nil {
    79  		c.SetInvalidParam("oauth_app")
    80  		return
    81  	}
    82  
    83  	// The app being updated in the payload must be the same one as indicated in the URL.
    84  	if oauthApp.Id != c.Params.AppId {
    85  		c.SetInvalidParam("app_id")
    86  		return
    87  	}
    88  
    89  	oldOauthApp, err := c.App.GetOAuthApp(c.Params.AppId)
    90  	if err != nil {
    91  		c.Err = err
    92  		return
    93  	}
    94  	auditRec.AddMeta("oauth_app", oldOauthApp)
    95  
    96  	if c.AppContext.Session().UserId != oldOauthApp.CreatorId && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
    97  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
    98  		return
    99  	}
   100  
   101  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM) {
   102  		oauthApp.IsTrusted = oldOauthApp.IsTrusted
   103  	}
   104  
   105  	updatedOauthApp, err := c.App.UpdateOauthApp(oldOauthApp, oauthApp)
   106  	if err != nil {
   107  		c.Err = err
   108  		return
   109  	}
   110  
   111  	auditRec.Success()
   112  	auditRec.AddMeta("update", updatedOauthApp)
   113  	c.LogAudit("success")
   114  
   115  	w.Write([]byte(updatedOauthApp.ToJson()))
   116  }
   117  
   118  func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
   119  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
   120  		c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
   121  		return
   122  	}
   123  
   124  	var apps []*model.OAuthApp
   125  	var err *model.AppError
   126  	if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
   127  		apps, err = c.App.GetOAuthApps(c.Params.Page, c.Params.PerPage)
   128  	} else if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
   129  		apps, err = c.App.GetOAuthAppsByCreator(c.AppContext.Session().UserId, c.Params.Page, c.Params.PerPage)
   130  	} else {
   131  		c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
   132  		return
   133  	}
   134  
   135  	if err != nil {
   136  		c.Err = err
   137  		return
   138  	}
   139  
   140  	w.Write([]byte(model.OAuthAppListToJson(apps)))
   141  }
   142  
   143  func getOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
   144  	c.RequireAppId()
   145  	if c.Err != nil {
   146  		return
   147  	}
   148  
   149  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
   150  		c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
   151  		return
   152  	}
   153  
   154  	oauthApp, err := c.App.GetOAuthApp(c.Params.AppId)
   155  	if err != nil {
   156  		c.Err = err
   157  		return
   158  	}
   159  
   160  	if oauthApp.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
   161  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
   162  		return
   163  	}
   164  
   165  	w.Write([]byte(oauthApp.ToJson()))
   166  }
   167  
   168  func getOAuthAppInfo(c *Context, w http.ResponseWriter, r *http.Request) {
   169  	c.RequireAppId()
   170  	if c.Err != nil {
   171  		return
   172  	}
   173  
   174  	oauthApp, err := c.App.GetOAuthApp(c.Params.AppId)
   175  	if err != nil {
   176  		c.Err = err
   177  		return
   178  	}
   179  
   180  	oauthApp.Sanitize()
   181  	w.Write([]byte(oauthApp.ToJson()))
   182  }
   183  
   184  func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
   185  	c.RequireAppId()
   186  	if c.Err != nil {
   187  		return
   188  	}
   189  
   190  	auditRec := c.MakeAuditRecord("deleteOAuthApp", audit.Fail)
   191  	defer c.LogAuditRec(auditRec)
   192  	auditRec.AddMeta("oauth_app_id", c.Params.AppId)
   193  	c.LogAudit("attempt")
   194  
   195  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
   196  		c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
   197  		return
   198  	}
   199  
   200  	oauthApp, err := c.App.GetOAuthApp(c.Params.AppId)
   201  	if err != nil {
   202  		c.Err = err
   203  		return
   204  	}
   205  	auditRec.AddMeta("oauth_app", oauthApp)
   206  
   207  	if c.AppContext.Session().UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
   208  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
   209  		return
   210  	}
   211  
   212  	err = c.App.DeleteOAuthApp(oauthApp.Id)
   213  	if err != nil {
   214  		c.Err = err
   215  		return
   216  	}
   217  
   218  	auditRec.Success()
   219  	c.LogAudit("success")
   220  
   221  	ReturnStatusOK(w)
   222  }
   223  
   224  func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request) {
   225  	c.RequireAppId()
   226  	if c.Err != nil {
   227  		return
   228  	}
   229  
   230  	auditRec := c.MakeAuditRecord("regenerateOAuthAppSecret", audit.Fail)
   231  	defer c.LogAuditRec(auditRec)
   232  	auditRec.AddMeta("oauth_app_id", c.Params.AppId)
   233  
   234  	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_OAUTH) {
   235  		c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
   236  		return
   237  	}
   238  
   239  	oauthApp, err := c.App.GetOAuthApp(c.Params.AppId)
   240  	if err != nil {
   241  		c.Err = err
   242  		return
   243  	}
   244  	auditRec.AddMeta("oauth_app", oauthApp)
   245  
   246  	if oauthApp.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
   247  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
   248  		return
   249  	}
   250  
   251  	oauthApp, err = c.App.RegenerateOAuthAppSecret(oauthApp)
   252  	if err != nil {
   253  		c.Err = err
   254  		return
   255  	}
   256  
   257  	auditRec.Success()
   258  	c.LogAudit("success")
   259  
   260  	w.Write([]byte(oauthApp.ToJson()))
   261  }
   262  
   263  func getAuthorizedOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
   264  	c.RequireUserId()
   265  	if c.Err != nil {
   266  		return
   267  	}
   268  
   269  	if !c.App.SessionHasPermissionToUser(*c.AppContext.Session(), c.Params.UserId) {
   270  		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
   271  		return
   272  	}
   273  
   274  	apps, err := c.App.GetAuthorizedAppsForUser(c.Params.UserId, c.Params.Page, c.Params.PerPage)
   275  	if err != nil {
   276  		c.Err = err
   277  		return
   278  	}
   279  
   280  	w.Write([]byte(model.OAuthAppListToJson(apps)))
   281  }