github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/bot.go (about) 1 // Copyright (c) 2017-present Xenia, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/xzl8028/xenia-server/model" 10 ) 11 12 func (api *API) InitBot() { 13 api.BaseRoutes.Bots.Handle("", api.ApiSessionRequired(createBot)).Methods("POST") 14 api.BaseRoutes.Bot.Handle("", api.ApiSessionRequired(patchBot)).Methods("PUT") 15 api.BaseRoutes.Bot.Handle("", api.ApiSessionRequired(getBot)).Methods("GET") 16 api.BaseRoutes.Bots.Handle("", api.ApiSessionRequired(getBots)).Methods("GET") 17 api.BaseRoutes.Bot.Handle("/disable", api.ApiSessionRequired(disableBot)).Methods("POST") 18 api.BaseRoutes.Bot.Handle("/enable", api.ApiSessionRequired(enableBot)).Methods("POST") 19 api.BaseRoutes.Bot.Handle("/assign/{user_id:[A-Za-z0-9]+}", api.ApiSessionRequired(assignBot)).Methods("POST") 20 } 21 22 func createBot(c *Context, w http.ResponseWriter, r *http.Request) { 23 botPatch := model.BotPatchFromJson(r.Body) 24 if botPatch == nil { 25 c.SetInvalidParam("bot") 26 return 27 } 28 29 bot := &model.Bot{ 30 OwnerId: c.App.Session.UserId, 31 } 32 bot.Patch(botPatch) 33 34 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_CREATE_BOT) { 35 c.SetPermissionError(model.PERMISSION_CREATE_BOT) 36 return 37 } 38 39 if user, err := c.App.GetUser(c.App.Session.UserId); err == nil { 40 if user.IsBot { 41 c.SetPermissionError(model.PERMISSION_CREATE_BOT) 42 return 43 } 44 } 45 46 if !*c.App.Config().ServiceSettings.EnableBotAccountCreation { 47 c.Err = model.NewAppError("createBot", "api.bot.create_disabled", nil, "", http.StatusForbidden) 48 return 49 } 50 51 createdBot, err := c.App.CreateBot(bot) 52 if err != nil { 53 c.Err = err 54 return 55 } 56 57 w.WriteHeader(http.StatusCreated) 58 w.Write(createdBot.ToJson()) 59 } 60 61 func patchBot(c *Context, w http.ResponseWriter, r *http.Request) { 62 c.RequireBotUserId() 63 if c.Err != nil { 64 return 65 } 66 botUserId := c.Params.BotUserId 67 68 botPatch := model.BotPatchFromJson(r.Body) 69 if botPatch == nil { 70 c.SetInvalidParam("bot") 71 return 72 } 73 74 if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil { 75 c.Err = err 76 return 77 } 78 79 updatedBot, err := c.App.PatchBot(botUserId, botPatch) 80 if err != nil { 81 c.Err = err 82 return 83 } 84 85 w.Write(updatedBot.ToJson()) 86 } 87 88 func getBot(c *Context, w http.ResponseWriter, r *http.Request) { 89 c.RequireBotUserId() 90 if c.Err != nil { 91 return 92 } 93 botUserId := c.Params.BotUserId 94 95 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 96 97 bot, err := c.App.GetBot(botUserId, includeDeleted) 98 if err != nil { 99 c.Err = err 100 return 101 } 102 103 if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_OTHERS_BOTS) { 104 // Allow access to any bot. 105 } else if bot.OwnerId == c.App.Session.UserId { 106 if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_BOTS) { 107 // Pretend like the bot doesn't exist at all to avoid revealing that the 108 // user is a bot. It's kind of silly in this case, sine we created the bot, 109 // but we don't have read bot permissions. 110 c.Err = model.MakeBotNotFoundError(botUserId) 111 return 112 } 113 } else { 114 // Pretend like the bot doesn't exist at all, to avoid revealing that the 115 // user is a bot. 116 c.Err = model.MakeBotNotFoundError(botUserId) 117 return 118 } 119 120 if c.HandleEtag(bot.Etag(), "Get Bot", w, r) { 121 return 122 } 123 124 w.Write(bot.ToJson()) 125 } 126 127 func getBots(c *Context, w http.ResponseWriter, r *http.Request) { 128 includeDeleted := r.URL.Query().Get("include_deleted") == "true" 129 onlyOrphaned := r.URL.Query().Get("only_orphaned") == "true" 130 131 var OwnerId string 132 if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_OTHERS_BOTS) { 133 // Get bots created by any user. 134 OwnerId = "" 135 } else if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_READ_BOTS) { 136 // Only get bots created by this user. 137 OwnerId = c.App.Session.UserId 138 } else { 139 c.SetPermissionError(model.PERMISSION_READ_BOTS) 140 return 141 } 142 143 bots, err := c.App.GetBots(&model.BotGetOptions{ 144 Page: c.Params.Page, 145 PerPage: c.Params.PerPage, 146 OwnerId: OwnerId, 147 IncludeDeleted: includeDeleted, 148 OnlyOrphaned: onlyOrphaned, 149 }) 150 if err != nil { 151 c.Err = err 152 return 153 } 154 155 if c.HandleEtag(bots.Etag(), "Get Bots", w, r) { 156 return 157 } 158 159 w.Write(bots.ToJson()) 160 } 161 162 func disableBot(c *Context, w http.ResponseWriter, r *http.Request) { 163 updateBotActive(c, w, r, false) 164 } 165 166 func enableBot(c *Context, w http.ResponseWriter, r *http.Request) { 167 updateBotActive(c, w, r, true) 168 } 169 170 func updateBotActive(c *Context, w http.ResponseWriter, r *http.Request, active bool) { 171 c.RequireBotUserId() 172 if c.Err != nil { 173 return 174 } 175 botUserId := c.Params.BotUserId 176 177 if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil { 178 c.Err = err 179 return 180 } 181 182 bot, err := c.App.UpdateBotActive(botUserId, active) 183 if err != nil { 184 c.Err = err 185 return 186 } 187 188 w.Write(bot.ToJson()) 189 } 190 191 func assignBot(c *Context, w http.ResponseWriter, r *http.Request) { 192 c.RequireUserId() 193 c.RequireBotUserId() 194 if c.Err != nil { 195 return 196 } 197 botUserId := c.Params.BotUserId 198 userId := c.Params.UserId 199 200 if err := c.App.SessionHasPermissionToManageBot(c.App.Session, botUserId); err != nil { 201 c.Err = err 202 return 203 } 204 205 if user, err := c.App.GetUser(userId); err == nil { 206 if user.IsBot { 207 c.SetPermissionError(model.PERMISSION_ASSIGN_BOT) 208 return 209 } 210 } 211 212 bot, err := c.App.UpdateBotOwner(botUserId, userId) 213 if err != nil { 214 c.Err = err 215 return 216 } 217 218 w.Write(bot.ToJson()) 219 }